apis3-group

Privacy Policy

1. Data Controller Identification

This Privacy Policy applies to the website www.apis3.com.br and all services provided by apis3 Consultoria de Marketing Digital e Performance Ltda., registered under CNPJ to be inserted, headquartered at Rua Dr. Renato Paes de Barros, Itaim Bibi, Sao Paulo/SP, Brazil, hereinafter referred to as “apis3,” “we,” or “us.”

The processing of personal data is carried out in accordance with the Brazilian General Data Protection Law (LGPD - Law No. 13,709/2018), the Brazilian Internet Civil Framework (Law No. 12,965/2014), and all other applicable regulations.

Data Protection Officer (DPO) contact: [email protected]

2. Definitions

For the purposes of this Policy, the following definitions apply:

  • Personal data: any information relating to an identified or identifiable natural person.

  • Processing: any operation performed on personal data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation, modification, communication, transfer, dissemination, or extraction.

  • Data subject: the natural person to whom the personal data being processed refers.

  • Controller: apis3, responsible for decisions regarding the processing of personal data.

  • Processor: a natural or legal person that processes personal data on behalf of the controller.

  • Consent: a freely given, informed, and unambiguous indication of the data subject’s agreement to the processing of their personal data for a specific purpose.

3. What Data We Collect

3.1 Data provided by the data subject

When interacting with the website or contracting our services, we may collect:

  • Full name and company name.

  • Email address and phone/WhatsApp number.

  • Job title, company, and industry.

  • Information about your company’s size and needs.

  • Banking and tax information, when necessary for contract execution.

  • Any other information voluntarily provided in contact forms, proposals, and briefings.

3.2 Automatically collected data

Through cookies, pixels, and similar technologies, we collect:

  • IP address and approximate geolocation data.

  • Browser type, operating system, and device used.

  • Pages visited, time spent, and browsing flow.

  • Data on interactions with ads and digital campaigns (clicks, conversions, impressions).

  • Cookie identifiers and session tokens.

3.3 Third-party data

Due to the nature of our services (media management and analytics), we may receive data from partner platforms such as Google, Meta, LinkedIn, and others, in accordance with each platform’s privacy policies and the operational agreements in place.

4. Purpose of Processing

The personal data collected is used for the following purposes:

  • Service delivery: management of paid media campaigns, SEO, analytics, CRM, marketing automation, and performance consulting.

  • Communication and customer service: responding to inquiries, sending commercial proposals, providing support, and clarifying questions.

  • Relationship and marketing: sending newsletters, educational content, case studies, and information about our services, always with an opt-out option.

  • Service improvement: analysis of website and tool usage to continuously enhance the user experience.

  • Compliance with legal and regulatory obligations.

  • Fraud prevention and security of digital operations.

  • Exercise of rights in administrative and judicial proceedings.

5. Legal Basis for Processing

The processing of personal data by apis3 is based on the following grounds set forth in the LGPD:

  • Consent (Art. 7, I): for sending marketing communications and using non-essential cookies.

  • Contract performance (Art. 7, V): for the delivery of contracted services.

  • Compliance with a legal obligation (Art. 7, II): to meet tax, labor, and regulatory requirements.

  • Legitimate interest (Art. 7, IX): for service improvements, security, and fraud prevention, respecting the rights and expectations of data subjects.

  • Exercise of rights (Art. 7, VI): in judicial, administrative, or arbitration proceedings.

6. Data Sharing

apis3 does not sell, rent, or transfer personal data to third parties for their own commercial purposes. Data may be shared exclusively in the following situations:

  • Service providers and operational partners: technology companies, automation platforms, analytics tools, and cloud services acting as processors under apis3’s instructions and subject to confidentiality and data protection agreements.

  • Media platforms: Google LLC, Meta Platforms Inc., LinkedIn Corporation, and other digital channels, for campaign delivery and measurement purposes, in accordance with each platform’s terms.

  • Regulatory authorities and government bodies: when required by law, court order, or competent authority.

  • Auditors and legal advisors: under a duty of confidentiality, for compliance and rights defense purposes.

