This Privacy Policy applies to all websites, services, and digital properties operated by
Marco Suel Ximenes Farias, trading as Tice – Tecnologia da Informação,
Controle e Ensino (CNPJ 25.241.710/0001-34), headquartered at Rua Viana de Carvalho, 90,
Monte Castelo, Fortaleza – CE, Brazil (collectively referred to as "Tice", "we", "our" or "us").
When you visit tice-us.site, request a quote, use any of our managed IT, cloud,
telecommunications, or training services, or otherwise interact with our business, you place your
trust in us with your personal information. We take that responsibility seriously.
This policy has been drafted to meet the obligations set out in Brazil's
Lei Geral de Proteção de Dados (LGPD — Law 13,709/2018) and, where applicable,
the European Union's General Data Protection Regulation (GDPR — Regulation 2016/679).
It is also aligned with the requirements of advertising platforms such as Google Ads, which mandate
that any website receiving ad traffic maintains a publicly accessible, complete, and honest privacy
disclosure.
By continuing to use our website or services, you confirm that you have read and understood this
policy. If you do not agree with any part of it, please discontinue use and contact us so we can
address your concerns directly.
We only collect personal data that is genuinely necessary to deliver our services, respond to
your inquiries, and improve the experience we offer. We do not buy personal data lists, nor do
we collect sensitive data (such as health, biometric, or financial account information) through
this website.
2.1 Information You Give Us Directly
When you fill in a contact form, request a service proposal, register for a training course, or
send us an e-mail, you may provide the following types of data:
Full name — to address you correctly in all communications.
E-mail address — our primary channel for responding to your enquiry or sending service updates.
Phone number — used when you request a callback or when our support team needs to reach you urgently.
Company name and position — relevant when quoting IT infrastructure or managed services for a business.
City / state — so we can confirm service availability and assign the most appropriate technical team.
Message content — the details you share in the body of a form or e-mail, which may include a description of a technical problem or a project requirement.
Providing this information is always voluntary. However, without a minimum of contact details
(typically name and e-mail or phone), we will be unable to respond to your request.
2.2 Information Collected Automatically
When you visit our website, standard web-server logs and analytics tools automatically record
certain technical data. This includes:
IP address — collected by our hosting provider's server logs. This may be used to detect and block malicious traffic, and is not linked to your identity by Tice.
Browser type and version, operating system, and device type — used in aggregate to ensure the site renders correctly across common configurations.
Referring URL and on-site navigation path — tells us which page sent you here and which pages you visited, helping us understand which content is most useful.
Date, time, and duration of each page visit — used in aggregate traffic reports; not linked to individual profiles.
Cookie identifiers and analytics session IDs — see Section 4 for full details on every cookie we set.
Ad-click identifiers (Google Click ID — GCLID) — if you arrived via a Google ad, this parameter is captured by Google Ads and Google Analytics to measure campaign effectiveness. It is processed under Google's own terms of service.
We never combine automatically collected technical data with your submitted contact data in a
way that creates a personal profile without your explicit knowledge, except where required for
fraud prevention or legal compliance.
Every use of your personal data has a specific, documented purpose and a lawful basis under the
LGPD and GDPR. We do not use your data for any purpose that is incompatible with the reason it
was originally collected.
Responding to enquiries (Legitimate Interest / Contract performance):
When you submit a contact form or send an e-mail, we use your name and contact details to
get back to you with the information you requested. This is the primary reason most data is
submitted to us.
Delivering and managing services (Contract performance):
If you become a client, your data is used to provision your IT infrastructure, manage
support tickets, issue invoices, and maintain the service relationship. Data processed in
this context is governed by a separate Data Processing Agreement (DPA) issued at
contract signing.
Sending service communications (Legitimate Interest):
We may send transactional messages — such as appointment confirmations, maintenance
windows, or account notifications — that are directly related to a service you use.
These are not marketing messages and cannot be opted out of while you remain a client,
as they are necessary for service delivery.
Marketing communications (Consent or Legitimate Interest):
With your consent, or where we have a legitimate interest based on an existing business
relationship, we may send newsletters, technology insights, or promotional offers. Every
such message includes a clear and functional unsubscribe link.
Measuring and improving website performance (Legitimate Interest):
Aggregated, anonymised analytics data helps us understand which services attract the
most interest, where users encounter friction, and how to prioritise new content.
Advertising measurement (Consent / Legitimate Interest):
Google Ads conversion tracking tells us whether users who clicked one of our ads
subsequently completed a meaningful action on the site (such as submitting a form).
This helps us allocate our advertising budget responsibly.
Legal and regulatory compliance (Legal Obligation):
We retain certain records — including invoices and service contracts — for the minimum
periods required by Brazilian tax and commercial law.
Fraud prevention and network security (Legitimate Interest):
Server logs and access records may be reviewed when we suspect unauthorised access to
our systems or our clients' environments.
Cookies are small text files placed on your device when you visit a website. We use them to
keep the site functioning correctly, to understand how visitors use our content, and to measure
the performance of our advertising campaigns. We do not use cookies to build individual
behavioural profiles for sale to third parties.
