The Remote Privacy Policy

Last updated: April 22nd, 2021

Overview

This privacy policy ("Policy") describes how Remote Technology, Inc. ("Remote Technology, Inc.", "we," "us," or "our") collects, protects, and uses the personally identifiable information ("Personal Information") you ("User", "you," or "your") may provide on the remote.com website and within any of its products or services (collectively, "Website" or "Services").

We commit ourselves to the highest standard for data protection and privacy. Due to our global footprint, we are subject to several data protection regulations and as a guiding principle, we apply the strictest regulation to protect your data and privacy globally. This results in a broad set of rights and choices made available to you.

When and how we collect data

Data you give Data we collect When
No Yes You browse pages of our website
No Yes You receive an email from us
Yes No You request information from us
Yes Yes You create an account in our platform
Yes Yes You select someone to be hired on your behalf
Yes Yes You engage in a meeting with our team
Yes Yes You participate in our promoted events
No Yes You allow our partners to share your data
Yes No You subscribe to our blog
Yes No You opt-in for marketing messages
Yes No You participate in our promoted programs or giveaways

Types of data we collect

We collect information to provide better services to you.

  • Contact Information that facilitates communication. E.g. Email and physical address, telephone number.
  • Location Information about an individual's location. E.g. Country, IP address.
  • Identifying Information that can identify a specific individual. E.g. Name, government-issued ID, profile picture, birthdate.
  • Financial/Account Information that identifies an individual's financial account or about an individual's remuneration. E.g. Bank accounts, salary, benefits.
  • Professional Information about educational or professional career. E.g. Job title.
  • Social Information about social connections. E.g. Emergency contact.
  • Communication Information communicated to or from an individual. E.g. Email conversations.

How we use your data

  • Employees and Contractors on behalf of our customers

    • Process payroll Performance of a contract
    • Invoice and expense management Performance of a contract
    • Manage benefits Performance of a contract
    • Manage time-off Performance of a contract
    • Good employership Performance of a contract
  • Service Provision

    • Create user accounts Performance of a contract
    • Perform payments Performance of a contract
    • Hire employees Performance of a contract
    • Onboard contractors Performance of a contract
    • Manage payments Performance of a contract
  • Customer Experience

    • Identify you and help you solve issues related to the usage of our services Performance of a contract
    • Notify you of any changes to our services Performance of a contract
    • Contact you to improve our services and customer experience Legitimate interests
  • Marketing Purposes

    • Direct Marketing Legitimate interestsConsent
    • Share your business information with our partners when you attend a promoted event Consent
    • Send you marketing material about our company (newsletters, blogposts, webinars, prizes, etc.) Consent

What is "legal basis"?

Under the GDPR, we need to have a legal basis to lawfully process your personally identifiable information. For the described data processing, we use:

  • Performance of a contract: The data processing is necessary for the performance of a contract in which you are a party or to take steps at the request of the data subject before entering a contract.
  • Legitimate interests: We process your data following our own, our business partners', or your legitimate interests. For example, this occurs when we show you ads for jobs, present your profile to recruiting partners, or when we believe you would benefit from our services, products, or content.
  • Consent: We will only process your personal data for the specific purposes you allowed us to. You can withdraw your consent whenever you wish.

Privacy choices

Although restricting access to certain data might affect your experience, you can always make changes, such as:

  • Disable cookies: You can block cookies in your web browser (check your browser's Help page).
  • Don't provide personal information: You can still navigate the Website and access all our features that don't require your personal information.
  • You can withdraw your consent for marketing communications: We will contact you directly if we receive your explicit consent to send marketing communication, but if you don't wish to hear from us again, please click the unsubscribe button on the communication or send us an email to [email protected] to let us know.

Data subjects rights

You may exercise any rights related to the data we collect by sending an email to [email protected]. We will then verify your identity and respond to your inquiry as promptly as we can, but we may need up to 15 days for certain requests.

Find below a summary list of your rights and how you can exercise them:

Access data

You can access the personal information we hold about you directly on your user profile. If you need additional information regarding:

  • The data categories we process;
  • The purposes of the data processing;
  • Retention period;
  • To whom we disclose personal information;
  • Any other information about your data, please send us an email.

Email subject: Personal Information inquiry.

Additional information: Please let us know what kind of data you would like to access.

Rectification

You can update most of the personal information we hold about you directly on your account's profile. Please keep in mind that some personal information, such as financial data, may be restricted from modification on the platform to avoid processing errors. If you need to modify a restricted field, please contact us by email.

Email subject: Data rectification.

Additional information: Please let us know:

  • the fields to update
  • the old data values to be replaced
  • the new data values
  • evidence of the new data values as applicable

Data Portability

We can export and send a Json file containing all personal information we have collected.

