Politica de Privacidade | Consulting Node

PRIVACY AND PERSONAL DATA POLICY –

CONSULTING NODE DO BRASIL LTDA

This Privacy and Personal Data Processing Policy aims to demonstrate and reaffirm CONSULTING NODE DO BRASIL LTDA unwavering commitment to the privacy and lawfulness of the personal data processing of its clients and internal audiences, referred to, for the purposes of this Policy, as DATA SUBJECTS.

Access to the products and services offered by CONSULTING NODE DO BRASIL LTDA presupposes that the DATA SUBJECT has read this Privacy and Personal Data Processing Policy in full and carefully, expressly granting their free, unequivocal, and informed consent to the terms set forth herein, authorizing the processing of their personal data.

By clicking the "Accept" button in the banner below, the DATA SUBJECT declares that they have read, understood, and agree to the privacy policies set forth herein.

1. Initial Considerations:

1.1. The processing of DATA SUBJECTS' personal data by CONSULTING NODE DO BRASIL LTDA is entirely governed by the General Data Protection Law (LGPD) and is based on transparency, respect for privacy, informational self-determination, and the maintenance of best practices related to the management and security of personal data.

1.2. Any and all processing of personal data carried out by CONSULTING NODE DO BRASIL LTDA is limited to the minimum necessary, relevant, and proportional to the intended purpose, with only personal data compatible with the relationship the DATA SUBJECT may have with CONSULTING NODE DO BRASIL LTDA being processed.

1.3. This policy complies with Federal Law No. 13.709 of August 14, 2018 (General Personal Data Protection Law – Lei Geral de Proteção de Dados) and Federal Law No. 12,965 of April 23, 2014 (Internet Civil Rights Framework).

1.4. Users of the CONSULTING NODE DO BRASIL LTDA website (https://www.consultingnode.com.br/) hereby declare that they have read the rules set forth in this Policy in full and carefully; and that, being fully aware of them, they freely and expressly agree and consent to the terms, clauses, and principles set forth herein.

1.5. If the DATA SUBJECT does not agree with these regulations and any future modifications, they must immediately request compliance with their rights under this policy. The DATA SUBJECT understands that failure to discontinue access and/or use, as well as failure to request the rights set forth herein, is understood as tacit acceptance of this Policy.

1.6. It is important to emphasize that this Privacy Policy will be constantly updated, primarily in light of legislative updates and new regulations from regulatory agencies, as well as any changes that may occur in our products or services. Therefore, the DATA SUBJECT is invited to periodically access this Policy for updates.

1.7. This website is business-oriented and is not intended for minors under the age of 18. If we identify any data from minors submitted without the consent of their legal guardian, we will immediately delete it.

2. Personal Data Processing:

2.1. No data is required/necessary to access and navigate the CONSULTING NODE DO BRASIL LTDA website.

2.2. Data is collected when the DATA SUBJECT freely, consciously, and voluntarily provides it or enters it directly on our pages or forms on the website. Therefore, the DATA SUBJECT is responsible for including data.

2.3. In addition to the data you provide voluntarily, we may automatically collect browsing information (e.g., IP address, device type, operating system, and interactions with the website) through cookies and similar technologies, through the hosting system, in compliance with the applicable legal bases.

3. Data Controller

3.1. CONSULTING NODE DO BRASIL LTDA, registered with the CNPJ (Brazilian Corporate Taxpayer Registry) under No. 61.330.157/0001-70, headquartered at Avenida Itavuvu, No. 11,777, TL13, Jardim Santa Cecília, Sorocaba/SP, Zip Code No. 18.078-005, email: legal@consultingnode.com, is responsible for processing the personal data collected on this page.

4. Data Collected

4.1. We collect the following personal data on our website, freely provided by DATA SUBJECTS in the form on the page: - Name - Email address - Telephone - Company name - Form message (information freely provided by the user in the message field)

4.2. Any additional data entered by the DATA SUBJECT in free text fields must be limited to what is strictly necessary for the service.

5. Purpose of Data Collection

5.1. The data collected will be used exclusively to:

- Respond to contact requests from the DATA SUBJECT;

- Answer questions or provide quotes to the DATA SUBJECT;

- Make our services and products available to the DATA SUBJECT;

- Provide assistance to interested DATA SUBJECTs after completing the form; - Present services, quotes, and commercial proposals;

- Execution of a contract or preliminary procedures related to a contract to which the data subject is a party, at the request of the data subject;

- Analyze and improve our marketing efforts;

- Communicate about Consulting Node Brasil Ltda. products, services, events, and news;

5.2. We will also use data to: (i) improve the browsing experience and evaluate website usage metrics; (ii) ensure security, fraud prevention, auditing, and compliance; and (iii) comply with legal/regulatory obligations.

6. Legal Basis for Processing

6.1. Personal data will be processed strictly based on the legal bases set forth in Federal Law No. 13,709/2018 (General Data Protection Law).

6.2. The legal grounds for such processing are set forth in Article 7, items I, II, and V, and Article 33, item IX, of Federal Law No. 13,709/2018 (LGPD), and in any other cases that are previously communicated to the user.

6.3. In order to provide transparency to this Policy and guarantee the rights of data subjects, the cited articles are transcribed below:

Art. 7. Personal data may only be processed in the following cases:

I - with the data subject's consent;

II - for the controller to comply with a legal or regulatory obligation;

V - when necessary for the execution of a contract or preliminary procedures related to a contract to which the data subject is a party, at the request of the data subject;

Art. 33. The international transfer of personal data is only permitted in the following cases:

IX - when necessary to meet the requirements set forth in items II, V, and VI of Art. 7 of this Law.

6.4. When the legal basis is consent, the DATA SUBJECT may revoke it at any time, without prejudice to the lawfulness of the processing carried out up to that point.

7. Data Security

7.1. CONSULTING NODE DO BRASIL LTDA. adopts technical and administrative security measures to protect personal data from unauthorized access and accidental or unlawful destruction, loss, alteration, communication, or any form of inappropriate or unlawful processing.

7.2. Internally, DATA SUBJECTS data is only accessed by duly authorized professionals, tracked and registered for this purpose by CONSULTING NODE DO BRASIL LTDA., respecting the principles of security, privacy, ownership, informational self-determination, reasonableness, and necessity to achieve the controller's objectives, which include the provision and execution of services, products, and solutions with a degree of excellence to its customers and users.

7.3. The cloud hosting service (Google Drive) used is currently outsourced to GOOGLE BRASIL INTERNET LTDA., which currently holds several ISO certifications, including ISO/IEC 27018, ISO/IEC 27017:2015, ISO/IEC 27018:2019, ISO/IEC 27017:2015, ISO/IEC 27701:2019, among others. Contact us at: GOOGLE BRASIL INTERNET LTDA. (CNPJ No. 06.990.590/0001-23), headquartered at Av. Brigadeiro Faria Lima, No. 3477, Floors 17-20, TSUL 2 17-20, Itaim Bibi neighborhood, São Paulo/SP, Zip Code 45381-33. 7.4. Any change in the third-party cloud hosting service provider will be communicated to the user through changes to this Policy.

7.5. The hosting of CONSULTING NODE DO BRASIL LTDA's website is currently outsourced to WIX.COM LTD, a company headquartered in Tel Aviv, Israel (40 Namal, Tel Aviv St., Tel Aviv, Israel), which uses a global cloud infrastructure with data centers located in several countries. Wix states that it adopts security measures compatible with international data protection standards and, where applicable, uses processing agreements that ensure compliance with the LGPD, including in the case of international data transfers. For more information on how Wix handles personal data, please see the Wix Privacy Policy.

7.6. While no method of transmission over the Internet or electronic storage is 100% secure, we implement additional generally accepted industry standards. Furthermore, we adopt appropriate technical and organizational measures to protect your data against unauthorized access and accidental or unlawful activities.

7.7. Despite the measures implemented, it is not possible to completely eliminate the risk of security incidents. In the event of an incident that may result in significant risk or damage, we will adopt the procedures set forth in Federal Law No. 13,709/2018 (LGPD), including communication to the DATA SUBJECT and the ANPD, where applicable.

8. Data Subject Rights

8.1. The user, as the data subject, may request at any time:

- Confirmation of the existence of data processing;

- Access to their data;

- Correction of incomplete, inaccurate, or outdated data; - Revocation of consent;

- Deletion of personal data processed with the data subject's consent, except in the cases provided for in Article 16 of Federal Law No. 13,709/2018 (LGPD);

- Information on the public and private entities with which the controller shared data; - Information on the possibility of refusing consent and the consequences of refusing consent;

- Revocation of consent, pursuant to Article 8, § 5 of Federal Law No. 13,709/2018 (LGPD).

8.2. In compliance with the principle of transparency of this Policy, the following is a transcription of Article 16 of this Policy. Article 18 of Federal Law No. 13,709/2018 (LGPD), which addresses the rights of data subjects:

Art. 18. The data subject has the right to obtain from the controller, regarding the data subject's data processed by the data subject, at any time and upon request:

I - confirmation of the existence of processing;

II - access to data;

III - correction of incomplete, inaccurate, or outdated data;

IV - anonymization, blocking, or deletion of unnecessary, excessive, or data processed in non-compliance with the provisions of this Law;

V - portability of data to another service or product provider, upon express request, in accordance with the regulations of the national authority, observing commercial and industrial secrets;

VI - deletion of personal data processed with the data subject's consent, except in the cases provided for in Article 16 of this Law;

VII - information on public and private entities with which the controller shared data;

VIII - information on the possibility of refusing consent and the consequences of refusal;

IX - revocation of consent, pursuant to § 5 of Article 8 of this Law.

8.3. If the DATA SUBJECT wishes to exercise their rights, please send written communication via email to the Data Controller at the contact details provided in item 13.1. This communication requires the following additional specifications:

A) Title/Subject: "Direct from the Data Subject - LGPD";

B) The requester's information must be provided: Full name, CPF or CNPJ number of the DATA SUBJECT, and email address of the user and/or their legal representative;

C) The right to be exercised must be cited;

D) Place and date of the request and signature (physical, electronic, or digital) of the requesting user;

E) If possible, documentation supporting the user's request.

8.4. We emphasize that each product and/or service offered by CONSULTING NODE DO BRASIL LTDA has its own specific Privacy Policy, which must be observed for all purposes, in addition to this one.

9. Regarding the Provision/Sharing of Personal Data

9.1. The DATA SUBJECT must provide, accurately and up-to-date, only the personal data necessary for the intended purpose, in accordance with Federal Law No. 13,709/2018 (LGPD);

9.2. CONSULTING NODE DO BRASIL LTDA will not transfer the data of DATA SUBJECTS or their Clients to third parties not contractually, directly or indirectly, included in or involved in the relationship with the user and/or client regarding the provision of services and products, and without the express and specific authorization of the data subject.

9.3. The data collected and the recorded activities may be shared, without the need for authorization as provided by law: - With competent judicial, administrative, or governmental authorities, whenever there is a legal determination, request, requisition, or court order;

9.4. To perform activities supported by cloud computing services, CONSULTING NODE DO BRASIL LTDA uses servers that may be located in other countries.

9.5. In any case of cloud server hosting, CONSULTING NODE DO BRASIL LTDA contractually establishes data protection and information security clauses with the service providers that are compatible with Brazilian law. 9.6. All contracted third parties (hosting, cloud, technical support, and similar services) are contractually obligated to maintain confidentiality and adopt security standards compatible with the LGPD, including in subcontracting.

10. Personal Data Retention Period

10.1. Personal data entered on CONSULTING NODE BRASIL DO LTDA websites and platforms will be processed, in accordance with this Policy, only for the applicable period, on a case-by-case basis; as well as for the purposes of complying with any legal or contractual provisions, requests from competent authorities, or legitimate interests (in compliance with Article 10 of Federal Law No. 13,709/2018 - LGPD).

10.2. Personal data collected and activity records on the website are stored in a secure and controlled environment for the minimum periods, as set out below:

- Registration Data will be stored for a maximum period of 5 (five) years after the end of the relationship, in accordance with Article 27 of the Consumer Protection Code;

- Digital identification data will be stored for a maximum of 6 (six) months from the last access, in accordance with Article 15 of the Brazilian Internet Civil Rights Framework (Law No. 12,965/14);

10.3. After the term and legal requirement, data will be deleted; securely erased from any potential CONSULTING NODE DO BRASIL LTDA records, and will never again be processed, handled, and/or used by CONSULTING NODE DO BRASIL LTDA.

10.4. In strictly B2B (Business to Business) relationships without a consumer relationship, the timeframes may be adjusted according to legal, contractual, and audit obligations applicable to the specific case.

11. Cookies

11.1. Considering that cookies are small files that are installed on the hard drive for a limited period of time, CONSULTING NODE DO BRASIL LTDA uses this functionality solely to personalize services and improve the HOLDER's experience, being able to offer them personalized content, and they can request their deactivation at any time, simply by exercising this right in accordance with item 8.3 of this Policy.

12. Responsibilities of CONSULTING NODE DO BRASIL LTDA:

12.1. CONSULTING NODE DO BRASIL LTDA is responsible for ensuring that the personal data processed is accessed internally only by duly authorized, tracked, and registered professionals, and only for legitimate and specifically determined purposes, ensuring appropriate use limited to the purpose of the processing, as well as respecting the principles of security, privacy, ownership, informational self-determination, reasonableness, and necessity for the provision of Consulting Node Brasil's services under this Policy and applicable legislation.

12.2. CONSULTING NODE DO BRASIL LTDA shall not be held liable for the exclusive fault of third parties or the DATA SUBJECTS, such as, but not limited to: the exclusive fault or willful misconduct of the DATA SUBJECT, whether by action or omission; and/or misuse of its websites, platforms, forms, services, or products (including using them for illegal purposes, as well as storing information of an illegal nature and/or in violation of applicable law), pursuant to Article 43 of Federal Law No. 13,709/2018 (LGPD).

13. Data Protection Officer (DPO)

13.1. Regarding CONSULTING NODE DO BRASIL LTDA, the data protection officer is CONSULTING NODE DO BRASIL LTDA, registered with the CNPJ (Brazilian Corporate Taxpayer Registry) under No. 61.330.157/0001-70, which can be contacted through the institutional contact channel, available at: legal@consultingnode.com (address: Avenida Itavuvu, No. 11,777, TL13, Jardim Santa Cecília, Sorocaba/SP, Zip Code No. 18,078-005).

14. General Provisions

14.1. This Privacy Policy was last updated on: June 1, 2025. 14.2. CONSULTING NODE DO BRASIL LTDA may change this Privacy and Personal Data Processing Policy at any time, depending on the purpose or need, as well as to comply with a law or equivalent legal standard. The DATA SUBJECT should periodically check this page for updates.

14.2.1. If relevant aspects of the processing are modified, CONSULTING NODE DO BRASIL LTDA will notify the data subject of the changes, specifically highlighting the content of the changes.

14.3. If you have any questions regarding this Privacy and Personal Data Processing Policy, the DATA SUBJECT may contact CONSULTING NODE DO BRASIL LTDA's Personal Data Processing Officer using the contact information provided in item 13.1.

14.4. This Policy integrates and supplements the Website's Terms of Use. In the event of a conflict of interpretation, the applicable legal standard (LGPD) and the terms most protective of the DATA SUBJECT will prevail.

14.5. Third-Party Links: The website may contain links to external pages. We are not responsible for the privacy practices of these third parties and recommend reading their own policies before providing personal data.

14.6. This Policy will be governed by Brazilian law. Any disputes arising from its interpretation or execution shall be resolved in the courts of the District of Curitiba, Paraná, except in cases where the law determines a specific forum due to the nature of the relationship with the data subject.

Institutional
Home
About Us
Contact
Cases
Volunteering
Work with us

Services
Project Management
ERP Solutions
CRM Solutions
Software Licensing
Application Development
Artificial intelligence
Cybersecurity
DevSecOps
Data Privacy
MSP Infrastructure and Services

Institutional Home About Us Contact Cases Volunteering Work with us

Services Project Management ERP Solutions CRM Solutions Software Licensing Application Development Artificial intelligence Cybersecurity DevSecOps Data Privacy MSP Infrastructure and Services

Institutional
Home
About Us
Contact
Cases
Volunteering
Work with us

Services
Project Management
ERP Solutions
CRM Solutions
Software Licensing
Application Development
Artificial intelligence
Cybersecurity
DevSecOps
Data Privacy
MSP Infrastructure and Services