In our quest for genuine and lasting relationships, we prioritize transparency, as well as our commitment and responsibility regarding the personal data and information of our clients, partners, suppliers, candidates, employees, and visitors. Therefore, our Privacy Policy details how we use and handle the personal data of our audiences.

Through this Policy, in conjunction with the Terms of Use of the Website, we demonstrate our commitment to security, confidentiality, and transparency in the processing and use of the collected personal data, as well as explaining how they are processed, for what purposes they are collected, and, most importantly, establishing an accessible communication channel for you, the data subject, to contact us.

The terms of this document refer to the data collected through our website <>, including, but not limited to, the following situations:

  • visiting our website;
  • contracting our services;
  • sharing personal data with other data processing agents.
Attention Attention
Before continuing with navigation, registering, or accessing any features on our website, as well as applying for any of our job openings, please carefully read the entire content of this document. It is essential to read the terms of this policy before you proceed with navigation and share your data with us.

1. Data Protected by LGPD

The General Data Protection Law (“LGPD”) (Law No. 13,709/2018) came into effect in September 2020 and aims to protect the personal data of a natural person in Brazil, referred to by the law as the “data subject.”

In summary, LGPD applies when:

  • the data processing operation is carried out in Brazil;
  • the data processing activity aims at offering or providing services to individuals located in Brazil;
  • the personal data has been collected in Brazil.

According to LGPD, “personal data” is any data that identifies or makes an individual identifiable. And “sensitive personal data” is data that, by its nature, relates to information that requires greater care, especially for protection against discrimination.

According to LGPD, sensitive personal data includes data about racial or ethnic origin, religious belief, political opinion, membership of a union or religious, philosophical, or political organization, data related to health or sexual life, and genetic or biometric data when linked to an individual.

2. Purpose and Use of Your Personal Data

To help you understand how your data will be processed, we clarify that ITERIS will be the data controller in the following situations:

  • when necessary to formalize the hiring of our services;
  • when they are entered through the website;
  • in the context of our partnerships;
  • in the prospecting of new clients;
  • in the management of our selection processes;
  • in the relationship with our employees.

In the cases mentioned above, it will be our responsibility to appropriately select the legal bases in accordance with the purposes set out in this Policy, decide on the nature and storage period of the data, as well as directly respond to data subjects’ requests regarding the rights provided by LGPD.

On the other hand, during our relationship with our clients, if there is the processing of personal data in the context of providing our services, we will only be data processors. For example, when personal data is input into our products and/or services, and they are indeed under our custody, the controller is our client, and we are only processors.

This means that, in this context, the responsibility for decisions regarding the essential elements of processing, such as data collection, rests solely with our clients. For such cases, the Privacy Policy of the specific client applies on a case-by-case basis.

3. Personal Data We Collect, Purposes, and Processing

We may collect different sets of data depending on how we interact, as mentioned in item 2.

Therefore, we list the types of personal data that may be processed in different contexts, such as: (i) use of our website, (ii) contracting of our services, (iii) participation in our selection processes. We also list the processing purposes to avoid excessive data collection and/or processing for generic and purposeless purposes.

Data Set

Personal Data


Registration and Contact Data

Full name, email, company name, and mobile/commercial phone number.

Contact: We may process your data so that we can contact you or so that you can ask questions about our services.

Marketing: We may use your data to inform you about other available services, as well as to inform you about news, content, and relevant news to maintain our relationship with our clients, always ensuring the right to easy unsubscription at any time.

Customer Registration Data

Full name, email, mobile/commercial phone number, address, CPF (Brazilian tax ID), and payment data, when contracting our services and/or products.

Hiring: Your data will be used to enable the provision and supply of our services.

Candidate Data (depending on the stage of the selection process)

Full name, RG (identity card), CPF (Brazilian tax ID), work card (CTPS), driver’s license (CNH), address, phone number, email, bank data, health data, such as those required for admission exams or for offering benefits, such as corporate health plans, dependent data, as well as all information required by labor inspection authorities or inspectors.

Resume data, including work experience, education, courses, and other relevant information to verify suitability for the position.

Selection process: So that you can participate in our selection processes, we need to process your data to maintain contact and validate the suitability of your resume/professional profile for the published position, as well as to enable access to our premises and/or tools used to facilitate interviews.

Identification, Geolocation, and Device Configuration Data


Identifiers of your electronic devices, such as the IP (Internet Protocol) address of your computer or the MAC address of your mobile phone, as well as model, manufacturer, operating system, telephone company, browser type, connection speed, internet service provider, website from which the user arrived at our site.

Data collected through cookies, pages visited on our site, information you search for, duration of your visit, date and time of access to our site, geographical location, browser type, visit duration, and pages visited.

Access log: We have a legal obligation to store some of your information (such as your IP address and access date and time) to eventually provide them to judicial authorities.

To learn about data collection through Cookies and similar tools on our website, please refer to our Cookie Policy.

We may also be required and/or obligated to collect certain data sets to: (i) fulfill legal or regulatory obligations that fall on us; (ii) respond to requests from the National Data Protection Authority (ANPD) or other public and governmental authorities; and (iii) achieve legitimate purposes, among the company’s objectives, that are authorized by LGPD or other applicable regulations.

Attention Attention
We emphasize that when you fill out any of our forms available on our website, it is essential that you or the authorized person enter your personal data and provide only true and up-to-date information, under penalty of being held responsible, in any case, civil and/or criminal, for the truth, accuracy, and authenticity of the information included in our database.

4. Sharing of Personal Data

In certain situations, we may share your personal data to enable the provision of our services, as explained below:

Data Processing Agents

Purpose of Sharing

Business Partners

We may share your personal data with partner companies to enable and improve the use of our website, such as:

  • hosting company;
  • specialized company for statistical analysis of user experience.


We may share your data with suppliers who assist us in carrying out our overall business activity, which may involve companies and/or partners responsible for:

  • administrative activities (accounting, legal);
  • structuring of database and email management tools;
  • internal flows and user support;
  • our recruitment and selection;
  • advertising and brand promotion.

Governmental Authorities/Agencies

  • ANPD (National Data Protection Authority);
  • Federal Revenue Service.

In these situations, we assume all responsibilities for contracting our suppliers and partners, always prioritizing those whose business practices comply with international data protection laws and recognized security standards. When necessary, we also ensure that we provide clear and lawful instructions for the processing of shared data.

Please be aware that whenever you access an external link through our website or platform, it is your responsibility to understand how your data is processed there. Therefore, you should check the Privacy Policy and Terms of Use of this third party since ITERIS is not responsible for the processing of data carried out by such pages.

We also inform you that, in the event of international transfers, we reinforce our full commitment to contracting only suppliers that adopt security measures and best practices compatible with the level of protection established by Brazilian legislation, as regulated by ANPD (National Data Protection Authority).

Therefore, in the absence of regulations, ITERIS ensures that it will only perform international transfers in accordance with Art. 33, IX, of LGPD and only with companies adhering to other data protection regulations, such as the European GDPR, American CCPA and CDPA, and the Australian Privacy Act.

5. Protection of Our System and Your Personal Data

To protect the personal data we process, we use appropriate technologies and procedures according to the level of risk and the service provided, with a team responsible for managing them in accordance with legal provisions, regulatory requirements, changes in technology, and other relevant factors that may influence data protection.

Here are some technical and administrative security measures that we apply in our organization to ensure information security and personal data in our systems:

Security Measures

Updated firewall and antivirus

Protection against unauthorized access

Function segregation for information access

Contractual clauses that require all our employees, suppliers, and partners to comply with LGPD guidelines

Regular training on security and personal data protection

Even though we take all the recommended measures and precautions, due to the nature of the internet, there is a risk that malicious third parties may gain unauthorized access to the information stored in our systems. If this occurs, we will be responsible within the limits provided by applicable law.

Finally, we emphasize that the use of any device, software, or other resources that interfere with ITERIS‘ activities and operations, whether through the website or other systems or databases, is prohibited. If any interference, attempt, or activity that violates or contradicts intellectual property rights and/or the provisions established in this Policy, terms of use, and/or applicable laws is identified, the responsible party will be subject to applicable sanctions, as provided by law or stipulated in this document. The responsible party will also be required to compensate for any damages caused.

6. How Long We Use Your Personal Data

We periodically conduct an objective and individual analysis of the data sets stored, always consulting whether the legitimate purposes for which the data were originally collected still persist or, if necessary, whether we have a legal obligation to keep them.

To be transparent with our users and clients, we inform that we follow the respective parameters to determine the retention and storage period of personal data:

Retention Periods

Period necessary to fulfill the purpose of data collection;

When the user stops using the site;

Until the consent is revoked or a request for data deletion is made by the data subject, only if the legal basis for data processing is consent;

Period necessary to prove compliance with specific legal or regulatory obligations;

Legal, regulatory, judicial decisions or deadlines determined by competent authorities;

Period as long as the contract is executed;

Period necessary for the regular exercise of rights in judicial, administrative, and arbitration proceedings;

Exclusive use by ITERIS, with third-party access prohibited, and provided that it concerns anonymized data.

7. Rights Provided by LGPD

We prioritize explaining your rights and maintaining an accessible communication channel for you to exercise them.

According to LGPD, data subjects have various rights that can be exercised. Here are the main rights regarding the processing of your personal data:


How to Exercise Them

Confirmation and access to data

You can request confirmation of the existence of the processing of your data so that, if confirmed, you can access them and verify details about the processing, as well as request copies of this information.

Data rectification

Upon confirmation of the processing of your data, LGPD ensures that you can correct or delete any incomplete, inaccurate, or outdated data about you;

Information about the sharing of your data

You have the right to know which types of public and private entities we share your data with. In section 4 of this Policy, we include an indication of our relationships with third parties that may involve the sharing of personal data.

Information about the possibility of not consenting to data processing

You have the right to receive clear and complete information about the possibility and consequences of not providing consent.

Opt-out of marketing and advertising

You can, at any time, request to unsubscribe from receiving advertisements and other materials through the link provided in the marketing email.

Consent revocation

If you have given consent for the processing of your data for a specific purpose, you can always choose to revoke your consent. This will not affect the legality of any use or sharing of data that was carried out before the revocation request.

Attention Attention
We inform you that we may request additional data and documents to confirm the authenticity of your identity when you submit a request to exercise your rights. Our goal is to prevent fraud and ensure the security and privacy of all our clients, employees, and partners.

To exercise the rights provided by LGPD and listed here, which are not absolute, you should contact our Data Protection Officer (DPO), as discussed in the next section.

8. Data Protection Officer

ITERIS has a team of professionals dedicated to data protection and privacy.

If you have any specific questions that have not been clarified by our Privacy Policy, Cookie Policy, terms of use, or platforms, you can contact our DPO via email:

9. General Provisions

The use of the name ITERIS, the domain (and its branches), as well as the contents of the website’s screens, are our property and are protected by international intellectual property laws and treaties. You shall not misuse or reproduce, in whole or in part, such contents, except when expressly authorized.

At the time of registration and service/product contracting, you must read, understand, and accept this Policy, as provided in the specific option available in the form. However, this Policy is of an adhesion contract nature and undergoes periodic revisions without the need for prior notification. Therefore, it is important that you consult the document to determine whether you still agree with its terms before proceeding with navigation.

This ITERIS Privacy Policy is in compliance with and should be interpreted based on the laws in force in the Federative Republic of Brazil. To resolve any doubts or issues related to it, the parties choose the Court of São Paulo/SP, to the exclusion of any other.

All rights reserved. All trademarks.

Last updated: June 28, 2023.