Email subject: Data export.

Additional information: If you would like us to send your information, please let us know by email.

Object processing

Where we use legitimate interests to process your personal information, you have the right to object to the processing. To exercise your right, please send us an email. If your objection is related to receiving marketing communications or our newsletter, please hit the unsubscribe link on the communication you no longer wish to receive.

Email subject: Object to data processing.

Additional information: If the data has no other purpose except within the process to which you rightfully object, we will delete that data.

Restrict processing

You can restrict your data from being processed if:

  • We processed or will process inaccurate personal information;
  • We processed your personal information unlawfully;
  • We don't need need to process your personal data, but we need to keep it to allow you to establish, exercise, or defend a legal claim;
  • You exercised your right to object processing, but we are still validating your request;

Email subject: Restrict data processing.

Additional information: Let us know why you want us to restrict your data processing.

Erasure

Your personal information can be deleted, provided that such deletion does not prevent us from complying with any legal obligations.

Email subject: Data deletion.

Additional information: Send us an email that states the reason for your deletion request. We will reply to you to confirm we have deleted your account or to let you know why we are unable to fulfill the request.

Lodge a complaint

If you believe that we are not processing your data in a lawful way under the GDPR or if you are not satisfied with any response we provide, you may lodge a complaint with a relevant data protection authority.

Email subject: Data privacy.

Additional information: Please let us know your complaint and we will look into it. You always have the right to complain at your local Data Protection Authority, if you are not satisfied with our handling of your complaint.
Under certain conditions, you may able to invoke binding arbitration for complaints regarding Privacy Shield compliance. Please check here.

How we keep your data secure

Compliance

We are compliant with the EU's General Data Protection Regulation. Data protection is ensured by encryption and security measures throughout the lifecycle of your data.

Infrastructure security

  • Data encryption in transit
  • Data encryption at rest
  • Architecture network isolation through private networks
  • Fully auditable access and changes
  • AWS is our trusted cloud provider and is compliant with the following industry standards:
    • SOC I/II/III
    • ISO 27001/27017/27018
    • PCI-DSS
  • All systems are protected by a firewall with security threat detection and prevention mechanisms.

Internal best practices

  • We follow the least privilege principle to limit systems' access to essential personnel only.
  • All internal tools and systems require SSO.
  • We practice continuous credentials auditing and management.
  • We conduct internal security and privacy training.

Reliability

  • Infrastructure-as-code allows for quick rebuilding and portability.
  • Our average response times are under 150ms.
  • We practice continuous monitoring of applications and infrastructure.
  • Applicational logs are shipped off site and kept for 30 days.
  • We create daily data backups.

Data Privacy

  • Sensitive data (i.e., documents) is encrypted and only accessible by data owners and internal platform administrators.
  • Users have full control of their data.
  • We do not keep any data other than data strictly necessary for business operations.

Personal Data Disclosure

Third parties who process your data

We rely on third-party sub-processors to ensure the successful provision of our services. Any third party with whom we share personal information is subject to an extensive security and privacy assessment review to ensure they can provide adequate technical and organizational security measures. Please find here a list of our current sub-processors.

Remote Technology, Inc. shall remain liable for any unlawful processing from our sub-processors unless we are able to prove that we are not responsible for the unlawful processing.

When providing our services, we may also share your data with other data controllers, such as financial institutions and, if you consent, with our partners if sharing is beneficial and does not not present a threat to you, your personal data or to your rights and freedoms as an individual.

We might also need to disclose your personal data to comply with applicable law, enforce contractual rights, and respond to requests from courts, law enforcement, or regulatory agencies and government authorities as long as the request is deemed lawful.

International data transfers

To guarantee service, personal information collected may be processed outside of your country. We ensure that we only transfer data to third parties that can meet high standards of technical and organizational data protection and privacy measures.

Data retention

Remote may retain personal data depending on the purpose for which it is used. Due to our global presence, we are subject to various legal and tax obligations. As a result, Remote may have to retain certain types of personal data for up to 12 years. This retention period is subject to the applicable laws and where possible will be shorter.

If you believe Remove is retaining personal data for invalid legal or fiscal obligations, please contact us at [email protected].

Cookies

The Website uses "cookies" to help personalize your online experience. A cookie is a text file that is placed on your hard disk by a web page server. For detailed information about cookies and which types of cookies we use, please read our cookie policy.

  • Cookies cannot be used to run programs or deliver viruses to your computer.
  • Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you.
  • We may use cookies to collect, store, and track information for statistical purposes to operate our Website and Services. You can accept or decline cookies.
  • Most web browsers automatically accept cookies, but you can modify your browser settings to disable cookies if you prefer (check your browser's Help page).
  • If you choose to decline cookies, you may not be able to experience all the features of the Website and Services.

