We, from RD Gestão e Sistemas S.A. and RD Station Inc. (“RD”, “Resultados Digitais” or “we”), are committed to safeguarding your privacy and protecting your data. The purpose of this document is to clarify which pieces of information are collected on the users of our websites – https://resultadosdigitais.com.br, http://rdstation.com.br, http://rduniversity.com.br, http://rdsummit.com.br and http://rdontheroad.com.br – and respective services – (“You”) and how this data is used.
The acceptance to our Policy is granted when you register on our platform to use one of the services mentioned above. Such acceptance takes place when you agree, in a positive manner, to the use of your data for each of the purposes described herein by us. This indicates that you are aware of and fully agree to the manner in which we use your information and your data. If you opt not to provide us the Personal Data necessary to use our products, or the provision of our services (we will indicate when that is the case), or do not agree to this Policy, we will not be able to provide our products and/or services to you. If you do not agree to this Policy, please do not proceed with your registration procedure and do not use our services. Nevertheless, please inform us of your disagreement so that we can clarify it or improve it.
This document was drafted in a simple and accessible manner, counting of many examples of collection and use of the data, precisely so that you can read and understand the manner in which we use your data to offer you a safe and comfortable experience in the use of the services we offer you.
This Policy is divided as follows for an easy understanding:
- What are the sources of the personal data?
- What type of data does RD collects?
- With whom does RD shares your data?
- International data transfer
- What are the rights of the holders of the data?
- For how long the data is stored?
- How Information Security works in RD
- How to speak to the DPO of RD
- Changes in the Policy
1. What are the sources of the personal data?
The amount and the type of information collected by RD vary according to your use of our services. We collect different data if you are visiting our website, using our software, using the services of clients of our software or the services of RD University. To make the definitions and differences accessible, we divided the collection of data on users into 04 parts, so that you can understand what applies specifically to you.
This Policy applies to the Personal Data that we collect from or on you by the following sources:
Websites of Resultados Digitais. Websites for the consumer and operated by or for RD, including websites that We operate under our own domains/URLs and mini websites that We maintain in social networks of third parties, such as Facebook (websites).
Websites/mobile applications of Resultados Digitais. Websites or mobile applications for the consumers and operated by or for RD, such as applications for smartphones.
Interaction with advertisements. Interactions with our advertisements (for example, if you interact with one or more advertisements on a website of a third party, we may receive information on such interaction).
Data created by Us. During our interactions with You, we can create Personal Data on You (for example, but not limited to, records of your purchases on our websites, and records of your interactions with our contents and e-mails).
Events. Events held and organized by RD, as well as events in which RD participates as sponsor or exhibitor.
It is worth mentioning that we store information regarding all the contacts made with our users, regardless of the type of user that made the contact. Such information includes content downloaded from our pages and interactions via email, such as opening and clicking.
By clicking on the buttons for content sharing on the social networks available in our pages, users publish the content through their profile in the selected network. RD does not have access to the login and password of such networks and will not publish the content on behalf of users if they do not perform such action.
It is worth mentioning that all data that we collect are used for the provision of our services. Therefore, all data and information on you are treated as confidential, and we will only use it for the purposes described herein and authorized by you, especially so that you can fully use our services, always with the purpose of improving your experience as a user. In this regard, see in section 2 what applies to you.
1.2. What are the Legal Grounds for data collection?
We use as legal grounds for data collection only those authorized by law, such as, but not limited to, consent, lawful interest and due performance of the executed agreements. When the legal grounds for the collection is not consent, we always comply with the legislation in force, and respect the individual rights and freedoms of the holders of the data.
2. What type of data does RD collects?
2.1. Visitors of the websites
If you only access our websites, we collect your browsing data. In such case, when you visit our website a “cookie” is placed in your browser by the Google Analytics software to identify how many times you come back to our address.
“Cookies” are identifiers that we transfer to your browser or device that allow us to recognize your browser or device and inform us how and when the pages and features in our Services are visited and how many people access them.
2.2. Leads in RD
If you interact with our materials and contents, we collect, besides your browsing data mentioned in the Visitors part, your data on visits to our pages, and other information that you choose to share with us, through your interactions with our forms, Landing Pages and emails, for example.
To offer content and material interesting to you, it is often necessary to cross the data that we collect on you, so that such marketing actions be directed to what you expect to receive from us. We ensure that this crossing is not performed in a discriminatory manner, violating any of your individual rights and freedoms. In addition, you can, at any time, change or remove such permissions for data treatment, in our Help Center.
