Privacy Policy

1. Who We Are

BIS CRM operates in privacy, data protection, and information governance, providing technological, methodological, and educational solutions focused on legal compliance and best practices for personal data processing.

Through the DPOSaaS Solutions platform (www.dposaas.com), we provide tools, certifications, and training related to GDPR, LGPD, and AI governance for individuals, companies, and public institutions — through three integrated products: DPO App, Academy, and Authority.

2. Personal Data We Collect

The personal data processed may vary depending on how you interact with the platform:

• Identification data (name, email address)
• Contact data (phone number)
• Professional data (company, role, department)
• Platform access data (login history, course progress, usage)
• Payment and billing information, when applicable
• Technical browsing data (IP address, access timestamps, device type, browser)

BIS CRM does not collect unnecessary sensitive data and limits processing to what is strictly necessary for each purpose.

3. Purposes of Processing

• Create and manage user accounts
• Provide access to platform features (DPO App, Academy, Authority)
• Manage licenses, subscriptions, and corporate access
• Process payments and fulfill contractual obligations
• Send communications related to contracted services
• Comply with legal and regulatory obligations (GDPR, LGPD)
• Improve user experience and platform security

4. Legal Bases

Data processing is grounded in the following legal bases:

• Performance of a contract — Art. 6(1)(b) GDPR / Art. 7(V) LGPD
• Legal or regulatory obligation — Art. 6(1)(c) GDPR / Art. 7(II) LGPD
• Legitimate interest — Art. 6(1)(f) GDPR / Art. 7(IX) LGPD
• Consent, where required — Art. 6(1)(a) GDPR / Art. 7(I) LGPD

5. Data Sharing

Personal data may be shared only when strictly necessary, with:

• Technology infrastructure providers (e.g., Google LLC / Firebase for hosting and authentication)
• Essential partners for service delivery
• Public authorities or supervisory bodies (CNIL, ICO, ANPD, etc.) when legally required

BIS CRM does not sell personal data.

6. Storage and Security

We adopt appropriate technical and administrative measures to protect personal data, including:

• Role-based access control
• Encrypted data transmission (TLS)
• Activity logging and audit trails
• Use of technology providers with recognized security certifications (Google Cloud)

Data is retained only for as long as required for its stated purposes or as mandated by applicable law.

7. Your Rights

Depending on your jurisdiction, you may exercise the following rights at any time:

• Right of access to your personal data
• Right to rectification of inaccurate or incomplete data
• Right to erasure (“right to be forgotten”) — Art. 17 GDPR / Art. 18(IV) LGPD
• Right to restriction of processing
• Right to object to processing
• Right to data portability — Art. 20 GDPR / Art. 18(V) LGPD
• Right to withdraw consent at any time (where processing is consent-based)
• Right to lodge a complaint with your supervisory authority (e.g., CNIL for France, ICO for the UK, ANPD for Brazil)

All requests should be directed to our Data Protection Officer (DPO).

8. Data Protection Officer (DPO)

BIS CRM has appointed a Data Protection Officer available to assist data subjects and competent supervisory authorities.

9. Cookies and Similar Technologies

The platform uses cookies and similar technologies for operation, security, and user experience improvements. Please refer to our Cookie Policy for full details. Cookie preferences can be managed through your browser settings.

10. Changes to This Policy

This Privacy Policy may be updated to reflect legal, regulatory, or operational changes. The current version is always available at this URL, with the effective date shown above.

11. Contact

For any questions or requests related to this Privacy Policy or personal data protection, please contact our DPO at dpo@dposaas.com or use our contact form.