Privacy Center

Tail is a data platform for audience segmentation and insights into the digital environment and are committed to protecting your personal data and safeguarding the privacy of our customers and users.

One of our missions is to defend a regulated market aimed at ensuring the proper use of data in a digital environment. We believe that personal data protection and compliance with relevant legislation can and should be viewed as a competitive advantage as well as ensuring that the user has effective control over their data. In this line, we seek to comply with the best practices applied today in the most advanced markets, both nationally and internationally. We are affiliated to the IAB-Brazil (Internet Advertising Bureau), which recommends good practices and ethical principles to be followed by the digital advertising market.

The purpose of this space is to demonstrate to you how Tail has rethought its own performance to provide solutions for audience management that in addition to complying with General Data Protection Regulation (GDPR) and the General Data Protection Act (LGPD), guarantee, in an effective way, the protection of your data and, above all, your privacy.

Adequation

We collect data compatible with the purpose of our services and with the expectations of the data owners.

Needs

We only collect data necessary to perform our services.

Transparency

Tail’s biggest concern is to provide clear and adequate information about how is data gathering, collection and processing.

Security by design

We take your security very seriously. We have adopted a series of data protection practices against unauthorized access.

You control your data - Privacy by design

We created channels for visitors, users and clients to access information about their data, at our Privacy Dashboard you can access, edit or request the exclusion of your personal data.

Purposes

The purpose of the data collected by Tail is legitimate, specific and known to the data owner. In a more objective way, we will use your personal data to customize the way we send you digital content, according to your interests, so that unwanted content does not reach you out. You can identify in detail the different uses for your data in Privacy Policy.

Q&A

1. What are personal data?

Personal data are those that can identify or make identifiable a person, such as name, ID, RG, CPF, address, cookies, or information relating to a person, such as their location, cultural preferences, tastes, interests.

Data protection involves a set of practices aimed at safeguarding personal data and thus enable people to decide how their data can be used. In addition to ensuring greater control by users, data protection rules also provide greater legal certainty for innovative business in an increasingly data driven society. Security also brings confidence in the relationship between companies and their customers. Data protection is therefore of great concern to Tail, as we understand its direct impact on people.

2. What is GDPR and what is LGPD?

GDPR is the acronym for General Data Protection Regulation, the personal data protection regulation of the European Union, in force since May 25, 2018, which was created with the purpose of consolidating a higher normative standard that would give individuals greater control and at the same time to foster economic, technological and market innovation.

LGPD is the acronym for General Data Protection Law (Law 13.709 / 18), the Brazilian general regulation on the subject, which will come into force in February 2020. Inspired by the GDPR, LGPD will be the normative standard that will guide the protection of personal data in Brazilian national territory.

3. What data protection regulations apply to the services provided by Tail?

Regarding data protection, the main regulations that apply to Tail services are: GDPR, LGPD, Civil Internet Framework (MCI), Decree 8.771 / 16 and Consumer Protection Code (CDC).

  • • GDPR: This legislation applies to Tail's services, as the company: (i) collects and processes data from native/located users within the EU, (ii) provides / transfers services to the EU; and (iii) have as clients or potential clients companies that are located and / or provide services in the European Union;
  • • LGPD: LGPD, as of its validity, will be applicable to Tail services, since the company collects, stores, treats, uses and shares data in the Brazilian national territory;
  • • Civil Internet Framework: MCI is applicable to Tail, since it regulates the use of the Internet in Brazil, providing for the requirement of free, express and informed consent for the collection, use, storage and processing of personal data in Brazil;
  • • Decree 8.771 / 16: the Decree regulates certain points of the MCI, mainly foreseeing issues related to security and safety standards that must be followed during the processing of personal data by companies, be they application or connection providers, data lifecycle, providing for the possibility of deletion of data;
  • • Consumer Protection Code: CDC is also applicable to the services provided by Tail, as this legislation requires Tail to make available to the data owners the information contained in its database.

4. Does Tail qualify as Processor or Data Controller?

Tail, under GDPR terms, is classified as both Processor and Data Controller, depending on the context. Controller therefore collects and decides the purposes for which, and the means by which, the personal data will be processed and Processor, as it processes personal data in the name of a Parent Company.

LGPD also makes this differentiation, as well as, classifies Controllers and Operators, as Agents of Treatment, which is also the case of Tail.

5. How has Tail been preparing to comply with data protection regulations?

Tail has taken a number of steps to comply with data protection laws, including:

The implementation of a Data Protection Impact Assessmnet (DPIA) to map the flow of data and identify possible risks to privacy and personal data protection, aiming to adapt them to best practices and regulatory obligations. In this sense, Tail, after the DPIA, did:

  • • Adequacy of the Privacy Policy to comply with legal provisions;
  • • Review of the Terms of Use and Service Contracts, in order to comply with the main obligations of the sector;
  • • Implementation of an Internal Information Security Policy; and
  • • Adoption of a Cookie Notice following the recommendation of the IAPP (International Association of Privacy Professionals) to obtain a specific consent of the holders for the purpose of collecting and processing this data.

6. Is the service provided by Tail compliant with GDPR and LGPD?

Tail has a huge concern with data protection and maintaining the trust of its customers and users. Therefore, the company is constantly in the process of being adjusted to seek compliance with both the regulatory obligations required by Brazilian and international regulations and with the best practices of countries that have general data protection laws.

7. How can Tail's customers prepare to comply with data protection laws?

In order to prepare, Tail's clients must seek to: comply with current rules, anticipate the regulatory demands that will come into force and guide their performance based on existing data protection principles and rules, and incorporate best practices security in the handling and processing of personal data.

It is important to keep in mind also that only the adoption of a privacy policy may not be enough. Therefore, it is advisable to perform a Data Protection Impact Assessment (DPIA), since this methodology allows, in a concrete way, to map the flow of personal data and company processes, being possible from it to create a plan to be in compliance. But this process is not unique, but continuous. Therefore, periodically conducting new data protection assessments and ensuring that new identified risks will be addressed timely is key to the success of a Privacy Program.

8. What is the Data Protection Officer? Does Tail have one?

Data Protection Officer (DPO) is responsible for the monitoring and supervision of data processing, as well as serving as a direct contact bridge with the Data Protection Authority (DPA). The DPO, according to GDPR, must be a profesional or a company responsible to oversee the company's compliance with GDPR, as well as conducting data protection impact assessments independently, responding directly to the body company's director. It should also be responsible for the contact’s channel of the holders’ data with the company so that they can exercise their rights.

In the LGPD there is the same role, represented as "person in charge", who is indicated by the controller, and acts as the communicator between the controller, data holders and the national authority.

If you would like to speak with our DPO, please contact us, by e-mail: dpo@tail.digital