In view of such issues, some possibilities of use of your data may take place. In this regard, we recommend the reading of the examples below:
- Your e-mail is used to send material or content requested by you while filling out the form. It can also be used to send Newsletters, always related to Marketing Digital, human resources, technology in general, client’s success, and, also, communication of the launch of new free material or new products of RD and partners. However, the user may cancel the subscription at any time;
- RD Employees may contact via email or telephone to do researches or present products and services;
- Send you messages regarding support or service, as alerts, notifications and updates;
- Communicate with you regarding products, services, sales, news, updates, events and other subjects that you may be interested in; and
- Make targeted marketing according to your tastes, interests and other information collected.
2.3. Users of the Websites and Services of RD
If you use any of our services and/or products, we will collect the following categories and types of personal data: contact data (name, email and phone), location data (country, state and city), professional profile data (position, company and area of the company where you work, number of employees of such company, education and years of experience), billing data (name, Individual Taxpayer’s Register (CPF) number, address, credit card), data for marketing purposes (your marketing preferences and information on your CRM).
If you register with your Facebook/Google account, we will collect personal data publicly accessible in your profile in the social network, such as name and profile image. Providing the e-mail is optional, you may define such data when registering. And to integrate with the services provided, we may collect all data that is publicly available through Facebook/Google to our system, as well as information on your advertisements, with which material and content you interacted, how many clicks they got, information on the visitors in your websites that are available in such platform.
For the registration to access the services and/or products in the free trial mode, the following are collected:
- contact data (name, email and phone),
- professional profile data (position, company, area of the company where you work, number of employees of such company).
To engage our services and/or products, the following are collected:
- contact data (name, email and phone);
- professional profile data (position, company, area of the company where you work, number of employees of such company);
- location data (country, state and city);
- billing and charging address (corporate denomination or name, assumed name, National Corporate Taxpayer’s Register number (CNPJ) or CPF number, legal representative and his/her CPF number, address of the head office, credit card data, when this payment method is chosen, options to the Simples Nacional, supplementary data to issue the Invoice and currency of payment for international clients).
2.4. Users of the websites of RD’s Clients
RD provides to its clients, by the RD Station Marketing and RD Station CRM software, tools for the automation of marketing and sales, creation of Landing Pages, Pop-ups, Forms, sending of marketing email, among others that involve the management of personal information on users with whom its clients have a relationship.
However, it is worth mentioning that RD does not control the information collected by third parties using our system. This data are owned by RD’s Clients, who use, disclose and protect it according to their respective privacy policies. They are also responsible for directly obtaining the consent from the users, and with such power, collect, manage and process the confidential information.
Since RD does not control this data that is collected directly by its Clients, with the purpose of minimizing incidents involving personal data, RD adopts the best practices on information security (see item 6) and safe development existing in the market, so that its Clients may use a safe tool to manage your personal data and the data on their clients too. If you have any doubt on how your data is being managed, we recommend that you contact the company that is offering the services to you.
2.5. RD University Client
If you are an RD University Client, besides the browsing data indicated in the Visitors section, with your consent, we will collect your registration and professional data, such as name, ICPF/Tax Identification Number (NIF), email, company, password, Country and photograph, and billing data (name, CPF number, address, credit card) if the course you are taking is paid. Request for information may be made by direct contact of RD with you via email or telephone.
If you use your Facebook/Gmail account to integrate yourself to the services offered, we may collect also personal data publicly accessible that Facebook offers us, such as name, photograph and email. If you register in the RD University platform using your Gmail email account, we will collect your personal data publicly available and provided by Gmail, such as name, email and profile photograph.
2.6. Participants of RD’s events
If you participate in any event held by RD, such as RD Summit or RD On The Road, it will be collected, by an outsourced platform for ticket sales, the data necessary to confirm your application (such as name, location data, company you work for and place of residence).
Your email data, collected in our events, will be shared with our Marketing team, with the purpose of sending you content and news regarding the subjects related to the event. You may request the change of these preferences, at any time, in our Help Center.
3. With whom does RD shares your data?
Since it is an online platform, RD may operate jointly with other companies in a wide range of activities, including to provide the features of location, advertisers, sponsors and commercial partners, online and offline, besides the tools for divulging and analyzing performance. Therefore, we reserve the right to share your information, including data on location, registration and interests, with the companies below, whenever possible, anonymously, as to preserve at most your privacy.
We do not rent, sell or transfer your personal data to anyone, except the partner companies listed below: We may share your personal data, in the following cases:
Advertisers: You may receive directly advertisements, contents and links exhibited on a customized basis from RD, according to your interests and behaviors in our platform or in other services with which you interact. For such, data may be shared between RD and the targeted marketing platform, especially single identifiers, IP addresses, cookies and other information collected from your browser, that may be used to measure the efficiency of the online marketing. You may oppose to this marketing by contacting us through our Help Center.
Our Partners: We engage other companies to carry out works on our behalf and we need to share your personal data with them to provide the products and services to you. For example, we use data hosting services to store our database, we use also payment method services to process the billing data of our products acquired by you. Our Partners are authorized to use the personal data only for the specific purposes for which they were engaged and, therefore, they will not use your personal data for other purposes, besides the provision of the services set forth contractually.
Statistics: The data stored by RD may be used for statistic purpose (analytics). These pieces of data are grouped, with the purpose of providing a macro analysis of the scenario and, thus, do not intend to identify or make identifiable the holder of the personal data, but only to better understand how is their access to the platforms of RD, in order to improve the provision of services and customize products more targeted at the interests of the users.
Profiles in social networks and other submittals: The registration in RD’s platforms allows you to register with the login of your Facebook or Gmail account, and, in this way, certain data of your Facebook and Gmail account may be shared with RD. In this regard, when you log in, check the personal data publicly accessible that are authorized by these platforms so that you can decide what you want to share with us or not. We do not control the policies and practices of any other website or service of third parties and, therefore, if you register using the profile of a social network, be aware of that.
Registration and authentication: For RD Station CRM customers who choose to insert contact data (such as name, email, phone, and job title) from their Google accounts, we use an integration with Google that allows this data to be imported (via Google API). With this tool, it is possible to securely ensure the authentication and reading of the contact data that will be imported from Gmail to RD Station. Users are allowed to remove app usage permissions in their Google account settings.
For users who authorize the import of contacts from their Google account with their email account, the use of the data involved will comply with the additional requirements of Google Restricted Scopes, listed under Google API Services: User Data Policy.
4. International Data Transfer
RD collects and transfers personal data collected in Brazil to countries located in the European Union and to the USA. This transfer takes place between Partners of RD that operate in personal data processing, and such transfers involve only companies that are Partners of RD and that demonstrate to be in compliance with the GDPR and the Brazilian sectorial laws on data protection.
The head office of RD is located in Brazil, and the data that we collect is governed by the Brazilian law. By accessing or using the Services of RD or providing personal data to us, you agree to the processing and transfer of such data to Brazil and to other countries, mentioned above.
5. What are the rights of the holders of the data?
You may always choose not to disclose your data to us, but bear in mind that some of this data may be necessary to register in our platforms or use some of our features and products that we offer to you. Nevertheless, you will always have rights connected with privacy and protection of your personal data, and, besides caring for the safety of such data, also take care so that you have access and knowledge of all your rights regarding personal data.
Thus, we summarized below all the rights that you have under the General Data Protection Law (LGPD), the other sectorial Brazilian laws regarding data protection and the General Data Protection Regulation (GDPR), which are:
i. Right of access;
ii. Right to rectification;
iii. Right to erasure;
iv. Right to confirm the existence of treatment;
v. Right to request blocking or exclusion;
vi. Right to information of the public and private entities;
vii. Right to restrict processing;
viii. Right to review the automated decision;
ix. Right to object to a treatment;
x. Right to the explanation of the logic behind the collection of your data;
xi. Right to the information on the possibility of not granting consent and on the consequences of the denial;
xii. Right to withdraw your consent.
In that regard, please find below a brief explanation and examples of some of these rights.
- Request for access to your personal data. This right allows you to request and receive a copy of your personal data that we have on you.
- Request for rectification of your personal data in RD. This right allows you to request, at any time, rectification and/or correction of your personal data, if you identify that some pieces of it are incorrect. However, to carry out such correction, we need to check the validity of the data that you provide us.
- Request for the erasure of your personal data. This right allows you to request erasure of your personal data from our platform. All data collected will be erased from our servers when you so requests or when they are not necessary or relevant anymore for us to offer you our services, unless there is any other reason for its maintenance, such as any legal obligations to withhold data or need to preserve it to safeguard RD rights. To change your personal information or erase it from our database, please contact us at our “Help Center”.
