Personal data

Privacy Policy

Last updated: May 2026

This document explains which personal data Prudente Consultoria e Tecnologia Ltda collects, why it collects it, how it processes it, and which rights you may exercise. It has been drafted to comply simultaneously with the General Data Protection Regulation (GDPR, EU 2016/679), Quebec Law 25, the Lei Geral de Proteção de Dados Pessoais (LGPD, Brazil), the Personal Information Protection and Electronic Documents Act (PIPEDA, Canada), and the California Consumer Privacy Act (CCPA, United States).

1. Who we are

Data controller
Prudente Consultoria e Tecnologia Ltda
CNPJ: 57.876.024/0001-26
Address: R. dos Pardais, 417 – Vila Cristina, Pres. Prudente – SP, 19013-410
Website: www.prudente-consulting.com.br
Dedicated personal data email: privacy@prudente-consulting.com.br

Prudente Consultoria e Tecnologia Ltda is a business and international development consulting firm, registered in Brazil and operating in Europe, North America, and South America. As the data controller, we determine the purposes and means of the personal data processing activities described in this document.

2. Data collected by source

We only collect the data that is strictly necessary for each purpose described below. No data is sold to third parties.

Source Data collected Purpose Legal basis (GDPR / Law 25) Retention period
Tally.so
Contact form		 Last name, first name, email, phone number, company
Country inferred from the IP address 		Processing information and contact requests GDPR Art. 6(1)(b) — pre-contractual measures
GDPR Art. 6(1)(f) — legitimate interest
Law 25 — implied consent when submitting the form 		3 years from the last contact
Cal.com Cloud
Appointment scheduling		 Last name, first name, email, appointment topic Calendar management and appointment confirmations GDPR Art. 6(1)(b) — performance of a contract or pre-contractual measures
Law 25 — consent to the booking 		Duration of the business relationship + 3 years
Crisp IM SAS
Live chat		 Messages exchanged, IP address, device type, pages visited on the site, geolocation city and country Real-time support and customer relations GDPR Art. 6(1)(a) — prior consent (the widget only loads after acceptance)
Law 25 — explicit consent 		Conversation history: 12 months
Polylang
Language preference		 pll_language cookie (value of the selected language) Remember the visitor’s selected language and ensure the site works properly GDPR Art. 6(1)(f) — legitimate interest (strictly necessary cookie)
Law 25 — no consent required (technical purpose) 		1 year (cookie)
Matomo
Self-hosted analytics		 No personal data. Cookieless mode enabled, IP addresses anonymized before processing, no individual identifier. Aggregated browsing statistics (site improvement) GDPR Art. 6(1)(f) — legitimate interest (anonymous data)
No consent required 		Aggregated data only — no individual retention period applies
OMGF (local fonts) No data collected. Fonts are hosted on our server. Site typography display without contact with Google Not applicable Not applicable

Details by source

Tally.so — Contact form

When you submit the contact form, the data entered is transmitted to Tally BV (Belgium, EU). The country of origin is automatically inferred from your IP address in order to contextualize your request and respond in the appropriate language. This inference is temporary and the raw IP address is not retained.

Your data is processed by us in order to respond to you as quickly as possible, then archived for 3 years in accordance with standard business practices.

Cal.com Cloud — Appointment scheduling

Cal.com Inc. is a U.S. company (San Francisco, CA). The data transmitted when booking an appointment is processed on its servers in the United States. Cal.com has appointed a Data Protection Officer (DPO) and an EU representative within the meaning of GDPR Art. 27, demonstrating a structured compliance framework.

This transfer to the United States is governed by appropriate safeguards in accordance with GDPR Art. 46. To contact the Cal.com DPO: legal@cal.com. For EEA residents, the EU representative can be contacted at legal+eu@cal.com.

Cal.com uses Twilio Inc. (United States) to send appointment confirmation emails and SMS messages. Your email address may be transmitted to Twilio for this sole purpose.

