Privacy Policy

1. Introduction

At GTMX, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website, use our services, or interact with our mobile applications.

This Privacy Policy is designed to comply with:

GDPR (General Data Protection Regulation): European Union Regulation 2016/679 on data protection and privacy
LGPD (Lei Geral de Proteção de Dados): Brazil's General Data Protection Law (Law No. 13,709/2018)

GTMX is operated by A F YNOUYE TECNOLOGIA DA INFORMACAO LTDA, a company registered in Brazil with CNPJ 35.035.559/0001-83, located at Salvador Simões, 801, Suite 407, São Paulo - SP, Brazil. We act as the data controller for personal data collected through our website and as a data processor for data collected through mobile applications we develop for our clients.

2. Information We Collect

We collect information that you provide directly to us and information that is automatically collected when you use our services:

2.1 Information You Provide

Contact Information: Name, email address, phone number, and company name when you contact us or request information
Communication Data: Messages, inquiries, and other communications you send to us
Business Information: Information about your business needs and project requirements

2.2 Automatically Collected Information

Usage Data: Information about how you access and use our website, including IP address, browser type, device information, pages visited, and time spent on pages
Cookies and Tracking Technologies: We use cookies and similar tracking technologies to track activity on our website and store certain information
Analytics Data: Data collected through analytics tools such as Google Analytics to understand website usage patterns

2.3 Mobile Application Data

For mobile applications developed by GTMX, the specific data collected depends on the app's functionality and is detailed in each app's individual privacy policy. We process this data on behalf of the app owner (data controller) in accordance with GDPR and LGPD requirements.

3. How We Use Your Information

We use the information we collect for the following purposes:

Service Provision: To provide, maintain, and improve our services and respond to your inquiries
Communication: To communicate with you about our services, respond to your requests, and send you updates
Business Operations: To manage our business operations, including project management and client relationships
Legal Compliance: To comply with legal obligations, including GDPR and LGPD requirements
Analytics and Improvement: To analyze website usage, improve user experience, and develop new features
Security: To protect against fraud, unauthorized access, and other security threats

We process your personal data based on legitimate interests, contractual necessity, legal obligations, or your consent, as required by GDPR and LGPD.

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal bases:

Consent: When you have given clear consent for us to process your personal data for specific purposes
Contract: When processing is necessary for the performance of a contract or to take steps at your request before entering into a contract
Legal Obligation: When processing is necessary for compliance with a legal obligation
Legitimate Interests: When processing is necessary for our legitimate interests, such as improving our services, provided these interests are not overridden by your rights

5. Legal Basis for Processing (LGPD)

Under LGPD, we process your personal data based on the following legal bases:

Consent: When you have provided consent for the processing of your personal data
Contract Performance: When processing is necessary for the performance of a contract or preliminary procedures
Legal Obligation: When processing is necessary for compliance with legal or regulatory obligations
Legitimate Interests: When processing is necessary for the regular exercise of rights or for the protection of credit
Protection of Life: When processing is necessary for the protection of life or physical safety
Health Protection: When processing is necessary for health protection in procedures carried out by health professionals

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following circumstances:

Service Providers: We may share data with third-party service providers who perform services on our behalf, such as hosting, analytics, and email services. These providers are contractually obligated to protect your data
Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction
Legal Requirements: We may disclose your data if required by law, court order, or government regulation
Protection of Rights: We may disclose data to protect our rights, property, or safety, or that of our users or others
With Your Consent: We may share your data with third parties when you have given us explicit consent to do so

All third parties with whom we share data are required to implement appropriate security measures and comply with applicable data protection laws, including GDPR and LGPD.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit and at rest
Regular security assessments and vulnerability testing
Access controls and authentication mechanisms
Employee training on data protection and privacy
Incident response procedures
Regular backups and disaster recovery plans

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

8. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights under GDPR:

Right of Access: You have the right to request access to your personal data and receive a copy of the data we hold about you
Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data
Right to Erasure: You have the right to request deletion of your personal data under certain circumstances
Right to Restrict Processing: You have the right to request restriction of processing of your personal data
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used format and transmit it to another controller
Right to Object: You have the right to object to processing of your personal data based on legitimate interests
Right to Withdraw Consent: When processing is based on consent, you have the right to withdraw consent at any time
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe your rights have been violated

To exercise any of these rights, please contact us using the information provided in Section 13.

9. Your Rights (LGPD)

If you are located in Brazil, you have the following rights under LGPD:

Right to Confirmation and Access: You have the right to obtain confirmation of the existence of processing and access to your personal data
Right to Correction: You have the right to request correction of incomplete, inaccurate, or outdated data
Right to Anonymization, Blocking, or Deletion: You have the right to request anonymization, blocking, or deletion of unnecessary or excessive data or data processed in violation of LGPD
Right to Data Portability: You have the right to request portability of your data to another service or product provider
Right to Deletion: You have the right to request deletion of personal data processed with your consent
Right to Information: You have the right to obtain information about public and private entities with which we share your data
Right to Revoke Consent: You have the right to revoke your consent at any time
Right to Oppose Processing: You have the right to oppose processing of data in violation of LGPD

To exercise any of these rights, please contact us using the information provided in Section 13. We will respond to your request within 15 days, as required by LGPD.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our website and store certain information. Cookies are small data files stored on your device. We use the following types of cookies:

Essential Cookies: Necessary for the website to function properly
Analytics Cookies: Help us understand how visitors interact with our website (e.g., Google Analytics)
Functional Cookies: Remember your preferences and settings

You can control cookies through your browser settings. However, disabling cookies may affect the functionality of our website.

We use Google Analytics to analyze website usage. Google Analytics uses cookies to collect information about how visitors use our website. You can opt-out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

11. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Our retention periods are based on:

The nature of the data and the purpose for which it was collected
Legal and regulatory requirements (e.g., tax, accounting, or data protection laws)
Legitimate business interests
The need to resolve disputes and enforce agreements

When personal data is no longer needed, we will securely delete or anonymize it in accordance with our data retention policies and applicable laws.

12. International Data Transfers

Your personal data may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

When we transfer personal data from the EEA to countries outside the EEA, we ensure appropriate safeguards are in place, such as:

Standard Contractual Clauses approved by the European Commission
Adequacy decisions by the European Commission
Other appropriate safeguards as required by GDPR

We take steps to ensure that your data receives an adequate level of protection in the jurisdictions in which we process it.

13. Children's Privacy

Our website and services are not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.