Privacy Policy for Web Apps and Help Center
1 GENERAL INFORMATION TODAY
digital ltda (YouDeserve) is a company that develops technology for employers to provide a public recognition system for optional use to their employees by sending public written compliments and with private donations of virtual points, when made available by the employing company, which have a monetary value and when they are collected, They can be exchanged for awards in the form of physical or digital rewards, according to the guidelines and availability of the employing company. Thus allowing it to offer an environment that proves motivation, engagement and interaction among its employees, as well as allowing the employing company to obtain strategic information for the improvement of the organizational culture.
TODAY DIGITAL LTDA (YouDeserve) is responsible and committed to the privacy of the information of its customers, employees, cooperative members, service providers, suppliers, partners and users. That is why it informs interested parties, providing more transparency on how the data is processed, in whole or in part, in an automated way or not, the personal data to which we carry out processing operations.
This Privacy Policy aims to clarify interested parties about the types of data that are collected, the reasons for collection and how data subjects can update, manage or delete this information with the organization.
This Privacy Policy was prepared in accordance with Federal Law No. 12,965 of April 23, 2014 (Civil Rights Framework for the Internet) and Federal Law No. 13,709, of August 14, 2018 (Personal Data Protection Law – LGPD).
Our Privacy Policy applies only to the specified pages of our customer and partner web applications and service channel (Help and Service Center) and to internal company processes, accessible at the addresses https://app.youdeserve.today, https://partner.youdeserve.today and https://help.youdeserve.today.
This Privacy Policy may be updated as a result of any regulatory update, which is why the user is invited to periodically consult this section.
2 DEFINITIONS
For the purposes of this Policy, the following definitions are understood:
· Legal bases: are the hypotheses provided for in the LGPD that allow the organization to process personal data, such as consent, legal or regulatory obligation, contract execution, among others.
· Controller: natural or legal person, under public or private law, who is responsible for decisions regarding personal data.
· Personal data: all information relating to a natural person that can identify him or her or make him identifiable.
· Sensitive personal data: personal data about racial or ethnic origin, religious belief, political opinion, membership of a union or organization of a religious, philosophical or political nature, data related to health or sex life, genetic or biometric data, when linked to a person natural.
· Person in charge (DPO): person appointed by the controller to act as a communication channel between the controller, users and the National Data Protection Authority.
· LGPD: General Law for the Protection of Personal Data.
· Processing: are the operations carried out by the organization with personal data, including activities such as: collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or extraction.
· Data subject: is the natural person to whom the personal data subject to processing refers (customers, employees, service providers, etc.).
· Operator: natural or legal person, under public or private law, who processes personal data on behalf of the Controller (subcontracted suppliers).
3 RESPONSIBILITY FOR DATA PROCESSING
The Controller is the controller of the data subject's personal data. This responsibility may be performed by an individual or legal entity that, individually or jointly with other entities, has the prerogative to determine the purposes and procedures for the processing of such personal data, as established in Art. 5, VI of the LGPD.
The operator is responsible for processing personal data on behalf of the controller, following the guidelines established by the latter in the data processing chain through a contract signed between both parties.
The data subject is the individual whose information is accessed through queries in public and publishable databases to provide services to our customers, such as, for example, ensuring the best performance in credit analysis.
The responsibility of TODAY DIGITAL LTDA (YOUDESERVE), in this context, is to ensure good information security practices in the processing of data, and in privacy matters, it guarantees the collection of data consent, storage encryption, strong password policy, monitoring and data disposal policy.
TODAY DIGITAL LTDA (YOUDESERVE) acts as a Data Operator: since it processes the personal data of employees forwarded by its customers due to the services and obligations stipulated in the contracts signed, these are called Controllers.
TODAY DIGITAL LTDA (YOUDESERVE) is represented by Marco Aurélio Cevey, who can be contacted by e-mail: dpo@youdeserve.today / dpo@youdeserve.work.
4 Rights of the data subject
The Data Subject has the right to request information from the company on:
· Confirmation and access to data: the right to obtain confirmation as to whether or not personal data concerning him or her is being processed by the organization and, If this is the case, the right to access your personal data;
· Rectification of data: right to request correction or updating of personal data that is inaccurate or outdated concerning you;
· Deletion of data: right to have your personal data deleted from the website, observing the rights of the organization;
· Data anonymization: the right to have their data anonymized, that is, unlinked from any and all forms of connection with their Holder, making it impossible to identify them;
· Data blocking: the right to temporarily suspend the processing of your personal data by the organization;
· Limitation of data processing: the right to limit the processing of your personal data, when it is inaccurate or used unlawfully or without complying with the proposed purposes or for unnecessary purposes;
· Opposition: the right to object on grounds relating to your particular situation, to the processing of personal data concerning you, subject to the rights of the organisation.
· Data portability: the right to request the transfer of your personal data to another website that provides a service or product.
