Privacy

Pede Apps Desenvolvimento de Software LTDA ("Pede Apps") is committed to protecting the personal data of its users, clients and visitors. This Privacy Policy describes how we collect, use, store and protect your personal information in compliance with the General Data Protection Regulation (GDPR - EU 2016/679), applicable data protection laws and international best practices.

The data controller responsible for the processing of your personal data is: Pede Apps Desenvolvimento de Software LTDA Data Protection Officer: Fernando Email: contato@pedeapps.com Phone: +55 (83) 99333-4685 João Pessoa, Paraíba, Brazil If you have any questions or concerns about how we handle your personal data, please contact our Data Protection Officer at the details above.

We collect the following categories of personal data: **Data you provide to us:** - Full name and email address (contact form) - Phone number (contact form and WhatsApp) - Project information (description, requirements, budget) - Resume and professional data (careers form) - Email address (newsletter subscription) **Data collected automatically:** - IP address and browsing data - Browser type and operating system - Pages visited and session duration - Referral source (referrer) - Cookie data (subject to your preferences)

We process your personal data for the following purposes: - **Service delivery:** Responding to your enquiries and providing project proposals - **Contract performance:** Preparing and sending commercial proposals - **Recruitment:** Processing job applications - **Marketing:** Sending newsletters and updates (only with your explicit consent) - **Service improvement:** Analysing website usage to improve user experience - **Security:** Protecting our website against fraud, abuse and unauthorized access - **Legal compliance:** Fulfilling legal and regulatory obligations

We process your personal data on the following legal bases under the GDPR: - **Consent (Article 6(1)(a) GDPR):** For newsletter subscriptions, marketing communications and non-essential cookies - **Performance of a contract (Article 6(1)(b) GDPR):** For the provision of services you have requested or contracted - **Legitimate interest (Article 6(1)(f) GDPR):** For service improvement, website analytics and security measures - **Legal obligation (Article 6(1)(c) GDPR):** For tax, accounting and regulatory compliance Where processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

We do not sell, rent or share your personal data with third parties for marketing purposes. Your data may be shared only with: - **Service providers (data processors):** Google Analytics (traffic analysis), EmailJS (email delivery), hosting providers (Hostinger) - **Legal obligations:** When required by law, court order or competent authority All our service providers are bound by Data Processing Agreements (DPAs) that ensure an adequate level of data protection in accordance with GDPR requirements.

Some of our service providers may process data outside the European Economic Area (EEA) and Brazil (e.g., Google Analytics in the USA). In such cases, we ensure that appropriate safeguards are in place, including: - Standard Contractual Clauses (SCCs) approved by the European Commission - Adequacy decisions where applicable - Provider certifications and compliance frameworks You may request a copy of the relevant transfer safeguards by contacting our Data Protection Officer.

We use cookies to enhance your experience on our website: **Strictly necessary cookies:** Required for the website to function (language preference, session management). These do not require consent. **Analytics cookies:** Google Analytics to understand how the website is used. Activated only with your explicit consent. **Marketing cookies:** We do not use marketing or retargeting cookies. You can manage your cookie preferences at any time through the cookie consent banner or your browser settings. For more information, see our Cookie Policy.

We implement appropriate technical and organisational measures to protect your personal data, including: - Encrypted communications (HTTPS/TLS) - Restricted data access (principle of least privilege) - Continuous security monitoring - Regular backups with tested recovery procedures - Staff training on data protection practices Despite our efforts, no system is 100% secure. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours as required by Article 33 GDPR, and notify affected individuals where required under Article 34 GDPR.

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy: - **Contact/project data:** Duration of the business relationship + 5 years thereafter - **Job application data:** 2 years after the last contact - **Newsletter data:** Until consent is withdrawn - **Browsing data:** 26 months (Google Analytics) - **Tax and accounting data:** As required by law (minimum 5 years) After the retention period expires, data is securely anonymised or deleted in accordance with our data retention schedule.

As a data subject, you have the following rights under the GDPR: - **Right of access (Article 15):** Obtain confirmation of whether we process your data and request a copy - **Right to rectification (Article 16):** Correct inaccurate or incomplete personal data - **Right to erasure (Article 17):** Request deletion of your personal data ("right to be forgotten") - **Right to restriction (Article 18):** Restrict the processing of your data in certain circumstances - **Right to data portability (Article 20):** Receive your data in a structured, commonly used, machine-readable format - **Right to object (Article 21):** Object to processing based on legitimate interest or for direct marketing purposes - **Right to withdraw consent:** Withdraw consent at any time for consent-based processing - **Right to lodge a complaint:** File a complaint with a supervisory authority To exercise any of these rights, contact us at contato@pedeapps.com. We will respond within 30 days as required by the GDPR.

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will take immediate steps to delete it and notify the relevant supervisory authority if required.

This Privacy Policy may be updated periodically to reflect changes in our practices or applicable law. Significant changes will be communicated through our website. The date of the last update is indicated at the top of this page. We recommend reviewing it regularly.

For questions about this Privacy Policy or to exercise your data subject rights: Pede Apps Desenvolvimento de Software LTDA Data Protection Officer: Fernando Email: contato@pedeapps.com Phone: +55 (83) 99333-4685 João Pessoa, Paraíba, Brazil If you believe your rights have not been adequately addressed, you have the right to lodge a complaint with your local data protection supervisory authority. For EU residents, you can find your local authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en.