ILLIX, acting as the Data Controller, establishes this Privacy and Personal Data Protection Policy to ensure compliance with Brazilian Law No. 13.709/2018 (General Data Protection Law – LGPD) and applicable international privacy standards. This policy aims to ensure transparency regarding the collection, use, processing, storage, and protection of personal data belonging to users, clients, employees, and business partners.
General Data Protection Principles
Our data processing activities follow the principles established by the LGPD and internationally recognized privacy frameworks:
- Purpose Limitation: Personal data is processed only for legitimate, specific, and clearly defined purposes.
- Adequacy: Processing is compatible with the purposes communicated to the data subject.
- Data Minimization: Only the minimum amount of personal data necessary for the intended purpose is collected.
- Transparency: Data subjects are informed clearly about how their data is processed.
- Security and Prevention: Technical and organizational safeguards are implemented to prevent unauthorized access, misuse, or security incidents.
- Non-Discrimination: Personal data will never be used for unlawful discriminatory purposes.
Data Collected and Processing Purposes
Personal data may be processed based on the following legal grounds, as provided by the LGPD:
- Consent
- Contract Performance
- Legal Obligation
- Legitimate Interest
The categories of personal data processed may include:
- Registration and Contact Information: Name, email address, phone number, and address. Purpose: Identification, communication, and service provision.
- Customer Support / Messaging Services: Name and phone number. Purpose: Customer support and operational communication.
- Browsing Data: IP address, device information, and cookies. Purpose: Platform security, fraud prevention, and improvement of user experience.
Information Security Measures
ILLIX adopts technical and administrative safeguards designed to protect personal data against unauthorized access, accidental loss, alteration, disclosure, or destruction.
- Encryption of data both at rest and in transit;
- Access control mechanisms based on the principle of least privilege;
- Continuous monitoring of systems and vulnerability management;
- Use of firewalls, secure authentication mechanisms, and logging systems.
Data Sharing and International Transfers
To support its services and technological infrastructure, ILLIX may rely on trusted service providers that process data on its behalf. Some of these providers may process data outside Brazil, characterizing an International Data Transfer.
- Microsoft Azure: Cloud infrastructure and database hosting.
- Google APIs: Technical integrations and processing services.
- Zamzar: File format conversion services.
All partners are contractually required to maintain appropriate security and privacy standards consistent with LGPD requirements and internationally recognized best practices.
Data Subject Rights
In accordance with the LGPD, data subjects may exercise the following rights:
- Confirmation of the existence of personal data processing;
- Access to personal data held by the organization;
- Correction of incomplete, inaccurate, or outdated data;
- Anonymization, blocking, or deletion of unnecessary or excessive data;
- Data portability where applicable;
- Withdrawal of consent when processing is based on consent.
Data Retention
Personal data will be retained only for the period necessary to fulfill the purposes described in this policy or to comply with legal and regulatory obligations.
Where applicable, data may be retained for up to 5 years after the end of the contractual or business relationship, for purposes of legal compliance, audit, or legal defense.
Data Protection Contact (DPO)
If you have questions regarding this Privacy Policy or wish to exercise your data protection rights, you may contact our Data Protection Officer (DPO):
Data Protection Officer (DPO)
Email: dpo@illix.com.br
The DPO acts as the official communication channel between ILLIX, data subjects, and the Brazilian Data Protection Authority (ANPD).
Glossary
DPO (Data Protection Officer)
The individual designated to act as the communication channel between the data controller, the data subjects, and the Brazilian Data Protection Authority (ANPD).
Cookies
Small files sent by a web server to a user's browser to identify the device and store browsing preferences.
International Data Transfer
The transfer of personal data to a foreign country or international organization.
This policy may be updated periodically to reflect regulatory or operational changes. We recommend reviewing this document regularly.