Privacy Policy
Please know that your privacy and the confidentiality of your information are very important to our company.
In order to guarantee the confidentiality and protection of your data, we also suggest that you take the following precautions:
• ensure that your browser is always up to date, including antivirus software;
• verify the origin of the messages and under no circumstances access the website through links received by email, SMS, WhatsApp, among other sources;
• disregard any suspicious message;
• always review this Privacy Policy, and pay attention to the information regarding navigation, security and privacy.
1. About the General Data Protection Law
The General Data Protection Law - LGPD (Law 13,709/2018) provides for the processing of personal data, including in digital media, by a natural person or by a legal entity under public or private law, with the aim of protecting the fundamental rights of freedom and privacy and the free development of the natural person's personality.
2. Rights of the Holder
According to art. 18 of the LGPD, the holder of personal data has the right to obtain from the controller in relation to the data of the holder processed by him, at any time and upon request: confirmation of the existence of processing; access, correction and portability of his data; anonymization, blocking or deletion of data; obtain information about the sharing of his data and revocation of consent.
3. Legal provisions for the processing of personal data
This Privacy Policy was prepared in accordance with the General Law for the Protection of Personal Data (Law 13,709/18), the Civil Rights Framework for the Internet (Law 12,965/14) and the Consumer Protection Code (Law 8078/90 - art. 43).
4. About the Controller, Operator and Manager
According to art. 5, item VI, of the LGPD, the controller is a natural or legal person, under public or private law, who is responsible for decisions regarding the processing of personal data. The controller is the agent responsible for making the main decisions regarding the processing of personal data and for defining the purpose of this processing.
The operator (art. 5, inc. VII, of the LGPD) is a natural or legal person, under public or private law, who processes personal data on behalf of the controller. The operator must carry out the processing according to the instructions provided by the controller, who will verify compliance with his own instructions and the rules on the matter.
For the purposes of this Privacy Policy and in compliance with the LGPD, RHR acts as the controller and operator responsible for processing the data collected when you use our services through our service channels.
The person in charge, in turn, is the person appointed by the controller and operator to act as a communication channel between the controller, the data subjects and the National Data Protection Authority (ANPD), according to art. 5, inc. VIII of the LGPD. The person in charge is the individual responsible for ensuring the compliance of an organization, public or private, with the LGPD.
5. Who is the Privacy Policy applicable to?
This policy is for users of our website or people who interact with RHR – who, through our service channels, consume, visit or are simply learning about our services.
6. When does RHR collect personal data?
Your personal data is collected from the moment we initiate communication (depending on the type of service provided), therefore you provide your data when you request services and/or purchase products through our Service Channels.
IMPORTANT: The RHR website does not collect personal data directly, the collection is carried out through the systems provided there, that is, when you access and enter data in any of these systems, we receive this information and store it to respond to requests, personalize service, provide services, improve communication with the public, conduct research and send information about services and products, which in turn, may be carried out through the channels available at the company, such as email, SMS, among others.
7. Why and for what purpose does RHR collect and use personal data?
The data collected, stored and processed are used to identify our customers and users, in order to provide our services and products appropriately, increasing their satisfaction, complying with legal obligations, promoting internal management and auditing and providing security and protection.
The collection, storage and processing are carried out for legitimate, lawful purposes and directed towards the activities and purposes of RHR's business, maintaining compliance with current legislation and ensuring the fulfillment of our mission “to connect people, institutions and businesses through accessible, reliable and competitive communication and logistics solutions”.
The processing of data for purposes not provided for in this Privacy Policy will only occur upon prior communication to the user and with their respective consent, so that the rights and obligations provided for remain applicable.
In which cases do we collect and use data?
• To provide our services and products, budgets, quotes and business contacts. The basic identification data, such as: name, CPF or CPJ, email or address, are used to facilitate interaction between the company and its customers, to supply its products and to adequately provide the requested service. These services include: execution of marketing activities, research on/about new products and services, satisfaction surveys regarding the service provided, communication with customers, response to requests for information, complaints, reports and suggestions and dispute resolution.
• To ensure the well-being of the user and visitor
We collect personal data to improve the service offered by our company, enhance the user experience and provide specific functionalities.
• To enable Internal Management and Auditing
Personal data may be used in internal business processes of the represented companies, internal audits and investigations, reporting and analysis;
• For service improvements
Customer data may also be collected to understand how customers access the information contained on our website, which helps us develop solutions to prevent problems or identify areas for improvement.