Crisp IM SAS — Live chat

The chat widget does not load automatically. It is activated only after you have given explicit consent through our cookie management banner. Crisp IM SAS is a French company; its data is stored in the European Union (Amsterdam and Frankfurt data centers). Crisp does not use OpenAI or any behavioral analytics tool on our data. You may withdraw your consent at any time by clicking the cookie management link at the bottom of the page.

Polylang — Language preference

Polylang sets a cookie (pll_language) to remember the language you selected. This cookie does not contain any information that can identify you and is considered strictly necessary for the operation of the site. It does not require prior consent.

Matomo — Cookieless analytics

We use Matomo in cookieless mode with IP address anonymization. Matomo is self-hosted on our own infrastructure, with no data transfer to any third party. No individual profile is created. This configuration is exempt from consent requirements under the ePrivacy Directive and CNIL recommendations.

3. Processors and technical partners

We only use processors that are strictly necessary for our operations. Each processor is selected based on its data protection safeguards and is subject to a Data Processing Agreement (DPA), or such agreement is currently being finalized.

Processor Country / Area Role Safeguards
Tally BV Belgium (EU) Contact forms DPA signed. Data hosted in the EU. GDPR compliant.
Cal.com Inc. United States Online appointment scheduling Structured GDPR framework: appointed DPO (legal@cal.com) and designated EU representative (GDPR Art. 27). Transfers to the United States are covered by appropriate safeguards (GDPR Art. 46). Notification processor: Twilio Inc. (USA).
Crisp IM SAS France (EU) Live chat / customer support DPA signed. Exclusive storage in the EU (Amsterdam, Frankfurt). No subcontracting to third-party AI tools or behavioral analytics.
Matomo host Brazil Self-hosted analytics infrastructure Anonymous data only. No transfer to third parties.

We do not allow any of our processors to use your personal data for their own purposes. Their access is limited to the processing strictly necessary for the service for which they have been engaged.

4. Your rights depending on your geographic area

European Union and Quebec (GDPR + Law 25)

If you reside in the European Union or in Quebec, you have the following rights regarding your personal data:

  • Right of access (GDPR Art. 15): obtain a copy of the data we hold about you and know how it is processed.
  • Right to rectification (GDPR Art. 16): have inaccurate or incomplete data corrected.
  • Right to erasure (GDPR Art. 17): request the deletion of your data, subject to legal retention obligations.
  • Right to restriction (GDPR Art. 18): temporarily restrict the use of your data during a verification or dispute.
  • Right to data portability (GDPR Art. 20 / Law 25, s. 27): receive your data in a structured, machine-readable format, or have it transmitted to another controller.
  • Right to object (GDPR Art. 21): object to processing based on legitimate interest. We will stop the processing unless there is a demonstrable compelling reason.
  • Withdrawal of consent: withdraw at any time a consent previously granted (especially for Crisp chat), without retroactive effect.
  • Right to de-indexation (Law 25): for Quebec residents, request that online information about you be de-indexed when its dissemination causes serious harm.

If you believe your rights are not being respected, you may file a complaint with the competent supervisory authority:

Brazil (LGPD — Law 13.709/2018)

In accordance with the Lei Geral de Proteção de Dados Pessoais, you have the following rights (LGPD Art. 18):

  • Confirm the existence of processing involving your data.
  • Access your data and obtain a copy.
  • Correct inaccurate, incomplete, or outdated data.
  • Request the anonymization, blocking, or deletion of data processed in a way that does not comply with the LGPD.
  • Obtain information about the public or private entities with which we share your data.
  • Request the portability of your data to another service provider, to the extent technically possible.
  • Withdraw your consent at any time.
  • Object to processing based on a legal basis other than consent if it does not comply with the provisions of the LGPD.

