Back to Home

GDPR Compliance

Last updated: January 1, 2024

Our Commitment to GDPR Compliance

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that gives individuals control over their personal data. Seleto Sites is committed to full compliance with GDPR requirements and protecting the rights of all data subjects.

We are committed to transparency, accountability, and giving you control over your personal data.

Your Data Protection Rights

Under GDPR, you have several rights regarding your personal data:

Right of Access

You have the right to request a copy of the personal data we hold about you and information about how we process it.

Right to Rectification

You can request that we correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure

You can request that we delete your personal data in certain circumstances, such as when it's no longer necessary for the original purpose.

Right to Data Portability

You can request that we provide your personal data in a structured, machine-readable format or transfer it directly to another service provider.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

Contract Performance

Processing necessary to provide our website creation and hosting services as outlined in our terms of service.

Consent

Where you have given clear consent for us to process your personal data for specific purposes, such as marketing communications.

Legitimate Interest

Processing necessary for our legitimate business interests, such as improving our services, fraud prevention, and security measures.

Data Protection Measures

We implement comprehensive technical and organizational measures to protect your personal data:

  • Encryption of data in transit and at rest
  • Regular security audits and vulnerability assessments
  • Access controls and authentication systems
  • Staff training on data protection principles
  • Incident response procedures for data breaches
  • Regular backup and disaster recovery procedures
  • Secure data centers with physical security measures
  • Privacy by design in all system developments

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

Retention Periods:

  • Active customer data: For the duration of service provision plus 7 years for legal compliance
  • Marketing data: Until consent is withdrawn or 3 years of inactivity
  • Website analytics: 26 months in accordance with Google Analytics retention settings
  • Support communications: 3 years from the last interaction
  • Payment data: 7 years for accounting and tax purposes
  • Backup data: 30 days in our disaster recovery systems

International Data Transfers

As a Brazilian company, we primarily process data within Brazil. However, some of our service providers may process data in other countries. We ensure adequate protection through:

Safeguards for International Transfers:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where transfers are to countries with adequate protection
  • Certification schemes and codes of conduct
  • Regular assessment of transfer mechanisms
  • Additional security measures where necessary

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us using the information provided below. We will respond to your request within one month.

Request Process:

  1. Contact us via email with your request and identification
  2. We will verify your identity to protect your data
  3. We will process your request within one month
  4. We will provide you with the requested information or action
  5. If we cannot fulfill your request, we will explain why
  6. You have the right to appeal our decision

Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local data protection authority.

Data Protection Authorities

You can find contact information for your local data protection authority on the European Data Protection Board website (edpb.europa.eu).

Contact Information

Data Controller

SELETO COMPANY LTDA

CNPJ: 47.681.541/0001-96

Email: privacy@seleto.codes

Address: São Paulo, SP, Brazil

Data Protection Officer

Email: dpo@seleto.codes

For all data protection inquiries and requests