Search
EN
EN PT
Menu
Search

Privacy Policy

HomePrivacy Policy
dibis-it.consulting

1. Introduction

This Privacy Policy explains how dibis-it.consulting (“Company,” “we,” “us,” or “our”), an Austrian-based consulting firm serving the Brazilian market, collects, uses, processes, and protects your personal information when you use our services or interact with our website.

Our Jurisdiction: We are established in Austria but primarily serve clients in Brazil. Therefore, this policy complies with both:

  • European Laws: General Data Protection Regulation (GDPR – EU Regulation 2016/679) – applicable due to our Austrian establishment
  • Brazilian Laws: Brazilian General Data Protection Law (LGPD – Law 13.709/2018) – applicable to our Brazilian client services

Last Updated: 25.01.2024

2. Data Controller Information

Company Name: dibis-it.consulting
Establishment: Austria (Wien)
Primary Market: Brazil

3. Types of Personal Data We Collect

3.1 Information You Provide Directly

  • Contact Information: Name, email address, phone number, business address
  • Business Information: Company name, industry, business requirements
  • Financial Information: Payment details, billing information, tax identification numbers
  • Communication Data: Messages, emails, consultation notes, project specifications
  • Professional Information: Job title, professional background, technical requirements

3.2 Information Collected Automatically

  • Website Usage Data: IP address, browser type, device information, pages visited
  • Analytics Data: Website performance metrics, user behavior patterns
  • Technical Data: Log files, cookies, session data, error reports
  • Marketing Data: Email engagement metrics, campaign performance data

3.3 Service-Specific Data Collection

Legal Services:

  • Legal documentation and case information
  • Corporate structure details for Brazilian companies
  • Brazilian regulatory compliance data
  • Cross-border legal consultation records

Software Development:

  • Project specifications and requirements
  • Source code access credentials (when necessary)
  • Testing and deployment data
  • Brazilian market-specific technical requirements

SEO and Digital Marketing:

  • Brazilian market website performance data
  • Portuguese language search ranking information
  • Brazilian advertising campaign data
  • Local market analysis data

Cloud Services:

  • Server configuration data (Brazil-focused hosting)
  • Backup and storage information
  • Email hosting data for Brazilian domains

E-commerce Services:

  • Brazilian market product catalogs and inventory data
  • Customer transaction patterns in Brazilian market
  • Payment processing information (Brazilian payment methods)

We process your personal data based on the following legal grounds:

4.1 Under GDPR (Austrian Establishment)

Consent (Article 6(1)(a)):

  • Marketing communications
  • Non-essential cookies
  • Optional data collection for service enhancement

Contract Performance (Article 6(1)(b)):

  • Service delivery and project execution
  • Payment processing
  • Customer support

Legitimate Interest (Article 6(1)(f)):

  • Website security and fraud prevention
  • Business analytics and service improvement
  • Legal compliance and record-keeping

Legal Obligation (Article 6(1)(c)):

  • Austrian tax and accounting requirements
  • EU regulatory compliance
  • Court orders and legal proceedings

4.2 Under LGPD (Brazilian Client Services)

Consent (Article 7, I):

  • Marketing communications
  • Non-essential data processing
  • Service enhancements

Contract Performance (Article 7, V):

  • Service delivery for Brazilian clients
  • Payment processing in Brazilian currency
  • Customer support

Legitimate Interest (Article 7, IX):

  • Security and fraud prevention
  • Business analytics
  • Austrian business operations

Legal Obligation (Article 7, II):

  • Brazilian client tax documentation
  • Brazilian regulatory compliance
  • Legal proceedings in Brazil

5. How We Use Your Personal Data

5.1 Service Delivery to Brazilian Clients

  • Providing consulting, development, and technical services focused on Brazilian market
  • Project management and communication
  • Quality assurance and testing for Brazilian requirements
  • Technical support and maintenance