· Obtain information about data sharing: the right to obtain information about the public and private entities with which the controller has shared their data;
· Get information about consent: the right to obtain information about the possibility of not providing consent and its consequences;
· Right to obtain review of automated decisions: right not to be subject to any decision made solely on the basis of automated processing (if any).
· Right of revocation: right to request the revocation of your consent to the processing of your data by the controller.
If the company is the Data Controller, the Data Subject may exercise all its rights established in art. 18 of the LGPD, as mentioned above. If the company acts as the Data Operator, the Data Subject will only be able to exercise the following rights: confirmation, access and rectification of data, as well as obtain information about the sharing and consent.
To exercise their rights, the Data Subject must use the specific form available on our website, at the address https://www.youdeserve.today/contacts.html or send an email to privacide@youdeserve.today / privacy@youdeserve.today / privacidad@youdeserve.today. In this form, it is necessary to provide the following information: type of contact, full name, corporate email, telephone, company name, in addition to the message of the subject to be addressed.
If the company acts as a Data Processor, the Data Subject will have the option to exercise the other rights contained in art. 18 of the LGPD, by contacting directly the company contracting our services, which is called the Controller.
5 What PERSONAL Data Do We Collect?
5.1 Data informed in the forms in our web applications, help center and service channel;
5.2 Data from our service providers;
5.3 Data of our customers, their employees and representatives;
5.4 Browsing data in the client's and partner's web applications and service channel (Help and Service Center), such as URL, IP address, Browser Type, Language, pages visited and date and time of use;
Eventually, other types of data not expressly provided for in this Policy may be collected, as long as they are provided with the consent of the holder, or even that the collection is allowed or imposed by law.
6 Why do we process personal data?
6.1 Data informed in the forms in our web applications, help center and service channel: used to provide the services made available in the hiring by our customers, such as user management, recognition among employees with praise and virtual points, redemption of prizes in the form of digital or physical rewards, management of prizes and virtual points, in actions related to customer success, being possible by requesting surveys, evaluations of the services and solutions available, the rewards made available or the experience of using the platform and results obtained by users and finally (always with the commitment to make it clear when these data collected are of anonymous or not, for the knowledge of our users, in addition to the one present here), the management of active support (questions, support for use, errors, complaints as well as suggestions) requested in the Help Center or in the chat service channel within the applications, and other information that users request from the organization.
6.2 Data from our service providers: used to comply with the obligations established in the service provision contract and compliance with legal and regulatory obligations of a tax nature.
6.3 Data of our customers and their representatives: data used to monitor the services provided to customers, as well as to comply with the obligations provided for in the contract signed with the customer and compliance with legal and regulatory obligations of tax origin.
6.4 Browsing data on our website: used to improve and personalize the user experience during their use of our web applications and help center.
7 WHAT LEGAL BASES DO WE USE?
7.1 Data informed in the forms in our web applications, help center and service channel:
· Consent (Art. 7th, I of the LGPD): users, by providing their data in our forms, as well as surveys or evaluations, express their consent and agreement with the terms set forth in this Privacy Policy.
· Legitimate Interest (Article 7, IX of the LGPD): to provide the services requested by users through our forms and support and promotion of the activities carried out by the organization, under the terms of Article 10, I and II of the LGPD.
The holder has the right to withdraw their consent at any time, provided that the processing of the data is based solely on their consent, without any other legal basis for the basis provided for in the LGPD.
The withdrawal of consent, when effective, does not compromise the lawfulness of the processing of your personal data before the withdrawal.
The withdrawal of consent can be done upon request of the holder through the form available on our website https://www.youdeserve.today/contacts.html or by sending an e-mail to privacide@youdeserve.today / privacy@youdeserve.today / privacidad@youdeserve.today.
7.2 Data of our service providers:
· Execution of contract (Art. 7, V of the LGPD): execution of the obligations provided for in the contractor's service agreement.
· Legal or regulatory obligation (Art. 7, II of the LGPD): compliance with tax laws applicable to the organization.
7.3 Data of our customers and their representatives:
· Execution of contract (Art. 7, V of the LGPD): execution of the obligations provided for in the contract signed with the customer.
· Legal or regulatory obligation (Art. 7, II of the LGPD): compliance with tax laws applicable to the organization.
7.4 Browsing data in our web applications, help center and service channel:
· Consent (Art. 7, I of the LGPD): users when using the services and content offered in our web applications, help center and service channel express their consent and agreement with the terms set forth in this Privacy Policy.
· Legitimate Interest (Art. 7, IX of the LGPD): for improvements and personalization of content for users' navigation on the website, under the terms of Art. 10, II of the LGPD.
8 How long do we store data?
The personal data will be kept for a period not exceeding that required to fulfill the purposes set out in this document.
The data retention period is defined according to the following criteria:
· Time of use depending on the service chosen by the user in the web applications and/or the term of the contract established with the organization;
· The data will be kept by the organization after the end of the chosen service or contract in the following cases:
a) For the fulfillment of a legal or regulatory obligation by the controller;
(b) For the fulfillment of contract execution due to the term of the contract established with the contracting company.
