Privacy Policy

1. General Information

This Privacy Policy contains information regarding how we process, in whole or in part, whether in an automated manner or not, the personal data of users who access our website. Its purpose is to clarify to interested parties the types of data that are collected, the reasons for collection, and the way in which the user may update, manage, or delete this information.

This Privacy Policy has been prepared in accordance with Federal Law No. 12,965 of April 23, 2014 (Brazilian Civil Rights Framework for the Internet), Federal Law No. 13,709 of August 14, 2018 (General Personal Data Protection Law), and EU Regulation No. 2016/679 of April 27, 2016 (General Data Protection Regulation – GDPR).

This Privacy Policy may be updated as a result of regulatory changes. Therefore, users are invited to review this section periodically.

2. User Rights

The website undertakes to comply with the rules set forth in the GDPR, in respect of the following principles:

The user’s personal data will be processed lawfully, fairly, and transparently (lawfulness, fairness, and transparency);
The user’s personal data will be collected only for specified, explicit, and legitimate purposes, and may not be further processed in a manner incompatible with those purposes (purpose limitation);
The user’s personal data will be collected in an adequate, relevant, and limited manner to what is necessary in relation to the purposes for which they are processed (data minimization);
The user’s personal data will be accurate and kept up to date whenever necessary, so that inaccurate data may be erased or rectified where possible (accuracy);
The user’s personal data will be kept in a form that permits identification of data subjects only for as long as necessary for the purposes for which the data are processed (storage limitation);
The user’s personal data will be processed securely, protected against unauthorized or unlawful processing and against accidental loss, destruction, or damage, by adopting appropriate technical or organizational measures (integrity and confidentiality).

The website user has the following rights, granted by the General Personal Data Protection Law and the GDPR:

Right to confirmation and access: the user has the right to obtain from the website confirmation as to whether or not personal data concerning them are being processed and, where that is the case, the right to access their personal data;
Right to rectification: the user has the right to obtain from the website, without undue delay, the rectification of inaccurate personal data concerning them;
Right to erasure of data (right to be forgotten): the user has the right to have their data erased from the website;
Right to restriction of processing: the user has the right to restrict the processing of their personal data, and may obtain such restriction when contesting the accuracy of the data, when the processing is unlawful, when the website no longer needs the data for the proposed purposes, when the user has objected to the processing, or in the case of unnecessary data processing;
Right to object: the user has the right, at any time, to object on grounds relating to their particular situation to the processing of personal data concerning them, and may also object to the use of their personal data for marketing profiling purposes;
Right to data portability: the user has the right to receive the personal data concerning them that they have provided to the website in a structured, commonly used, and machine-readable format, and the right to transmit those data to another website;
Right not to be subject to automated decisions: the user has the right not to be subject to any decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

The user may exercise their rights by means of written communication sent to the website with the subject line “GDPR”, specifying:

Full name or corporate name, CPF (Brazilian Individual Taxpayer Registry) or CNPJ (Brazilian National Registry of Legal Entities) number, and the user’s email address and, where applicable, the details of their representative;
The right they wish to exercise before the website;
Date of the request and signature of the user;
Any document that may demonstrate or justify the exercise of their right.

The request must be sent to the following email address: guto@hproj.com.br

The user will be informed in the event of rectification or erasure of their data.

3. Duty Not to Provide Third-Party Data

While using the website, in order to safeguard and protect the rights of third parties, the website user must provide only their own personal data, and not the data of third parties.

4. Information Collected

The collection of user data will take place in accordance with the provisions of this Privacy Policy and will depend on the user’s consent, which will only be dispensable in the cases provided for in Article 11, item II, of the General Personal Data Protection Law.

4.1. Types of Data Collected

4.1.1. Data provided in the contact form: Any data provided by the user who uses the contact form made available on the website, including the content of the message sent, will be collected and stored.

4.1.2. Data related to the performance of contracts entered into with the user: For the performance of any purchase and sale agreement or service agreement entered into between the website and the user, other related or necessary data may be collected and stored, including the content of any communications exchanged with the user.

4.1.4. Sensitive data: No sensitive data of users will be collected, as defined in Articles 9 and 10 of the GDPR and in Articles 11 et seq. of the General Personal Data Protection Law. Therefore, among others, the following data will not be collected:

data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership of the user;
genetic data;
biometric data for the purpose of uniquely identifying a person;
data concerning the user’s health;
data concerning the user’s sex life or sexual orientation;
data relating to criminal convictions, offenses, or related security measures.

4.1.3. Newsletter: The email address registered by the user who chooses to subscribe to our Newsletter will be collected and stored until the user requests to unsubscribe.

4.2. Legal Basis for the Processing of Personal Data

By using the website’s services, the user consents to this Privacy Policy.

The user has the right to withdraw their consent at any time, without affecting the lawfulness of the processing of their personal data carried out before such withdrawal. Withdrawal of consent may be made by email to: guto@hproj.com.br

The consent of relatively or absolutely incapable persons, especially children under 16 (sixteen) years of age, may only be provided, respectively, if they are duly assisted or represented.

Personal data necessary for the execution and performance of the services contracted by the user on the website may also be collected.

The processing of personal data without the user’s consent will only be carried out on the basis of legitimate interest or in the cases provided for by law, including, among others, the following:

for compliance with a legal or regulatory obligation by the controller;
for carrying out studies by a research body, ensuring, whenever possible, the anonymization of personal data;
when necessary for the performance of a contract or preliminary procedures related to a contract to which the user is a party, at the request of the data subject;
for the regular exercise of rights in judicial, administrative, or arbitration proceedings, the latter pursuant to Law No. 9,307 of September 23, 1996 (Arbitration Law);
for the protection of the life or physical safety of the data subject or a third party;
for health protection, in procedures carried out by healthcare professionals or health entities;
when necessary to meet the legitimate interests of the controller or of a third party, except where the fundamental rights and freedoms of the data subject requiring the protection of personal data prevail;
for credit protection, including as provided by the relevant legislation.

4.3. Purposes of the Processing of Personal Data

The personal data collected from the user by the website are intended to facilitate, streamline, and fulfill the commitments established with the user and to comply with requests made through the completion of forms.

Personal data may also be used for commercial purposes, in order to personalize the content offered to the user, as well as to support the website in improving the quality and operation of its services.

The collection of data related or necessary to the execution of a purchase and sale agreement or service agreement entered into with the user will be intended to provide legal certainty to the parties, as well as to facilitate and enable the conclusion of the transaction.

The processing of personal data for purposes not provided for in this Privacy Policy will only occur upon prior communication to the user, and in any case, the rights and obligations provided herein shall remain applicable.

4.4. Retention Period of Personal Data

The user’s personal data will be retained for a period not longer than necessary to fulfill the purposes for which they are processed.

The retention period of the data is defined according to the following criteria:

data processed for any purpose(s) will not be retained for longer than necessary.

The personal data of users may only be retained after the end of their processing in the following cases:

for compliance with a legal or regulatory obligation by the controller;
for study by a research body, ensuring, whenever possible, the anonymization of personal data;
for transfer to a third party, provided that the data processing requirements established by law are respected;
for the exclusive use of the controller, with access by third parties prohibited, and provided that the data are anonymized.

4.5. Recipients and Transfer of Personal Data

The user’s personal data will not be shared with third parties. Therefore, they will be processed only by this website.

5. Processing of Personal Data

5.1. Person Responsible for Data Processing (Data Controller)

The controller, responsible for processing the user’s personal data, is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data.

On this website, the person responsible for processing the collected personal data is the IT Department, which may be contacted by email at: guto@hproj.com.br

The person responsible for data processing shall directly handle the processing of the user’s personal data.

5.2. Data Protection Officer

The data protection officer is the professional responsible for informing, advising, and supervising the data controller, as well as the employees who process data, regarding the website’s obligations under the GDPR, the General Personal Data Protection Law, and other data protection provisions under national and international legislation, in cooperation with the competent supervisory authority.

On this website, the data protection officer is the IT Department, which may be contacted by email at: guto@hproj.com.br

6. Security in the Processing of the User’s Personal Data

The website undertakes to apply technical and organizational measures capable of protecting personal data against unauthorized access and against situations of destruction, loss, alteration, communication, or dissemination of such data.

To ensure security, solutions will be adopted taking into account appropriate techniques, application costs, the nature, scope, context, and purposes of processing, and the risks to the user’s rights and freedoms.