4.1 Cookie Categories We Use
| Category |
Name / Provider |
Purpose |
Duration |
| Strictly Necessary |
Session cookie (server) |
Maintains your session state between page loads; required for contact forms to function correctly. |
Session (deleted on browser close) |
| Strictly Necessary |
CSRF token |
Protects forms against cross-site request forgery attacks. |
Session |
| Analytics |
_ga, _gid (Google Analytics 4) |
Distinguishes unique visitors and sessions; tracks page views and traffic sources in anonymised aggregate reports. IP anonymisation is enabled. |
_ga: 2 years · _gid: 24 hours |
| Advertising |
_gcl_au (Google Ads) |
Stores a click identifier so that form submissions can be attributed to the ad that drove the visit. Used to report conversion events to our Google Ads account. |
90 days |
| Advertising |
IDE (Google DoubleClick) |
Used by Google to show relevant ads and to measure their effectiveness across partner sites. Processed under Google's own privacy policy. |
13 months |
| Preferences |
cookie_consent |
Remembers the choice you made in the cookie consent banner so you are not asked again. |
12 months |
4.2 Your Cookie Choices
Strictly necessary cookies cannot be disabled, as the site will not function without them.
For all other categories, you may withdraw or modify your consent at any time by clicking the
"Cookie Settings" link in the footer of any page on this site. You can also control cookies
directly from your browser — all major browsers allow you to view, block, or delete cookies
stored by specific websites. Note that blocking analytics or advertising cookies will not
affect the content you can access on our site, but it will reduce our ability to improve it
based on real usage data.
For information on how Google uses data from sites that use its services, visit
policies.google.com/technologies/partner-sites.
Tice does not sell, rent, or otherwise trade your personal data. We share it only in the
limited circumstances described below, and only to the extent necessary for each purpose.
Service providers and sub-processors:
We use carefully selected third-party tools to run our business — including web hosting,
e-mail delivery, cloud storage, and customer relationship management software. These
providers act solely on our instructions and are contractually prohibited from using your
data for their own purposes. Where required by law, we execute Data Processing Agreements
with each provider.
Google LLC:
Google provides our analytics (Google Analytics 4) and advertising (Google Ads) services.
Data shared includes anonymised usage events and, for conversion tracking, the information
that a form-submission event occurred after an ad click. Google operates under its own
Privacy Policy.
We have configured Google Analytics with IP anonymisation enabled, and we do not share any
user-identifying data with Google beyond what the standard integration transmits.
Technology partners involved in service delivery:
For managed IT projects that require co-delivery with hardware vendors, telecom carriers,
or specialist subcontractors, we may share the minimum contact details needed to coordinate
on-site visits or equipment delivery. We inform you of any such sharing before it occurs.
Legal authorities:
If required by a valid judicial order, regulatory demand, or applicable law — including
Brazilian Federal Revenue (Receita Federal) audit requirements — we may be obligated to
disclose certain records. We will always seek to limit such disclosure to the data
specifically requested and will notify you where legally permitted to do so.
Business transfers:
In the unlikely event of a merger, acquisition, or asset sale, personal data held at that
time may transfer to the successor entity. We will notify affected individuals in advance
and ensure continued compliance with this policy or its equivalent.
International data transfers: Our primary operations and data storage are located in Brazil.
Where data is processed by providers whose infrastructure is based outside Brazil
(for example, Google's global server network), we rely on standard contractual clauses and
the providers' certifications under applicable adequacy frameworks to ensure equivalent
protection.
We keep your personal data only for as long as it is genuinely needed. The table below
summarises our standard retention periods by data category.
Contact form submissions (enquiry not converted to a service):
Retained for up to 12 months from the date of submission. This allows us
to follow up on proposals that were still under consideration and to resolve any disputes
about what was communicated. After 12 months, records are permanently deleted unless
you have since become a client.
Client service records (active contract):
Kept throughout the duration of the contract and for 5 years thereafter,
in line with Brazilian civil-liability limitation periods (Civil Code, Art. 206, §5) and
tax retention requirements.
Invoices and financial records:
Retained for a minimum of 5 years as required by Brazilian tax law
(CTN, Art. 174) and applicable accounting standards.
Marketing consent records:
Kept for 3 years after you withdraw consent, as proof that we respected
your opt-out promptly.
Website analytics data:
Aggregated and anonymised after 26 months; Google Analytics session-level
data is governed by Google's retention settings, which we have configured to the minimum
available period (2 months for user-level data).
Security logs (server access and error logs):
Retained for 90 days, then automatically purged unless they contain
evidence of a security incident under active investigation.
When a retention period expires, data is either securely deleted or rendered permanently
anonymous in a way that makes re-identification impossible. We do not archive data
indefinitely "just in case."
Protecting data is not just a compliance checkbox for us — it is a core part of what we do.
Our team manages cybersecurity infrastructure for dozens of clients across Brazil, and we apply
the same discipline to our own systems.
Encryption in transit:
All communication between your browser and our website is encrypted using TLS 1.2 or higher
(HTTPS). E-mails sent via our domain use STARTTLS and, where supported by the recipient
server, enforce opportunistic encryption.
Encryption at rest:
Databases and file stores containing personal data are stored on encrypted volumes.
Encryption keys are managed separately from the data they protect.
Access controls:
Access to systems holding personal data is restricted to staff who need it to perform
their job functions. We use role-based access control (RBAC), multi-factor authentication
(MFA), and maintain an up-to-date access log.
Vulnerability management:
Our systems receive security patches promptly. We conduct periodic internal reviews and
act immediately on critical vulnerability advisories relevant to our stack.
Incident response:
We maintain a documented incident response plan. In the event of a data breach that poses
a risk to your rights and freedoms, we will notify the Brazilian Data Protection Authority
(ANPD) within the legally required timeframe and inform affected individuals without undue
delay, including a clear description of what happened and what steps we are taking.
Staff training:
All team members who handle personal data complete regular privacy and security training.
No method of transmission over the internet or electronic storage is completely invulnerable.
While we implement industry-standard safeguards, we cannot guarantee absolute security. We
encourage you to use strong, unique passwords and to report any suspicious activity involving
your account or data to us immediately at
contato@tice-us.site.
Under the LGPD (and, where applicable, the GDPR), you have specific, enforceable rights over
your personal data. We are committed to honouring these rights fully and without unnecessary
delay. Below is a plain-language explanation of each right and how to exercise it.
🔍
Right of Access
You can request a copy of all personal data we hold about you, along with details of how it is used, who it has been shared with, and how long we intend to keep it.
✏️
Right of Correction
If any data we hold about you is inaccurate, incomplete, or out of date, you have the right to ask us to correct it. We will update our records promptly and notify any processor who received the incorrect data.
🗑️
Right of Deletion
You can ask us to erase your personal data when it is no longer necessary for the purpose it was collected, when you withdraw your consent, or when the processing was unlawful. Some data may need to be retained for legal compliance, and we will explain any such exception clearly.
🚫
Right to Object / Restrict Processing
You may object to us processing your data on the basis of legitimate interest, and you may ask us to restrict processing while a complaint or dispute is being resolved. Marketing opt-outs are honoured immediately.
📦
Right to Data Portability
Where processing is carried out by automated means on the basis of your consent or a contract, you may ask us to provide your data in a structured, machine-readable format so that you can transfer it to another service provider.
❌
Right to Withdraw Consent
Where we rely on your consent to process data (for example, for marketing newsletters), you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing that took place before you withdrew.
🤖
Right Against Automated Decisions
Tice does not make decisions that produce legal or similarly significant effects about you solely through automated means. If this ever changes, we will provide full disclosure and the right to request human review.
📣
Right to Lodge a Complaint
If you believe we have mishandled your data, you have the right to lodge a complaint with Brazil's Autoridade Nacional de Proteção de Dados (ANPD) at gov.br/anpd, or with your national supervisory authority if you are located in the EU.
How to Exercise Your Rights
To submit any of the above requests, send an e-mail to
contato@tice-us.site with the subject line
"Data Subject Request". Please include your full name and the e-mail address
associated with any interactions with Tice, so we can locate your records accurately.
We will acknowledge your request within 5 business days and respond
substantively within 30 calendar days. If we require more time due to the
complexity or volume of requests, we will notify you of the extension and the reason before
the initial 30-day period expires. There is no charge for exercising these rights under
normal circumstances.
Our website and services are directed exclusively at businesses and adult individuals seeking
professional IT, telecommunications, and technology training services. We do not knowingly
collect personal data from anyone under the age of 18.
If we become aware that we have inadvertently collected personal data from a minor — whether
through a contact form submission or any other channel — we will delete that data immediately
and, where the circumstances warrant it, notify the relevant guardians. If you believe a minor
has submitted data to us, please contact us at
contato@tice-us.site so we can act promptly.
Privacy law and our business practices evolve over time. We review this policy at least
annually and update it whenever a material change in our data practices requires disclosure.
The "Last updated" date at the top of this page always reflects the most recent revision.
If we make changes that meaningfully affect how we use your personal data — for example,
introducing a new type of processing or sharing data with a new category of third party —
we will take reasonable steps to bring those changes to your attention. For existing clients,
we will communicate significant updates via e-mail. For website visitors, a prominent notice
will appear on the homepage for at least 30 days following the update.
Your continued use of our website or services after the effective date of a revised policy
constitutes your acknowledgment of the changes. If you object to any revision, please contact
us before the effective date so we can discuss your concerns.
All questions, requests, complaints, or concerns relating to this Privacy Policy or to the
way Tice processes your personal data should be directed to us using the details below.
We aim to respond thoughtfully and in plain language — not with legal boilerplate.
Tice also designates a responsible person (Encarregado) for data protection matters in
compliance with Article 41 of the LGPD. You may address your data protection questions
directly to this role via the e-mail address above, marking the subject as
"Attention: Data Protection Officer".
We value your privacy and we value your business. If something in this policy is unclear
or you feel we could do better, we genuinely want to hear from you.