To learn more about cookies and how to manage them, visit internetcookies.org.

Privacy Shield Frameworks

Although Remote Technology, Inc. complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, Remote does not rely on the Privacy Shield Framework to transfer personal data overseas.

Remote has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program and to view our certification, please visit https://www.privacyshield.gov/.

Remote Technology, Inc. commits to cooperate with the panel established by the EU data protection authorities (DPAs), the Swiss Federal Data Protection, or the Information Commissioner. EU, Swiss, and UK individuals can contact EU DPA, the Swiss Federal Data Protection, or the Information Commissioner as applicable. Please find the contact details of the EU DPAs.

The Federal Trade Commission has jurisdiction over Remote Technology, Inc.’s compliance with the Privacy Shield.

Privacy of minors

We do not knowingly collect any Personal Information from persons under the age of 18. If you are under the age of 18, please do not submit any Personal Information through our Website or Service.

If you have reason to believe that a person under the age of 18 has provided Personal Information to us through our Website or Service, please contact us at [email protected].

Changes and amendments

We reserve the right to modify this Policy relating to the Website or Services at any time, effective upon posting of an updated version of this Policy on the Website. You can find the date of our last update at the top of the document.

Acceptance of this policy

You acknowledge that you have read this Policy and agree to all its terms and conditions.
By using the Website or its Services, you agree to be bound by this Policy.
If you do not agree to abide by the terms of this Policy, you are not authorized to use or access the Website and its Services.

Region-specific provisions

Depending on your region we may have to offer some additional information. Please find below any additional provisions applicable to you:

If under the light of CCPA you are a Consumer (an individual "who is in the State for other than a temporary or transitory purpose” or an individual “who is domiciled in the State who is outside the State for a temporary or transitory purpose.”), we need to provide you additional information about how we process your personal information and how we protect your rights.

Categories of personal data

You can find the types of personal information we collect about you in the section "Types of personal data" we collect of our privacy policy, but since California regulations have specific terms, please find below the correct applicable terms:

  • Identifiers (e.g. unique personal identifiers)
  • Any categories of personal information described in subdivision (e) of Section 1798.80. (e.g name)
  • Characteristics of protected classifications under California or federal law (e.g. gender)
  • Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding the interaction with the website, applications, or advertisements (e.g. email conversations).
  • Geolocation data (e.g. your location).
  • Professional or employment-related information.

Sources of the collected information

To learn more about categories of sources from where and how we obtain personal information, please read the section "When and how we collect data" from our privacy policy.


How do we use the collected information?

To learn more about how we use the personal information we collect, please read the section "How we use your personal data" from our privacy policy.


Sale of your personal information

In this context, the word “sale” means any “selling, renting, releasing, disclosing, disseminating, making available, transferring or otherwise communicating orally, in writing, or by electronic means, a consumer's personal information by the business to another business or a third party, for monetary or other valuable consideration”.

Under Californian laws, this concept of sale would only apply to Remote for instance, when a company host a webinar with a partner and share the attendee's list with them.

Remote will only share your data with your consent. You can withdraw your consent whenever you wish.


Your California privacy rights and how to exercise them


Opt-out to the sale of personal information (DO NOT SELL MY PERSONAL INFORMATION)

Where the disclosure of personal information is made in exchange for monetary or other valuable consideration, California residents have the right to opt-out of such disclosure under certain limitations. To exercise your right to request access or delete your personal info under California law, please follow the instruction in "Data subjects rights".

Please click on the "Do not sell my information" button to exercise your right. We will save your opt-out for a minimal period of 12 months.

Do not sell my personal information

The right to know and to portability

If you are not satisfied with the information in our privacy policy, you have the right to request that we disclose to you:

  • the categories and sources of the personal information that we collect about you;
  • the purposes for which we use your information and, with whom such information is shared;
  • in case of sale of personal information or disclosure for a business purpose, two separate lists where we disclose:
    • for sales, the personal information categories purchased by each category of the recipient; and
    • for disclosures for a business purpose, the personal information categories are obtained by each category of the recipient.

The disclosure described above will be limited to the personal information collected or used over the past 12 months.

The information will be delivered electronically in an easily usable format to enable you to easily transmit the information to another entity – provided that this is technically feasible.


The right to request the deletion of your personal information

You have the right to request that we delete any of your personal information, subject to exceptions set forth by the law (such as, including but not limited to, where the information is used for compliance and other legal reasons, to identify and repair errors on this Application, to detect security incidents and protect against fraudulent or illegal activities, to exercise certain rights, etc.).

If no exception applies, as a result of exercising your right, we will delete your personal information and direct any of our service providers to do so.


The right of not being discriminated for not allowing to share your data

Providing your personal information for surveys, marketing, or other purposes, is optional. Your refusal to provide your information for these purposes will not have any impact on the entering into or performance of the contract. When requested under Data Protection Laws, we will collect your prior consent before proceeding to process your personal information for these purposes.

To exercise any of the above or other rights under California law, or to contact us with questions and concerns about this privacy notice and our practices, contact us at [email protected] with the subject line: “California Resident Privacy Rights – Request.”

If you are an authorized agent seeking to exercise rights on behalf of a California consumer, contact us at the email above and attach a copy of the consumer’s written authorization designating you as their agent. We may need to verify your identity before completing your rights request.

We will not respond to any request if we are unable to verify your identity and therefore confirm the personal information in our possession actually relates to you.

If you cannot submit a verifiable request, you can request a person registered with the California Secretary of State to act on your behalf.

You can submit a maximum number of 2 requests over a period of 12 months.

We will respond to your request within 45 days of its receipt. In some cases, we may need to take up to 90 days to fulfill your request, if your request needs additional time to be fulfilled will explain to you the reasons why and when do we expect to fulfill your request.

If your request is manifestly unfounded or excessive we may charge you a reasonable fee, or refuse to act on the request. Remote may also need to deny your request if we have a legitimate reason to do so. In such cases, we will communicate our choices and explain the reasons behind them.


What are the purposes for your usage of my personal information?

We will need to share your personal information for “business purposes” with service providers. We share this information to provide our services and products, like web hosting and security, payment purposes, customer support services, delivering marketing messages, or advertisements.

We may share your personal information with competent authorities for complying with the law, and also some personal information such as business contacts can be shared with third parties for "commercial purposes". This sharing may include information related to Identifiers like name and email. To know more about the recipients of your data, please reach out to us via email at [email protected].

If you want to know more details regarding the receipt and sharing of personal information with third parties you can read the sections "How we use your personal data" and "Personal Data Disclosure" of our privacy policy.

We will not use your personal information for different, unrelated, or incompatible purposes without notifying you.

Our services are not directed at children under the age of 16. Therefore, we don't knowingly share the personal information of minors under the age of 16 years without appropriate consent, as required under the California Consumer Privacy Act (CCPA).


Information users located in Brazil

The provisions contained in this section apply to all Users who are located in Brazil, according to the "Lei Geral de Proteção de Dados" (Users are referred to below, simply as “you”, “your”, “yours”). For such Users, these provisions supersede any other possibly divergent or conflicting provisions contained in the privacy policy.

This part of the document uses the term “personal information“ as it is defined in the Lei Geral de Proteção de Dados (LGPD). Our Data Protection Officer is Emanuel Velho and you can contact him at [email protected]


The grounds on which we process your personal information

Please check the section "How we use your data", to read the legal basis we use for processing your personal data.

If you have any additional questions regarding our legal basis for processing please contact us at [email protected].


Categories of personal information processed

Please read the section "Types of data we collect", to check the types of data we collect from you.

If you have any additional questions regarding the types of data we collect, please contact us at [email protected].


Why we process your personal information

To find out why and when we process your personal information, you can read sections "When and how we collect data" and "How we use your data".

If you have any questions about why do we process your data, please contact us at [email protected].


Your Brazilian privacy rights

We assure you that you will never be discriminated against by exercising your rights. Please refer to section "Data subjects rights" to understand how you can exercise your rights.

You can also lodge a complaint related to your personal information with the ANPD (the National Data Protection Authority) or with consumer protection bodies;

In the event you wish to exercise your right of data portability, please let us know that you are performing this request under the LGPD and whether if you wish a simplified or complete disclosure. If you opt for the complete disclosure, please note that it might take up to 15 days to fulfill your request.


Transfer of personal information outside of Brazil permitted by the law

Please be aware that are allowed to transfer your personal information outside of the Brazilian territory when the transfer:

  • is necessary for compliance with a legal or regulatory obligation, the performance of a contract or preliminary procedures related to a contract, or the exercise of rights in judicial, administrative, or arbitration procedures.
  • is necessary for international legal cooperation between public intelligence, investigation, and prosecution bodies, according to the legal means provided by the international law;
  • is necessary to protect your life or physical security or those of a third party;
  • is authorized by the ANPD;
  • results from a commitment undertaken in an international cooperation agreement;
  • is necessary for the execution of a public policy or legal attribution of public service;

Contact us

We have a Data Protection Officer (DPO) who monitors our compliance with the General Data Protection Regulation (GDPR), other data protection regimes and policies of Remote in relation to the protection of personal data and privacy.
For inquiries or requests, please contact us at [email protected].