1. Our commitment
For RCG, the privacy and protection of the personal data of its clients and other data subjects is fundamental. RCG is therefore determined to comply with the applicable Brazilian legislation on the protection of personal data, respecting the fundamental principles and rights of data subjects.
This Privacy Policy complements other contractual provisions and information that may be provided by RCG to its clients, as well as other policies and regulations created for data protection.
RCG advises you to read this Policy and other documents that may be transmitted or communicated to you and that deal with the privacy and protection of your personal data, updates of which will be made available on the website.
2. RCG’s position on personal data
Responsibility for the processing of personal data will lie with RCG, which will provide the services, and in this context will decide which data are relevant, their means of processing and their purposes, as will be seen in section 4 of this document.
3. Main definitions
– Personal data – information relating to an identified or identifiable natural person;
Personal data about racial or ethnic origin, religious conviction, political opinion, union affiliation or organization of a religious, philosophical or political nature, data referring to health or sex life, genetic or biometric data, when linked to a natural person.
– Personal and sensitive data subjects – the natural person to whom the personal data being processed refers;
– Processing of personal data – any operation carried out with personal data, such as those relating to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation or control of information, modification, communication, transfer, dissemination or extraction.
4. Main categories of personal data processed by RCG
a) Customer or potential customer identification data;
b) Employee data for the execution of activities;
c) Data on people involved in carrying out the activities;
d) Identification data and records in systems;
e) Data from claims records;
f) Identification data for training and events;
g) Billing and payment data;
h) Contract data;
i) Data in marketing materials.
The processing of children’s and adolescents’ personal data must be carried out in their best interests, under the terms of this article and the relevant legislation.
5. Processing of personal data
Personal data will be processed in the following situations:
a) Prospecting;
b) Service quotation;
c) Service proposal;
d) Planning activities;
e) Performance of services;
f) Information transactions with other companies;
6. Reasons for processing personal data
To comply with Brazilian legislation on general data protection law, including, but not limited to, legislation to prevent and combat money laundering, terrorist financing, regulations of regulatory and supervisory bodies and compliance with public authorities.
7. Transmission of personal data and possible recipients of personal data
7.1 RCG may communicate or give access to personal data to other recipients in order to carry out the proposed services, such as:
a) Public authorities, by subpoena / judicial notice;
b) Contracted data center management services;
c) Insurance companies, health operators and reinsurers with whom service, health care or reinsurance contracts have been signed;
7.2 RCG will only communicate personal data that is indispensable for the provision of the contracted services or the fulfillment of legal obligations to which it is subject.
7.3 In some cases, RCG may have to proceed with the international transfer of personal data, only in the cases permitted by the general data protection law (Law No. 13,709 of August 14, 2018).
8. Period for processing personal data
- RCG will process the client’s personal data for the duration of the service provision and for compliance with specific and applicable legislation.
- Personal data will be kept for the following periods:
| Finality | Data type |
| Registration and Proof of Commercial Transactions and Pre-contractual Information | Data identifying the service provider and third parties involved in the provision of services. |
| Monitoring the management and execution of the contract | Identification data of the service provider. |
| Commercial prospecting | Data identifying the holder; data identifying the object of the service provision |
| Marketing and communication | Data identifying the owner, collaborators, records in systems; data identifying the object of the service provision. |
| Claims management and monitoring of legal proceedings | Identification data of the client or potential client; Data of employees for the execution of activities; Data of people related to the execution of activities; Identification data and records in systems; Data of claims records; Identification data in training and events; Collection and payment data; Contract data; Data in marketing promotional materials. (see table 1) . |
| Improved quality of service | Subscriber identification data; call recording data. |
| Compliance with Legal Obligations | Borrower identification data, collection data. |
| Conservation period |
| To ensure compliance with all applicable legislation, the retention period will be: Civil Code – 10 years after termination of the contractual relationship. Tax Law – 2 years from the termination of the contract. Labor – last 5 years of the employment relationship. Property Insurance – 10 years from the end of the contract term; Personal Insurance – 20 years from the end of the contract term. |
| Data Category | Client Group | ||||
| Industry | Shipper Carrier | Broker | Insurance | Others | |
| a) Customer or potential customer identification data; | x | x | x | x | x |
| b) Details of employees to carry out the activities; | x | x | x | x | x |
| c) Data on the people involved in carrying out the activities; | x | x | x | x | x |
| d) Identification data and records in systems; | x | x | x | ||
| e) Data from claims records; | x | x | x | x | x |
| f) Identification data for training and events; | x | x | x | x | |
| g) Billing and payment data; | x | x | x | x | x |
| h) Contract data; | x | x | x | x | x |
| i) Data in marketing materials | x | ||||
Table 1
9. End of personal data processing period
- The processing of personal data will be terminated in accordance with the provisions of data protection law:
- a) Verification that the purpose has been achieved or that the data is no longer necessary or relevant to achieving the specific purpose sought;
- b) End of treatment period;
- c) Communication from the owner, including exercising their right to revoke consent as provided for in §5 of art. 8 of the aforementioned Law, safeguarding the public interest; or
- d) determination by the national authority, when there is a violation of the provisions of this Law.
