CC
Channel Consultants
Get Started

Need help?

+1 (234) 567-890

Data Processing Information

Effective date: December 1, 2024

Last updated: December 1, 2024

1. Overview of Data Processing

This page provides detailed information about our data processing activities as required by Article 13 and 14 of the General Data Protection Regulation (GDPR) and Article 18 of the Lei Geral de Proteção de Dados (LGPD). We believe in complete transparency about how we handle your personal data.

2. Identity and Contact Details

2.1. Data Controller

  • Company: Channel Consultants LTDA
  • Business Type: AI-Augmented Channel Strategy Consultancy
  • Headquarters: Vitória, ES, Brazil
  • Regional Office: São Paulo, Brazil
  • Email: admin@channel-consultants.com
  • Privacy Contact: admin@channel-consultants.com

2.2. Data Protection Officer (DPO)

  • Contact: admin@channel-consultants.com
  • Role: Compliance oversight, privacy guidance, data subject inquiries
  • Availability: Monday-Friday, 9 AM - 5 PM EST

3. Categories of Personal Data

3.1. Data We Collect Directly

Data Category Specific Data Types Collection Method Mandatory/Optional
Identity Data First name, last name, title, company Contact forms, consultations Mandatory for service provision
Contact Data Email, phone, business address Contact forms, business cards Mandatory for communication
Professional Data Job role, industry, company size Consultation intake, surveys Optional but recommended
Communication Data Messages, preferences, feedback Email, forms, meetings Provided voluntarily
Marketing Data Newsletter subscriptions, preferences Opt-in forms, consent boxes Optional with consent

3.2. Data We Collect Automatically

Data Category Specific Data Types Collection Method Purpose
Technical Data IP address, browser type, device info Web server logs Security, analytics
Usage Data Pages viewed, time on site, clicks Analytics cookies Website optimization
Location Data Country, region (IP-based) IP geolocation Content localization
Cookie Data Preferences, session info Browser cookies Functionality, analytics

4. Purposes and Legal Bases for Processing

4.1. GDPR Legal Bases (Article 6)

Processing Purpose Legal Basis Data Categories Retention Period
Service Delivery Contract (Article 6(1)(b)) Identity, contact, professional Duration of contract + 3 years
Communication Legitimate Interest (Article 6(1)(f)) Contact, communication 3 years after last interaction
Marketing Consent (Article 6(1)(a)) Contact, marketing preferences Until consent withdrawn
Website Analytics Legitimate Interest (Article 6(1)(f)) Technical, usage 26 months (Google Analytics)
Legal Compliance Legal Obligation (Article 6(1)(c)) All categories as required As required by law (typically 7 years)
Security Legitimate Interest (Article 6(1)(f)) Technical, usage 12 months

4.2. LGPD Legal Bases (Article 7)

Processing Purpose Legal Basis Article Reference
Service Execution Contract execution Art. 7, V
Marketing Communications Consent Art. 7, I
Legitimate Interest Legitimate interest of controller Art. 7, IX
Legal Compliance Compliance with legal obligation Art. 7, II

5. Data Sources

5.1. Direct Collection

  • Website Forms: Contact, consultation request, newsletter signup
  • Email Communication: Business correspondence, inquiries
  • Phone Calls: Sales calls, support conversations
  • Meetings: In-person and virtual consultations
  • Events: Conferences, webinars, networking events

5.2. Third-Party Sources

  • Business Partners: Referral partners (with your consent)
  • Public Sources: LinkedIn profiles, company websites
  • Analytics Providers: Google Analytics, Microsoft Clarity
  • Social Media: LinkedIn, Twitter interactions

6. Data Recipients and Sharing

6.1. Internal Recipients

  • Consulting Team: Project delivery, client communication
  • Sales Team: Lead qualification, proposal preparation
  • Marketing Team: Content personalization, campaign management
  • Administrative Team: Billing, contract management

6.2. External Recipients

Recipient Category Examples Data Shared Safeguards
Cloud Providers AWS, Google Cloud, Microsoft Azure All categories for hosting Data Processing Agreements (DPA)
Analytics Services Google Analytics, Microsoft Clarity Technical, usage data Privacy controls, data retention limits
Communication Tools Email providers, CRM systems Contact, communication data Enterprise agreements, encryption
Marketing Platforms LinkedIn, Facebook, Google Ads Marketing data (with consent) Privacy settings, opt-out controls
Legal Authorities Courts, regulators, law enforcement As required by legal order Legal review, minimal disclosure

7. International Data Transfers

7.1. Transfer Locations

  • United States: Primary data processing location
  • Brazil: Regional operations and client data
  • European Union: EU client data (GDPR compliance)
  • Other LATAM: Regional client projects

