Privacy Policy for the Site
1 GENERAL INFORMATION TODAY
digital ltda (YouDeserve) is a company that develops technology for employers to provide a public recognition system for optional use to their employees by sending public written compliments and with private donations of virtual points, when made available by the employing company, which have a monetary value and when they are collected, They can be exchanged for awards in the form of physical or digital rewards, according to the guidelines and availability of the employing company. Thus allowing it to offer an environment that provides motivation, engagement and interaction among its employees, as well as allowing the employing company to obtain strategic information for the improvement of the organizational culture.
TODAY DIGITAL LTDA (YouDeserve) is responsible and committed to the privacy of the information of its customers, employees, cooperative members, service providers, suppliers, partners and users. That is why it informs interested parties, providing more transparency on how the data is processed, in whole or in part, in an automated way or not, the personal data to which we carry out processing operations.
This Privacy Policy aims to clarify interested parties about the types of data that are collected, the reasons for collection and how data subjects can update, manage or delete this information with the organization.
This Privacy Policy was prepared in accordance with Federal Law No. 12,965 of April 23, 2014 (Civil Rights Framework for the Internet) and Federal Law No. 13,709, of August 14, 2018 (Personal Data Protection Law – LGPD).
Our Privacy Policy applies only to the specified pages of our website, material and content pages, blog, landing pages, chat capture on the website and to the internal company processes accessible by the "youdeserve.today" and "youdeserve.work" domains, such as "lps.youdeserve.today" and "lps.youdeserve.work" subdomains.
This Privacy Policy may be updated as a result of any regulatory update, which is why the user is invited to periodically consult this section.
2 DEFINITIONS
For the purposes of this Policy, the following definitions are understood:
· Legal bases: are the hypotheses provided for in the LGPD that allow the organization to process personal data, such as consent, legal or regulatory obligation, contract execution, among others.
· Controller: natural or legal person, under public or private law, who is responsible for decisions regarding personal data.
· Personal data: all information relating to a natural person that can identify him or her or make him identifiable.
· Sensitive personal data: personal data about racial or ethnic origin, religious belief, political opinion, membership of a union or organization of a religious, philosophical or political nature, data related to health or sex life, genetic or biometric data, when linked to a natural person.
· DPO: appointed person by the controller to act as a communication channel between the controller, the users and the National Data Protection Authority.
· LGPD: General Law for the Protection of Personal Data.
· Processing: are the operations carried out by the organization with personal data, including activities such as: collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or extraction.
· Data subject: is the natural person to whom the personal data subject to processing refers (customers, employees, service providers, etc.).
· Operator: natural or legal person, under public or private law, who processes personal data on behalf of the Controller (subcontracted suppliers).
3 RESPONSIBILITY FOR DATA PROCESSING
The Controller is the controller of the data subject's personal data. This responsibility may be performed by an individual or legal entity that, individually or jointly with other entities, has the prerogative to determine the purposes and procedures for processing such personal data, as established in Article 5, VI of the LGPD.
The operator is responsible for processing personal data on behalf of the controller, following the guidelines established by the latter in the data processing chain through a contract signed between both parties.
The data subject is the individual whose information is accessed through queries in public and publishable databases to provide services to our customers, such as, for example, ensuring the best performance in credit analysis.
The responsibility of TODAY DIGITAL LTDA (YOUDESERVE), in this context, is to ensure good information security practices in the processing of data, and in privacy matters, it guarantees the collection of data consent, storage encryption, strong password policy, monitoring and data disposal policy.
TODAY DIGITAL LTDA (YOUDESERVE) acts as a Data Controller: by collecting the personal data of users who access the organization's website, through browsing Cookies and through the capture and materials pages, blogs, website chat and the contact page to access exclusive materials, request commercial contact, receive updates via e-mail/newsletter and/or talk to one of our specialists, collecting Name and Email, Telephone, Company Name, Employee Number Company and Position to offer our services and make contact with the customer. In addition, the company acts as a Controller when hiring employees or service providers to comply with legal determinations.
TODAY DIGITAL LTDA (YOUDESERVE) acts as Data Operator: in the company's internal processing for the provision of services to contracting customers, these called Controllers.
TODAY DIGITAL LTDA (YOUDESERVE) is represented by Marco Aurélio Cevey, who can be contacted by e-mail: dpo@youdeserve.today / dpo@youdeserve.work.
4 Rights of the data subject
The Data Subject has the right to request information from the company on:
· Confirmation and access to data: the right to obtain confirmation as to whether or not personal data concerning him or her is being processed by the organization and, if this is the case, the right to access your personal data;
· Rectification of data: right to request correction or updating of personal data that is inaccurate or outdated concerning you;
· Deletion of data: right to have your personal data deleted from the website, observing the rights of the organization;
· Data anonymization: the right to have their data anonymized, that is, unlinked from any and all forms of connection with their Holder, making it impossible to identify them;
· Blocking of data: right to temporarily suspend the processing of your personal data by the organization;
· Limitation of data processing: the right to limit the processing of your personal data, when it is inaccurate or used unlawfully or without complying with the proposed purposes or for unnecessary purposes;
· Opposition: the right to object on grounds relating to your particular situation, to the processing of personal data concerning you, subject to the rights of the organisation.
