Privacy Policy

Privacy Policy and Data Protection

CADASTRA MARKETING DIGITAL LTDA, a private legal entity, registered under CNPJ No. 08.257.844/0002-24, located at Av. Eng Luís Carlos Berrini, No. 1511, 17th floor, State of São Paulo, city of São Paulo, ZIP code 04.571-011 (“Cadastra”), processes some of your Personal Data to provide you with products and services. We are a hybrid and global company, focused on digital transformation, bringing together strategic consulting services, performance agency, digital operations, technology, communication, and digital education. For over 20 years, we have been transforming brands in over 10 countries, with multidisciplinary, dynamic, and always up-to-date know-how, delivering the highest performance in the short, medium, and long term for companies.

This Privacy Policy aims to inform all Customers, Partners, and the market in general how we treat the Personal Data collected and/or received in our operation. This Privacy Policy also aims to clarify to our Customers what are the main rights guaranteed by Law No. 13.709/2018 (the “General Data Protection Law” or “LGPD”) and how Cadastra – always guided by ethics, transparency, and compliance – is prepared to comply with this regulation and ensure the Privacy of all players around it. If you have any questions, please contact us through the channels indicated at the end of this Policy (item 10).

1. Important Definitions

The following definitions are important for you to understand the position and role of each party involved in our business, the main concepts defined in the LGPD, and how Cadastra is structured to protect the Privacy of all its Customers and Partners:

“Controller”: the company (or subject) responsible for the decision regarding the treatment of the Data Subject's Data;

“Processor”: the company (or subject) that carries out the processing of any Personal Data on behalf of the Controller;

“Personal Data”: information related to any identified or identifiable natural person; i.e., any information provided by a Customer to the Supplier, for example, that identifies or may identify a natural person;

“Sensitive Personal Data”: Data of the Data Subject about their racial or ethnic origin, religious, political, genetic, biometric, indicative of sexual preference, or health status;

“Processing”: any operation involving Personal Data that is carried out directly by the company;

“Data Subject”: a natural person to whom the Data to be processed in the operation refers;

“Anonymization”: use of available technical means in Data processing, in which Data loses the possibility of direct or indirect association with an individual;

“Shared Data Use”: communication, dissemination, international transfer, interconnection of Personal Data or shared processing of Personal Data banks by public bodies and entities in the performance of their legal competencies, or between these and private entities, reciprocally, with specific authorization, for one or more processing modalities allowed by these public entities, or between private entities;

Partner: Suppliers and/or Third Parties linked to the operation that have a relationship with the services provided by Cadastra in favor of the Personal Data Subject for the purpose of Personal Data processing;

2. What personal data can we collect, process, and how do we do it?

Cadastra collects and strictly processes the Data necessary for the execution of its corporate purpose, such as, but not limited to, Data relating to qualification (name, CPF/CNPJ, profession, gender, address) and/or those voluntarily provided by Users through the Websites/Applications/Tools. All processing of Personal Data of Customers and Partners carried out by Cadastra strictly observes the following principles:

Purpose: the processing must have a clear, specific, and previously informed purpose to its Subject;

Adequacy: processing must be compatible with the context informed to the Subject and respect the purpose;

Necessity: processing must be limited to the minimum necessary for the operation;

Free Access: obligation to provide immediate and free consultation to the Subject about the processing of their Data;

Data Quality: need to prove to the Subject the storage of clear, relevant, and up-to-date Data;

Transparency: obligation to provide the Subject with clear, correct, and easily accessible information at any time;

Security: obligation to use technical measures capable of preventing leaks, unauthorized access, loss, and/or unauthorized alteration of Data;

Prevention: prior adoption of measures to prevent and contain any breaches of LGPD obligations;

Non-Discrimination: impossibility of processing Data for discriminatory, illegal, or abusive purposes;

Accountability and Accountability: obligation to prove, by the agent, the adoption of effective measures to ensure compliance with the law and all its principles;

With the prior and express consent of the Subject, we may also – aiming to make the service to Customers and Partners more efficient – collect Personal Data from the following sources:

Sales management platforms in physical stores and via internet Application Programming Interface (API): service that facilitates communication between two parties

Cookies: record of the Subject's activities on our Websites/Applications/Tools with the aim of optimizing searches, always with the consent of the Customer.

NOTE: Any Data provided on Third-Party websites and applications may be subject to Privacy practices that may differ from those adopted by Cadastra. If Personal information is submitted to any of these websites, the information will be governed by the Privacy Policies of those sites.

3. Why do we collect personal data?

We take appropriate measures to ensure that all processing of your Personal information by us or by our service providers is legal. The legal basis for the processing of your Personal information will depend on the purposes for which we process your information.

Consent: upon prior consent by the Data Subject, where applicable;

Efficiency to the Customer: through the Data collected and stored with the consent of the Data Subject, we can optimize search times when browsing, eliminate inefficient offers to the Customer, and reduce transaction costs to focus on what effectively matters;

Legitimate Interest: use of Personal Data by Cadastra – always with legitimate and previously informed purposes – for the promotion of essential activities and/or the regular exercise of rights;

Protection of Acquired Rights: we use Personal Data to exercise any contractual or legal right that must be safeguarded before Customers, Partners, and the market in general, including to protect Cadastra's and the Data Subjects' Privacy rights.

4. With whom do we share personal data?

We ensure that only authorized individuals by Cadastra and bound by the same criteria of security, confidentiality, and purpose may access your Personal Data when strictly necessary for the management of our commercial relationship or compliance with our legal obligations.

Additionally, sharing—upon consent or for legitimate interest—may occur under the following circumstances:

Economic Group Sharing: Sharing of Personal Data by Cadastra—with consent or for the regular exercise of rights—with DBG Group companies, which may act as Operators in processing this information specifically to ensure commercial management and greater efficiency in marketing campaigns;

Partners: Third parties that provide services to Cadastra, such as providers of information technology services, communication or marketing services, as well as statistical services, limited to the sharing of strictly necessary Personal Data for the execution of contracted activities and always with the prior consent of the Data Subject.

Media campaign management tools: Aimed at sending ads tailored to your selected preferences based on your browsing and/or your requests on the Sites;

Behavioral analysis tools: Aimed at improving the user experience regarding Site usage by storing cookies—always previously accepted by the User—or by analyzing Personal Data voluntarily provided by the Data Subject with prior knowledge and agreement for this purpose.

Upon prior knowledge and agreement, the sharing of User Personal Data with Partners will be carried out in connection with one or more of the purposes described in item 2 of this Policy, respecting the limits and purposes strictly necessary for the performance of our activity.

Cadastra may also be required to disclose your Personal Data upon receipt of a binding order or subpoena, to any authority with jurisdiction over our activity to comply with legal, regulatory obligations, and/or respond to the subpoena received. In this case, sharing will be within the strict limits outlined by the order, and whenever possible, it will be preceded by notification to the Data Subject to take all appropriate measures to, if desired, seek measures to try to revoke the sharing order.

Finally, in accordance with the principles outlined above, at any time, the Data Subject can request access to all their Data from Cadastra.

5. How do we store personal data?

Cadastra seeks to make it easy for the Data Subject to keep their Personal information accurate, complete, and up-to-date. If the Data Subject believes it is necessary to update their Personal Data, they may request it from Cadastra through the channels mentioned at the end of this Policy (item 10).

These rights granted to the Data Subject apply exclusively in relation to their own Personal Data. Cadastra does not share with the User any Third-Party Data, including Personal Data of other Users that may have been collected in our operation.

We guarantee the following rights to Data Subjects:

Existence and Access: The Data Subject has the right to obtain confirmation of the existence of processing activity of their Personal Data. If there is processing, the Data Subject has the right of access, i.e., to obtain a simplified or complete statement about the categories of Personal Data processed, the origin of the Data, and the purposes of the processing. If there is processing of their Personal Data based on their consent, or on a contract concluded between the Data Subject and Cadastra, the Data Subject also has the right to obtain a full copy of the Personal Data that is processed based on consent or the contract;

Correction: The Data Subject has the right to request the correction of incomplete, inaccurate, or outdated Data about themselves;

Anonymization, blocking, and/or deletion: In certain cases, when Personal Data is unnecessary, excessive, or processed in non-compliance with the LGPD, the Data Subject has the right to request anonymization, blocking, or deletion of this Data;

Portability: In certain cases, as defined and to the extent required by the ANPD, and always respecting Cadastra's trade secrets and industrial secrets, the Data Subject has the right to portability of their Personal Data to another company.

Data sharing: The Data Subject has the right to obtain information about the public and private entities with which Cadastra has shared their Personal Data;

Revocation of consent: Every time Cadastra requests consent to process Personal Data, the Data Subject has the right to refuse consent. Cadastra always informs them of this right and the consequences if they prefer not to give consent for a processing activity. Additionally, whenever the Data Subject consents to the processing of their Personal Data for a specific purpose, they may revoke their consent at any time, with all processing activities carried out up to the date of revocation being validated.

Opposition: Right to object to certain types of processing, including processing for direct marketing (which we do only with your consent).

Deletion: The Data Subject allows you to request the deletion or removal of your Personal information if there is no compelling reason for us to continue using it. Please note that this is not a general right to deletion, except in cases of mandatory retention as provided by law.

For further information and/or requests, the Data Subject should contact us through the channels indicated at the end of this Policy (item 10). The deadline for analysis and response is up to 30 days.

6. What rights do we guarantee to the data subject?

Cadastra processes Personal Data only for the purposes described in this Policy.

Personal Data is kept only as long as necessary for processing purposes and must be deleted: as soon as the reason for its use ends, or as determined by Law.

7. Communications and modification of this policy

The security and confidentiality of your Personal information are extremely important to us. We have technical, administrative, and physical security measures in place to:

protect your Personal information against unauthorized access and improper use

protect our IT systems against leakage of Personal Data

ensure that we can restore your information in situations where Data is corrupted or lost in a disaster recovery situation when appropriate, use encryption or other security measures

periodically review security procedures considering new appropriate technologies and updated methods.

While no measure is 100% effective, we are committed to ensuring that your Personal information remains secure.

8. Data Of Minors

Cadastra's products and services are not directed to minors.

9. International transfer of personal data

We may transfer your Personal information to companies of the DBG Group, IT providers, and other Suppliers in other countries. For companies outside the Brazilian Economic Area, with which we may share your Personal Data, we ensure that this is done using specific and legally approved safeguards.

10. Data Protection Officer

The DBG Group, to which Cadastra belongs, has a Data Protection Officer responsible for guiding the conduct of our activities in compliance with the legislation, as well as for receiving complaints and communications from Data Subjects and Authorities, and providing them with clarifications.

If you have any questions, complaints, or any indication of a violation of the terms of this Privacy Policy, or to exercise rights as a Data Subject, please contact us via: email to privacy@dbg.com.br

Mail to Av. Eng Luís Carlos Berrini, nº 1511, 17th floor, State of São Paulo, city of São Paulo, ZIP code 04.571-011 attention to the Data Protection Officer (DPO).

11. Privacy Policy Updates

The DBG Group may, at any time, update this Privacy Policy to reflect implemented improvements. Please check this page regularly for updates.

Subscribe to our newsletter