Privacy Policy

This policy explains how BrasilEUhandles personal data when you use this website and the Opportunity Scan. It is written to satisfy the EU General Data Protection Regulation (GDPR) and Brazil's Lei Geral de Proteção de Dados (LGPD). We keep data collection to the minimum needed to route your opportunity.

Who is responsible

The data controller is Grand Brand OÜ (Sepapaja tn 6, 15551 Tallinn, Estonia), VAT EE102606344, registry code 16631317, operating the BrasilEU service. For any privacy matter, contact office@gb.digital. As the service expands, dedicated entities in Brazil and the EU may become joint or successor controllers; this policy will be updated accordingly.

What we collect

• Identity & contact. Name and email address you provide so we can send your readout and reply.
• Business context. Company name, country, sector, company size, timing and the question you describe during the Scan.
• Technical. A single functional cookie storing your language preference. Standard server logs (IP, timestamp, user agent) kept transiently by our hosting provider for security.

We do not knowingly collect special categories of data, and we ask you not to include them in the free-text Scan field.

Why we use it & the legal basis

• To deliver the Scan and your readout— legal basis: steps taken at your request prior to a contract (GDPR Art. 6(1)(b); LGPD Art. 7, II & V).
• To reply and follow up on your enquiry — legal basis: our legitimate interest in responding to interested operators (GDPR Art. 6(1)(f); LGPD Art. 7, IX), balanced against your rights.
• To remember your language — a strictly functional cookie; no consent required.
• To meet legal obligations — e.g. tax and accounting record-keeping.

Who processes it for us

We share data only with vetted processors acting on our instructions under data-processing agreements. We never sell personal data.

International transfers

Some processors are located outside the EU/EEA and Brazil (notably in the United States). Where that happens, transfers are protected by appropriate safeguards — EU Standard Contractual Clauses and equivalent mechanisms under LGPD Art. 33 — so your data keeps an essentially equivalent level of protection.

How long we keep it

Scan submissions and contact details are kept while we are in active contact and for up to 24 months afterwards so we can pick up where we left off, unless you ask us to delete them sooner. Records needed for legal or accounting reasons are kept for the legally required period.

Your rights

Under GDPR and LGPD you have the right to:

• Access — obtain confirmation of, and a copy of, the personal data we hold about you.
• Rectification — correct inaccurate or incomplete data.
• Erasure — ask us to delete your data where there is no overriding reason to keep it.
• Restriction & objection — limit or object to certain processing, including direct outreach.
• Portability — receive your data in a structured, machine-readable format.
• Withdraw consent — at any time, without affecting prior lawful processing.

To exercise any of these, email office@gb.digital. We respond within one month (GDPR) / fifteen days (LGPD). You may also complain to a supervisory authority — in the EU, your local data protection authority or the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon); in Brazil, the ANPD.

Automated processing

The Scan uses AI to structure your answers and draft a readiness readout. This does not produce a legal or similarly significant decision about you — every readout is reviewed by a human operator before it is sent, and you can always speak to that person directly.

Security

Data is encrypted in transit, stored in the EU, and access is limited to the people who need it. No method is perfectly secure, but we take reasonable technical and organisational measures to protect your data.

Changes

We may update this policy as the service and its corporate structure evolve. Material changes will be reflected by the “last updated” date above.