🔒 Legal & Compliance

Privacy Policy

We believe transparency builds trust. This document explains exactly what personal data Tice collects, why we collect it, how long we keep it, and the choices you have at every step. Read it, save it, and reach out if you have questions.

Last updated: 18 July 2025
📋

1. Introduction

This Privacy Policy applies to all websites, services, and digital properties operated by Marco Suel Ximenes Farias, trading as Tice – Tecnologia da Informação, Controle e Ensino (CNPJ 25.241.710/0001-34), headquartered at Rua Viana de Carvalho, 90, Monte Castelo, Fortaleza – CE, Brazil (collectively referred to as "Tice", "we", "our" or "us").

When you visit tice-us.site, request a quote, use any of our managed IT, cloud, telecommunications, or training services, or otherwise interact with our business, you place your trust in us with your personal information. We take that responsibility seriously.

This policy has been drafted to meet the obligations set out in Brazil's Lei Geral de Proteção de Dados (LGPD — Law 13,709/2018) and, where applicable, the European Union's General Data Protection Regulation (GDPR — Regulation 2016/679). It is also aligned with the requirements of advertising platforms such as Google Ads, which mandate that any website receiving ad traffic maintains a publicly accessible, complete, and honest privacy disclosure.

By continuing to use our website or services, you confirm that you have read and understood this policy. If you do not agree with any part of it, please discontinue use and contact us so we can address your concerns directly.

🗂️

2. Information We Collect

We only collect personal data that is genuinely necessary to deliver our services, respond to your inquiries, and improve the experience we offer. We do not buy personal data lists, nor do we collect sensitive data (such as health, biometric, or financial account information) through this website.

2.1 Information You Give Us Directly

When you fill in a contact form, request a service proposal, register for a training course, or send us an e-mail, you may provide the following types of data:

Full name — to address you correctly in all communications.
E-mail address — our primary channel for responding to your enquiry or sending service updates.
Phone number — used when you request a callback or when our support team needs to reach you urgently.
Company name and position — relevant when quoting IT infrastructure or managed services for a business.
City / state — so we can confirm service availability and assign the most appropriate technical team.
Message content — the details you share in the body of a form or e-mail, which may include a description of a technical problem or a project requirement.

Providing this information is always voluntary. However, without a minimum of contact details (typically name and e-mail or phone), we will be unable to respond to your request.

2.2 Information Collected Automatically

When you visit our website, standard web-server logs and analytics tools automatically record certain technical data. This includes:

IP address — collected by our hosting provider's server logs. This may be used to detect and block malicious traffic, and is not linked to your identity by Tice.
Browser type and version, operating system, and device type — used in aggregate to ensure the site renders correctly across common configurations.
Referring URL and on-site navigation path — tells us which page sent you here and which pages you visited, helping us understand which content is most useful.
Date, time, and duration of each page visit — used in aggregate traffic reports; not linked to individual profiles.
Cookie identifiers and analytics session IDs — see Section 4 for full details on every cookie we set.
Ad-click identifiers (Google Click ID — GCLID) — if you arrived via a Google ad, this parameter is captured by Google Ads and Google Analytics to measure campaign effectiveness. It is processed under Google's own terms of service.

We never combine automatically collected technical data with your submitted contact data in a way that creates a personal profile without your explicit knowledge, except where required for fraud prevention or legal compliance.

⚙️

3. How We Use Your Information

Every use of your personal data has a specific, documented purpose and a lawful basis under the LGPD and GDPR. We do not use your data for any purpose that is incompatible with the reason it was originally collected.

Responding to enquiries (Legitimate Interest / Contract performance): When you submit a contact form or send an e-mail, we use your name and contact details to get back to you with the information you requested. This is the primary reason most data is submitted to us.
Delivering and managing services (Contract performance): If you become a client, your data is used to provision your IT infrastructure, manage support tickets, issue invoices, and maintain the service relationship. Data processed in this context is governed by a separate Data Processing Agreement (DPA) issued at contract signing.
Sending service communications (Legitimate Interest): We may send transactional messages — such as appointment confirmations, maintenance windows, or account notifications — that are directly related to a service you use. These are not marketing messages and cannot be opted out of while you remain a client, as they are necessary for service delivery.
Marketing communications (Consent or Legitimate Interest): With your consent, or where we have a legitimate interest based on an existing business relationship, we may send newsletters, technology insights, or promotional offers. Every such message includes a clear and functional unsubscribe link.
Measuring and improving website performance (Legitimate Interest): Aggregated, anonymised analytics data helps us understand which services attract the most interest, where users encounter friction, and how to prioritise new content.
Advertising measurement (Consent / Legitimate Interest): Google Ads conversion tracking tells us whether users who clicked one of our ads subsequently completed a meaningful action on the site (such as submitting a form). This helps us allocate our advertising budget responsibly.
Legal and regulatory compliance (Legal Obligation): We retain certain records — including invoices and service contracts — for the minimum periods required by Brazilian tax and commercial law.
Fraud prevention and network security (Legitimate Interest): Server logs and access records may be reviewed when we suspect unauthorised access to our systems or our clients' environments.
🍪

4. Cookies & Tracking Technologies

Cookies are small text files placed on your device when you visit a website. We use them to keep the site functioning correctly, to understand how visitors use our content, and to measure the performance of our advertising campaigns. We do not use cookies to build individual behavioural profiles for sale to third parties.

4.1 Cookie Categories We Use

4.2 Your Cookie Choices

Strictly necessary cookies cannot be disabled, as the site will not function without them. For all other categories, you may withdraw or modify your consent at any time by clicking the "Cookie Settings" link in the footer of any page on this site. You can also control cookies directly from your browser — all major browsers allow you to view, block, or delete cookies stored by specific websites. Note that blocking analytics or advertising cookies will not affect the content you can access on our site, but it will reduce our ability to improve it based on real usage data.

For information on how Google uses data from sites that use its services, visit policies.google.com/technologies/partner-sites.

🤝

5. Sharing With Third Parties

Tice does not sell, rent, or otherwise trade your personal data. We share it only in the limited circumstances described below, and only to the extent necessary for each purpose.

Service providers and sub-processors: We use carefully selected third-party tools to run our business — including web hosting, e-mail delivery, cloud storage, and customer relationship management software. These providers act solely on our instructions and are contractually prohibited from using your data for their own purposes. Where required by law, we execute Data Processing Agreements with each provider.
Google LLC: Google provides our analytics (Google Analytics 4) and advertising (Google Ads) services. Data shared includes anonymised usage events and, for conversion tracking, the information that a form-submission event occurred after an ad click. Google operates under its own Privacy Policy. We have configured Google Analytics with IP anonymisation enabled, and we do not share any user-identifying data with Google beyond what the standard integration transmits.
Technology partners involved in service delivery: For managed IT projects that require co-delivery with hardware vendors, telecom carriers, or specialist subcontractors, we may share the minimum contact details needed to coordinate on-site visits or equipment delivery. We inform you of any such sharing before it occurs.
Legal authorities: If required by a valid judicial order, regulatory demand, or applicable law — including Brazilian Federal Revenue (Receita Federal) audit requirements — we may be obligated to disclose certain records. We will always seek to limit such disclosure to the data specifically requested and will notify you where legally permitted to do so.
Business transfers: In the unlikely event of a merger, acquisition, or asset sale, personal data held at that time may transfer to the successor entity. We will notify affected individuals in advance and ensure continued compliance with this policy or its equivalent.

International data transfers: Our primary operations and data storage are located in Brazil. Where data is processed by providers whose infrastructure is based outside Brazil (for example, Google's global server network), we rely on standard contractual clauses and the providers' certifications under applicable adequacy frameworks to ensure equivalent protection.

🗓️

6. Data Retention

We keep your personal data only for as long as it is genuinely needed. The table below summarises our standard retention periods by data category.

Contact form submissions (enquiry not converted to a service): Retained for up to 12 months from the date of submission. This allows us to follow up on proposals that were still under consideration and to resolve any disputes about what was communicated. After 12 months, records are permanently deleted unless you have since become a client.
Client service records (active contract): Kept throughout the duration of the contract and for 5 years thereafter, in line with Brazilian civil-liability limitation periods (Civil Code, Art. 206, §5) and tax retention requirements.
Invoices and financial records: Retained for a minimum of 5 years as required by Brazilian tax law (CTN, Art. 174) and applicable accounting standards.
Marketing consent records: Kept for 3 years after you withdraw consent, as proof that we respected your opt-out promptly.
Website analytics data: Aggregated and anonymised after 26 months; Google Analytics session-level data is governed by Google's retention settings, which we have configured to the minimum available period (2 months for user-level data).
Security logs (server access and error logs): Retained for 90 days, then automatically purged unless they contain evidence of a security incident under active investigation.

When a retention period expires, data is either securely deleted or rendered permanently anonymous in a way that makes re-identification impossible. We do not archive data indefinitely "just in case."

🛡️

7. Data Security

Protecting data is not just a compliance checkbox for us — it is a core part of what we do. Our team manages cybersecurity infrastructure for dozens of clients across Brazil, and we apply the same discipline to our own systems.

Encryption in transit: All communication between your browser and our website is encrypted using TLS 1.2 or higher (HTTPS). E-mails sent via our domain use STARTTLS and, where supported by the recipient server, enforce opportunistic encryption.
Encryption at rest: Databases and file stores containing personal data are stored on encrypted volumes. Encryption keys are managed separately from the data they protect.
Access controls: Access to systems holding personal data is restricted to staff who need it to perform their job functions. We use role-based access control (RBAC), multi-factor authentication (MFA), and maintain an up-to-date access log.
Vulnerability management: Our systems receive security patches promptly. We conduct periodic internal reviews and act immediately on critical vulnerability advisories relevant to our stack.
Incident response: We maintain a documented incident response plan. In the event of a data breach that poses a risk to your rights and freedoms, we will notify the Brazilian Data Protection Authority (ANPD) within the legally required timeframe and inform affected individuals without undue delay, including a clear description of what happened and what steps we are taking.
Staff training: All team members who handle personal data complete regular privacy and security training.

