The Remote Privacy Policy

Last updated: July 7th, 2021

Overview

This Privacy Policy ("Policy") describes how Remote Technology, Inc. ("Remote Technology, Inc.", "we," "us," or "our") collects, protects, and uses the Personal Data you ("User", "you," or "your") may provide on the remote.com website and within any of its products or services (collectively, "Website" or "Services").

We commit ourselves to the highest standard for data protection and privacy. Due to our global footprint, we are subject to several data protection regulations and as a guiding principle, we apply the strictest regulation to protect your data and privacy globally. This results in a broad set of rights and choices made available to you.

The terms "Personal Data", "Data Processing", "Data Subject", "Data Controller and "Data Processor" have the same meaning as under Regulation (EU) 2016/679 - the General Data Protection Regulation ("GDPR").

This Privacy Policy applies to the following Data Subjects: Users of the Website, including Customers, Partners, Contractors and Employees and also all visitors of remote.com with whom Remote does not have a contractual relationship.

When and how we collect data

Remote may collect your Personal Data through our communication and your usage of our products and services. Personal Data can be directly provided by you or indirectly collected by us (i.e. from your interactions, use, and experiences with our products).

upload Data you give download Data we collect clock When
No Yes You browse pages of our website
No Yes You receive an email from us
Yes No You request information from us
Yes Yes You create an account in our platform
Yes Yes You select someone to be hired on your behalf
Yes Yes You engage in a meeting with our team
Yes Yes You participate in our promoted events
No Yes You allow our partners to share your data
Yes No You subscribe to our blog
Yes No You opt-in for marketing messages
Yes No You participate in our promoted programs or giveaways

Types of data we collect

We collect information to provide better services to you.

  • phone Contact Information that facilitates communication.
    E.g. Email and physical address, telephone number.
  • location Location Information about an individual's location.
    E.g. Country, IP address.
  • users Identifying Information that can identify a specific individual.
    E.g. Depending on the Data Subject - Name, government-issued ID, profile picture, birthdate.
  • dollar Financial/Account Information that identifies an individual's financial account or about an individual's remuneration.
    E.g. Bank accounts, salary, benefits.
  • case Professional Information about educational or professional career.
    E.g. Role.
  • user plus Emergency contact Information about emergency contact.
    E.g. Name, surname and contact details of emergency contact.
  • user plus Social Information about social status.
    E.g. Marital status and number of dependants.
  • email Communication Information communicated to or from an individual.
    E.g. Email conversations and the Personal Data that you might freely share with us in the communications.
  • case Special category data Sensitive Data.
    Biometric data in the form of face scans for our identity verification process (KYB and KYE)
    Health data - e.g. disability, pregnancy, absence due to sickness, etc.

How we use your data

What we do Legal basis for processing Data Subjects
Identity verification by means of face screening (processing of biometric sensitive data) Processing is necessary for reasons of substantial public interest (Art. 9(2)(g) GDPR) Employees
Administration, performance and termination of the employment agreement (i.e. paying out salaries and providing benefits) Performance of a contract (Art. 6(1)(b) GDPR) Employees
Legally required purposes (i.e. managing time off and sick days, pension and retirement administration, tax reporting, establishing and exercising legal claims in connection with the employment relationship) Compliance with a legal obligation (Art. 6(1)(c) GDPR) Employees
Administration, performance and termination of the contractual relationship between Remote and the Client Performance of a contract (Art. 6(1)(b) GDPR) Customers, Contractors
Conduct integrity screenings Performance of a contract (Art. 6(1)(b) GDPR) Contractors
Assistance with the drafting, negotiating, and execution of the contract between the contractor and the Client Performance of a contract (Art. 6(1)(b) GDPR) Customers, Contractors
KYB checks Compliance with a legal obligation (Art. 6(1)(c) GDPR) Customers, Customer’s UBO(s) and directors
Create user accounts Performance of a contract (Art. 6(1)(b) GDPR) Customers, Contractors, Employees
Hire employees Performance of a contract (Art. 6(1)(b) GDPR) Customers, Employees
Payment and management of contractor invoices on behalf of the Customer Performance of a contract (Art. 6(1)(b) GDPR) Customers, Contractors
Recording of conference video calls Consent (Art. 6(1)(a) GDPR) Customers
Identify you and help you solve issues related to the usage of our services Performance of a contract (Art. 6(1)(b) GDPR) Customers, Contractors, Employees
Notify you of any changes to our services Performance of a contract (Art. 6(1)(b) GDPR) Customers, Partners
Contact you to improve our services and customer experience Legitimate interest (Art. 6(1)(f) GDPR) Customers, Contractors, Employees, Partners
Direct Marketing Consent (Art. 6(1)(a) GDPR) Data Subjects who gave their explicit consent
Share your business information with our partners when you attend a promoted event Consent (Art. 6(1)(a) GDPR) Customers, Employees
Send you marketing material about our company (newsletters, blogposts, webinars, prizes, etc.) Legitimate interest (Art. 6(1)(f) GDPR) Customers, Partners
Reporting marketing campaign activities (i.e. understanding how many leads our marketing campaigns were able to convert) Legitimate interest (Art. 6(1)(f) GDPR) Customers

What is "legal basis"?

Under the GDPR, we need to have a legal basis to lawfully process your Personal Data. For the described Data Processing, we rely on the following legal grounds:

  • Performance of a contract: The Data Processing is necessary for the performance of a contract in which the Data Subject is a party or to take steps at the request of the Data Subject before entering into a contract.
  • Legitimate interests: We process your data following our own, our business partners', or your legitimate interests. For example, this occurs when we show you ads for jobs, present your profile to recruiting partners, or when we believe you would benefit from our services, products, or content.
  • Consent: We will only process your Personal Data for the specific purposes you allowed us to. You can withdraw your consent whenever you wish.

Privacy choices

Although restricting access to certain data might affect your experience, you can always make changes, such as:

  • Disable cookies: You can block cookies in your web browser (check your browser's Help page).
  • Don't provide Personal Data: You can still navigate the Website and access all our features that don't require your personal information.
  • You can withdraw your consent for marketing communications: We will contact you directly if we receive your explicit consent to send marketing communication, but if you don't wish to hear from us again, please click the unsubscribe button on the communication or send us an email to [email protected] to let us know.

Data Subjects rights

You may exercise any rights related to the Personal Data we collect by sending an email to [email protected]. We will then verify your identity and respond to your inquiry without undue delay within 15 days of receipt of the request.

That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We will inform you of any such extension within 15 days of receipt of the request, together with the reasons for the delay.

We note that where requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either:
(a)charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or
(b) refuse to act on the request.

In such cases Remote shall bear the burden of demonstrating the manifestly unfounded or excessive character of the request.

Find below a summary list of your rights and how you can exercise them:

Access

You can access the Personal Data we hold about you directly on your user profile. If you need additional information regarding:

  • the data categories we process
  • the purposes of the Data Processing
  • retention period
  • to whom we disclose personal information
  • any other information about your data please send us an email

Email subject: Personal Data inquiry.

Additional information: Please let us know what kind of data you would like to access.

Rectification

You can update most of the Personal Data we hold about you directly on your user's profile. Please keep in mind that some Personal Data, such as financial data, may be restricted from modification on the platform to avoid processing errors. If you need to modify a restricted field, please contact us by email.

Email subject: Data rectification.

Additional information: Please let us know:

  • the fields to update
  • the old data values to be replaced
  • the new data values
  • evidence of the new data values as applicable

Data Portability

You have the right to receive, upon request, your Personal Data that you have provided to us for purposes of Data Processing in a portable and machine-readable format. We can export and send a Json file containing all Personal Data we have collected.

Email subject: Data export.

Additional information: If you would like us to send your information, please let us know by email.

Object processing

In the event that the processing of your Personal Data by us is alleged to be carried out in the public interest or for the purpose of the legitimate interest pursued by us, you have the right to object to it by asserting specific reasons relating to your particular situation.

If you object, we will not further process your Personal Data unless we can demonstrate that our continued processing of your Personal Data is premised on compelling legitimate grounds which override your interests, rights and freedoms affected by our continued processing of your Personal Data, or because your Personal Data serves to assert, exercise or defend legal claims. Any such objection does not affect the lawfulness of the processing activities carried out prior to your objection being communicated to us.

To exercise your right, please send us an email.

If your objection is related to receiving marketing communications or our newsletter, please hit the unsubscribe link on the communication you no longer wish to receive.

Email subject: Object to Data Processing.

Additional information: If the data has no other purpose except within the process to which you rightfully object, we will delete that data.

Restrict processing

You can restrict your data from being processed if:

  • we processed or will process inaccurate Personal Data
  • we processed your Personal Data unlawfully
  • we don't need to process your Personal Data, but we need to keep it to allow you to establish, exercise, or defend a legal claim
  • you exercised your right to object processing, but we are still validating your request

Email subject: Restrict Data Processing.

Additional information: Let us know why you want us to restrict your Data Processing.

Erasure

Under the following circumstances you may request that we erase (delete) your Personal Data without undue delay:

  • in case your Personal Data is no longer needed for the purposes for which it was collected;
  • if you have withdrawn your consent and there is no other legal basis for the processing of your Personal Data;
  • if you have filed an objection to our processing of certain of your Personal Data and there are no overriding legitimate reasons for continued processing such Personal Data;
  • if your Personal Data is being processed unlawfully;
  • if your Personal Data must be deleted in order to fulfil a legal obligation.

Please note that the Right to Erasure does not apply when the processing of your Personal Data is necessary for the compliance with a legal obligation Remote is subject to, or for the establishment, exercise or defence of legal claims.

Email subject: Data deletion.

Additional information: Send us an email that states the reason for your deletion request. We will reply to you to confirm we have deleted your account or to let you know why we are unable to fulfill the request.

Lodge a complaint

If you believe that we are not processing your data in a lawful way under the GDPR or if you are not satisfied with any response we provide, you may lodge a complaint with a relevant data protection authority.

Email subject: Data privacy.

Additional information: Please let us know your complaint and we will look into it. You always have the right to complain at your local Data Protection Authority, if you are not satisfied with our handling of your complaint.
Under certain conditions, you may be able to invoke binding arbitration for complaints regarding Privacy Shield compliance. Please check here https://www.privacyshield.gov/article?id=G-Arbitration-Procedures.

How we keep your data secure

Compliance

We are compliant with the EU's General Data Protection Regulation. Data protection is ensured by encryption and security measures throughout the lifecycle of your data.

Infrastructure security

  • Data encryption in transit
  • Data encryption at rest
  • Architecture network isolation through private networks
  • Fully auditable access and changes
  • AWS is our trusted cloud provider and is compliant with the following industry standards:
    • SOC I/II/III
    • ISO 27001/27017/27018
    • PCI-DSS
  • All systems are protected by a firewall with security threat detection and prevention mechanisms.

Internal best practices

  • We follow the least privilege principle to limit systems' access to essential personnel only.
  • All internal tools and systems require SSO.
  • We practice continuous credentials auditing and management.
  • We conduct internal security and privacy training.

Reliability

  • Infrastructure-as-code allows for quick rebuilding and portability.
  • Our average response times are under 150ms.
  • We practice continuous monitoring of applications and infrastructure.
  • Applicational logs are shipped off site and kept for 30 days.
  • We create daily data backups.

Data Privacy

  • Users have full control of their data.
  • We do not keep any data other than data strictly necessary for business operations.

Personal Data Disclosure

We respect your rights as a Data Subject and only share your Personal Data with third parties if we are legally obliged to do so or where we need to comply with our contractual obligations, for example we may need to share certain information to external service providers. Any third party with whom we share Personal Data is subject to an extensive security and privacy assessment review to ensure they can provide adequate technical and organizational security measures. You can find a detailed list of our processors on this link https://employ.remote.com/dashboard/processors.

Remote Technology, Inc. shall remain liable for any unlawful processing from our processors unless we are able to prove that we are not responsible for the unlawful processing.

When providing our services, we may also share your Personal Data with other Data Controllers, such as financial institutions, lawyers or notaries, licensed auditors assisting or supervising us in connection with our compliance obligations, HR and payroll providers, identity verification service providers and others.

We might also need to disclose your Personal Data to comply with applicable law, enforce contractual rights, and respond to requests from courts, law enforcement, or regulatory agencies and government authorities as long as the request is deemed lawful.

International data transfers

Remote operates at a global level and therefore Personal Data may need to be transferred to countries outside of where it was originally collected.

When we transfer your Personal Data to a third country, we will ensure that this transfer complies with applicable laws and legislation. We share Personal Data with countries located outside the EU and the EEA, on the basis of EU Standard Contractual Clauses. For the transfer of special categories of Personal Data we ensure compliance with any other relevant requirements under local laws enacted pursuant to the GDPR.

Data retention

In accordance with applicable data protection laws, we do not store your Personal Data for longer than needed for the purposes of the respective processing activity. The relevant retention periods depend on the national legislation of the country you are based in.

If the Personal Data is no longer required for the performance or enforcement of contractual or legal obligations, we will delete it regularly, unless its further temporary storage is still necessary to:

  • fulfil Remote's obligations pursuant to the agreement between Remote and the Client;
  • fulfil Remote's obligations pursuant to the employment agreement or other agreements with you, including payment of holiday allowance;
  • establish, exercise, and defend a legal claim;
  • fulfil statutory obligations to which Remote is subject, such as continued storage pursuant to accounting legislation.

For more detailed information about the retention periods of the Personal Data that Remote processes you can request a copy of our Retention Policy at: [email protected].

Cookies

The Website uses "cookies" to help personalize your online experience. A cookie is a text file that is placed on your hard disk by a web page server. For detailed information about cookies and which types of cookies we use, please read our cookie policy.

  • Cookies cannot be used to run programs or deliver viruses to your computer.
  • Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you.
  • We may use cookies to collect, store, and track information for statistical purposes to operate our Website and Services. You can accept or decline cookies.
  • Most web browsers automatically accept cookies, but you can modify your browser settings to disable cookies if you prefer (check your browser's Help page).
  • If you choose to decline cookies, you may not be able to experience all the features of the Website and Services.

To learn more about cookies and how to manage them, visit internetcookies.org.

Privacy Shield Frameworks

While Privacy Shield is no longer a valid mechanism for data transfers from the EU, it is still a valid commitment toward certain data privacy requirements for companies that participate in it. Remote Technology Inc. participates in the Privacy Shield and has committed to comply with its principles. Organizations’ continued participation in the EU-U.S. Privacy Shield demonstrates a serious commitment to protect personal information in accordance with a set of privacy principles that offer meaningful privacy protections and recourse for individuals.

Remote has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program and to view our certification, please visit https://www.privacyshield.gov/.

Remote Technology, Inc. commits to cooperate with the panel established by the EU data protection authorities (DPAs), the Swiss Federal Data Protection, or the Information Commissioner. EU, Swiss, and UK individuals can contact EU DPA, the Swiss Federal Data Protection, or the Information Commissioner as applicable. Please find the contact details of the EU DPAs.

The Federal Trade Commission has jurisdiction over Remote Technology, Inc.’s compliance with the Privacy Principles. Failing to follow the Privacy Shield principles could result in U.S. FTC enforcement measures for Remote.

Privacy of minors

We do not knowingly collect any Personal Data from persons under the age of 18. If you are under the age of 18, please do not submit any Personal Data through our Website or Service.

If you have reason to believe that a person under the age of 18 has provided Personal Information to us through our Website or Service, please contact us at [email protected].

Changes and amendments

We reserve the right to modify this Policy relating to the Website or Services at any time, effective upon posting of an updated version of this Policy on the Website. You can find the date of our last update at the top of the document.

Acceptance of this policy

You acknowledge that you have read this Policy and agree to all its terms and conditions.
By using the Website or its Services, you agree to be bound by this Policy.
If you do not agree to abide by the terms of this Policy, you are not authorized to use or access the Website and its Services.