· Data portability: the right to request the transfer of your personal data to another website that provides a service or product.
· Obtain information about data sharing: the right to obtain information about the public and private entities with which the controller has shared their data;
· Obtain information about consent: the right to obtain information about the possibility of not providing consent and its consequences;
· Right to obtain review of automated decisions: right not to be subject to any decision made solely on the basis of automated processing (if any).
· Right of revocation: right to request the revocation of your consent to the processing of your data by the controller.
If the company is the Data Controller, the Data Subject may exercise all its rights established in art. 18 of the LGPD, as mentioned above. If the company acts as the Data Operator, the Data Subject will only be able to exercise the following rights: confirmation, access and rectification of data, as well as obtain information about the sharing and consent.
To exercise their rights, the Data Subject must use the specific form available on our website, at the address https://www.youdeserve.today/contacts.html or send an email to privacide@youdeserve.today / privacy@youdeserve.today / privacidad@youdeserve.today. In this form, it is necessary to provide the following information: type of contact, full name, corporate email, telephone, company name, in addition to the message of the subject to be addressed.
If the company acts as a Data Processor, the Data Subject will have the option to exercise the other rights contained in art. 18 of the LGPD, by contacting directly the company contracting our services, which is called the Controller.
5 What PERSONAL Data Do We Collect?
5.1 Data provided in the contact forms on our website;
5.2 Data from our service providers;
5.3 Data of our customers and their representatives;
5.4 Browsing data on our website, such as URL, IP address, Browser Type, Language, pages visited and date and time of use;
5.5 Data provided by our clients and consultations in public and publishable databases;
Eventually, other types of data not expressly provided for in this Policy may be collected, as long as they are provided with the consent of the holder, or even that the collection is allowed or imposed by law.
6 Why do we process personal data?
6.1 Data informed in the contact forms on our website: used to provide the services requested on our website, such as sending quotes, answering questions, receiving suggestions and other information that users request from the organization.
6.2 Data from our service providers: used to comply with the obligations established in the service provision contract and compliance with legal and regulatory obligations of a tax nature.
6.3 Data of our customers and their representatives: data used to monitor the services provided to customers, as well as to comply with obligations provided for in the contract signed with the client and compliance with legal and regulatory obligations of tax origin.
6.4 Browsing data on our website: used to improve and personalize the user's experience during their navigation on our website.
6.5 Data provided by our customers and consultations in public and publishable databases: used for the provision of technology services in credit analysis and information performance.
7 WHAT LEGAL BASES DO WE USE?
7.1 Data provided in the contact forms on our website:
· Consent (Art. 7, I of the LGPD): users, by providing their data in our contact forms, express their consent and agreement with the terms set forth in this Privacy Policy.
· Legitimate Interest (Article 7, IX of the LGPD): to provide the services requested by users through our forms and support and promotion of the activities carried out by the organization, under the terms of Article 10, I and II of the LGPD.
The holder has the right to withdraw their consent at any time, provided that the processing of the data is based solely on their consent, without any other legal basis for the basis provided for in the LGPD.
The withdrawal of consent, when effective, does not compromise the lawfulness of the processing of your personal data before the withdrawal.
The withdrawal of consent can be done upon request of the holder through the form available on our website https://www.youdeserve.today/contacts.html or by sending an e-mail to privacide@youdeserve.today / privacy@youdeserve.today / privacidad@youdeserve.today.
7.2 Data of our service providers:
· Execution of contract (Art. 7, V of the LGPD): execution of the obligations provided for in the contractor's service agreement.
· Legal or regulatory obligation (Art. 7, II of the LGPD): compliance with tax laws applicable to the organization.
7.3 Data of our customers and their representatives:
· Execution of contract (Art. 7, V of the LGPD): execution of the obligations provided for in the contract signed with the customer.
· Legal or regulatory obligation (Art. 7, II of the LGPD): compliance with tax laws applicable to the organization.
7.4 Browsing data on our website:
· Consent (Art. 7, I of the LGPD): users, when using the services and content offered on our website, express their consent and agreement with the terms set forth in this Privacy Policy.
· Legitimate Interest (Article 7, IX of the LGPD): for improvements and customization of content for users' navigation on the website, under the terms of Article 10, II of the LGPD.
7.5 Data provided by our customers and consultations in public and publishable databases:
· Execution of contract (Art. 7, V of the LGPD): execution of the obligations provided for in the contract signed with the customer.
· Credit protection (Art. 7, item X of the LGPD): for the purposes of commercial relations and credit analysis provided for in the contract signed with the customer.
8 How long do we store data?
The personal data will be kept for a period not exceeding that required to fulfill the purposes set out in this document.
