top of page

PRIVACY NOTICE

 

rra_ believes that the security and privacy of your information are important. For this reason, we strive to adopt the best practices in our activities to keep your personal data protected, and how we do this can be found in this Privacy Notice.

 

ABOUT OUR PRIVACY POLICY

 

The Privacy Notice is the document we provide so that Personal Data Subjects (you) can easily access information about how we may process personal data in our operations, whether carried out through our digital or physical environments.

We ask that you read the information contained in this document carefully, so that you have full knowledge of how your information will be treated, processed, and stored by rra_.

We emphasize that other applications, even those eventually used to contact us, use their own terms of use and policies. In these cases, you need to consult each application directly to find out how your data is handled by them.

 

IMPORTANT TERMS AND DEFINITIONS

 

We understand that some terms used in this notice are not part of your daily life, so we provide some important definitions to help you understand how we process your personal data.

ANPD: Is the Brazilian National Data Protection Authority.

CONTROLLER: Is the processing agent, natural or legal person, public or private law, who is responsible for decisions regarding the processing of personal data;

PERSONAL DATA: Is any information or set of information that allows the complete or partial individualization or identification of a natural person (DATA SUBJECT);

SENSITIVE PERSONAL DATA: Is information related to racial or ethnic origin, religious conviction, political opinion, union affiliation or organization of religious, philosophical or political nature, data referring to health or sexual life, genetic or biometric data, when linked to a natural person (DATA SUBJECT);

DPO (Data Protection Officer): Is the person who will communicate between rra_ and the DATA SUBJECTS;

LGPD: Is Law 13.709/18, named the General Data Protection Law, which deals with the processing of personal data, including in digital media, with the objective of protecting the fundamental rights of freedom and privacy.

OPERATOR: Is the processing agent, natural or legal person, public or private law, who processes data on behalf of the controller;

DATA SUBJECT: Is you, the natural person to whom the personal data being processed refers;

DATA PROCESSING: Is any operation performed with your personal data, such as collection, production, reproduction, classification, use, distribution, archiving, elimination, modification, transfer, extraction, etc;

 

TYPES OF DATA

 

We may use your personal data for the performance of some of our activities. However, the types of data will depend on the operation in question and your relationship with us. Thus, the following categories of personal data may be processed:

  • Registration and Identification: Name, CPF (Brazilian individual taxpayer ID), profession, professional affiliation (company you work for).

  • Related to electronic communications: Name, email address, phone number.

  • Browse data: Cookies, cache storage, IP address, and information about accessed pages.

Exceptionally, other personal data (including sensitive data) may be processed when necessary for the fulfillment of legal or regulatory obligations, when necessary for the execution of a contract, or when there is a legitimate interest or the consent of the Data Subject. In these cases, we will seek to keep you informed, always ensuring the transparency and privacy of your information.

 

WHY WE PROCESS PERSONAL DATA

 

The processing of your data may occur for different reasons and to serve various purposes, depending on the activity for which that information is necessary.

Our commitment is to facilitate your access to this information. Therefore, we have prepared the following table containing the main personal data processing activities according to the main purposes, affected data subjects, and the category of personal data (listed above, in section 3 of this notice).

We emphasize that we will not process data from children and adolescents forwarded to us, except for purposes previously communicated to the legal guardian, who in these cases will expressly authorize the processing of that data.

Furthermore, we reaffirm our commitment to your privacy by not using excessive data that may be forwarded to our team or that we have access to through third parties. Thus, we ensure that the processing of personal data does not exceed what is necessary to achieve the purpose of using the personal data.

If necessary, the change of purpose for the use of your personal data will only be carried out when there is an adequate legal basis authorizing the new processing, such as compliance with a legal or regulatory obligation, regular exercise of rights or legitimate interests of the Controller, when applicable and guaranteeing your right to object to the processing.

 

COOKIES AND CACHE

 

Cookies are small text files or fragments of information that are transferred to your computer, smartphone, or any other internet-connected device during your visit to our application.

We collect Cookies for specific Browse functionalities in our digital environments, such as enhancing your user experience and generating traffic statistics. These cookies contain data related to your interaction with our pages and store only information related to your preferences.

Our pages adopt a Cookie banner, where we inform which cookies are used and how users could disable them, if they so wished. Additionally, you may choose not to provide cookies at any time, simply by disabling this function in your browser, aware that, by doing so, the services provided by the site may not present all their functionalities.

Below is the direct link for managing Cookies in major browsers:

  • Internet Explorer: click here.

  • Microsoft Edge: click here.

  • Firefox: click here.

  • Safari: click here.

  • Google Chrome: click here.

  • Opera: click here.

We also use cache-based resources, which allow temporarily keeping local copies of static files, such as images and texts. This means that when you access our site again, the web server will check your browser for the storage of static files, allowing the retrieval of previously stored HTML page elements, which will make loading faster.

You can disable the use of this functionality in your browser settings, which will also not be activated if you browse in private/incognito mode. If you wish, it is possible to delete all temporary files stored in cache directly from your browser's settings panel.

 

HOW WE OBTAIN/COLLECT PERSONAL DATA

 

We may have access to your personal data through our website, or through other forms of contact and interaction that you or third parties have with us. Thus, your data can be obtained when you provide it to us yourself, for example, by filling out a form or by sending documents, information, and communications by email.

In addition, we may have access to your data through indirect means, such as in the case of sharing by third parties, for example. Thus, we may have access to your data when it is necessary for us to perform some specific activity, whether by virtue of the execution of a contract, legal obligation, or legitimate interest.

 

STORAGE AND SHARING

 

We have a robust technological infrastructure to store your personal data securely and in accordance with applicable security standards for each processing hypothesis. Thus, we opt for systems that guarantee information security, so that our processes are protected by security layers such as firewalls, Antivirus, Access Control by password, and encryption key.

We will seek to keep your personal data stored only until the purpose for which it was collected is achieved. However, in some cases, we may keep the registration history of your data for a longer period than necessary for the purpose of service, such as for auditing, security, fraud control, credit protection, and preservation of rights, as well as in cases where the law or regulatory standard so establishes.

The sharing of personal data will only occur when necessary to achieve the purpose of its processing, for example, with suppliers responsible for the operation of our computer systems when they process personal data on our behalf, according to the instructions contractually established by us.

Furthermore, we will be obliged to share your information in some cases provided by the LGPD, such as by legal or judicial determination, for example.

We also always seek to ensure that our storage and/or sharing occurs securely, according to the available technologies and applications. Thus, when sharing your personal data with data operators, we require security levels at least equal to ours, in order to avoid any risk to your privacy.

 

SECURITY

 

In respect of your privacy, we adopt technical and administrative security measures to protect your personal data against unauthorized access, use, and alterations, using tools such as antivirus, firewalls, and constant monitoring of our networks. Access to your data is only permitted to authorized persons, after verifying the necessity and suitability for the pre-established purpose.

We emphasize that our website operates under the authenticated HTTPS (Hyper Text Transfer Protocol Secure) protocol, which guarantees the traffic of information through an encrypted connection.

Aligned with the purpose of ensuring your security and privacy, we have a Privacy and Data Protection Governance Program, which is constantly monitored, updated, and improved. Awareness campaigns and training for rra_ employees are sporadically carried out, always alerting about the importance of respecting the privacy and data protection of all Data Subjects involved in our operations.

However, you should be aware that none of the measures offers 100% success, whether in operation or data protection. These measures are designed to offer an adequate level of security to the risks for the processing of your personal information.

In the remote event of a data breach or privacy violation, we will adopt all applicable measures provided for in our Incident Response Plan, designed to prevent damage, as well as carry out all communications provided for in the LGPD, whether to the Data Subjects or to the ANPD.

 

ELIMINATION/DISPOSAL OF PERSONAL DATA

 

Your personal data will be eliminated when the fulfillment of its respective purpose(s) is verified, or when its storage is no longer necessary given the hypotheses provided in this notice.

It is possible to request the elimination of your personal data, in the exercise of your Data Subject Rights, however, rra_ may reject requests that it considers unreasonable or not required by law, as well as when your identity has not been satisfactorily validated. Situations of refusal will be informed to you through the contact information you provide us when making your request.

 

DATA SUBJECT RIGHTS

 

We seek to ensure the best processing of your data, respecting applicable legislation and the best technical and administrative practices in the market regarding their protection.

As a Personal Data Subject, you have rights listed in Art. 18 of the LGPD, which we inform you below how they can be exercised:

  • Through our Privacy Portal, you can request access to clear and complete personal information about how (if) we process your personal data;

  • We provide a contact channel so that you can request the correction and update of your incomplete, inaccurate, or outdated data, so that rra_ maintains the veracity and accuracy of your data. The same contact channel can be used to confirm the existence of data processing of your ownership.

You are also allowed to request, through the contact channel, the blocking or elimination of your data processed by rra_, however, requests may eventually be rejected if there is a legal basis for the continuation of the processing, such as when the data is necessary for the fulfillment of legal, regulatory and/or contractual obligations by rra_.

We will make our best efforts to fulfill your request as soon as possible and may reject requests that are unreasonable or not required by law, as well as when your identity has not been satisfactorily validated; situations of refusal will be informed to you through the contact information you provide us when making your request.

 

CONTACTS WITH RRA_ AND OUR DPO

 

You can access clear and complete information about the processing and protection measures of your personal data, as well as any questions about this Privacy Notice by contacting our Data Protection Officer (DPO), exclusively through the contact provided below.

DPO: Rafael Reis CONTACT: dpo@rra.digital

We will seek to respond to requests we receive from data subjects as soon as possible.

We ask that data subjects who wish to exercise their rights regarding privacy and data protection observe the legal response times and limits, as provided in Art. 19 of the General Data Protection Law (Law 13.709/2018) and regulations issued by the ANPD.

We will not receive or respond to any requests made by any other means than those indicated above. Other communications not related to privacy and personal data protection should be made through the contact means indicated by rra_.

 

UPDATES

 

This Privacy Notice was last updated on October 27, 2024. It may be changed at any time to meet legislative changes, regulatory body requirements, or operational needs, with due publicity given to such changes.

bottom of page