LGPD Compliance Policy

Purpose, adequacy, necessity, free access, data quality, transparency, security, prevention, non-discrimination, accountability — these are the principles that guide every processing activity carried out by Alquimia SEO.

We apply legal bases according to the specific purpose of each processing activity: consent (where required), performance of a contract and pre-contractual steps, compliance with legal or regulatory obligations, regular exercise of rights and legitimate interests — always with a prior assessment of necessity, proportionality and the Data Subject's legitimate expectations.

We maintain an internal Records of Processing Activities (ROPA) describing, for each activity: data processed, purpose, legal basis, sharing flows, processors involved, retention periods and applicable security measures. The inventory is reviewed periodically.

Whenever processing entails high risk to Data Subjects' rights and freedoms — especially for new services, use of new technologies or large-scale processing — we perform a Data Protection Impact Assessment (DPIA) with documented mitigation of the identified risks.

Employees and partners processing data on our behalf receive periodic data protection training and sign non-disclosure agreements (NDA). Privacy culture is integrated into our hiring, onboarding and professional development processes.

We adopt retention periods compatible with the purpose of each processing activity and applicable legal obligations. At the end of the retention period, data is securely deleted (overwriting, logical or physical destruction) or anonymized, as applicable.

Before contracting vendors that will process data on our behalf, we perform privacy and security due diligence. Processor contracts contain specific data protection clauses, formal processing instructions, confidentiality obligations and audit rights.

We adopt administrative, technical and physical controls in line with the state of the art: encryption in transit and at rest for sensitive data, role-based access control (RBAC), multi-factor authentication, environment segregation, continuous monitoring, audit logs, vulnerability scanning and patch management.

We provide a dedicated channel for Data Subjects at relationship@alquimiaseo.com. Requests are handled free of charge, within a maximum of 15 days, subject to justified extension under the LGPD. If you are unsatisfied, you may file a complaint with the ANPD (Brazil) or your local supervisory authority (EU).

We maintain a formal incident response plan covering: detection and classification; immediate containment; technical investigation; risk and impact assessment; notification to the supervisory authority and affected Data Subjects when applicable (using the 2-business-day reference suggested by the authority); remediation measures; and post-incident review (lessons learned).

Alquimia SEO has designated a Data Protection Officer as the point of contact between the company, Data Subjects and the supervisory authority. Contact: relationship@alquimiaseo.com.

This policy and the Privacy Governance Program are reviewed at least annually, or whenever there are relevant changes in legislation, in the company's structure, in the services offered or in the technologies used.

By submitting forms, contacting Alquimia SEO or contracting our services, the Data Subject acknowledges this policy and authorizes the processing of their personal data for the purposes described herein, being able, at any time, to exercise the rights provided by the LGPD.