(c) For study by a research body, ensuring, whenever possible, the anonymization of personal data;
(d) For the transfer to a third party, provided that the data processing requirements set forth in the legislation are respected;
(e) For the exclusive use of the controller, its access by third parties is prohibited, and provided that the data is anonymized.
9 Who do we share data with?
The Holder's personal data may be shared with suppliers for services/products called Data Operators, when necessary to carry out the processing of personal data and/or perform the obligations arising from the agreements signed with the data subjects.
The organization may also, share personal data with public and/or private entities, in cases where there is a legal or regulatory obligation or judicial or competent authority determination, which requires the provision of personal data.
10 International data transfer
Any data transfer carried out to a foreign country occurs in accordance with the dictates of the General Data Protection Law, observing the requirements set forth in Art. 33 of the aforementioned legislation, such as sharing data with companies that are in countries that provide an adequate degree of data protection with the LGPD, or when the company proves and offers guarantees of compliance with the principles, rights of the holder and data protection regime equivalent to the LGPD.
11 How we protect data
The organization adopts technical and organizational measures aimed at establishing the security of information and the protection of users' personal data, including, but not limited to: information security and privacy policy, information access control, data recovery, monitoring of security incidents, confidentiality with its employees, suppliers and service providers and other complementary measures.
Our web applications, help center and service channel use SSL (Secure Socket Layer) certificate that guarantees that personal data is transmitted in a secure and confidential manner, so that the transmission of data between the server and the user, and in feedback, occurs in a fully encrypted or encrypted manner.
A personal data breach occurs when a security incident causes, accidentally or unlawfully, the destruction, loss, alteration, disclosure or unauthorized access to personal data transmitted, stored or subject to any other type of processing.
The organization will notify the Data Subject, within an appropriate timeframe, in the event of any type of security incident, which deals with the previous item, related to their personal data, which may cause relevant risk or damage to their individual rights and freedoms.
Situations in which the damages are the sole fault of a third party, such as an attack by hackers or crackers or the sole fault of the Data Subject, will not be considered as a security incident, as in in which case he himself transfers his data to a third party.
Finally, the organization undertakes to treat the user's personal data confidentially, within the legal limits.
12 Browsing data (cookies)
Cookies are small text files sent by the website to the user's computer and stored there, with information related to the navigation of the website.
Through cookies, small amounts of information are stored by the user's browser so that our server can read it later. For example, data about the device used by the user, as well as their location and time of access to the website, may be stored.
Cookies do not allow any file or information to be extracted from the user's hard drive, and it is not possible to access personal information that has not come from the user or the way he uses the site's resources.
The information collected through these cookies is used to improve and personalize the user experience, and some cookies can, for example, be used to remember the user's preferences and choices, as well as to offer personalized content.
It is important to note that not every cookie contains information that allows the identification of the user, and certain types of cookies may be used simply for the website to load correctly or for its functionalities to work as expected.
The user may oppose the registration of cookies by the website, simply by deactivating this option in their own browser or device.
Disabling cookies, however, may affect the availability of some tools and functionalities of the website, compromising its correct and expected functioning. Another possible consequence is the removal of user preferences that may have been saved, harming their experience.
Below are some links to the help and support pages of the most used browsers, which can be accessed by the user interested in obtaining more information about the management of cookies in their browser:
· Internet Explorer:
https://support.microsoft.com/pt-br/help/17442/windows-internet-explorer-delete-manage-cookies· Safari:
https://support.apple.com/pt-br/guide/safari/sfri11471/mac
· Google Chrome:
https://support.google.com/chrome/answer/95647?hl=pt-BR&hlrm=pt
· Mozilla Firefox:
https://support.mozilla.org/pt-BR/kb/ative-e-desative-os-cookies-que-os-sites-usam
· Opera:
https://www.opera.com/help/tutorials/security/privacy/
13 COMMUNICATION
CHANNEL Questions related to your personal data, provisions of this policy or compliance with the LGPD guidelines, should be directed to the form on our website https://www.youdeserve.today/contacts.html, or send an email to privacide@youdeserve.today / privacy@youdeserve.today / privacidad@youdeserve.today.
14 Das Changes
This version of this Privacy Policy was last updated on: 29/01/2025.
The organization reserves the right to modify, at any time and without any prior notice, the terms of this policy, especially to adapt them to the evolution of our website, either by making new features available, or by suppressing or modifying existing ones.
Therefore, the Data Subject is invited to periodically consult this page to check for updates.
By using the service after any modifications, the Data Subject demonstrates his agreement with the new rules. If you disagree with any of the modifications, you must immediately interrupt access to our web applications, help center and service channel and present your reservation to the service with our Data Officer through the channels disclosed in this Policy, if you wish.