- Right to object to data processing. When we rely on a legitimate interest (or that of third parties) and there is something about your specific situation that makes you want to object to the processing in this area, as you deem to impact your fundamental rights and freedoms. You also have the right to object to where we process your personal data for direct marketing purposes, for example. In some cases, we may prove that we have legitimate reasons to process your data, which prevail over your rights, since in such cases it may be essential to provide the product and/or service.
- Right to request blocking or exclusion. This right allows You to request us to suspend the processing of your personal data in the following cases: (a) if You want us to assert the precision of the data; (b) when You need that the data be kept even if we do not need it anymore, as necessary, to assert, exercise or defend legal claims; or (c) if You objected to the use of your data, but in this case we need to check if we have legitimate reasons to use it.
- Restrict processing of your personal data. This right allows you to request us to suspend the processing of your personal data in the following cases: (a) if you want us to assert the precision of the data; (b) when you need that the data be kept even if we do not need it anymore, as necessary, to assert, exercise or defend legal claims; or (c) if you objected to the use of your data, but we need to check if we have legitimate reasons to use it.
- Right to withdraw consent at any time. You have the right to withdraw your consent. However, this will not affect the lawfulness of any processing carried out before you withdrew your consent. If you withdraw your consent, maybe we cannot provide certain products. If that is the case, we will inform you when it happens.
- Right to review automated decisions. You also have the right to request review of decisions made solely on the basis of automated treatment of your personal data that affect your interests.
It may be necessary to request specific information from you to help us to confirm your identity and ensure your right to access your personal data (or exercise your other rights). This is a safety measure to ensure that the personal data is not disclosed to any person that is not entitled to receive it. We may also contact you to obtain more information with respect to your request, in order to answer quickly. Your legitimate requests will be answered within five (5) business days. If your request is especially complex or if you have made many requests, we will notify you and keep you updated on the progress of your request, in the event that it requires more time than that set forth in this item.
If you have any doubt about these issues and on how you may exercise such rights, please contact us via our “Help Center”.
6. For how long will RD store the data?
We maintain your personal data only for the time necessary to meet the purposes to which we collect it, including for the purpose of complying with any legal or contractual obligations or request from competent authorities.
To determine the proper withholding time period for the personal data, we consider the amount, the nature and the sensitivity of the personal data, the potential risk of damage arising from unauthorized use or disclosure of your personal data, the purpose of the processing of your personal data and if we can achieve such purposes by other means, and the applicable legal requirements.
If you use our products and services, the information of your account will be kept for as long as you keep this account active. If you request canceling, your information will be erased within 60 days as of the canceling of your account. If you are a lead of RD, the information on your interaction with us will be stored for five (5) years. Also, if you request the erasure of your data and/or that of your account, in this case, RD will keep the data for seventy-two (72) hours after your request for erasure.
7. How Information Security works in RD
Your account is protected with a password for your privacy and safety. If you access your account through a third party’s website or services, there may be additional or different login protections by this website or service. You must prevent and avoid unauthorized access by third parties to your account and personal data by choosing and protecting your password and/or other connection mechanism in an appropriate manner and by limiting the access to your computer or device and browser, logging out after finishing the access to your account.
With the purpose of ensuring your privacy and protection of your personal data, RD adopts the best practices on information safety and safe development existing in the market, that is, we design our products and services to promote protection of your data and in which you can manage your information directly. Combined with this concept, we adopt encryption practices in passwords and other critical information, TLS for transfer of data between applications, engagement of cloud services with safety certifications and labels, such as ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 and PCI DSS, systems monitoring 24/7, edge Firewall with features of IDS (Intrusion Detection System), Anti-malware, Anti-phishing, content control and VPN.
We strive to protect the privacy of your account and other personal data of yours that we keep in our records, but unfortunately, we cannot ensure total safety. Unauthorized entry and use of the account, hardware or software failure and other factors may compromise the safety of your personal data at any time, thus please help us to keep a safe environment for all. Besides adopting best safety practices with respect to your account and your data, if you identify or become aware of something that compromises the safety of your data, You may consult our FAQ here, or contact us through the customer service channels available.
8. How to speak to the DPO of RD
Address: Rodovia Vírgilio Várzea, S/N, Floripa Office annex to the Floripa Shopping.
Saco Grande, Florianópolis/Santa Catarina, Postal Code (CEP): 88032-000.
Updated on 2021-07-09
Version: 2021-07-09 V. 1.2