For any complaint regarding your rights: ANPD — National Data Protection Authority

United States — California (CCPA / CPRA)

If you reside in California, the California Consumer Privacy Act and its amendment (CPRA) grant you the following rights:

  • Right to know: know the categories of data collected, the purposes for which it is used, and the third parties with which it is shared (over the past 12 months).
  • Right to deletion: request the deletion of the data we hold about you, subject to legal exceptions.
  • Right to correction: have inaccurate data corrected (CPRA).
  • Right not to be discriminated against: exercising your rights cannot result in any difference in treatment by us.
  • Sale and sharing of data: we do not sell your personal data and do not share it for cross-context behavioral advertising purposes. The right to opt out of sale therefore does not apply.

To exercise your rights, contact us at: privacy@prudente-consulting.com.br

5. Cookies and trackers

A cookie is a small text file placed on your device when you visit a website. Some cookies are essential for the site to function, while others require your prior consent. You can manage your preferences at any time through the “Cookie management” link at the bottom of each page.

Name / Identifier Source Category Duration Consent required
pll_language Polylang Essential — language preference 1 year No
crisp-client/session/* Crisp IM SAS Functional — live chat Session / up to 12 months Yes
Matomo (cookieless) Matomo (self-hosted) Anonymous analytics — no cookie placed N/A No

We do not use advertising cookies, third-party tracking pixels, or behavioral profiling tools.

6. International transfers and safeguards

Most of our processing takes place within the European Union or Brazil. Only one processor involves a transfer of data outside the European Economic Area (EEA).

Cal.com Inc. — United States

Cal.com Inc. is established in San Francisco (CA, USA). Booking data is transferred to and processed in the United States. This transfer is governed by appropriate safeguards in accordance with GDPR Art. 46. Cal.com has appointed a DPO (legal@cal.com) and an EU representative (GDPR Art. 27, legal+eu@cal.com).

Cal.com uses Twilio Inc. (United States) to send appointment notifications by email and SMS. Twilio is subject to the same data protection obligations within the scope of its relationship with Cal.com.

Tally.so (Belgium) and Crisp IM SAS (France) are European companies. Their data is hosted in the EU. No specific transfer safeguard is required for them.

Matomo is self-hosted on our infrastructure. No data transfer to any third party takes place.

7. Security

We apply technical and organizational measures appropriate to the level of risk of each processing activity:

  • Encrypted transport: all communications between your browser and our site are encrypted via HTTPS (TLS).
  • Restricted access: access to data is limited to people who need it to perform their duties.
  • Qualified processors: each technical partner is selected based on its security safeguards and is subject to a DPA.
  • Isolated Matomo: our Matomo instance is self-hosted and isolated from any third-party service. No analytics data leaves our infrastructure.
  • Incident management: in the event of a data breach presenting a risk to your rights and freedoms, we notify the competent supervisory authority within 72 hours (GDPR Art. 33) and the affected individuals if necessary (GDPR Art. 34). For the LGPD, we comply with the notification obligation to the ANPD provided for in Art. 48.

No system offers absolute security. If you identify a vulnerability or wish to report an incident, contact us at privacy@prudente-consulting.com.br.

8. Changes to this policy

This policy may change to reflect updates in our practices, our technical stack, or the applicable regulations. The update date at the top of the document is changed with each substantial revision.

In the event of a significant change, an information banner is displayed on the site for 30 days after the update. Previous versions are available on request at privacy@prudente-consulting.com.br.

9. Contact and exercise of your rights

To exercise any of the rights described in this document, or for any question relating to the protection of your personal data, contact us by email:

Prudente Consultoria e Tecnologia Ltda

Email: privacy@prudente-consulting.com.br

Address: R. dos Pardais, 417 – Vila Cristina, Pres. Prudente – SP, 19013-410

Response time: we undertake to respond to any request within 30 days of receiving it (GDPR, Art. 12(3) / Law 25). For requests made under the LGPD, the response period is 15 days (LGPD Art. 18, §5).

If our response does not satisfy you, you have the right to lodge a complaint with the competent supervisory authority in your territory: