APDATA is committed to ensuring the privacy and protection of the personal data of all those who have any type of relationship with us, even if indirectly.
As a result, this Privacy Notice formalizes our commitment to transparency, so that you can understand in a simple, clear and objective way, what personal information is collected, why we collect it, if we share it, with whom and for how much time. In addition, this notice is intended to inform you of your rights in relation to that information and how to exercise them with APDATA.
- 1. Definitions
- 2. Normative Reference
- 3. What data we collect?
- 4. What cookies are and how we use them?
- 5. Why we process your personal data?
- 6. With whom we share your personal data?
- 7. Processing of data of children and adolescents
- 8. How we protect your personal data?
- 9. How long we do store your personal data?
- 10. What are my rights as a personal data holder?
- 11. How to clarify additional questions?
- 12. Updates to this Notice
1. Definitions
The following terms are used in our Privacy Notice:
| Term | Meaning |
|---|---|
| Privacy | It is the right to be protected from interference in personal matters, presupposes respect for private life, freedom and control over the availability and exposure of information about an individual. |
| LGPD | General Data Protection Law, No. 13.709 of 08/14/2018. It provides for the processing of personal data, including in digital media, by natural persons or legal entities under public or private law, with the objective of protecting the fundamental rights of freedom and privacy and the free development of the personality of the natural person. |
| Personal Information | Any information relating to an identified or identifiable natural person ('Holder'). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or other such identifier. |
| Sensitive Personal Data | Personal data concerning racial or ethnic origin, religious beliefs, political opinions, membership of a trade union or religious, philosophical or political organization, data concerning health or sex life, genetic or biometric data, when linked to a natural person. |
| Holder | Natural person to whom the personal data being processed refers. |
| Data Controller | Data processing agent responsible for decisions regarding the processing of personal data. |
| Data Processor | Data processing agent that processes personal data on behalf of the controller. |
| ANPD | The National Data Protection Agency is the public administration body responsible for ensuring, implementing, and overseeing compliance with the General Data Protection Law throughout the national territory. |
| Officer | In charge of the Treatment of Personal Data (DPO - Data Protection Officer) is the person responsible for the Protection of Personal Data at APDATA and for communication with the ANPD and with the holders, contactable by e-mail: dpo@apdata.com.br. |
| Treatment | Any operation performed with personal data, such as those relating to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or extraction. |
| Consent | Free, informed and unambiguous statement by which the holder agrees with the treatment of his personal data for a specific purpose. |
| Anonymization | Use of reasonable and available technical means at the time of treatment, whereby data loses the possibility of association, directly or indirectly, with an individual. |
| Block | Temporary suspension of any processing operation, by keeping personal data or database. |
| Elimination | Deletion of data or data set stored in a database, regardless of the procedure employed. |
| Sharing | Communication, dissemination, international transfer, interconnection of personal data or shared treatment of personal databases by public bodies or entities in the fulfillment of their legal powers, or between these and private entities, reciprocally, with specific authorization, for one or more modalities of treatment allowed by these public entities, or between private entities. |
| International Data Transfer | Transfer of personal data to a foreign country or international body of which the country is a member. |
| Information security | It is a set of measures that aims to protect information against a wide range of threats, preserving the value it has for an individual or organization, based on the CIA triad (Confidentiality, Integrity, and Availability), in order to guarantee business continuity, minimize risks and maximize the return on investments and opportunities. |
| Confidentiality | Ensure that only people who can know information access it. |
| Integrity | Ensure the protection of information and systems against changes to their original state. |
| Availability | Ensure that information can be accessed by those who need it, when they need it. |
| Collaborators | All employees, interns and young apprentices of APDATA, regardless of the position or function performed. |
| Third party | All professionals, whether individuals or legal entities, who do not fit the definition of Collaborators. |
| Supplier | An external company that provides or supplies some type of service to APDATA, such as, but not limited to, consulting services, technological services (hardware and software), services to employees, and other types of technological support services or contracts. |
| Website | It is a place on the Internet identified by a domain name, consisting of one or more pages with content that can contain text, graphics, images, photos, videos and other information. The institutional website of APDATA is https://www.apdata.com. |
2. Normative Reference
- Federal Law No. 13,709 / 2018, General Law for the Protection of Personal Data, “LGPD”, available at http://www.planalto.gov.br/ccivil_03/_Ato2015-2018/2018/Lei/L13709.htm
3. What data we collect?
In order for us to provide our services and carry out our activities, it is essential to collect some information that concerns you. What is this data?