• To comply with legal obligations
The processing of personal data may also be necessary to comply with laws and regulations.
• For safety and security
Personal data may be processed for the purposes of security, access rights (e.g. providing secure services for online and offline transactions) or the protection of assets, suppliers and business partners.
8. What information is collected?
• Personal data
When you provide us with data through communication channels (email, telephone or WhatsApp, registration of praise, query, support or complaint), correspondence, direct marketing, some personal data is collected.
Depending on the purpose, the data collected may be: name, CPF or CNPJ, email, telephone and address.
We would like to highlight that this data allows us to identify customers and users and guarantee them greater security and support for their needs. This information is the minimum necessary to carry out the requested services.
- Navigation Data:
Other information may also be collected through cookies (such as demographic information) and is used for statistical purposes and to improve communication with customers and website users. However, this data is anonymized. The data may include keywords used in a search, the sharing of a specific document, page views, the URL from which the user and visitor came, the browser they use and their access IPs, among other information that may be stored and retained. For more information, access the Cookie Policy.
9. Sharing Information
The personal information of customers and users collected will not be passed on to third parties, except:
• With your express authorization;
• To meet specific purposes of executing public policies and legal attribution;
• Need to comply with any applicable legislation, regulation, legal process or government request;
• In cases of decentralized execution of public activity that requires transfer, exclusively for that specific purpose;
• In cases where the data is publicly accessible;
• When there is a legal provision or the transfer is supported by contracts, agreements or similar instruments; and
• When the transfer of data has the exclusive purpose of preventing fraud and irregularities, or protecting and safeguarding the security and integrity of the data subject.
10. Your privacy rights
Holders of personal data may exercise their rights, the rights of the holder – upon request – involve:
• Confirm the existence of processing;
• Access, update, carry out portability, anonymize and delete personal data;
You have the right to access your personal data in our custody, to correct incomplete, inaccurate or outdated data, in addition to carrying out its portability.
You may also request the deletion of your personal data when collected through consent or request the anonymization, blocking or deletion of unnecessary, excessive or non-compliant data.
The exercise of the rights reserved to you may be impacted by other factors that, when combined, may result in their non-execution (for example: your request may not be carried out if your data is related to any process within the companies represented by RHR, such as orders, quotes, payment titles, bills, compensation requests, legal proceedings, compliance with legal, regulatory or judicial obligations, among others).
• Obtain information regarding data sharing and the possibility of not providing consent; and
• Revoke consent.
At any time you can request the revocation of consent given for the processing of your data.
11. What is consent?
According to the legal definition (art. 5, XII, LGPD), consent is the “free, informed and unequivocal manifestation by which the holder agrees to the processing of his/her personal data for a specific purpose”. Additionally, in the case of sensitive data, consent must be provided “in a specific and highlighted manner, for specific purposes” (art. 11, I, LGPD).
• How does RHR obtain consent?
Each operation (inclusion, update, portability, anonymization, deletion and sharing, among others described in the LGPD) that you perform in our systems and that involve personal data is subject to consent, thus, the data subject hereby authorizes the processing of their personal data.
• What is the implication of NOT giving consent?
It is the right of the data subject not to consent to the processing of their personal data, in which case we emphasize that this decision may impact the provision of the service that you wish to contract or use.
IMPORTANT: Failure to consent may result in the provision of the service, when the processing of personal data is a necessary condition for its execution.
• Can I revoke my consent?
The data subject is free to revoke the authorization previously granted for the processing of his/her personal data at any time.
IMPORTANT: Consent can be revoked through our service channels.
12. Information security
We are committed to implementing the necessary technical and organizational measures to protect our customers' personal data against unauthorized access and against destruction, loss, alteration, communication or dissemination. The information stored in our databases is protected under strict information security and personal data privacy controls.
All systems involved in the processing of personal data are developed taking into account security requirements and are structured to meet good practice standards such as ISO/IEC 27001 (standard for information security management systems), governance, as well as the general principles set out in the LGPD and other regulatory standards.
Our services are offered to website visitors and those with whom we have business relationships, such as:
• Safe browsing features;
• Physical security measures to prevent unauthorized access to systems and infrastructure; and
• Restricting access to personal information by employees and unauthorized personnel.
