Privacy Portal

Privacy Police

Revision 1 - Last Updated: March 2021.

PRIVACY NOTICE

The protection of privacy and personal data is among the priorities of Grupo Rio Deserto. This Privacy Notice aims to record the company’s commitment to security and transparency in the treatment of personal data, as provided for in current legislation.

Privacy Commitment

The Rio Deserto Group:

  • Respects the privacy and choices of the data subject.
  • Make sure privacy and security are built into everything you do.
  • Does not send marketing communications without a request. The holder can change his mind at any time.
  • Do not offer or sell data.
  • Is committed to keeping data safe and secure. This includes working only with trusted partners.
  • Is committed to being open and transparent regarding the use of data.
  • Do not use data in a way that has not been informed to the holder.
  • Respects the rights and always tries to accommodate the data subject’s requests, as far as possible, in accordance with its own legal and operational responsibilities.

This page aims to detail how Rio Deserto Group collects, uses, shares and protects its users’ personal data (via the website), as well as the existing alternatives for processing this data.

What data is collected and how is it used?

Rio Deserto Group processes personal data, which are understood as data that allow identifying or making identifiable a natural person.

No one is obliged to provide personal data, however, the lack of some requested information may affect the provision of requested products and services.

The company collects personal data when the user requests a service or registers through the forms available on the website.

The personal data requested for contact are: name, telephone and e-mail address, with consent as a legal basis.

By registering an email to receive news and content from Rio Deserto Group, via newsletter, you consent to the processing of this data.

For user registration in Rio Deserto’s curriculum database, additional personal data may be required, such as educational and professional information, as well as login and password. In this case, consent is the legal basis.

The list of data collected generally includes: identification data, contact data, browsing data (cookies, IP address) and other data that may be necessary to perform these services. The list may vary according to the relationship between Rio Deserto Group and the data subject.

If the holder includes information with sensitive personal data (health, genetic or biometric data, ethnic origin, political, philosophical or religious opinions, union affiliation, orientation or sex life) in the comment fields of the Rio Deserto Group websites, the information will be deleted immediately and without notice.

What is the purpose of collecting and processing personal data?

The collection and processing of personal data is carried out for legitimate, explicit and specific purposes, with the informed and valid consent of the holder. Most personal information is provided directly by the holders for one of the following reasons:

  • Receive news regarding the company;
  • Registration of CVs;
  • For browsing the sites safely;
  • Contact;
  • Privacy requests.

Rio Deserto Group stores evidence of opt-in (express) consent when this consent is considered, applicable privacy laws, essential for data processing. Likewise, if consent is revoked, evidence of such revocation is also stored.

Any consent of data subjects for the collection and use of personal data must be freely given and in response to clear information from Rio Deserto Group regarding the use of the indicated data. Such consent may be withdrawn at any time by the data subject without undue complications. The date, content and validity of such consent must always be documented.

Disclosure/sharing of personal data

Rio Deserto Group may disclose personal data, if necessary, to:

(a) compliance with applicable law, regulations, legal process or governmental request;
(b) applicable terms of service, including investigation of potential breach;
(c) detect, audit, prevent or otherwise address fraud, technical or security issues;
(d) protect against imminent harm to the rights, property or safety of Rio Deserto Group, its users or the public, as required or permitted by applicable law.

Personal data may be shared internally, within Rio Deserto Group, to comply with legal obligations, prevent fraud and/or protect tools, improve products and services, or after obtaining consent.

Rio Deserto Group relies on reliable outsourced suppliers to carry out commercial activities and provides only information necessary for the execution of the service in question. In addition, it requires a commitment to data protection and privacy, at the same level that it maintains.

This includes the obligation of third parties not to use personal data for any purpose other than that contracted by Rio Deserto Group, in addition to confidentiality obligations and security standards, among others. The company makes every effort to ensure that all third parties keep personal data safe. You can, for example, entrust services that require the processing of personal data to:

  • Third parties that assist in the provision of digital and e-commerce services, such as social listening, identity management, internet and search engine data analysis, and user-generated content curation tools;
  • Publicity agency, marketing, digital and social media agencies to help deliver advertising, marketing and campaigns, analyze effectiveness and manage contacts and inquiries;
  • Third parties required to deliver products, such as postal/delivery services, for example;
  • Third parties that assist in the provision of Information Technology (IT) services, such as platform providers, database hosting, maintenance and support services, as well as software and applications that may contain personal data (these services may sometimes imply access to data to perform necessary tasks);
  • Credit reference agencies for the purpose of assessing the credit risk of the data subject and verifying the information, when this is a condition for entering into a contract.

Rio Deserto Group may disclose personal data to third parties in the following situations:

  • When you have a duty to disclose or share personal data in order to comply with legal or regulatory obligations;
  • To comply with or apply privacy notice terms or other terms and conditions that have been accepted by the data subject;
  • To protect the rights or safety of Rio Deserto Group, customers or employees;
  • When you have the data subject’s express consent;
  • If the Rio Deserto Group is permitted, by law.

Rio Deserto Group may disclose personal data to partners in the following situations:

  • To publish content from social networks. If you consult the content of social networks on Rio Deserto’s websites/applications, a Cookie from this social network may be stored on the device. It is important to check the Cookies Policy of these social networks for more information.
  • When using Google advertising services on websites/applications, Google accesses and uses the holders’ personal data. To learn more about how Google uses personal data in this context, see Google’s Terms of Use and Privacy Policy.

Information collected by Facebook, Twitter, LinkedIn, YouTube and shared with Rio Deserto Group

All features and services of Facebook and affiliated companies (Instagram, WhatsApp, Messenger and others) as well as Twitter, LinkedIn and YouTube, available on Rio Deserto’s websites/applications, are governed by the policies of each application or website (network social), in which the data subject can obtain more information about privacy rights and personalized settings.

By using these sites/applications, the data subject may:

  • Open with website/application login. In this case, you agree to share some of your public profile information;
  • Use Facebook, Twitter, LinkedIn or YouTube social plug-ins such as "Like" or "Share" in relation to Rio Deserto Group content on the Facebook/Twitter/LinkedIn/YouTube platform;
  • Accept cookies from websites/applications (also identified as "Facebook Pixel" and others) that will help Rio Deserto Group understand activities, including device information, how the holder uses the services, the purchase they make and the advertisements they see , regardless of whether or not you have a Facebook account or have logged in to Facebook.

When the owner uses features of Facebook and affiliates, as well as Twitter, LinkedIn and YouTube, Rio Deserto Group collects data that helps to:

  • Show ads on Facebook (or Instagram, Messenger and any other Facebook service), Twitter, LinkedIn and YouTube regarding items you may be interested in;
  • Measure and analyze the effectiveness of websites/apps and advertisements.

Rio Deserto Group may also use the personal information provided on the websites/applications (such as name and nickname, email, address, gender and telephone number) to identify you on Facebook (or Instagram, Messenger or any other service of the Facebook), Twitter, LinkedIn and YouTube to show ads that are relevant to the data subject. In doing so, Facebook, Instagram, Twitter, LinkedIn and YouTube will not share the holders’ personal information and will erase it immediately after completing the matching process.

Rio Deserto Group does not provide or sell personal data.

What are the rights of holders in relation to their personal data?

The holder of personal data has the following rights in relation to their data, insofar as such rights are recognized by applicable laws:

  • Processing confirmation: confirmation of the existence of processing of data held by Rio Deserto Group;
  • Data Access: access to data collected by Rio Deserto Group, with the exception of cases of protection of trade and industrial secrets;
  • Data correction: request for correction of data that contains incomplete, outdated or incorrect information;
  • Anonymization and blocking: anonymization and blocking of unnecessary, excessive or processed data in violation of the provisions of applicable legislation. Anonymization will take place considering the use of reasonable technical means available at the time of data processing;
  • Portability: portability of personal data upon express request. Rio Deserto Group reserves the right to deny portability in case of personal data that may compromise commercial and industrial secrets;
  • Information about data sharing: information about personal data that are shared with public and private entities;
  • Revocation of consent: revocation of the consent given, at any time, upon express request of the holder. The revocation procedure will always be free and facilitated;
  • Deletion of personal data: personal data will be deleted at the end of the purpose or in the event of the holder’s wish to revoke consent to carry out that treatment. Subject to local legal requirements, Rio Deserto Group may retain personal data if:
    (a) is legally obligated to maintain them;
    (b) to comply with laws and/or regulations that so determine;
    (c) you need the data to establish, exercise or defend legal claims;
    (d) needs to maintain control of the data for public health reasons.
  • Deregistration of personal data: can be requested through the Privacy Request Form.

You can exercise all the aforementioned rights through the Privacy Portal.

Rio Deserto Group will respond to requests made by data subjects to exercise their rights within a reasonable period of time after the request or within a specific period that may be required by applicable local legislation.

Rio Deserto Group will handle and investigate complaints made by holders of personal data regarding any violation of data privacy rules or legislation and will respond within established deadlines.

How the security of personal data is guaranteed?

Personal data is protected against unauthorized access, unlawful processing or disclosure, as well as accidental loss, modification or destruction.

Rio Deserto Group has appropriate technical and organizational measures to protect personal data, such as information classification, backup, data restoration and identity and access management. These measures are based on analysis of security risks and data protection.

Rio Deserto Group is committed to keeping personal data protected and, therefore, takes all appropriate precautions and safeguards. The requirement is contractually extended to trusted third parties.

All possible measures are taken to protect personal data. Once the data is received, strict procedures and security features are used to prevent unauthorized access to the information. As the transmission of information over the internet is not completely secure, and it is not possible to guarantee the complete security of the data sent to our websites, care and attention is requested with the choice of personal data that will be shared with the company.

How long data is retained?