5.2 Cross-Border Business Operations

  • Contract management and billing (Austria-Brazil)
  • Client relationship management
  • Performance analysis and reporting
  • Risk assessment and security measures
  • Currency exchange and international payment processing

5.3 Legal and Compliance (Dual Jurisdiction)

  • Meeting Austrian regulatory requirements
  • Complying with Brazilian client regulations
  • Protecting our legal rights in both jurisdictions
  • Responding to legal requests from Austrian or Brazilian authorities
  • Maintaining professional standards in both countries

5.4 Marketing and Communication

  • Promoting services to Brazilian market
  • Sending service updates and newsletters
  • Conducting Brazilian market research
  • Improving client experience for Brazilian businesses

6. Data Sharing and Disclosure

6.1 Service Providers and Partners

We may share your data with trusted third parties:

  • Austrian service providers for business operations
  • Brazilian partners for local market services
  • International cloud providers with adequate safeguards
  • Payment processors for Austria-Brazil transactions
  • Professional advisors in both Austria and Brazil

6.2 Legal Requirements

We may disclose personal data when required by:

  • Austrian law and EU regulations
  • Brazilian law and LGPD requirements
  • Court orders from competent Austrian or Brazilian courts
  • Government authorities in Austria or Brazil
  • International legal cooperation requests

6.3 Cross-Border Business Context

Due to our Austria-Brazil business model:

  • Austrian establishment data may be shared with Brazilian tax authorities
  • Brazilian client data may be processed by Austrian-based systems
  • International transfer safeguards are always implemented

7. International Data Transfers

7.1 Austria-Brazil Data Flows

Our business model inherently involves international transfers:

Austria to Brazil:

  • Client project data for Brazilian market services
  • Business communications and documentation
  • Technical services delivery

Brazil to Austria:

  • Client instructions and requirements
  • Payment and billing information
  • Service feedback and analytics

7.2 Adequate Safeguards

For all international transfers, we implement:

Under GDPR (Chapter V):

  • Standard Contractual Clauses (SCCs) approved by European Commission
  • Transfer Impact Assessments (TIAs) for Brazil transfers
  • Technical and organizational measures for data protection

Under LGPD (Chapter VII):

  • ANPD-approved safeguards for transfers to Austria/EU
  • Contractual data protection clauses
  • Adequate level of protection verification

7.3 Third-Country Processing

When using third-party services that process data outside Austria or Brazil:

  • Adequacy decisions are preferred (EU-Brazil adequacy assessment pending)
  • Standard contractual clauses for other countries
  • Certification schemes and codes of conduct
  • Regular compliance monitoring

8. Data Retention

8.1 Retention Periods

  • Active Brazilian client data: During service relationship plus 10 years (Brazilian commercial law requirements)
  • Austrian business records: 7 years (Austrian commercial code requirements)
  • Financial records: 10 years (longest applicable requirement between jurisdictions)
  • Legal documentation: As required by applicable limitation periods in both countries
  • Marketing data: Until consent is withdrawn
  • Website analytics: 2 years from collection

8.2 Dual Jurisdiction Considerations

We apply the longest retention period required by either Austrian or Brazilian law to ensure full compliance in both jurisdictions.

9. Your Rights

9.1 Rights Under GDPR (All Data Subjects)

Right of Access (Article 15): Request confirmation and details of processing

Right to Rectification (Article 16): Correct inaccurate or incomplete data

Right to Erasure (Article 17): Request deletion when legally permissible

Right to Restrict Processing (Article 18): Limit processing in certain circumstances

Right to Data Portability (Article 20): Receive data in structured format

Right to Object (Article 21): Object to processing based on legitimate interests

Right to Withdraw Consent (Article 7(3)): Revoke consent at any time

Right to Lodge a Complaint: File complaint with Austrian Data Protection Authority

9.2 Additional Rights Under LGPD (Brazilian Clients)

Right to Information (Article 18, II): Full transparency about data processing

Right to Anonymization (Article 18, IV): Request anonymization when possible

Right to Confirmation (Article 18, I): Confirmation that data is being processed

10. Data Security

10.1 Security Measures for Cross-Border Operations

Technical Safeguards:

  • End-to-end encryption for Austria-Brazil communications
  • Secure VPN connections for international data access
  • Multi-factor authentication for all systems
  • Regular security assessments and penetration testing
  • Secure backup procedures in both jurisdictions

Organizational Safeguards:

  • Staff training on both GDPR and LGPD requirements
  • Incident response procedures for both jurisdictions
  • Vendor security assessments for international partners
  • Regular compliance audits

10.2 Data Breach Response

Dual Notification Requirements:

  • Austrian DPA: Within 72 hours if GDPR applies
  • ANPD (Brazil): Within 72 hours if LGPD applies and high risk exists
  • Affected individuals: When there’s high risk to rights and freedoms
  • Coordinated response: Ensuring consistency across jurisdictions

11. Cookies and Tracking Technologies

11.1 Cookie Compliance

Our website uses cookies complying with both:

  • GDPR and ePrivacy Directive requirements
  • LGPD consent requirements

11.2 Cookie Types for Our Business Model

Essential Cookies: Authentication and security for both Austrian and Brazilian users

Analytics Cookies: Understanding traffic from both European and Brazilian visitors

Marketing Cookies: Targeting Brazilian market while respecting European visitor rights

Functional Cookies: Language preferences (Portuguese/German) and regional settings

See our separate Cookies Policy for detailed information.

12. Children’s Privacy

We do not knowingly collect personal data from:

  • Children under 16 years (GDPR requirement)
  • Children under 18 years (LGPD requirement)

We apply the higher standard (18 years) to ensure compliance with both laws.

13. Updates to This Privacy Policy

13.1 Change Notification

Material changes will be communicated:

  • 30 days advance notice via email (GDPR requirement)
  • Immediate notification for Brazilian clients when required by LGPD
  • Website banners for all visitors
  • Updated consent collection when necessary

13.2 Language Versions

  • German version: Available for Austrian legal compliance
  • Portuguese version: Available for Brazilian clients
  • English version: This version serves as master document

14. Supervisory Authorities

14.1 For Austrian Establishment Issues

Austrian Data Protection Authority (DSB)
Website: https://www.dsb.gv.at
Email: [email protected]

14.2 For Brazilian Client Issues

ANPD (Autoridade Nacional de Proteção de Dados)
Website: https://www.gov.br/anpd
Email: [ANPD contact information]

14.3 EU-Level Complaints

European Data Protection Board (EDPB)
For cross-border processing issues

15. Special Provisions for Austria-Brazil Business Model

15.1 Jurisdiction Conflicts

When Austrian and Brazilian law requirements conflict:

  • We apply the most protective standard for individual rights
  • We seek legal advice in both jurisdictions
  • We document our decision-making process
  • We inform affected individuals of our approach

15.2 Language and Cultural Considerations

  • Portuguese language support for Brazilian clients
  • Brazilian business practices understanding
  • Austrian legal standards compliance
  • Cultural sensitivity in data handling

15.3 Currency and Payment Data

  • Multi-currency processing (EUR/BRL)
  • International banking compliance
  • Tax documentation for both jurisdictions
  • Exchange rate calculation records

This Privacy Policy reflects our unique business model of Austrian establishment serving Brazilian clients. We are committed to the highest standards of data protection under both European and Brazilian law.

Multi-Jurisdictional Compliance: This policy is designed to comply with both Austrian/EU (GDPR) and Brazilian (LGPD) laws simultaneously. Where requirements differ, we apply the most protective standard to ensure comprehensive compliance for all stakeholders.

Document Version: 1.0 – Austria-Brazil business model
Language: This English version serves as the master document, with German and Portuguese translations available upon request.

Close
Start typing to see posts you are looking for.
Cookies
We use cookies to improve your experience on our website. By browsing this website, you agree to our use of cookies.
Accept More info