All of our employees with access to personal information are subject to contractual confidentiality obligations and the administrative, civil or criminal penalties and sanctions defined in specific legislation in the event of non-compliance.
13. Cookies or Browsing Data
The user and visitor acknowledges and accepts that a navigation data collection system may be used through the use of cookies. Read more in the Cookies Policy.
14. Who do I talk to about my personal data?
If you wish to make a complaint or request any clarification regarding the processing of your personal data, the contact channel is:
• I DO NOT want to talk about my personal data, what do I do?
- If your complaint is a complaint, request for action, report, suggestion or compliment, you must make it known via our emails or telephones.
15. Changes to the Privacy Policy
This Privacy Policy may be changed at any time, so it is recommended that the user and visitor review it frequently.
Any changes made to the Privacy Policy will take effect immediately upon publication on our website. Therefore, by using the services or providing personal information after these changes, the user and visitor demonstrate that they are aware of them.
16. Jurisdiction for dispute resolution
Brazilian law shall be fully applied to resolve disputes arising from this instrument. Any disputes must be filed with the courts of the district where the company is headquartered.
17. General Information
Each product or service has a specific period for storing your personal data, in accordance with specific laws and regulations, so don't worry, because your personal data will be treated securely until the end of the storage period.
We are not responsible for malicious practices or misuse of content from other websites, as well as for data security failures or illegalities committed by third parties, whether they are commercial partners or not.
18. Definitions
• Anonymization: use of reasonable technical means available at the time of processing, through which data can no longer be associated, directly or indirectly, with an individual.
• National Authority: public administration body responsible for overseeing, implementing and monitoring compliance with this Law throughout the national territory.
• Database: structured set of personal data, established in one or more locations, in electronic or physical format.
• Cookie: is a small file saved on the user's computer that stores preferences and other information used on the web pages they visit. For example, when you log in with your username and password on a website, your browser (Internet Explorer, Mozilla, Google Chrome, Firefox) receives and saves one or more cookies. These cookies serve as an identification that the browser sends on each access; they remain on the user's and visitor's hard drive after the browser is closed. Cookies are used by the browser on subsequent visits to the website and can be removed by following your browser's instructions.
• Personal data: all information related to a natural person that makes them identifiable, such as CPF, ID or residential address. Personal data may also be sensitive and relate to racial or ethnic origin, religious belief, political opinion, membership in a union or organization of a religious, philosophical or political nature, health or sexual life, genetic or biometric data, when linked to a natural person.
• IP: Internet Protocol, is the Internet protocol that identifies, locates and establishes a connection between computers connected to the Internet.
• Privacy Policy: is a set of terms that describes the practices adopted by the website or application in relation to user information. Its function is to establish and clarify to the visitor how the data will be used and for what purpose.
• Website: Set of information made available on the Internet, by an individual, institution, company, etc., belonging to the same address (URL) and generally dealing with a specific subject.
• Processing: any operation performed with personal data; such as those related to:
- access - the ability to communicate with a device, storage medium, network unit, memory, registry, file, etc., in order to receive, provide, or delete data; - storage - the action or result of keeping or preserving data in a repository; - archiving - the act or effect of keeping data registered even though it has lost its validity or its validity has expired;
- evaluation - the act or effect of calculating the value of one or more data;
- classification - the way of ordering data according to some established criterion;
- collection - the gathering of data for a specific purpose;
- communication - the transmission of information relevant to policies for action on data;
- control - the action or power to regulate, determine, or monitor actions on data;
- dissemination - the act or effect of disclosing, propagating, multiplying data;
- distribution - the act or effect of making data available according to some established criterion;
- elimination - the act or effect of deleting or destroying data from the repository;
- extraction - the act of copying or removing data from the repository in which it was found;
- modification - the act or effect of altering data;
- processing - act or effect of processing data;
- production - creation of goods and services from data processing;
- reception - act of receiving data at the end of transmission;
- reproduction - copy of pre-existing data obtained through any process;
- transfer - change of data from one storage area to another, or to a third party;
- transmission - movement of data between two points by means of electrical, electronic, telegraphic, telephone, radioelectric, pneumatic devices, among others; and
- use - act or effect of using data.
• URL: is the abbreviation for the English term Uniform Resource Location. The URL refers to the standard of address names on the Internet. Each page must have its own URL to facilitate its access.