Privacy Policy

Last Updated: 03/02/2025

This Privacy Policy regulates the processing of personal data on the website expanda.com.br (“Website”) of EXPANDA TECNOLOGIA DA INFORMAÇÃO LTDA (“Expanda”), a limited liability company registered under CNPJ No. 42.515.236/0001-00, headquartered at Avenida Engenheiro Luiz Carlos Berrini, No. 1748, Conj. 1710, Cidade Moncoes, Sao Paulo, SP, Brazil.

We may change this Privacy Policy at any time. In the case of significant changes, we will notify you at least 30 days in advance through a notice on the Website, allowing you to review the new policies before they take effect. If your consent is required, we will request your express agreement as required by applicable law.

This document will be reviewed whenever there are relevant changes in our data processing practices or due to legislative amendments. The last updated date will always be indicated at the beginning of this document. We recommend that you check this page periodically.

This Privacy Policy is governed by the laws of the Federative Republic of Brazil, particularly the General Data Protection Law (LGPD – Law No. 13.709/2018). We also recommend that you review our Terms of Use and our Cookie Policy.

1. How Do We Use Your Information?

The personal data collected may be used for the following purposes:

  • Compliance with Legal Obligations: To comply with legal or regulatory requirements.
  • Website Protection and Security: To maintain the security, integrity, and availability of the Website.
  • Responding to Requests: To handle your questions or requests submitted through our forms.
  • Sending Marketing Communications: To send marketing content, provided you have expressly consented.
  • Analysis and Statistics: To understand how users interact with the Website, provided you have given prior consent.

2. How Do We Share Your Information?

We do not share your personal data with third parties, except in the following cases:

  • Government Authorities and Regulatory Agencies: To comply with legal or regulatory obligations.
  • Hosting and Infrastructure Service Providers: Companies responsible for data storage and Website hosting.
  • Security and Fraud Prevention Service Providers: Third parties that help protect the Website.
  • Consent Management Service Providers: Companies contracted to assist in managing and collecting user consents.
  • Analysis and Statistics Service Providers: Partners who help us understand Website usage, provided you have given prior consent.

3. International Data Transfer

If personal data is shared with companies located outside Brazil, we will take measures to ensure adequate protection of such data, such as entering into specific contractual clauses or verifying that the recipient country ensures an adequate level of data protection.

We require all third parties who receive your personal data to use such information only for the purposes for which it was provided and for the strictly necessary duration, in accordance with this Privacy Policy and applicable legislation.

4. Your Rights

Under applicable legislation (particularly the LGPD), you have the right to:

  • Access, Rectify, or Delete your personal data or obtain a copy of it;
  • Restrict or Object to the Processing of your personal data;
  • Request Data Portability to another entity;
  • Withdraw Consent previously given;
  • File a Complaint with a competent authority.

To exercise your rights, contact us at . We will respond to your request within 15 (fifteen) days, as required by law. We may request additional information to confirm your identity and ensure data security. If we cannot fully comply with your request, we will inform you of the reasons.

It is important to note that if you choose not to provide or withdraw consent for certain types of processing, some Website features may become unavailable.

5. Security

We are committed to protecting your personal data and have adopted technical and administrative security measures to prevent unauthorized access, loss, misuse, or improper alterations. These measures include:

  • Secure Transmission Protocols, such as HTTPS;
  • Encryption of sensitive data;
  • Restricted Access Controls to personal information;
  • Continuous Monitoring of our systems to detect potential vulnerabilities;
  • Secure Data Storage on protected servers.

We conduct periodic audits and security tests to prevent illicit activities and correct possible flaws. However, no electronic transmission or storage method is completely secure. The transmission of data via the Website is at your own risk.

6. Data Protection Officer (DPO)

If you have any questions about this Privacy Policy or the processing of your personal data, you can contact our Data Protection Officer (DPO) at . We will do our best to respond promptly and in accordance with applicable legislation.