Privacy Policy

We believe that transparency is a precondition of trust. This policy explains exactly what personal data ONSET TECNOLOGIA LTDA collects, why we collect it, how we protect it, and what rights you hold over it — in plain language.

Last updated: July 8, 2025 Effective from: July 8, 2025 Jurisdiction: Brazil · LGPD · GDPR (EEA visitors)

Introduction

ONSET TECNOLOGIA LTDA ("ONSET", "we", "us", or "our") is a technology company incorporated under Brazilian law with CNPJ 01.091.850/0001-05, headquartered at Avenida Shishima Hifumi, 2911, Sala 212, Urbanova, São José dos Campos – SP, Brazil. We operate the website available at onset-us.site and provide IT consulting, infrastructure management, and digital transformation services to corporate clients.

This Privacy Policy describes how we collect, use, store, share, and protect personal data when you visit our website, interact with our digital communications, or contact us to inquire about our services. It applies to all individuals whose personal data we process in connection with these activities — including prospective clients, existing customers, website visitors, and business contacts.

We are committed to complying with Brazil's Lei Geral de Proteção de Dados (LGPD — Law No. 13,709/2018) and, to the extent applicable, the European Union's General Data Protection Regulation (GDPR). Where both frameworks apply, we follow the more stringent standard. By using our website or submitting information to us, you acknowledge the practices described herein.

We do not sell personal data to third parties. We do not engage in data brokering. The information you share with us is used solely to deliver our services, improve this website, and communicate with you — nothing more.

Information We Collect

We collect personal data through two distinct channels: information you actively provide to us, and information collected automatically as you navigate our website. The categories below set out exactly what falls into each.

Information you provide directly

When you fill in any contact, quote-request, or callback form on this website, or when you send us an email, you voluntarily provide us with data that may include:

  • Full name — to address you personally in our communications.
  • Business email address — our primary channel for responding to enquiries.
  • Phone number — where provided, used only if you specifically request a call.
  • Company name and role — so we can understand the professional context of your enquiry.
  • Message content — the body of your enquiry, which we retain as part of the conversation record.
  • Any other information you choose to include — such as specific project details or timelines you mention voluntarily.

We never ask for sensitive categories of personal data (such as health information, political opinions, or financial account numbers) through our website forms, and we ask that you refrain from including such information in free-text fields.

Information collected automatically

When you visit our website, certain technical information is collected by our servers and third-party analytics tools without any action required on your part:

  • IP address and approximate geolocation — derived from your IP to understand the geographic distribution of our audience at a regional level.
  • Browser type, version, and operating system — used for compatibility diagnostics.
  • Referring URL — the page or source that directed you to our site.
  • Pages visited, time on page, and navigation path — to understand which content resonates and improve site structure.
  • Date and time of access — for server log integrity and security monitoring.
  • Device type and screen resolution — for responsive design quality assurance.
  • Cookie identifiers — as described in detail in the Cookies section below.

Automatically collected data is predominantly non-personal or pseudonymous at the point of collection. We do not combine automatic-collection data with your contact-form data unless you have given us clear reason to do so (for example, if you identify yourself during a sales conversation and reference content you viewed on the site).

How We Use Your Information

We process personal data only for specific, explicit, and legitimate purposes. The legal bases on which we rely — under both the LGPD and the GDPR — are noted for each purpose.

  • Responding to enquiries and providing pre-sales information. When you contact us via a form or email, we use your name, email address, and message to prepare and send a relevant, personalised response. Legal basis: performance of a contract (or steps prior to entering one) / legitimate interest.
  • Service delivery and account management. If you become a client, the data you have shared with us may form part of your client record and be used to manage the professional relationship, issue service agreements, and communicate about project status. Legal basis: contract performance.
  • Marketing communications. We may send you email communications about services, case studies, or events that may be relevant to your professional needs — but only where you have expressly consented, or where an existing business relationship gives us a legitimate interest to do so and you have not opted out. Every such communication includes a clear, one-click unsubscribe mechanism. Legal basis: consent / legitimate interest.
  • Website analytics and performance improvement. Aggregated and pseudonymous usage data helps us understand which pages perform well, identify navigation friction, and prioritise development resources. Legal basis: legitimate interest.
  • Security and fraud prevention. Server logs and IP data are retained for a limited period for the purpose of detecting, investigating, and preventing unauthorised access, cyberattacks, or abuse of our systems. Legal basis: legitimate interest / legal obligation.
  • Legal compliance. We may process or retain personal data where required to fulfil obligations under Brazilian tax law, labour regulations, or in response to lawful requests from competent authorities. Legal basis: legal obligation.