- Personal data will be deleted after the end of its processing, within the scope and technical limits of the activities, and the retention of your personal data is authorized for the following purposes provided for by law:
- a) compliance with a legal or regulatory obligation by the controlling shareholder;
- b) study by a research organization, guaranteeing, whenever possible, the anonymization of personal data;
- c) transfer to a third party, provided that the data processing requirements set out in this Law are complied with; or
- for the exclusive use of the controller, with no access by third parties, and provided that the data is anonymized.
10. Automated individual decisions
RCG does not adopt automated individual decisions, i.e. decisions taken exclusively on the basis of the automated processing of customers’ personal data, which produce effects in their legal sphere or significantly affect them in a similar way. In the event that RCG adopts such decisions, the client will be informed of the importance and possible consequences of the processing for the holder of the personal data.
11. Rights of personal data subjects
- The holder of the personal data has the right to obtain from RCG, in relation to the data of the holder processed by it, at any time:
- a) confirmation of the existence of treatment;
- access to data;
- c) correction of incomplete, inaccurate or outdated data;
- d) anonymization, blocking or deletion of data that is unnecessary, excessive or processed in breach of the provisions of this Law;
- e) portability of data to another service or product provider, upon express request and with due regard for commercial and industrial secrets, in accordance with the regulations of the controlling body;
- f) deletion of personal data processed with the consent of the data subject, except in the cases provided for in Article 16 of this Law;
- g) information on public and private entities with which the controller has shared data;
- information about the possibility of not giving consent and the consequences of refusing;
- revocation of consent, under the terms of § 5 of art. 8 of this General Data Protection Law.
- Means of requests from the holder of personal data
The holders of personal data may exercise their rights through the following channels made available by RCG:
– E-mail: You can exercise your rights by e-mail to lgpd@rcgherco.com.
– Letter: You can exercise your rights by writing to RCG Herco Consultoria de Riscos Ltda. and send it to Av Dr. Ruth Cardoso, 8501 – 29º andar – Pinheiros, São Paulo – SP, CEP 05425-070 – A/C. LGPD Group.
The forms provided for by law are not excluded.
12. Indirect receipt of personal data
RCG may receive personal data through third parties or an intermediary company, for the purpose of providing the services described in item 5 of this policy, at which time the same treatment will be given to the information as if it were the owner, thus applying all the items provided for in this privacy policy.
13. Protecting the security of personal data
(security measures, techniques and organizations)
In order to guarantee the protection of the security of the personal data made available to it, the RCG has adopted various technical and organizational security measures to protect personal data against destruction, loss, alteration, disclosure or unauthorized access to personal data and against any other form of unlawful processing.
14. Liability for services and websites
We advise you to consult the rules on the use of cookies on the RCG websites and Cookies Policy.
RCG websites may contain links to other third-party websites, products or services. RCG has no liability to such third parties, nor are they covered by this Privacy Policy.
15. Update on the protection of personal data and how it is processed by RCG
The information contained in this document may undergo changes or adaptations, for due compliance with the law. Therefore, we advise you to always consult the latest version of this document to keep up to date with your rights and the treatment given to the information provided to RCG.