7.2. Transfer Safeguards

  • Standard Contractual Clauses (SCCs): EU Commission approved contracts
  • Adequacy Decisions: Countries recognized as having adequate protection
  • Binding Corporate Rules: Internal privacy standards
  • Explicit Consent: When required for specific transfers
  • Certification Schemes: Privacy Shield successors and alternatives

8. Automated Decision-Making

8.1. Current Automated Processing

We currently use limited automated processing for:

  • Lead Scoring: Prioritizing sales inquiries based on company size and needs
  • Content Recommendations: Suggesting relevant resources based on interests
  • Website Personalization: Showing relevant content based on behavior
  • Fraud Detection: Identifying suspicious website activity

8.2. Your Rights Regarding Automated Processing

  • Right to human intervention in automated decisions
  • Right to contest automated decisions
  • Right to request manual review of automated outcomes
  • Right to explanation of automated decision logic

9. Data Retention Schedule

9.1. Retention Criteria

We determine retention periods based on:

  • Legal Requirements: Tax, employment, contract law obligations
  • Business Purpose: Ongoing service delivery and relationship management
  • Data Subject Rights: Requests for deletion or withdrawal of consent
  • Risk Assessment: Litigation, regulatory investigation potential

9.2. Specific Retention Periods

Data Type Retention Period Justification Deletion Process
Active Client Data Duration of engagement Contract performance Manual review and deletion
Former Client Data 3 years post-engagement Potential re-engagement, references Automated deletion with review
Marketing Data Until unsubscribe/2 years inactive Ongoing marketing relationship Automated processing
Website Analytics 26 months Google Analytics standard Automatic expiry
Financial Records 7 years Tax and audit requirements Secure destruction
Legal Documents 10 years or as legally required Statute of limitations Legal review required

10. Data Security Measures

10.1. Technical Safeguards

  • Encryption: AES-256 at rest, TLS 1.3 in transit
  • Access Controls: Role-based permissions, multi-factor authentication
  • Network Security: Firewalls, intrusion detection systems
  • Data Backups: Encrypted, geographically distributed
  • Vulnerability Management: Regular security assessments and patching

10.2. Organizational Measures

  • Staff Training: Regular privacy and security education
  • Access Policies: Need-to-know principle, regular access reviews
  • Incident Response: Documented procedures for data breaches
  • Vendor Management: Due diligence on all data processors
  • Privacy by Design: Privacy considerations in all new systems

11. Data Subject Rights Exercise

11.1. How to Submit Requests

  • Email: Send requests to admin@channel-consultants.com
  • Subject Line: "Data Subject Rights Request - [Type of Request]"
  • Required Information:
    • Full name and contact information
    • Specific right you wish to exercise
    • Reason for request (if applicable)
    • Proof of identity (when necessary)

11.2. Request Processing

  • Acknowledgment: Within 3 business days
  • Identity Verification: May require additional documentation
  • Response Time: 30 days (GDPR), 15 days (LGPD)
  • Extensions: Additional 60 days for complex requests (with notification)
  • No Charge: Free of charge unless requests are excessive or unfounded

12. Data Protection Impact Assessments (DPIA)

12.1. When We Conduct DPIAs

  • New technology implementations
  • High-risk processing activities
  • Large-scale processing of sensitive data
  • Systematic monitoring activities
  • Changes to existing processing that increase risk

12.2. DPIA Process

  • Risk Assessment: Identify potential privacy risks
  • Mitigation Measures: Implement protective controls
  • Stakeholder Consultation: Internal and external input
  • Documentation: Record of assessment and decisions
  • Regulatory Consultation: When high risk remains

13. Compliance Monitoring

13.1. Regular Audits

  • Internal Audits: Quarterly privacy compliance reviews
  • External Audits: Annual third-party privacy assessments
  • Vendor Audits: Review of data processor compliance
  • Technical Audits: Security and access control reviews

13.2. Compliance Metrics

  • Data subject request response times
  • Privacy training completion rates
  • Security incident frequency and response
  • Data retention compliance rates
  • Vendor privacy compliance scores

14. Updates and Changes

We review and update our data processing activities regularly to ensure continued compliance with applicable laws and best practices. Material changes to processing purposes or legal bases will be communicated through:

  • Direct notification to affected data subjects
  • Updated privacy notices and policies
  • Website announcements
  • Renewal of consent when required

Contact us for any questions about this policy

Data Controller: Channel Consultants LTDA

Email: admin@channel-consultants.com

Data Protection Officer: admin@channel-consultants.com

Address: Av. Adalberto Simão Nader, 387, Edif Concorde Sala 308, Mata da Praia, Vitória, ES 29066-370, Brazil