We do not use automated decision-making or profiling in ways that produce significant legal or similarly significant effects on individuals.

Cookies & Tracking Technologies

Our website uses cookies — small text files stored on your device — as well as similar technologies such as pixel tags and local storage objects. Some of these are strictly necessary for the site to function; others are optional and activated only with your consent, where required by law.

Google Analytics

We use Google Analytics 4 (GA4), a service provided by Google LLC. GA4 uses cookies to collect information about how visitors use this website. The data collected is aggregated and anonymised — Google anonymises IP addresses at collection. The information generated by the cookie about your use of the website is transmitted to and stored by Google on servers which may be located in the United States. Google's use of this data is governed by Google's own Privacy Policy, available at policies.google.com/privacy.

You may opt out of Google Analytics tracking at any time by installing the Google Analytics Opt-out Browser Add-on.

Google Ads & Conversion Tracking

We use Google Ads to promote our services online. Google Ads conversion tracking cookies are set when you click on one of our advertisements and allow us to measure the effectiveness of our campaigns by recording which ad clicks lead to enquiries. The data collected is used solely for this statistical and commercial purpose and does not allow us to personally identify you. You can opt out of personalised advertising through Google's Ad Settings.

Managing your cookie preferences

When you first visit our website, a cookie consent banner will ask for your permission before any non-essential cookies are placed. You may update your preferences at any time by clicking the "Cookie Settings" link in the footer of this page. Most browsers also allow you to block or delete cookies through their settings — please consult your browser's help documentation for instructions. Note that disabling certain cookies may affect the functionality of the site.

Sharing With Third Parties

We do not sell, rent, or trade your personal data. We share data only in the limited circumstances described below, and only to the minimum extent necessary for each purpose.

  • Service providers and processors. We engage trusted sub-processors — including hosting providers, CRM platforms, and email-delivery services — who process data on our behalf and under our documented instructions. These providers are contractually required to implement appropriate security measures and are prohibited from using the data for any purpose beyond fulfilling the services they provide to us.
  • Analytics and advertising platforms. As described in the Cookies section, pseudonymous identifiers are shared with Google Analytics and Google Ads to enable measurement and campaign optimisation. These platforms operate under their own data-processing terms, which we have reviewed and accepted.
  • Professional advisors. Lawyers, auditors, accountants, and other professional advisers are bound by confidentiality obligations and access data only when strictly necessary for the advisory service they are providing.
  • Legal and regulatory authorities. We will disclose personal data to law-enforcement agencies, courts, regulators, or other public authorities when required to do so by applicable law, court order, or regulatory mandate. Where legally permissible, we will notify you of such a request.
  • Business transfers. In the event of a merger, acquisition, restructuring, or sale of all or substantially all of our assets, personal data we hold may be transferred to the acquiring entity. We will notify you before your personal data becomes subject to a different privacy policy.

Where personal data is transferred outside Brazil — for example, to cloud infrastructure or analytics providers operating in the United States or European Union — we ensure that appropriate transfer mechanisms are in place, including standard contractual clauses or reliance on jurisdictions recognised as providing adequate protection under the LGPD.

Data Retention

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. The following guidelines govern our standard retention periods:

  • Contact-form enquiries (non-clients): Up to 24 months from last interaction, unless you request earlier deletion. This window reflects the typical sales and decision cycle for IT engagements.
  • Client relationship data: Retained for the duration of the engagement plus 5 years, in accordance with Brazilian civil and tax law requirements (in particular, the requirements of the Brazilian Tax Code).
  • Marketing consent records: Retained for as long as you remain an active subscriber and for 3 years following your last unsubscribe action, to demonstrate compliance in the event of a complaint.
  • Website analytics data: Aggregated and anonymised data is retained indefinitely for trend analysis. Individual-level data in Google Analytics is configured with a retention window of 14 months.
  • Server access logs: Retained for 6 months for security purposes, in line with Brazilian internet legislation (Marco Civil da Internet — Law No. 12,965/2014).
  • Cookie consent records: Retained for 3 years to document consent and enable you to review your choices.

When data reaches the end of its retention period, or when you exercise your right to deletion (where applicable), we either permanently delete the data or render it fully anonymous so it can no longer be associated with any individual.

Data Security

We implement technical and organisational measures proportionate to the sensitivity of the data we hold and the risks associated with its processing. As a technology company, security is not merely a compliance box — it is central to our professional identity.