  • Corporate transactions: in the event of a merger, acquisition, or restructuring of apis3, with prior notice to data subjects.

7. International Data Transfers

Due to the use of global platforms (Google Cloud, AWS, Meta, HubSpot, Salesforce, among others), some personal data may be transferred to and processed on servers located outside Brazil. In such cases, apis3 adopts the safeguards set forth in the LGPD, including standard contractual clauses, compliance certifications, and equivalent privacy shield programs, ensuring an adequate level of protection.

8. Cookies and Tracking Technologies

8.1 What are cookies

Cookies are small text files stored on your device when you access our website. We use first-party and third-party cookies to ensure the website functions properly, personalize your experience, and measure campaign performance.

8.2 Types of cookies used

  • Essential: necessary for the basic functioning of the website. Cannot be disabled.

  • Analytics/performance: collect information about how the website is used (e.g., Google Analytics 4, Google Tag Manager).

  • Functional: enable website personalization, such as language and preferences.

  • Advertising/marketing: used to display relevant ads and measure campaign performance (e.g., Meta Pixel, Google Ads, LinkedIn Insight Tag).

8.3 Cookie management

When you first access the website, you will be presented with a cookie consent banner where you can accept, decline, or customize categories. At any time, you may change your preferences through your browser settings or via the “Manage Cookies” link in the website footer. Disabling cookies may affect website functionality.

9. Data Retention and Deletion

Personal data is retained for the time necessary to fulfill the purposes for which it was collected, observing the following criteria:

  • Contractual data: during the term of the contract and for up to 5 (five) years after termination, to meet legal obligations and potential disputes.

  • Marketing data: while an active relationship exists or until the data subject exercises their right to deletion.

  • Tax and accounting data: in accordance with Brazilian tax and corporate legislation deadlines.

  • Access logs (Brazilian Internet Civil Framework): for a minimum of 6 (six) months.

After the retention period expires, data will be securely deleted or anonymized.

10. Rights of Data Subjects

Under the LGPD (Art. 18), as a data subject, you have the following rights:

  • Confirmation and access: confirm whether processing takes place and access your personal data.

  • Correction: request the correction of incomplete, inaccurate, or outdated data.

  • Anonymization, blocking, or deletion: of unnecessary, excessive, or non-compliant data.

  • Portability: receive your data in a structured, interoperable format.

  • Deletion: of data processed based on consent, subject to legally required retention.

  • Information on sharing: know which entities your data has been shared with.

  • Withdrawal of consent: revoke consent at any time, without affecting the lawfulness of prior processing.

  • Objection: object to processing based on legitimate interest when not duly justified.

  • Review of automated decisions: request human review of decisions made solely through automated processing.

To exercise any of these rights, please contact us at [email protected]. We will respond within 15 (fifteen) business days, as provided by the LGPD.

11. Information Security

apis3 implements appropriate technical and organizational measures to protect personal data against unauthorized access, destruction, loss, alteration, disclosure, or any form of improper processing, including:

  • Encryption in transit (TLS/SSL) and at rest.

  • Role-based access control (RBAC) with multi-factor authentication.

  • Continuous security monitoring and incident response.

  • Confidentiality agreements with employees and vendors.

  • Regular privacy and security training for staff.

In the event of a security incident that may pose a risk or relevant harm to data subjects, apis3 will notify the Brazilian National Data Protection Authority (ANPD) and the affected data subjects within the legally required timeframes.

12. Links to Third-Party Websites

Our website may contain links to external sites. apis3 is not responsible for the privacy practices of those websites and recommends that you read the privacy policy of each site you visit.

13. Minors

Our services are intended for businesses and professionals. We do not knowingly collect personal data from individuals under 18 years of age. If we identify that data from a minor has been inadvertently collected, we will proceed with its immediate deletion.

14. Changes to this Policy

This Privacy Policy may be updated periodically to reflect changes in our practices, applicable law, or the services we provide. The date of the last update appears at the beginning of this document. Material changes will be communicated by email or through a prominent notice on the website.

15. Contact and Data Protection Officer (DPO)

For questions, requests, or to exercise your rights under this Privacy Policy, please contact us: