Serviços

Projetos

Sobre nós

English

Privacy Policy of Arrow Digital Group

  1. Introduction and Scope
    Welcome to the Privacy Policy of Arrow Digital Group.

    At Arrow Digital Group, we value your privacy and the protection of your personal data. This policy aims to inform you clearly and transparently about how we collect, use, store, share, and protect the personal data you provide to us or that we collect when you interact with us, whether through our website, in direct communications, during negotiation processes, in the performance of service agreements (such as custom software development and nearshore IT team augmentation), or in any other form of interaction.

    We are committed to complying with applicable data protection laws, including the General Data Protection Law (Lei Geral de Proteção de Dados - LGPD) in Brazil and the General Data Protection Regulation (GDPR) in the European Union, ensuring that your data is processed with security, confidentiality, and in accordance with legal principles.

    This policy applies to all data subjects whose personal data is processed by Arrow Digital Group, including, but not limited to:

    • Visitors to our website;

    • Prospective clients (leads) and business contacts;

    • Clients and their representatives;

    • Suppliers and their representatives;

    • Job applicants;

    • Employees (with reservations, as HR data may be processed under a specific internal policy);

    • Individuals whose data is processed by us in our capacity as Data Processors on behalf of our clients (as detailed in the specific section regarding our role as Processor).

    By interacting with Arrow Digital Group, you agree to the terms of this Privacy Policy. We recommend that you read it carefully.

  1. Personal Data Collected Directly by Arrow Digital Group
    Arrow Digital Group collects personal data that is essential for the operation of our business, the provision of our services, and communication with you. The types of personal data we may collect directly include:

    • Identification and Contact Data: Full name, email address, telephone number, job title, company name, business address. This data is generally collected when you complete forms on our website, contact us by email or telephone, or during business interactions.

    • Relationship and Contractual Data: Information related to requested proposals, details of service agreements (software development, nearshore services), payment information, history of communications and interactions with us.

    • Website Navigation and Usage Data: Information about how you use our website, including IP address, browser type, pages visited, time spent on the site, approximate geolocation data, and other information collected through cookies and similar technologies (as detailed in a specific section, if applicable).

    • Public Data: Occasionally, we may access public data about companies and their representatives, such as information available in public registries (e.g., CNPJ data), for prospecting and validation of business information purposes.

    • Job Applicant Data: Information provided by job applicants during the selection process (e.g., resume, professional history, qualifications).

    • Important: As stated, Arrow Digital Group does not collect or process Human Resources (HR) personal data of its own employees through this public policy, as such data is processed under specific internal policies.

  1. Purposes for the Use of Personal Data Collected Directly
    The personal data we collect directly is used for specific and legitimate purposes, always seeking transparency and alignment with the expectations of data subjects. The main purposes for which we use your data include:

    • Provision and Management of Our Services: To use your data to respond to your requests, send commercial proposals, negotiate and execute custom software development agreements and nearshore IT team augmentation services. This includes communication necessary for project management, billing, and support. (Legal Basis: Performance of Contract, Pre-contractual Measures).

    • Communication and Relationship Management: To maintain contact with you to manage our relationship, provide information about our services, respond to inquiries, and receive feedback. (Legal Basis: Legitimate Interest, Performance of Contract).

    • Marketing and Sales: To send communications about our services, news, relevant content, and offers that may be of interest to you, always respecting your communication preferences. This may include prospecting based on public data or previous interactions. (Legal Basis: Legitimate Interest, Consent - where applicable, for example, for newsletters).

    • Recruitment: To evaluate job applications and manage the selection process. (Legal Basis: Pre-contractual Measures).

    • Continuous Improvement: To analyze the use of our website and interaction with our services to understand user needs, enhance customer experience, develop new services, and improve the quality of our offerings. (Legal Basis: Legitimate Interest).

    • Compliance with Legal and Regulatory Obligations: To use data to comply with legal, regulatory, tax, or judicial requirements, such as issuing invoices, responding to court orders or requests from competent authorities. (Legal Basis: Legal or Regulatory Obligation).

    • Protection of Rights and Interests: To exercise or defend rights in judicial, administrative, or arbitration proceedings. (Legal Basis: Exercise of Rights).

    We ensure that the processing of your data for these purposes is carried out in a compatible and proportionate manner, always seeking the least possible impact on your privacy.

  1. Our Role as Data Processor
    Arrow Digital Group, when providing custom software development and nearshore IT team augmentation services, may process personal data on behalf of its clients. In these cases, we act as a Data Processor (or Processor under the GDPR), while our clients are the Data Controllers (or Controllers) of the data.

    Responsibilities and Commitments:

    • Processing Under Instructions: We process personal data exclusively in accordance with the documented instructions of our clients, as established in service agreements.

    • Security and Confidentiality: We commit to implementing appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, or alteration. We ensure that our employees and partners who have access to the data are committed to confidentiality.

    • Subcontracting: When necessary, we may subcontract parts of the processing to third parties, always with the prior consent of the client and under contracts that guarantee data protection.

    • Sensitive Data: In cases where we process sensitive data, such as health information, we ensure that additional security and confidentiality measures are applied, as required by applicable law.

    • International Transfer: Any transfer of personal data outside of Brazil will be carried out in compliance with the LGPD and GDPR, using appropriate safeguards, such as Standard Contractual Clauses or verifying the adequate level of protection in the destination country.

    Limitation of Liability:

    • Controller's Responsibility: The primary responsibility for the legality of the collection and processing of personal data lies with the client (Controller). It is the Controller's responsibility to ensure that personal data is collected and processed in accordance with applicable law.

    This section clarifies our role and responsibility when processing data on behalf of our clients, ensuring transparency and compliance with data protection laws.

  1. Sharing of Personal Data Collected Directly
    Arrow Digital Group may share personal data collected directly with third parties to fulfill the purposes described in this policy. Sharing is conducted responsibly and securely, as detailed below:

    • Service Providers: We share data with suppliers who assist us in operating our business, such as hosting providers, CRM platforms, email marketing services, accounting, and consulting firms. These service providers process data on our behalf and are contractually obligated to protect the confidentiality and security of the data.

    • Business Partners: In some cases, we may share data with business partners for co-marketing purposes or joint solution development, always respecting applicable legal bases.

    • Public Authorities: We may disclose personal data to governmental or regulatory authorities when required by law, regulation, or court order.

    • International Transfer: Personal data may be transferred outside of Brazil to countries where our service providers or partners are located. We ensure that these transfers occur in compliance with the LGPD and GDPR, using adequate safeguards, such as Standard Contractual Clauses or verifying the adequate level of protection in the destination country.

    We commit not to sell, rent, or trade your personal data with third parties for commercial purposes without your explicit consent.

  1. Data Security
    Arrow Digital Group is committed to protecting the personal data it collects and processes by implementing appropriate technical and organizational security measures to prevent unauthorized access, loss, destruction, or alteration of data. Our security practices include:

    • Access Controls: We restrict access to personal data only to employees and partners who need this information to perform their functions and who are subject to confidentiality obligations.

    • Encryption: We use encryption technologies to protect sensitive data during transmission and storage.

    • Monitoring and Auditing: We conduct continuous monitoring of our systems to detect and respond to potential security incidents.

    • Training: We provide regular training to our employees on information security practices and data protection.

    • Internal Policies: We maintain internal policies and procedures to ensure the security and integrity of personal data.

    Despite our efforts to protect your data, it is important to remember that no security measure is infallible. In the event of a security incident that compromises your personal data, we will follow legal procedures for notification to competent authorities and data subjects, as required by applicable law.

  1. Data Retention
    Arrow Digital Group retains personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by legal or regulatory obligations. The criteria we use to determine retention periods include:

    • Duration of Relationship: We retain your data while we have an active relationship, such as a client or partner.

    • Legal Obligations: We retain data as necessary to comply with tax, accounting, or other legal requirements.

    • Data Subject Rights: We consider requests for deletion or restriction of processing, respecting legal and contractual limitations.

    After the retention period ends, data is securely deleted or anonymized.

  1. Data Subject Rights
    Arrow Digital Group respects the rights of data subjects as established by the LGPD and GDPR. You have the right to:

    • Access: Request confirmation about the processing of your personal data and obtain access to it.

    • Rectification: Request the correction of incomplete, inaccurate, or outdated personal data.

    • Erasure: Request the deletion of unnecessary, excessive, or non-compliant personal data.

    • Data Portability: Request the portability of personal data to another service or product provider, upon express request.

    • Objection: Object to the processing of personal data under certain circumstances.

    • Withdrawal of Consent: Withdraw previously given consent, when processing is based on this legal basis.

    • Information about Sharing: Request information about the entities with which your data has been shared.

    To exercise your rights, please contact us through the channels indicated in the following section.

  1. How to Exercise Your Rights and Contact Information
    If you wish to exercise your data protection rights or have questions about this policy, please contact us through the following channels:

    General Contact Email: [email protected]

    Email for Cases Outside Brazil: [email protected]

    We commit to responding to your requests in compliance with applicable law, ensuring that your rights are respected and your questions are answered.

  1. Use of Cookies and Similar Technologies
    Our website uses cookies and similar technologies to improve user experience, analyze website traffic, and personalize content. The types of cookies we use include:

    • Necessary Cookies: Essential for the website to function, enabling navigation and the use of basic features.

    • Analytics Cookies: Collect information about how visitors use the website, helping us improve its performance.

    • Marketing Cookies: Used to personalize advertisements and measure the effectiveness of advertising campaigns.

    You can manage your cookie preferences through your browser settings. For more information about how we use cookies, please consult our Cookie Policy.

  1. Changes to the Privacy Policy
    Arrow Digital Group may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We recommend that you review this policy regularly to stay informed about how we protect your personal data.

    The most recent version will always be available on our website, and we will notify you of significant changes through our usual communication channels.

Certificações