The data retention period is defined according to the following criteria:
· Time of use depending on the service chosen by the user on the website and/or the term of the contract established with the organization;
· The data will be kept by the organization after the end of the chosen service or contract in the following cases:
a) For the fulfillment of a legal or regulatory obligation by the controller;
(b) For the fulfillment of contract execution due to the term of the contract established with the contracting company.
(c) For study by a research body, ensuring, whenever possible, the anonymization of personal data;
(d) For the transfer to a third party, provided that the data processing requirements set forth in the legislation are respected;
(e) For the exclusive use of the controller, its access by third parties is prohibited, and provided that the data is anonymized.
9 Who do we share data with?
The Holder's personal data may be shared with companies that provide services/products called Data Operators, when necessary to carry out the processing of personal data and/or perform the obligations arising from the agreements signed with data subjects.
The organization may also share personal data with public and/or private entities, in cases where there is a legal or regulatory obligation or judicial or competent authority determination, which requires the provision of personal data.
10 International data transfer
Any data transfer carried out to a foreign country occurs in accordance with the dictates of the General Data Protection Law, observing the requirements set forth in Art. 33 of the aforementioned legislation, such as sharing data with companies that are in countries that provide an adequate degree of data protection with the LGPD, or when the company proves and offers guarantees of compliance with the principles, rights of the holder and data protection regime equivalent to the LGPD.
11 How we protect data
The organization adopts technical and organizational measures aimed at establishing the security of information and the protection of users' personal data, including, but not limited to: information security and privacy policy, information access control, data recovery, monitoring of security incidents, confidentiality with its employees, suppliers and service providers and other complementary measures.
Our website uses an SSL (Secure Socket Layer) certificate that guarantees that personal data is transmitted in a secure and confidential manner, so that the transmission of data between the server and the user, and in feedback, occurs in a fully encrypted or encrypted manner.
A personal data breach occurs when a security incident causes, accidentally or unlawfully, the destruction, loss, alteration, disclosure or unauthorized access to personal data transmitted, stored or subject to any other type of processing.
The organization will notify the Data Subject, within an appropriate timeframe, in the event of any type of security incident, which deals with the previous item, related to their personal data, which may cause relevant risk or damage to their individual rights and freedoms.
Situations in which the damages are the sole fault of a third party, such as hacker or cracker attacks or the sole fault of the Data Subject, such as in cases where they themselves transfer their data to third.
Finally, the organization undertakes to treat the user's personal data confidentially, within the legal limits.
12 Browsing data (cookies)
Cookies are small text files sent by the website to the user's computer and stored there, with information related to the navigation of the website.
Through cookies, small amounts of information are stored by the user's browser so that our server can read it later. For example, data about the device used by the user, as well as their location and time of access to the website, may be stored.
Cookies do not allow any file or information to be extracted from the user's hard drive, and it is not possible to access personal information that has not come from the user or the way he uses the site's resources.
The information collected through these cookies is used to improve and personalize the user experience, and some cookies can, for example, be used to remember the user's preferences and choices, as well as to offer personalized content.
It is important to note that not every cookie contains information that allows the identification of the user, and certain types of cookies may be used simply for the website to load correctly or for its functionalities to work as expected.
The user may oppose the registration of cookies by the website, simply by deactivating this option in their own browser or device.
Disabling cookies, however, may affect the availability of some tools and functionalities of the website, compromising its correct and expected functioning. Another possible consequence is the removal of user preferences that may have been saved, harming their experience.
Below are some links to the help and support pages of the most used browsers, which can be accessed by the user interested in obtaining more information about the management of cookies in their browser:
· Internet Explorer:
https://support.microsoft.com/pt-br/help/17442/windows-internet-explorer-delete-manage-cookies· Safari:
https://support.apple.com/pt-br/guide/safari/sfri11471/mac
· Google Chrome:
https://support.google.com/chrome/answer/95647?hl=pt-BR&hlrm=pt
· Mozilla Firefox:
https://support.mozilla.org/pt-BR/kb/ative-e-desative-os-cookies-que-os-sites-usam
· Opera:
https://www.opera.com/help/tutorials/security/privacy/
13 COMMUNICATION
CHANNEL Questions related to your personal data, provisions of this policy or compliance with the LGPD guidelines, should be directed to the form on our website https://www.youdeserve.today/contacts.html, or send an email to privacide@youdeserve.today / privacy@youdeserve.today / privacidad@youdeserve.today.
14 Das Changes
This version of this Privacy Policy was last updated on: 29/01/2025.
The organization reserves the right to modify, at any time and without any prior notice, the terms of this policy, especially to adapt them to the evolution of our website, either by making new features available, or by suppressing or modifying existing ones.
Therefore, the Data Subject is invited to periodically consult this page to check for updates.
By using the service after any modifications, the Data Subject demonstrates his agreement with the new rules. If you disagree with any of the modifications, you must immediately interrupt access to the website and submit your reservation to the service with our Data Officer through the channels disclosed in this Policy, if you wish.