No method of transmission over the internet or electronic storage is completely invulnerable. While we implement industry-standard safeguards, we cannot guarantee absolute security. We encourage you to use strong, unique passwords and to report any suspicious activity involving your account or data to us immediately at contato@tice-us.site.

⚖️

8. Your Rights

Under the LGPD (and, where applicable, the GDPR), you have specific, enforceable rights over your personal data. We are committed to honouring these rights fully and without unnecessary delay. Below is a plain-language explanation of each right and how to exercise it.

🔍

Right of Access

You can request a copy of all personal data we hold about you, along with details of how it is used, who it has been shared with, and how long we intend to keep it.

✏️

Right of Correction

If any data we hold about you is inaccurate, incomplete, or out of date, you have the right to ask us to correct it. We will update our records promptly and notify any processor who received the incorrect data.

🗑️

Right of Deletion

You can ask us to erase your personal data when it is no longer necessary for the purpose it was collected, when you withdraw your consent, or when the processing was unlawful. Some data may need to be retained for legal compliance, and we will explain any such exception clearly.

🚫

Right to Object / Restrict Processing

You may object to us processing your data on the basis of legitimate interest, and you may ask us to restrict processing while a complaint or dispute is being resolved. Marketing opt-outs are honoured immediately.

📦

Right to Data Portability

Where processing is carried out by automated means on the basis of your consent or a contract, you may ask us to provide your data in a structured, machine-readable format so that you can transfer it to another service provider.

Right to Withdraw Consent

Where we rely on your consent to process data (for example, for marketing newsletters), you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing that took place before you withdrew.

🤖

Right Against Automated Decisions

Tice does not make decisions that produce legal or similarly significant effects about you solely through automated means. If this ever changes, we will provide full disclosure and the right to request human review.

📣

Right to Lodge a Complaint

If you believe we have mishandled your data, you have the right to lodge a complaint with Brazil's Autoridade Nacional de Proteção de Dados (ANPD) at gov.br/anpd, or with your national supervisory authority if you are located in the EU.

How to Exercise Your Rights

To submit any of the above requests, send an e-mail to contato@tice-us.site with the subject line "Data Subject Request". Please include your full name and the e-mail address associated with any interactions with Tice, so we can locate your records accurately. We will acknowledge your request within 5 business days and respond substantively within 30 calendar days. If we require more time due to the complexity or volume of requests, we will notify you of the extension and the reason before the initial 30-day period expires. There is no charge for exercising these rights under normal circumstances.

👶

9. Children's Privacy

Our website and services are directed exclusively at businesses and adult individuals seeking professional IT, telecommunications, and technology training services. We do not knowingly collect personal data from anyone under the age of 18.

If we become aware that we have inadvertently collected personal data from a minor — whether through a contact form submission or any other channel — we will delete that data immediately and, where the circumstances warrant it, notify the relevant guardians. If you believe a minor has submitted data to us, please contact us at contato@tice-us.site so we can act promptly.

🔄

10. Changes to This Policy

Privacy law and our business practices evolve over time. We review this policy at least annually and update it whenever a material change in our data practices requires disclosure. The "Last updated" date at the top of this page always reflects the most recent revision.

If we make changes that meaningfully affect how we use your personal data — for example, introducing a new type of processing or sharing data with a new category of third party — we will take reasonable steps to bring those changes to your attention. For existing clients, we will communicate significant updates via e-mail. For website visitors, a prominent notice will appear on the homepage for at least 30 days following the update.

Your continued use of our website or services after the effective date of a revised policy constitutes your acknowledgment of the changes. If you object to any revision, please contact us before the effective date so we can discuss your concerns.

📬

11. Contact & Data Controller Information

All questions, requests, complaints, or concerns relating to this Privacy Policy or to the way Tice processes your personal data should be directed to us using the details below. We aim to respond thoughtfully and in plain language — not with legal boilerplate.

Get in Touch About Your Data

Whether you want to know exactly what we have on file, need to update something, or simply have a question about how we handle personal information — our team is ready to help.

Legal entity: Marco Suel Ximenes Farias
Trading as: Tice – Tecnologia da Informação, Controle e Ensino
CNPJ: 25.241.710/0001-34
Address: Rua Viana de Carvalho, 90, Monte Castelo, Fortaleza – CE, Brazil
Subject line: Please use "Privacy Policy Enquiry" or "Data Subject Request" so your message reaches the right person immediately.
Response time: Acknowledgement within 5 business days; full response within 30 calendar days.

Tice also designates a responsible person (Encarregado) for data protection matters in compliance with Article 41 of the LGPD. You may address your data protection questions directly to this role via the e-mail address above, marking the subject as "Attention: Data Protection Officer".

We value your privacy and we value your business. If something in this policy is unclear or you feel we could do better, we genuinely want to hear from you.