Privacy Portal

Privacy Police

Revision 1 - Last Updated: March 2021.


The protection of privacy and personal data is among the priorities of Grupo Rio Deserto. This Privacy Notice aims to record the company’s commitment to security and transparency in the treatment of personal data, as provided for in current legislation.

Privacy Commitment

The Rio Deserto Group:

This page aims to detail how Rio Deserto Group collects, uses, shares and protects its users’ personal data (via the website), as well as the existing alternatives for processing this data.

What data is collected and how is it used?

Rio Deserto Group processes personal data, which are understood as data that allow identifying or making identifiable a natural person.

No one is obliged to provide personal data, however, the lack of some requested information may affect the provision of requested products and services.

The company collects personal data when the user requests a service or registers through the forms available on the website.

The personal data requested for contact are: name, telephone and e-mail address, with consent as a legal basis.

By registering an email to receive news and content from Rio Deserto Group, via newsletter, you consent to the processing of this data.

For user registration in Rio Deserto’s curriculum database, additional personal data may be required, such as educational and professional information, as well as login and password. In this case, consent is the legal basis.

The list of data collected generally includes: identification data, contact data, browsing data (cookies, IP address) and other data that may be necessary to perform these services. The list may vary according to the relationship between Rio Deserto Group and the data subject.

If the holder includes information with sensitive personal data (health, genetic or biometric data, ethnic origin, political, philosophical or religious opinions, union affiliation, orientation or sex life) in the comment fields of the Rio Deserto Group websites, the information will be deleted immediately and without notice.

What is the purpose of collecting and processing personal data?

The collection and processing of personal data is carried out for legitimate, explicit and specific purposes, with the informed and valid consent of the holder. Most personal information is provided directly by the holders for one of the following reasons:

Rio Deserto Group stores evidence of opt-in (express) consent when this consent is considered, applicable privacy laws, essential for data processing. Likewise, if consent is revoked, evidence of such revocation is also stored.

Any consent of data subjects for the collection and use of personal data must be freely given and in response to clear information from Rio Deserto Group regarding the use of the indicated data. Such consent may be withdrawn at any time by the data subject without undue complications. The date, content and validity of such consent must always be documented.

Disclosure/sharing of personal data

Rio Deserto Group may disclose personal data, if necessary, to:

(a) compliance with applicable law, regulations, legal process or governmental request;
(b) applicable terms of service, including investigation of potential breach;
(c) detect, audit, prevent or otherwise address fraud, technical or security issues;
(d) protect against imminent harm to the rights, property or safety of Rio Deserto Group, its users or the public, as required or permitted by applicable law.

Personal data may be shared internally, within Rio Deserto Group, to comply with legal obligations, prevent fraud and/or protect tools, improve products and services, or after obtaining consent.

Rio Deserto Group relies on reliable outsourced suppliers to carry out commercial activities and provides only information necessary for the execution of the service in question. In addition, it requires a commitment to data protection and privacy, at the same level that it maintains.

This includes the obligation of third parties not to use personal data for any purpose other than that contracted by Rio Deserto Group, in addition to confidentiality obligations and security standards, among others. The company makes every effort to ensure that all third parties keep personal data safe. You can, for example, entrust services that require the processing of personal data to:

Rio Deserto Group may disclose personal data to third parties in the following situations:

Rio Deserto Group may disclose personal data to partners in the following situations:

Information collected by Facebook, Twitter, LinkedIn, YouTube and shared with Rio Deserto Group

All features and services of Facebook and affiliated companies (Instagram, WhatsApp, Messenger and others) as well as Twitter, LinkedIn and YouTube, available on Rio Deserto’s websites/applications, are governed by the policies of each application or website (network social), in which the data subject can obtain more information about privacy rights and personalized settings.

By using these sites/applications, the data subject may:

When the owner uses features of Facebook and affiliates, as well as Twitter, LinkedIn and YouTube, Rio Deserto Group collects data that helps to:

Rio Deserto Group may also use the personal information provided on the websites/applications (such as name and nickname, email, address, gender and telephone number) to identify you on Facebook (or Instagram, Messenger or any other service of the Facebook), Twitter, LinkedIn and YouTube to show ads that are relevant to the data subject. In doing so, Facebook, Instagram, Twitter, LinkedIn and YouTube will not share the holders’ personal information and will erase it immediately after completing the matching process.

Rio Deserto Group does not provide or sell personal data.

What are the rights of holders in relation to their personal data?

The holder of personal data has the following rights in relation to their data, insofar as such rights are recognized by applicable laws:

You can exercise all the aforementioned rights through the Privacy Portal.

Rio Deserto Group will respond to requests made by data subjects to exercise their rights within a reasonable period of time after the request or within a specific period that may be required by applicable local legislation.

Rio Deserto Group will handle and investigate complaints made by holders of personal data regarding any violation of data privacy rules or legislation and will respond within established deadlines.

How the security of personal data is guaranteed?

Personal data is protected against unauthorized access, unlawful processing or disclosure, as well as accidental loss, modification or destruction.

Rio Deserto Group has appropriate technical and organizational measures to protect personal data, such as information classification, backup, data restoration and identity and access management. These measures are based on analysis of security risks and data protection.

Rio Deserto Group is committed to keeping personal data protected and, therefore, takes all appropriate precautions and safeguards. The requirement is contractually extended to trusted third parties.

All possible measures are taken to protect personal data. Once the data is received, strict procedures and security features are used to prevent unauthorized access to the information. As the transmission of information over the internet is not completely secure, and it is not possible to guarantee the complete security of the data sent to our websites, care and attention is requested with the choice of personal data that will be shared with the company.

How long data is retained?

Rio Deserto Group only retains personal data for as long as necessary to achieve the purpose for which it was collected and stored, meet needs or comply with legal or regulatory obligations.

The data may be kept in the files in compliance with the deadlines defined in the legal system in question. This justifies, therefore, the maintenance of personal data in the bases of Rio Deserto Group, under the same security and protection mechanisms.

The personal data registered in the CV database will be stored for a period of 03 (three) years, and may be deleted in a shorter time by Rio Deserto Group, without prior notice to the holder. If the holder wishes to delete, correct or change the registration, he may request at any time through the Privacy Request Form.

For the same period (03 years) the information obtained through the "Contact", "Quotation" and "Newsletter" forms will be kept, and may be deleted in a shorter time by the Rio Deserto Group, without prior notice to the Owner.

The option to withdraw consent for the processing of information provided by the data subject, freely and spontaneously offered, without the existence of legislation that requires retention by Rio Deserto, can be exercised at any time, through the Privacy Portal.

If sensitive personal data is included in attachments (resumes), which are unnecessary for the purpose of registering resumes in the database, Rio Deserto Group may delete the information immediately, without notice to the holder.

Rio Deserto Group may retain some personal data beyond the periods indicated above to comply with legal or regulatory obligations, as well as to allow and guarantee the regular exercise of rights (for example, in judicial, administrative or arbitration proceedings) or for statistical or historical purposes.

When the company no longer needs to use the holders’ personal data, they will be removed from systems and records or anonymized, so that the holders can no longer be identified.

Links to third-party websites and social login

Rio Deserto’s websites and applications may occasionally contain links to and from partner, advertiser and affiliate websites. If you follow a link to any of these sites, please note that these sites have their own privacy policies and that Rio Deserto Group is not responsible for such policies. Check the policies before submitting any personal data.

You are also offered the opportunity to use your social media login. If you do, please be aware that you share your profile information with Rio Deserto Group, depending on your social media platform settings. Visit the respective social media platform and review the privacy policy to understand how your personal data is shared and used in this context.

Social Media and User Generated Content

Some of Rio Deserto’s websites and apps allow users to submit their own content. Any content uploaded to one of the company’s social media platforms can be viewed by the public. Therefore, it is important to be careful when providing certain personal data, such as financial or address information, for example. Rio Deserto Group is not responsible for any actions taken by third parties if you post personal data on the company’s social media platforms and recommends that you do not share this information.


If you have any questions or concerns about how Rio Deserto Group treats and uses your personal data, or if you want to exercise any of the aforementioned rights, please contact us through the Privacy Portal.

Grupo Rio Deserto has appointed Mr. André de Luca Dalsasso as Data Protection Officer/Data Protection Officer (DPO). The user can contact the DPO through the email or through the Privacy Request Form.

Mediation and Election Forum

This Privacy Policy is subject to the Law of the Federative Republic of Brazil. The Judicial District of Criciúma, in turn, is competent to settle any dispute.

Policy Changes

This online Privacy Policy may be changed without notice, due to technological, legal or commercial factors, with immediate effect after publication on the websites. When amending this Policy, Rio Deserto Group will modify the date of the update that appears at the top of this page and will publish the latest version of the document on its website. If there are changes in the way Rio Deserto Group uses users’ personal data, they will be notified through the websites, with a prominent notice about these changes before their implementation. Users’ rights in relation to this Privacy Policy will not be reduced without their explicit consent.

Terms and Definitions

Anti virus: Program or software specifically designed to detect, nullify and eliminate viruses and other types of malicious code from a computer.

Cookie: These are digital files with small pieces of data (and usually with a unique identifier) stored on your device through the browser or application, which store information to identify the user and their preferences.

Cryptography: Science and art of writing messages in ciphered or coded form. It is used, among other purposes, to authenticate the identity of users, authenticate electronic transactions, and protect the confidentiality of personal and business communications.

Personal data: Data related to the identified or identifiable natural person.

Firewall: Device consisting of a combination of software and hardware, used to divide and control access between computer networks. Personal firewall is software or program used to protect a computer against unauthorized access from the Internet.

Logoff: Device consisting of a combination of software and hardware, used to divide and control access between computer networks. Personal firewall is software or program used to protect a computer against unauthorized access from the Internet.

Browser: Application used for browsing websites and internet portals.

Spam: Term used to refer to unsolicited emails, usually sent to large numbers of people.

Treatment: Any operation carried out with personal data, such as those relating to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, diffusion or extraction.

User: Any person authorized to access restricted areas of Rio Deserto’s websites, through identification and authentication, or areas of free access, mainly customers, suppliers, partners, representatives, employees and job seekers.

Virus: Program or part of a computer program, usually malicious, that propagates itself by infecting the machine, that is, inserting copies of itself and becoming part of other programs and files on the computer. Its purpose is to cause damage to information, in addition to carrying out other malicious activities.