Personal data provided directly by you: During your relationship with us, it is possible for you to actively provide us with your personal data, by completing registration and forms, by accessing the areas and features, which vary according to the type of relationship you have with APDATA, according to non-exhaustive hypotheses indicated below:
| Site Area | Use | Personal data |
|---|---|---|
| Contact us | Contact APDATA | Name, email, corporate phone, position and company name |
| Become a partner | Partnership with APDATA (data are used by the commercial team to make contact) | Name, corporate email, corporate phone, position, company name and company address |
| Blog | Actions of Digital marketing | Name, email and corporate phone, tilte and company name |
Personal data provided by third parties: APDATA receives data from third parties, whether partners, service providers or customers, related to you. The data received from such sources, enable APDATA to carry out its activities and provide its services. The following are some examples of situations in which this may occur:
| Third parties | Goal | Personal data |
|---|---|---|
| Partner Organizations | Customer Prospecting and Marketing Actions | Name, email, phone, position, company name and public data available on the Internet |
| Clients or Service Providers to APDATA | Enable the provision of third-party services at APDATA facilities | Name, CPF and company name |
| Restricted Area (Exclusive for Customers) | Access to service-related features. | Name, CPF, date of birth, e-mail, telephone and information related to your employment relationship with your employer (company, position, e-mail and telephone) |
| APDATA Clients | Execution of contracted services, internal analyses for audit purposes, aimed at verifying the quality and safety of our processes. | Name, email, information related to your employment relationship with your employer, including information that appears on your payslip (e.g., salary, profit-sharing, 13th-month salary payment, among others) or any sensitive inseparable personal data (e.g., race, disability, union dues). |
Personal data collected automatically: APDATA will also be able to collect some information automatically, such as: characteristics of the access device and browser, origin (last country and language accessed), click information and pages accessed. Such collection is carried out through the use of some technologies, such as cookies.
4. What cookies are and how we use them?
Cookies are files or information that can be stored on your devices when you visit our website or use APDATA's online services.
The APDATA website uses:
- First-party or primary cookies: these are installed directly by APDATA. These are cookies set directly by the website or application that the user is visiting. First-party cookies generally cannot be used to track activity on a website other than the original website on which they were placed. These types of cookies may include information such as login credentials, shopping cart items or preferred language.
- Third-Party Cookies (linked to third-party domains): These are cookies created by a domain other than the one the user is visiting. They arise from features of other domains that are incorporated into a website, such as displaying advertisements. On our website, for example, we use Google Analytics. Find out how your personal data is processed at https://policies.google.com/privacy?hl=pt-BR.
| Types of Cookies | What they do? |
|---|---|
| Necessary | Necessary cookies are those that allow the functioning of the basic functions of the website, such as navigation, access to secure or restricted areas. Without these cookies, the website will not function properly. |
| Functional | Functional cookies store the user's previous choices, such as language, font size, colors (when applicable), among other preferences. They allow the user to easily access the page with its customizations. Additionally, these cookies may enable the site to integrate with third-party services, such as links to social media profiles, comments, chatbots, among others. • Cross Site Request Forgery Prevention Token • Laravel • CloudFlare • Google Analytics • HubSpot functional |
| Performance | Performance cookies, also known as analytica, help to understand how the website has behaved with the user, collecting statistics such as areas visited, time spent, user interactions with page content, audience measurement and possible operational problems. • HubSpot functional |
| Marketing | Marketing cookies allow for the tracking of users across different sites. Their primary goal is to offer users advertising for products and services that are more aligned with their interests, based on their online behavior. Marketing cookies can also be used to measure the effectiveness of an online advertising campaign. • HubSpot • Google Ads |
| Statisticians | Statistical cookies record data about visits to a website, such as the number of visits, the time and the origin of the traffic. The purpose of using this category of cookies is to enhance the user experience, improve the content and enable the creation of features that promote better navigation. |
Cookies can be easily disabled through your browser settings. Depending on the cookies refused, the Site may not function correctly, or even take time to load content. For more information go to the respective settings on your browser's official page.
For all personal data collection, APDATA will always follow the following rules:
- The personal data collected will only be used to fulfill the purposes informed to you.
- Only information that is indispensable for the provision of the services offered or the execution of the activities informed will be collected.
5. Why we process your personal data?
We treat your personal data, in most cases, to enable the execution of our activities, such as the information provided by you for contact or during your employment with companies that hire APDATA so that we can provide any of our services. However, there are several purposes for which we may treat your personal data, the main ones are being listed below:
- If APDATA has any legal or regulatory obligation: Your personal data may be used to fulfill obligations provided by law, regulations of government agencies, tax authorities, the Judiciary and / or other competent authority. This treatment may include your complete qualification data, personal documents and bank details, for example.
- For the regular exercise of APDATA's rights: Even after the termination of the contractual relationship, we may process some of your personal data to exercise our rights guaranteed by law, including as evidence in legal, administrative or arbitration proceedings, such as collection actions in the event of breach of contractual obligation, in the responses to lawsuits in which APDATA appears as an interested party or is provoked by the competent court to rule on a certain fact. Furthermore, your data may be processed in the context of the regular exercise of rights, including in contracts, in situations involving the processing of sensitive personal data;
- In situations of APDATA's legitimate interest: It is possible that your personal data will also be treated for legitimate purposes involving the continuity of our activities, such as promoting APDATA services, providing information on news, content, news and other issues relevant to maintaining your relationship with APDATA and in improving the features, use and experience on our website and other tools made available as a result of providing our services, as well as for conducting regular audits to ensure the quality and compliance of our services.
- For the execution of contracts or preliminary steps: We can use your identification and contact details to allow the execution of the contract we have signed with the company you work for (customers and partners), making it possible, for example, to provide our services and other acts resulting from the contractual relationship established with APDATA.
- To conduct activities that aim to prevent fraud: When strictly necessary, we may process your data to prove that you are who you really are, claiming to be fraudulent.
- Through authorization granted by you: If you express your interest and with your authorization, whenever necessary, we may use your data to send communications about our products and services, such as during marketing campaigns, sending emails, SMS and messages via WhatsApp and / or phone.
6. With whom we share your personal data?
For the operationalization of its activities, APDATA will need, in some situations, to share your personal data. We present some hypotheses below, not exhaustive, in which the sharing of your information may occur:
- With partner companies and suppliers, in the development and provision of services aimed at you, according to APDATA's privacy and data protection and / or information security policies and procedures and located abroad (United States);
- With authorities, government entities or other third parties, for the protection of APDATA's interests, in any type of conflict, including lawsuits and administrative proceedings;
- Upon court order or at the request of administrative authorities that have legal competence for your request;
- With companies of our economic group, when APDATA is committed to adopting guarantees of protection of your personal data;
- With external auditing firms to verify the compliance of services provided by APDATA with international standards for information security and privacy.
Furthermore, we may carry out the international transfer of personal data in the following situation:
- With service providers located in the United States. In this case, the international transfer will occur as long as we have a purpose to process/store your personal data and/or as long as we contract the service provider for cloud data storage; and
- With external auditing firms, which may use cloud sharing and storage services located in the United States and Germany. In this case, the international transfer will occur for the duration of the audit and/or for a period of 1 (one) year, for the purpose of complying with regulatory obligations.
In these situations, in addition to ensuring the security and protection of personal data through a contract and sharing carried out in a secure and controlled environment, as indicated in item 9 of this Notice, APDATA will use one of the legal hypotheses for international transfer authorized by law, in accordance with applicable data protection laws, such as the General Data Protection Law (LGPD) and Resolution CD/ANPD No. 19/2024.
7. Processing of data of children and adolescents
It is possible that the personal data of children and adolescents may be processed, such as in the case of these individuals being apprentices, interns, or dependents receiving benefits offered by APDATA to its employees, and dependents of benefits offered by clients to their respective employees. Due to their status as dependents, their data may be audited to maintain the quality of services provided.
In these cases, the data will always be processed in the best interest of the child and/or adolescent, for a specific and legitimate purpose, in accordance with one of the legal bases provided for in Article 7 or 11 of the LGPD (Brazilian General Data Protection Law), as per Statement 01/2023 of the ANPD (National Data Protection Authority) and in line with the Statute of the Child and Adolescent.
8. How we protect your personal data?
APDATA adopts technical and organizational measures to guarantee the security of personal data, preventing unauthorized access and accidental or unlawful situations, such as destruction, loss, alteration, or improper communication, always in accordance with applicable data protection and information security regulations. Among these measures, the following stand out:
- Restricted control of the processing of personal data, limiting access only to authorized professionals and for specific purposes;
- System access authentication mechanisms, such as passwords and, for critical environments, the use of multi-factor authentication (MFA) to ensure that only you can access your account;
- Use of security solutions to protect our systems against threats, malware, and unauthorized access, including firewalls and data loss prevention (DLP) systems;
- Application of encryption to protect data when it is being transmitted over the network and also when it is stored in our systems, making it unreadable to unauthorized persons;
- Conducting security tests and continuous monitoring of our environments to proactively identify and correct potential vulnerabilities; and
- Maintaining an inventory of connection logs, including the time, duration, identity of the responsible party, and the file accessed, for auditing and security purposes.
In the unlikely event of technical failures, viruses or similar actions, APDATA will guarantee the adoption of all reasonable measures to remedy the consequences of the event, always guaranteeing due transparency to you.
9. How long we do store your personal data?
The personal data processed by APDATA will be deleted when they are no longer useful for the purposes for which they were collected, or when you request their disposal, except if there is a need for maintenance for the purpose of complying with legal or regulatory obligations, for the exercise of their rights in judicial or administrative proceedings, or in other cases provided for in the applicable legislation.
10. What are my rights as a personal data holder?
You have the following rights regarding your personal data:
- Be informed if we process your personal data;
- Be informed about which of your personal data is processed by us;
- Correct incomplete, inaccurate or outdated data, by the means required by specific regulations, when necessary;
- Request the anonymization, blocking or elimination of unnecessary, excessive data or that, by chance, have been treated in non-compliance with the law;
- Request data portability to another service or product provider;
- Request the deletion of data processed with your consent;
- Obtain information about the public or private entities with which we share your data;
- When the processing activity requires your consent, you may refuse to consent. In this case, we will inform you about the consequences of not carrying out such activity. If you consent, you may revoke your consent at any time;
- Object to the processing of your data when carried out based on one of the grounds for waiving consent, in case of non-compliance with the provisions of the LGPD (Brazilian General Data Protection Law).
At this point, all requests will be:
- Free of charge;
- Submitted to a form of validation of their identity (so that APDATA directs the fulfillment of requests, exclusively to the data holder).
To exercise your rights as a holder of personal data, access the 'Contact us' channel, available in the 'Contact' menu on the APDATA website (www.apdata.com).
11. How to clarify additional questions?
If you have any questions, suggestions or requests involving this document or the processing of your personal data, please contact:
Data Protection Officer (DPO):
Opice Blum, Bruno Advogados Associados
Henrique Fabretti
Contact: dpo@apdata.com.br
12. Update of the PRivacy Notice
This Privacy Notice can be updated at any time for legal reasons, for the use of new technologies and features and whenever APDATA understands that changes are necessary. By continuing to access the site after these changes, you agree with them as well.
This Privacy Notice was last amended and published on our website on NOVEMBER/28/2025.