Privacy
and Data Protection

We handle personal data responsibly, transparently, and securely, in compliance with applicable laws and our internal governance and information security guidelines.

Extreme Group team member

Your privacy matters to Extreme Group

Learn more about LGPD Contact our responsible team

Our commitment
to privacy

At Extreme Group, personal data protection is part of our commitment to ethics, trust, and information security.

We work to ensure that all data processing has a legitimate purpose, is appropriate to each relationship context, and follows the principles of necessity, transparency, and protection.

Who processes
this data

Extreme Group is a business group that delivers innovative technology solutions, guided by responsibility, integrity, and information security.

Depending on the nature of the relationship and the purpose of each activity, group companies may process personal data in their operations.

Extreme Group team member using a laptop

Key information

What data may be processed

Depending on our relationship with you, we may process identification and contact data, professional and corporate data, contractual, administrative, and financial data, information voluntarily provided in forms, communications and selection processes, as well as images from video monitoring, when applicable to physical security.

Processing is always limited to the minimum necessary to fulfill the stated purpose.

How this data is collected

Personal data may be collected through different contact points with Extreme Group, such as institutional website forms and channels, emails, meetings, phone calls, professional social networks, events, referrals, references, direct interactions with the data subject, and corporate systems or tools.

Why we use data

Personal data processing serves legitimate and specific purposes related to the group’s corporate activities. These include qualification, contract formalization and execution, operational, administrative, accounting, and financial management, communication and support with clients, partners, and suppliers, recruitment, selection and candidate assessment, handling contacts made through the website, institutional communication, responding to data subject rights requests, and physical security.

Applicable legal bases

Extreme Group may process personal data based on legal grounds provided by Brazil’s General Data Protection Law (LGPD), such as contract performance, compliance with legal or regulatory obligations, legitimate interest, and, where applicable, data subject consent.

The legal basis is defined according to the nature of the activity and the specific purpose of processing.

Data sharing and international transfers

Who data may be shared with

Personal data may be shared, when necessary, with suppliers, service providers, business partners, and public authorities, always according to the processing purpose, applicable legal requirements, and appropriate security measures.

International data transfers

In certain situations, Extreme Group may use services and technology infrastructure hosted outside Brazil.

In these cases, contractual, technical, and organizational measures are adopted to ensure an adequate level of protection for personal data, in compliance with applicable law.

Retention, cookies, and security

How long data is retained

Personal data is stored only for the time necessary to fulfill the purposes that justified processing, meet legal, regulatory, and contractual obligations, and safeguard the regular exercise of rights.

Disposal follows internal data retention and secure deletion criteria.

Cookies and browsing

The Extreme Group institutional website uses strictly necessary cookies for its operation. These resources are not used to track personal information or for marketing, personalization, or digital analytics purposes.

Users may adjust browsing settings, aware that this may impact certain website features.

How we protect data

Extreme Group adopts technical and organizational measures aligned with information security best practices to protect personal data against unauthorized access, destruction, loss, alteration, leakage, or any form of improper or unlawful processing.

Access to information is restricted to authorized professionals and occurs only when necessary.

Extreme Group graphic elements

Data subject
rights

Under LGPD, data subjects may exercise rights related to their personal data, including confirmation of processing, access to data, correction of incomplete, inaccurate, or outdated data, anonymization, blocking or deletion where applicable, portability in applicable cases, information about sharing, and withdrawal of consent when consent is the legal basis for processing.

Privacy and data protection service channel

For questions about privacy and personal data protection, or to exercise your rights as a data subject, contact Extreme Group’s responsible channel.

Primary DPO Rosana de Carvalho Cruz
Alternate DPO Nelson de Andrade Neto
Email dpo@extreme.digital
Whistleblowing channel canaldedenuncia.edsdigital@helloethics.com
Phone (11) 94256-6511 | 0800 591 6059

Want to better understand how personal data processing works?

Access LGPD page

Visit our LGPD page to review more information, detailed guidance, and the appropriate channels for requests related to your rights as a data subject.