Zallpy Software LTDA values the privacy and protection of personal data of its clients, partners, suppliers, candidates, employees, and users of its services and digital channels.

This Privacy Policy aims to explain clearly and transparently how we collect, use, store, share, and protect personal data, in accordance with the Brazilian General Data Protection Law and other applicable regulations.

By interacting with our services, platforms, websites, applications, or institutional channels, you acknowledge and become aware of the practices described in this Policy.

Zallpy is a company specialized in development, support, and digital transformation for large organizations, providing technological services, digital solutions, and operational support.

In the context of data protection legislation, Zallpy may act as:

Data Controller: When it processes data for its own purposes and makes decisions about such processing.

Data Processor: When it processes data on behalf of its clients, according to contractual and legal instructions.

For the purposes of this Policy:

Personal Data: Information relating to an identified or identifiable natural person.

Sensitive Personal Data: Data about racial or ethnic origin, religious belief, political opinion, union membership, health data, sexual life, genetic data, or biometric data.

Data Subject: The natural person to whom the data refers.

Data Processing: Any operation performed on personal data, such as collection, storage, use, sharing, or deletion.

Anonymization: Process by which data cease to identify a person.

Cookies: Files used to improve navigation, performance, and digital experience.

Data Protection Officer (DPO): Responsible for the communication channel between Zallpy, data subjects, and the National Data Protection Authority.

The personal data processed by Zallpy vary according to the nature of the relationship established.

We may collect:

• full name;

• email;

• phone number;

• company;

• position;

• CPF (when necessary);

• address (when necessary);

• identification documents (when applicable);

• professional data;

• contractual information;

• information provided in contact forms.

These data may be collected when you:

• request contact;

• hire services;

• participate in selection processes;

• attend events;

• use our institutional channels.

When accessing our websites or platforms, we may collect:

• IP address;

• date and time of access;

• pages visited;

• source of access;

• browsing time;

• clicks and interactions;

• browser information;

• operating system.

These data are used for security, performance, analytics, and improvement of the user experience.

We may collect technical information about the device used:

• device model;

• operating system;

• language;

• browser version;

• technical identifiers;

• connection type.

This information helps ensure compatibility and security.

When necessary for specific functionalities or operational security, we may process approximate or precise location data.

Geolocation collection will depend on the functionality used and, when necessary, on the data subject's consent.

We may receive data from:

• business partners;

• suppliers;

• recruitment platforms;

• public databases;

• clients;

• marketing platforms.

We always observe legitimate purposes and applicable legal bases.

Personal data may be processed for:

Service delivery: We use data for the execution, support, and delivery of our services. Legal basis: contract performance.

Service and relationship management: We use data to respond to requests, provide support, and maintain commercial or institutional relationships. Legal basis: legitimate interest or contract performance.

Legal and regulatory compliance: We process data when necessary to comply with legal, tax, regulatory, or judicial requirements. Legal basis: legal or regulatory obligation.

Recruitment and selection: We process candidates' data to evaluate professional profiles and selection processes. Legal basis: preliminary contract procedures.

Information security and fraud prevention: We use data for authentication, monitoring, auditing, incident prevention, and protection of technological environments. Legal basis: legitimate interest.

Institutional communication and marketing: We may send institutional communications, content, and informative materials. When legally required, we will request consent. Legal basis: legitimate interest or consent.

Product and service improvement: We use data for statistical analysis, process improvement, user experience, and service enhancement. Legal basis: legitimate interest.

Zallpy may share personal data with:

Service providers and suppliers: For operational support, infrastructure, technology, communication, and service delivery.

Clients: When the contractual relationship so requires.

Business partners: When necessary for the execution of projects or joint initiatives.

Public authorities and regulatory agencies: When required by law or a valid order.

Legal advisors and auditors: When necessary for the regular exercise of rights or compliance with obligations.

All third parties are contractually obliged to observe adequate data protection standards.

In some cases, personal data may be processed or stored outside Brazil, especially by technology and cloud service providers.

In these cases, Zallpy adopts appropriate measures to ensure protection compatible with Brazilian legislation, including:

• specific contractual clauses;

• supplier evaluation;

• technical and organizational measures;

• security controls.

Personal data will be retained only for as long as necessary to:

• fulfill the purposes of this Policy;

• meet legal obligations;

• exercise rights in judicial, administrative, or arbitration proceedings;

• comply with contractual obligations.

After the need ends, data may be deleted, anonymized, or retained as required by law.

Zallpy adopts technical, administrative, and organizational measures to protect personal data against:

• unauthorized access;

• loss;

• destruction;

• improper alteration;

• leakage;

• inadequate processing.

The controls applied include:

• access control;

• authentication;

• monitoring;

• encryption;

• backup;

• vulnerability management;

• incident management;

• internal security policies.

Although we adopt robust controls, no environment is completely immune to risks.

Under the LGPD, you may request:

• confirmation of the existence of processing;

• access to your data;

• correction of incomplete, inaccurate, or outdated data;

• anonymization, blocking, or deletion;

• portability;

• information about sharing;

• withdrawal of consent;

• opposition to processing;

• review of automated decisions, when applicable.

Requests may be made through the official channels indicated in this Policy.

We may require additional information to confirm identity.

We use cookies for:

Essential cookies: Necessary for the website to function.

Analytical cookies: To understand browsing behavior and improve the experience.

Performance cookies: To optimize features and stability.

Marketing cookies: When applicable, for content personalization and campaigns.

You can manage cookies directly in your browser.

Disabling certain cookies may impact functionality.

Zallpy does not intentionally process personal data of children or adolescents, except when strictly necessary and in compliance with applicable law.

When necessary, processing will depend on specific consent from the legal guardian or another valid legal basis.

This Policy may be updated periodically to reflect legal, regulatory, operational, or technological changes.

The most current version will always be available on our official channels.

When necessary, we will notify relevant changes through appropriate means.

Any questions about this Policy or data processing may be addressed to our Data Protection Officer, Luis Ladereche, via email at dpo@zallpy.com. He is available on business days from 9 am to 6 pm, and you will receive a response within a maximum of 10 business days.

This Policy shall be governed by the laws of Brazil.

The courts of Porto Alegre are chosen to resolve any disputes related to this Policy, unless otherwise required by law.