Privacy Policy

We are IDEATORE COMUNICAÇÃO E PROPAGANDA LTDA., registered in the Corporate Taxpayer’s ID No. 06.995.599/0001-27, headquartered in Avenida Dr. Celso Charuri, 6391, 2º andar, Ribeirão Preto, São Paulo, Brazil (“Ideatore”), a communication agency that serves several companies and brands providing marketing services to national and international clients. 

Personal data is very important for our activities, but it is even more important for us to keep it secure and process it properly and lawfully. Therefore, we have a serious commitment to privacy and protection of personal data, in compliance with Law No. 13,709/2018 (LGPD) and other legal provisions that may be applicable. 

 This Privacy Policy (“Policy”) is intended to provide transparent information about Ideatore’s processing of personal data, so let’s start with some important definitions:  

  • Personal data: is all information related to an identified or identifiable natural person 
  • Data subject: any natural person 
  • Personal data processing: every operation performed on personal data, such as collection, storage, use, and sharing, among others. 

 

1) WHO TAKES CARE OF PRIVACY AND PERSONAL DATA PROTECTION AT IDEATORE? 

All of us! Personal data protection has been incorporated into our processes and all staff has responsibilities. In addition, we have a Data Protection Officer (DPO), who is Rodrigo Benetti, responsible for our privacy management and personal data protection, and who can be contacted by e-mail at rodrigo@ideatore.com.br or by phone at +55 (16) 3877-6480.  

 

2) WHAT PERSONAL DATA DOES IDEATORE PROCESS? 

Given our activity profile (communication and marketing), we collect and process personal data both in the scope of our internal and administrative activities (like any other company) and when providing services to our clients. Therefore, Ideatore may act in some instances, such as a processing agent qualified as a data controller (in the relationship with our employees, suppliers, and clients, for example) or as a data processor, for the benefit and under the instructions of a controller (especially in our communication and marketing activities carried out on behalf of our clients). 

When performing our internal and management activities, we process personal data of our employees and staff, our clients (individuals or representatives, agents, members of a legal entity), our suppliers and service providers (individuals, or representatives, agents, members of a legal entity) or other third parties that have a relationship with us. This data may include personal data (such as name, ID Card, Individual’s Taxpayer ID, address), bank data, telephone, commercial or personal e-mail, address, date of birth, position/function, health information (of our employees), social network identifiers, among others. 

Through our website, we may also collect and process personal data from users, such as data related to browsing (data collected through cookies or other technologies, including IP, date and time of access, geographic location and pages visited, data about the access device). 

On our website, we may also collect data that is filled out by users on the forms we provide.   

  • Through the “Contact” form, we collect data such as name, company, function, telephone number, e-mail, and message, necessary to make it possible to attend the interested party that contacted us. 
  • On the other hand, the “Vem pro time” [Come to the team] form, collects personal data relevant to the beginning of our hiring process, such as name, e-mail, telephone, city, professional social network profile, link to portfolio, professional experience, and other information that may be contained in the curriculums submitted. 
  • In the “Request form for the exercise of personal data subject’s rights”, we collect the information necessary to validate the identity of the data subject, so that we can securely fulfill any requests for rights made to us. We shall not use this information for any purpose other than to record the request and fulfill it. 

 Personal data processed by Ideatore shall always have a justification and necessity for processing, and may be used for the following purposes:  

  •  To provide our communication and marketing services for the benefit of our clients and under their guidance; 
  • To develop our internal activities of administrative and organizational nature, in several areas (accounting, financial, tax, and human resources, among others); 
  • To hire partners, suppliers, and service providers for the benefit of our activities; 
  • To comply with legal, regulatory and contractual obligations related to our activities; 
  • To regularly exercise our rights in legal, administrative, or arbitration proceedings; 
  • To manage the hirings for our team; 
  • For marketing of Ideatore itself, with the direction of content and advertising to promote and foster our activities; 
  • To contact the users of our website to answer their questions and send them communications about their requests; 
  • To understand the navigation behavior on our website, seeking to improve our users’ experience (analytics). 

