1. PURPOSE

GreyLogix prioritizes the privacy and protection of personal data of all individuals interacting with its services, products, and platforms. This policy transparently details how personal information is collected, used, processed, stored, and protected, aiming to foster a trustworthy and secure relationship.

It is aligned with standards such as ISO 27001 (Annex A.5 – Security Policies), ISO/IEC 27701 (Privacy Management System), ISO/IEC 29100 (Privacy Framework), ISO/IEC 27018 (Cloud Data Protection), and legal frameworks such as the Brazilian General Data Protection Law (LGPD – Law No. 13.709/2018), the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679), the Brazilian Civil Code, and the Brazilian Internet Civil Framework (Law No. 12.965/2014). This policy reflects our commitment to confidentiality, integrity, and legal compliance, ensuring that data is handled with the highest standard of responsibility to protect personal data, meet legal and regulatory privacy obligations, and offer transparency about data usage, while continuously improving our services and operations.

This policy applies to:

Users: Customers, employees, partners, suppliers, and any individuals whose personal data is processed by GreyLogix;

Data: Personal information collected through interactions with our services, products, websites, applications, or communication channels;

Environments: Operations in Brazil and abroad, including physical, digital, and cloud platforms.

2. GENERAL GUIDELINES

2.1. DATA COLLECTION

Categories:

• Personal Identification: Name, CPF, ID, passport (when voluntarily provided);
• Professional: Job title, corporate email, company, department;
• Technical: Access logs (date, time, IP), preferences (e.g., language), usage records (e.g., system commands).

Principles:

• Finalidade: Apenas para fins específicos (ex.: suporte, personalização);
• Adequação e necessidade: Coleta mínima necessária (LGPD, Artigo 6; GDPR, Artigo 5).

Methods:

• Via online forms, product interactions, cookies (with consent via banner), always with prior notice (ISO/IEC 29100).

2.2. DATA USAGE

Purposes:

• Operation and maintenance of services (e.g., monitoring equipment);
• Personalization (e.g., user interface adjustments);

• Usage analysis (e.g., anonymous performance reports);

• Innovation (e.g., developing new features);
• Communication (e.g., sending support emails, updates);

Marketing (ex.: elaborar promoções, com opt-in/out claro);

Legal Bases: Consent, contract execution, legal obligation, or legitimate interest.

Controls: Documented processing, with impact assessment (ISO/IEC 27701).

2.3. DATA SHARING

Recipients:

• Partners (e.g., cloud providers, logistics), under confidentiality agreements;
• Legal authorities, under court order;
• Corporate transactions (e.g., mergers), with prior anonymization when possible.

Assurances:

• Risk assessment before sharing;
• Log retention for 12 months.

2.4. DATA SECURITY

Measures:

• Technical: Firewalls, encryption (e.g., TLS 1.3), multi-factor authentication – MFA (ISO 27001, Annex A.9.4);
• Organizational: Access policies (least privilege), annual training (ISO 27001, Annex A.7.2.2);
• Monitoring: Intrusion detection systems, quarterly audits (ISO 27004);

Incidents: Response within 24 hours, user notification within 72 hours (LGPD, Article 48; GDPR, Article 33).

2.5. USER RIGHTS

Rights:

• Access;
• Rectification;
• Deletion;
• Objection and restriction;
• Data portability;
• Consent withdrawal;  

Channel: Requests must be sent to the DPO (dpo@greylogix.com.br).

2.6. DATA RETENTION:

Retention Periods:

• Active use: While the contractual relationship is active;

• Legal retention: 5 years for tax or contractual obligations (Brazilian Civil Code, Article 206);

• After termination: Anonymization or secure disposal (digital shredding) (ISO 27001, Annex A.8.3.3);

Exceptions:

• Court orders or legal defense (LGPD, Article 16).

3. LEGAL COMPLIANCE

LGPD and GDPR: Data transparency and protection;

Brazilian Civil Code: Liability for damages;

Internet Civil Framework: Log retention;

Documentation: Processing records archived.

4. CONTACT

DPO: Mr. Rafael Gonçalves, dpo@greylogix.com.br

Other Channels: Commercial support via +55 (47) 3642-2490 or www.greylogix.com.br