  • Encryption in transit: All data transmitted between your browser and our servers is protected by TLS 1.2 or higher (HTTPS). This is enforced across the entire domain; plain HTTP connections are automatically redirected.
  • Encryption at rest: Databases and file-storage systems containing personal data are encrypted at rest using industry-standard AES-256 encryption.
  • Access controls: Access to personal data within our organisation is restricted on a strict need-to-know basis. Staff with legitimate access are required to use multi-factor authentication and comply with our internal data-handling policy.
  • Vulnerability management: We conduct periodic vulnerability assessments and apply security patches on a risk-prioritised schedule. Our hosting infrastructure leverages providers with recognised security certifications.
  • Vendor due diligence: Before engaging any sub-processor, we assess their security posture and require evidence of appropriate controls, including compliance with recognised frameworks where relevant.
  • Incident response: We maintain a documented incident-response procedure. In the event of a personal data breach that is likely to result in risk to affected individuals, we will notify the Brazilian National Data Protection Authority (ANPD) and, where required, the affected individuals, within the timeframes set out under the LGPD.

No transmission or storage system is entirely infallible. While we work diligently to protect your personal data, we cannot guarantee absolute security. If you become aware of any potential security concern relating to our website or your data, please contact us immediately at contato@onset-us.site.

Your Rights

Under the LGPD (and, where applicable, the GDPR), you hold a meaningful set of rights with respect to your personal data. We are committed to facilitating the exercise of these rights promptly and without undue friction.

Right of Access

You may request a copy of the personal data we hold about you, including information about how it is used, who it has been shared with, and the legal basis for its processing.

Right to Correction

If any personal data we hold about you is inaccurate, incomplete, or out of date, you may ask us to correct or update it without delay.

Right to Deletion

You may request the deletion of your personal data where we no longer have a lawful basis for retaining it — for example, where you withdraw consent and no other legal ground applies.

Right to Object

Where we process your data on the basis of legitimate interest, you may object to that processing. You also have an unconditional right to object to your data being used for direct marketing at any time.

Right to Restriction

In certain circumstances — such as while you contest the accuracy of data or await the outcome of an objection — you may request that we restrict processing to storage only.

Right to Portability

Where processing is based on consent or contract and carried out by automated means, you may request a copy of your data in a structured, commonly used, machine-readable format.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

Right to Lodge a Complaint

You may lodge a complaint with Brazil's ANPD (Autoridade Nacional de Proteção de Dados) at gov.br/anpd, or — for EEA residents — with your local supervisory authority, if you believe we have violated applicable data-protection law.

How to exercise your rights

To exercise any of the rights listed above, please send a written request to contato@onset-us.site with the subject line "Data Subject Request". Please include sufficient information to allow us to verify your identity and understand the scope of your request. We will acknowledge receipt within 5 business days and respond substantively within 15 business days — or up to a maximum of 30 days where the request is complex or numerous. There is no charge for submitting a request; however, we may charge a reasonable fee if requests are manifestly unfounded or excessive in frequency.

Children's Privacy

Our website and services are directed exclusively at businesses and professionals. We do not knowingly collect personal data from individuals under the age of 18. Our contact forms and service offerings have no relevance to minors, and we have no mechanism to verify the age of visitors beyond the context of our professional communications.

If you are a parent or guardian and believe that a child under 18 has submitted personal data to us through our website, please contact us at contato@onset-us.site immediately. Upon verification, we will delete that data without delay from our records.

Changes to This Policy

We review this Privacy Policy periodically and update it to reflect changes in our data practices, applicable law, regulatory guidance, or the structure of our business. When we make material changes — that is, changes that significantly affect your rights or how we handle your data — we will take reasonable steps to notify you. Depending on the nature of the change, this may include posting a prominent notice on our website homepage, sending an email to individuals who have registered with us, or updating the "Last updated" date at the top of this page.

We encourage you to review this policy periodically to stay informed. The version of the policy carrying the most recent "Last updated" date is the version currently in effect. Your continued use of the website following a policy update constitutes acceptance of the revised terms, to the extent permitted by applicable law.

We archive previous versions of this policy and can provide them upon written request. If you have questions about what has changed in any given update, contact us at contato@onset-us.site and we will be happy to explain.

Contact & Data Controller Details

For any question, concern, or request relating to your personal data or this Privacy Policy, please reach out to us through the channels below. We treat all privacy-related communications with priority and care.

Data Controller

ONSET TECNOLOGIA LTDA

CNPJ: 01.091.850/0001-05

Avenida Shishima Hifumi, 2911, Sala 212
Urbanova, São José dos Campos – SP, Brazil

Privacy & Data Protection contact:
contato@onset-us.site

Please include "Privacy Policy" or "Data Request" in the subject line of your email so we can route your message to the correct team member without delay.