Region-specific provisions

Depending on your region we may have to offer some additional information. Please find below any additional provisions applicable to you:

If under the light of CCPA you are a Consumer (an individual "who is in the State for other than a temporary or transitory purpose” or an individual “who is domiciled in the State who is outside the State for a temporary or transitory purpose.”), we need to provide you additional information about how we process your personal information and how we protect your rights.

Categories of Personal Data

You can find the types of personal information we collect about you in the section "Types of Personal Data" we collect of our privacy policy, but since California regulations have specific terms, please find below the correct applicable terms:

  • Identifiers (e.g. unique personal identifiers)
  • Any categories of personal information described in subdivision (e) of Section 1798.80. (e.g name, address, telephone number, passport number, employment history, bank account number, etc.)
  • Characteristics of protected classifications under California or federal law (e.g. gender, marital status)
  • Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding the interaction with the website, applications, or advertisements (e.g. email conversations).
  • Geolocation data (e.g. your location).
  • Professional or employment-related information.

Sources of the collected information

To learn more about categories of sources from where and how we obtain personal information, please read the section "When and how we collect data" from our privacy policy.


How do we use the collected information?

To learn more about how we use the personal information we collect, please read the section "How we use your Personal Data" from our Privacy Policy.


Sale of your personal information

In this context, the word “sale” means any “selling, renting, releasing, disclosing, disseminating, making available, transferring or otherwise communicating orally, in writing, or by electronic means, a consumer's personal information by the business to another business or a third party, for monetary or other valuable consideration”.

Under Californian laws, this concept of sale would only apply to Remote for instance, when Remote hosts a webinar with a partner and share the attendee's list with them.

Remote will only share your data with your consent. You can withdraw your consent whenever you wish.


Your California privacy rights and how to exercise them


Opt-out to the sale of personal information (DO NOT SELL MY PERSONAL INFORMATION)

Where the disclosure of personal information is made in exchange for monetary or other valuable consideration, California residents have the right to opt-out of such disclosure under certain limitations. To exercise your right to request access or delete your personal information under California law, please follow the instruction in "Data Subjects rights".

Click on the "Do not sell my personal information" button to exercise your right. We will save your opt-out for a minimal period of 12 months.

Do not sell my personal information

The right to know and to portability

If you are not satisfied with the information in our privacy policy, you have the right to request that we disclose to you:

  • the categories and sources of the personal information that we collect about you;
  • the purposes for which we use your information and, with whom such information is shared;
  • in case of sale of personal information or disclosure for a business purpose, two separate lists where we disclose:
    • for sales, the personal information categories purchased by each category of the recipient; and
    • for disclosures for a business purpose, the personal information categories are obtained by each category of the recipient.

The disclosure described above will be limited to the personal information collected or used over the past 12 months.

The information will be delivered electronically in an easily usable format to enable you to easily transmit the information to another entity – provided that this is technically feasible.


The right to request the deletion of your personal information

You have the right to request that we delete any of your personal information, subject to exceptions set forth by the law (such as, including but not limited to, where the information is used for compliance and other legal reasons, to identify and repair errors on this Application, to detect security incidents and protect against fraudulent or illegal activities, to exercise certain rights, etc.).

If no exception applies, as a result of exercising your right, we will delete your personal information and direct any of our service providers to do so.


The right of not being discriminated for not allowing to share your data

Providing your personal information for surveys, marketing, or other purposes, is optional. Your refusal to provide your information for these purposes will not have any impact on the entering into or performance of the contract. When requested under Data Protection Laws, we will collect your prior consent before proceeding to process your personal information for these purposes.

To exercise any of the above or other rights under California law, or to contact us with questions and concerns about this privacy notice and our practices, contact us at [email protected] with the subject line: “California Resident Privacy Rights – Request.”

If you are an authorized agent seeking to exercise rights on behalf of a California consumer, contact us at the email above and attach a copy of the consumer’s written authorization designating you as their agent. We may need to verify your identity before completing your rights request.

We will not respond to any request if we are unable to verify your identity and therefore confirm the personal information in our possession actually relates to you.

If you cannot submit a verifiable request, you can request a person registered with the California Secretary of State to act on your behalf.

You can submit a maximum number of 2 requests over a period of 12 months.

We will respond to your request free of charge within 45 days of its receipt. In some cases, we may need to take up to 90 days to fulfill your request, if your request needs additional time to be fulfilled will explain to you the reasons why and when do we expect to fulfill your request.

If your request is manifestly unfounded or excessive we may charge you a reasonable fee, or refuse to act on the request. Remote may also need to deny your request if we have a legitimate reason to do so. In such cases, we will communicate our choices and explain the reasons behind them.


What are the purposes for your usage of my personal information?

We will need to share your personal information for “business purposes” with service providers. We share this information to provide our services and products, like web hosting and security, payment purposes, customer support services, delivering marketing messages, or advertisements.

We may share your personal information with competent authorities for complying with the law, and also some personal information such as business contacts can be shared with third parties for "commercial purposes". This sharing may include information related to Identifiers like name and email. To know more about the recipients of your data, please reach out to us via email at [email protected].

If you want to know more details regarding the receipt and sharing of personal information with third parties you can read the sections "How we use your Personal Data" and "Personal Data Disclosure" of our privacy policy.

We will not use your personal information for different, unrelated, or incompatible purposes without notifying you.

Our services are not directed at children under the age of 16. Therefore, we don't knowingly share the personal information of minors under the age of 16 years without appropriate consent, as required under the California Consumer Privacy Act (CCPA).


Information users located in Brazil

The provisions contained in this section apply to all Users who are located in Brazil, according to the "Lei Geral de Proteção de Dados" (Users are referred to below, simply as “you”, “your”, “yours”). For such Users, these provisions supersede any other possibly divergent or conflicting provisions contained in the privacy policy.

This part of the document uses the term “personal information“ as it is defined in the Lei Geral de Proteção de Dados (LGPD). Our Data Protection Officer is Emanuel Velho and you can contact him at [email protected]


The grounds on which we process your personal information

Please check the section "How we use your data", to read the legal basis we use for processing your Personal Data.

If you have any additional questions regarding our legal basis for processing please contact us at [email protected].


Categories of personal information processed

Please read the section "Types of data we collect", to check the types of data we collect from you.

If you have any additional questions regarding the types of data we collect, please contact us at [email protected].


Why we process your personal information

To find out why and when we process your personal information, you can read sections "When and how we collect data" and "How we use your data".

If you have any questions about why do we process your data, please contact us at [email protected].


Your Brazilian privacy rights

We assure you that you will never be discriminated against by exercising your rights. Please refer to section "Data Subjects rights" to understand how you can exercise your rights.

You can also lodge a complaint related to your personal information with the ANPD (the National Data Protection Authority) or with consumer protection bodies;

In the event you wish to exercise your right of data portability, please let us know that you are performing this request under the LGPD and whether if you wish a simplified or complete disclosure. If you opt for the complete disclosure, please note that it might take up to 15 days to fulfill your request.


Transfer of personal information outside of Brazil permitted by the law

Please be aware that are allowed to transfer your personal information outside of the Brazilian territory when the transfer:

  • is necessary for compliance with a legal or regulatory obligation, the performance of a contract or preliminary procedures related to a contract, or the exercise of rights in judicial, administrative, or arbitration procedures.
  • is necessary for international legal cooperation between public intelligence, investigation, and prosecution bodies, according to the legal means provided by the international law;
  • is necessary to protect your life or physical security or those of a third party;
  • is authorized by the ANPD;
  • results from a commitment undertaken in an international cooperation agreement;
  • is necessary for the execution of a public policy or legal attribution of public service;

Contact us

We have a Data Protection Officer (DPO) who monitors our compliance with the General Data Protection Regulation (GDPR), other data protection regimes and policies of Remote in relation to the protection of Personal Data and privacy.
For inquiries or requests, please contact us at [email protected].