The website uses an SSL (Secure Socket Layer) certificate, which ensures that personal data are transmitted securely and confidentially, so that the transmission of data between the server and the user, and in feedback, takes place in a fully encrypted manner.

However, the website shall not be liable for the exclusive fault of a third party, such as in the event of hacker or cracker attacks, or for the exclusive fault of the user, such as when they themselves transfer their data to a third party. The website also undertakes to notify the user within an appropriate period if any security breach involving their personal data occurs that may pose a high risk to their rights and freedoms.

A personal data breach is a security breach leading, accidentally or unlawfully, to the destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

Finally, the website undertakes to treat the user’s personal data confidentially, within the limits established by law.

7. Browsing Data (Cookies)

Cookies are small text files sent by the website to the user’s computer and stored there, containing information related to website browsing.

Through cookies, small amounts of information are stored by the user’s browser so that our server can read them later. Data may be stored, for example, regarding the device used by the user, as well as the location and time of access to the website.

Cookies do not allow any file or information to be extracted from the user’s hard drive, nor is it possible, through them, to access personal information that has not originated from the user or from the way they use the website’s resources.

It is important to note that not every cookie contains information that allows identification of the user, and certain types of cookies may be used simply so that the website loads properly or so that its functionalities work as expected.

Any information eventually stored in cookies that allows identification of a user is considered personal data. Therefore, all rules provided for in this Privacy Policy also apply to such information.

7.1. Website Cookies

Website cookies are those sent to the user’s computer or device and administrator exclusively by the website.

The information collected through these cookies is used to improve and personalize the user experience, and some cookies may, for example, be used to remember the user’s preferences and choices, as well as to offer personalized content.

7.2. Third-Party Cookies

Some of our partners may set cookies on the devices of users who access our website.

These cookies generally aim to allow our partners to offer their content and services to the user who accesses our website in a personalized manner, by obtaining browsing data extracted from their interaction with the website.

The user may obtain more information about third-party cookies and how the data obtained from them are processed, as well as access a description of the cookies used and their characteristics, by visiting the following links:

Google Analytics: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
Instagram: https://help.instagram.com/1896641480634370?ref=ig
YouTube: https://policies.google.com/privacy?hl=pt-BR&gl=pt
Facebook: https://www.facebook.com/policies/cookies/
LinkedIn: https://www.linkedin.com/legal/cookie-policy?trk=hp-cookies

The entities responsible for collecting cookies may share the information obtained with third parties.

7.3. Cookie Management and Browser Settings

The user may object to the storage of cookies by the website simply by disabling this option in their own browser or device.

Disabling cookies, however, may affect the availability of some website tools and functionalities, impairing their proper and expected operation. Another possible consequence is the removal of any saved user preferences, thereby impairing the user experience.

Below are links to the help and support pages of the most commonly used browsers, which may be accessed by users interested in obtaining more information about cookie management in their browser:

Internet Explorer: https://support.microsoft.com/pt-br/help/17442/windows-internet-explorer-delete-manage-cookies
Safari: https://support.apple.com/pt-br/guide/safari/sfri11471/mac
Google Chrome: https://support.google.com/chrome/answer/95647?hl=pt-BR&hlrm=pt
Mozilla Firefox: https://support.mozilla.org/pt-BR/kb/ative-e-desative-os-cookies-que-os-sites-usam
Opera: https://www.opera.com/help/tutorials/security/privacy/

8. Complaints

Without prejudice to any other administrative or judicial remedy, all data subjects have the right to lodge a complaint with a supervisory authority. The complaint may be filed with the authority of the place where the application is headquartered, the user’s habitual residence, their workplace, or the place where the alleged infringement took place.

9. Amendments

The current version of this Privacy Policy was last updated on: 10/15/2025.

The editor reserves the right to modify, at any time and without prior notice, the website and these rules, especially to adapt them to developments on the website, whether by making new functionalities available or by removing or modifying existing ones.

Accordingly, the user is invited to periodically review this page in order to check for updates.

By using the service after any modifications, the user demonstrates their agreement with the new rules. If the user disagrees with any of the changes, they must immediately stop accessing the website and submit their objection to the support service, if they so wish.

10. Applicable Law and Jurisdiction

Brazilian law shall apply in full to the resolution of any disputes arising from this instrument.

Any disputes shall be submitted to the jurisdiction of the judicial district where the website editor’s headquarters are located.