Rio Deserto Group only retains personal data for as long as necessary to achieve the purpose for which it was collected and stored, meet needs or comply with legal or regulatory obligations.

The data may be kept in the files in compliance with the deadlines defined in the legal system in question. This justifies, therefore, the maintenance of personal data in the bases of Rio Deserto Group, under the same security and protection mechanisms.

The personal data registered in the CV database will be stored for a period of 03 (three) years, and may be deleted in a shorter time by Rio Deserto Group, without prior notice to the holder. If the holder wishes to delete, correct or change the registration, he may request at any time through the Privacy Request Form.

For the same period (03 years) the information obtained through the "Contact", "Quotation" and "Newsletter" forms will be kept, and may be deleted in a shorter time by the Rio Deserto Group, without prior notice to the Owner.

The option to withdraw consent for the processing of information provided by the data subject, freely and spontaneously offered, without the existence of legislation that requires retention by Rio Deserto, can be exercised at any time, through the Privacy Portal.

If sensitive personal data is included in attachments (resumes), which are unnecessary for the purpose of registering resumes in the database, Rio Deserto Group may delete the information immediately, without notice to the holder.

Rio Deserto Group may retain some personal data beyond the periods indicated above to comply with legal or regulatory obligations, as well as to allow and guarantee the regular exercise of rights (for example, in judicial, administrative or arbitration proceedings) or for statistical or historical purposes.

When the company no longer needs to use the holders’ personal data, they will be removed from systems and records or anonymized, so that the holders can no longer be identified.

Links to third-party websites and social login

Rio Deserto’s websites and applications may occasionally contain links to and from partner, advertiser and affiliate websites. If you follow a link to any of these sites, please note that these sites have their own privacy policies and that Rio Deserto Group is not responsible for such policies. Check the policies before submitting any personal data.

You are also offered the opportunity to use your social media login. If you do, please be aware that you share your profile information with Rio Deserto Group, depending on your social media platform settings. Visit the respective social media platform and review the privacy policy to understand how your personal data is shared and used in this context.

Social Media and User Generated Content

Some of Rio Deserto’s websites and apps allow users to submit their own content. Any content uploaded to one of the company’s social media platforms can be viewed by the public. Therefore, it is important to be careful when providing certain personal data, such as financial or address information, for example. Rio Deserto Group is not responsible for any actions taken by third parties if you post personal data on the company’s social media platforms and recommends that you do not share this information.

Contact

If you have any questions or concerns about how Rio Deserto Group treats and uses your personal data, or if you want to exercise any of the aforementioned rights, please contact us through the Privacy Portal.

Grupo Rio Deserto has appointed Mr. André de Luca Dalsasso as Data Protection Officer/Data Protection Officer (DPO). The user can contact the DPO through the email protecao@riodeserto.com.br or through the Privacy Request Form.

Mediation and Election Forum

This Privacy Policy is subject to the Law of the Federative Republic of Brazil. The Judicial District of Criciúma, in turn, is competent to settle any dispute.

Policy Changes

This online Privacy Policy may be changed without notice, due to technological, legal or commercial factors, with immediate effect after publication on the websites. When amending this Policy, Rio Deserto Group will modify the date of the update that appears at the top of this page and will publish the latest version of the document on its website. If there are changes in the way Rio Deserto Group uses users’ personal data, they will be notified through the websites, with a prominent notice about these changes before their implementation. Users’ rights in relation to this Privacy Policy will not be reduced without their explicit consent.

Terms and Definitions

Anti virus: Program or software specifically designed to detect, nullify and eliminate viruses and other types of malicious code from a computer.

Cookie: These are digital files with small pieces of data (and usually with a unique identifier) stored on your device through the browser or application, which store information to identify the user and their preferences.

Cryptography: Science and art of writing messages in ciphered or coded form. It is used, among other purposes, to authenticate the identity of users, authenticate electronic transactions, and protect the confidentiality of personal and business communications.

Personal data: Data related to the identified or identifiable natural person.

Firewall: Device consisting of a combination of software and hardware, used to divide and control access between computer networks. Personal firewall is software or program used to protect a computer against unauthorized access from the Internet.

Logoff: Device consisting of a combination of software and hardware, used to divide and control access between computer networks. Personal firewall is software or program used to protect a computer against unauthorized access from the Internet.

Browser: Application used for browsing websites and internet portals.

Spam: Term used to refer to unsolicited emails, usually sent to large numbers of people.

Treatment: Any operation carried out with personal data, such as those relating to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, diffusion or extraction.

User: Any person authorized to access restricted areas of Rio Deserto’s websites, through identification and authentication, or areas of free access, mainly customers, suppliers, partners, representatives, employees and job seekers.

Virus: Program or part of a computer program, usually malicious, that propagates itself by infecting the machine, that is, inserting copies of itself and becoming part of other programs and files on the computer. Its purpose is to cause damage to information, in addition to carrying out other malicious activities.