In addition, to provide our communication and marketing services, we shall also process personal data, but in this case, Ideatore shall act as the processor for legal purposes. This data may include data from leads (potential prospects interested in our clients' products and services), from clients of our clients, from employees, members or agents of our clients, and from third parties or other professionals who have a direct relationship with our clients. Personal data processed in these cases may be shared with us directly by our clients or collected by Ideatore itself, always on behalf of and for the benefit of our clients, covering data that may vary, depending on the campaign’s objectives. In such cases, considering our role as data processors, we shall strictly comply with our clients’ instructions regarding the use of personal data and our contractual obligations.  

 

3) WITH WHOM DOES IDEATORE SHARE PERSONAL DATA? 

In order to provide our services, we rely on the support of other companies to assist in our operations, and we may be required to share personal data that are necessary to perform certain activities in the following cases:  

  • Partners and service providers related to our communication and marketing activities provided for the benefit of our clients, such as printers, gift suppliers and others, cloud software and platforms, CRM management platforms, and email blast platforms, among other specific services, always for the benefit and under the guidance of our clients and sharing data that are strictly necessary to provide the service. 
  • Service providers, computerized data storage system suppliers, software and cloud platform suppliers, advisors, accountants, financial institutions, lawyers and other third parties, CRM management platforms, and email blast platforms, among other specific services, as long as they are related to the services we provide and to the viability and promotion of our business. 
  • Governmental authorities: if we are subject to a legal or regulatory obligation that requires us to provide personal data to an authority, we are required to do so. In addition, if a judge or an authority with legal jurisdiction requires Ideatore to share certain personal data in order, for example, to conduct an investigation or in connection with a lawsuit, we shall also be required to share. 

We shall not share personal data with persons with whom we do not have a relationship, or where there is no specific need or purpose for the sharing, or where such third parties are not able to provide us with assurances that the personal data will be protected and secure.  

We also guarantee that we shall not, under any circumstances, sell personal data to third parties, or even use databases shared by our clients outside the contracted terms and their guidelines. 

 

4) (SIC) WHEN DOES IDEATORE TRANSFER DATA TO OTHER COUNTRIES?  

When acting as data controller, Ideatore may transfer data to other countries for cloud storage, for example, on servers located abroad, always with a degree of data protection adequate to that provided by law. In the case of our client relationships, data transfers may occur, but then only under the data controller’s guidelines and instructions. 

5) WHAT ARE THE RIGHTS OF THE PERSONAL DATA SUBJECT? 

Ideatore, in its role as controller of personal data, ensures and guarantees to the personal data subjects the rights provided by article 18 of the LGPD. Thus, the data subject can, free of charge and at any time, exercise the following rights:   

  • Right to confirm the existence of data processing and to access it: permission for the data subject to check whether we have processed his or her personal data and, if so, to request a copy of the personal data we have in our records. 
  • Right to rectification: possibility to request the rectification of the personal data we keep, in case the data subject identifies it as incorrect, inaccurate, or outdated.  
  • Right to request anonymization, blocking, or erasure of data: should the data subject observe that the processing of his/her data was made using unnecessary or excessive data, or processed in violation of the law, he/she may request anonymization (so that they can no longer be related to the data subject), blocking (temporarily suspending our permission to process the data) or erasure (deletion of the information subject of the request, unless there is a legal backing for us to keep it). 
  • Right to data portability: request to forward the personal data we process to another provider of products or services at the request of the data subject. 
  • Right to erasure of the data processed based on consent: possibility to request the erasure of personal data held in our database, when the processing of such data is based on the data subject’s consent. Unless we are legally entitled to keep it, all data shall be deleted, and we shall inform you accordingly.  
  • Right to information about the shared use: information about the entities with which the subject’s data has been shared. 
  • Right not to provide consent: consent, when necessary, must be free and informed. Therefore, whenever we ask for your consent, the data subject shall be free to deny it – even though, in such cases, we may limit our services, and we shall inform you about the consequences of such denial. 
  • Right to revoke consent: the data subject has the right to revoke consent about processing activities that are based on it. However, in this case, the legality of any previously performed treatment shall not be affected. If the data subject withdraws his/her consent, we may not be able to provide certain services or perform certain activities, but we shall let them know when this occurs.  
  • Right to object: in some cases, the law authorizes the processing of personal data even without the data subject consent. But in the event of non-compliance with applicable law, the data subject may object to such processing. 

If you have any request regarding the exercise of your rights as a personal data subject, we have provided you with our own form, which facilitates your request and helps us to assist you (access it here). We may request a confirmation of your identity (by sending a copy of a personal document, among other measures) to make sure you are the personal data subject on whom you seek the exercise of such rights. If the data subject’s request to exercise rights refers directly to one of our clients, we shall forward the request to the controller. 

 

6) HOW AND FOR HOW LONG SHALL IDEATORE STORE THE DATA? 

Ideatore shall use and store the personal data it processes for as long as necessary to provide the service or for the purposes listed in this Policy, taking into account the rights of the data subjects and obligations of the processing agents.   

In general, personal data shall be kept for the period necessary to fulfill the purpose for which it was collected, unless a longer retention period is required or permitted by the law of any nature (fiscal, regulatory, consumer, civil, labor, or other), or for any legal purposes and inserted in the legitimate interest of Ideatore, as long as it has a legal basis justifying the personal data processing. When the personal data no longer need to be processed, Ideatore shall either erasure it from its records or anonymize it (making it impossible to identify the natural person to whom it was linked). 

The personal data shall be erased after the processing and fulfillment of its purposes, within the scope and technical limits of the activities, being authorized its conservation by Ideatore for the following purposes: fulfillment of legal or regulatory obligation by the controller, transfer to a third party, provided that the requirements of data processing set forth in the LGPD are met, or for the exclusive use of the controller, with no access by a third party, and provided that it is anonymized.  

 

7) WHAT DOES IDEATORE DO TO KEEP PERSONAL DATA SECURE? 

Ideatore cares about meeting data protection standards and ensuring information security. For this reason, we have structured an internal compliance program (the “IdCompliance”), a team composed of the DPO and members of our team who work towards compliance with the rules of protection of personal data and security, assisting in the review and search for continuous improvement of our practices and processes. 

We take technical and administrative measures and solutions to ensure the protection of all personal data we process in our activities. To keep data secure, we use physical, electronic, and managerial tools, considering the nature of the personal data, the context and purpose of the processing, and the risks that possible breaches would create to the rights and freedoms of the owner of the collected and processed data.   

Despite our continuous effort toward data security, in case of security incidents that may cause relevant risk or damage to the data subjects, we shall make the necessary communications and adopt all necessary measures to revert or mitigate the harmful effects of an eventual incident.  

 

8) COOKIES AND BROWSING DATA 

The Ideatore website uses cookies, which are text files sent by the platform to your computer and stored on it, containing information related to your browsing on the website. Cookies are used for certain features of our website, and to enhance the user experience, perform traffic analysis, and target content and marketing.  

To change your cookies preferences, we have provided you with a panel on our home page. Simply access it and manage the cookies you wish to allow or block.  

  

9) OUR RESPONSIBILITIES 

Ideatore’s responsibilities include processing personal data in compliance with all rules, principles, and precepts of the applicable laws, ensuring proper and secure processing of personal data. However, if Ideatore, by exercising its personal data processing activities, causes any damage to property, morals, individual or collective, in violation of the law, it has the obligation to repair the data subject under the law and may be subject to sanctions by the competent governmental bodies. 

10) CHANGES TO THIS POLICY 

The current version of this Policy was last formulated and updated on July 8, 2022

We may modify and update this Policy at any time, particularly to conform it to changes on our website or under the law. We recommend that you review it frequently. Any changes shall be effective as soon as they are published on our website and may also be sent to you through the communication channels that you have provided to us.