by Rightchallenge | Março 3, 2023


Última atualização: 03/03/2023


Data Protection and Privacy Commitment

RightChallenge is implementing technical and organizational measures necessary for compliance with applicable EU and national legal standards in the field of data protection, privacy and information security, in particular those contained in the General Data Protection Regulation.

Person responsible for processing personal data

RightChallenge is the entity responsible for the treatment of all personal data that are provided to it for the provision of services that are requested by the holder of the same or their legal representative.

Collection and Processing of Personal Data

The RightChallenge proceeds to the processing of personal data strictly necessary for the provision of information, administrative procedures in the field of their duties and powers and the dissemination of their activities, according to the interactions through the different channels of care and communication.

Personal data collected by RightChallenge are treated informatically whenever possible, being ensured the protection, privacy and security under the legislation in force.

Legal Principles

All data processing operations are guided by the fundamental legal principles applicable in the field of data protection and privacy, particularly with regard to their circulation, lawfulness, fairness, transparency, purpose, minimization, conservation, accuracy, integrity and confidentiality, being RightChallenge , available to demonstrate its responsibility to the data subject or any other third party who has a legitimate interest in this matter.

Lawfulness and purpose of processing

The data processing operations carried out by RightChallenge fall within one or more specific purposes, constituting legitimacy grounds the consent of the data subject and the treatment be considered necessary for:

- The performance of a contract for the provision of services in which the data subject is the contracting party;

- The fulfilment of a legal obligation to which the controller is subject;

The personal data collected may also possibly be processed for statistical purposes, for the dissemination of information or promotional activities and for communication actions, through direct communication, whether by correspondence, e-mail, messages or any other electronic communications service.

However, while prior information and express authorisation are always ensured for the latter purposes, citizens may at any time exercise their right to object to the use of their personal data for other purposes.

Data Retention Periods

Personal data shall be kept for the period necessary for the purposes for which they were collected or for their subsequent processing, with a view to ensuring compliance with all applicable legal provisions on filing.

Use of Cookies

The cookie usage policy is available at

Communication of Data to Other Entities

The availability of information, through the various attendance and communication channels, may eventually imply the use of subcontracted third party services, which may imply access to personal data by these entities.

In these circumstances and where necessary, RightChallenge, will only engage entities that present sufficient guarantees of implementation of technical and organizational measures appropriate to the satisfaction of applicable standards, getting such guarantees formalized in contract signed between the RightChallenge,,  and each of these third entities.

Data Recipients

Except in the framework of the fulfilment of legal obligations, in no case will personal data be communicated to third parties that are not subcontracted entities or legitimate recipients, nor will any communication be made for purposes other than those mentioned above.

Security Measures

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, all of its (sub)contractors shall implement the necessary technical and organisational measures to ensure a level of security appropriate to the risk.

To this end, various security measures may be adopted in order to protect personal data against disclosure, loss, misuse, alteration, unauthorised processing or access, as well as any other form of unlawful processing.

The data subject is solely responsible for keeping access codes secret and not sharing them with third parties, and, in the particular case of the computer applications used to access the channels, must also keep and maintain the access devices in safe conditions and follow the security practices recommended by the manufacturers and/or operators, namely as regards the installation and updating of the necessary security applications, among others, antivirus applications.

Verifying the need for outsourcing of services to third parties who may have access to personal data of the data subject, RightChallenge, subcontractors will be required to adopt measures and security protocols, as well as other measures of technical nature adjusted to the protection of confidentiality and security of personal data, to prevent unauthorized access, loss or destruction of personal data.

Exercise of Rights by Data Subjects

As data subjects, they may at any time exercise their data protection and privacy rights, including rights of access, rectification, erasure, portability, limitation or opposition to processing, under the terms and within the limitations set out in the applicable rules.

Any request for the exercise of data protection and privacy rights must be addressed to RightChallenge in writing by the respective data subject in accordance with the procedure and contact described below.

Complaints and Suggestions

Data subjects have the right to lodge complaints, either by registration in the complaints book or by lodging a complaint with the regulatory authorities.

They can also make suggestions by sending an e-mail to the following address:

Incident Communications

RightChallenge, nomeou has appointed a Data Protection Officer and proceeded with implementation in the field of data protection, privacy and information security.

Data Protection Officer:

Priscila Vilhena Ganga

In the event that data subjects wish to report the occurrence of any personal data breach leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed, they may contact the Data Protection Officer in accordance with the instruction and contact details described above.

Amendment of the Privacy Policy

RightChallenge, may, at any time, make changes that are considered appropriate to this Policy of Data Protection and Privacy, to ensure its updating, development and continuous improvement, and these changes are duly announced publicly on the site in order to ensure transparency and information.