GDPR / Privacy Policy

Privacy Policy

Personal Data Protection under the GDPR and UK GDPR. BIS CRM is committed to protecting personal data and respecting the privacy of individuals who access its websites, platforms, and services, including the GDPR Training App, related microsites, and the DPOSaaS platform.

This Privacy Policy explains how we collect, use, store, and protect personal data in accordance with the General Data Protection Regulation (EU GDPR) and the UK General Data Protection Regulation (UK GDPR).

1. Data Controller

BIS CRM Tecnologia LTDA acts as the Data Controller for the GDPR Training App, the training catalog, and associated digital services. Although established in Brazil, BIS CRM processes personal data of individuals located in the European Union and the United Kingdom and applies safeguards equivalent to those required under the GDPR and UK GDPR.

2. Personal Data We Process

Depending on how users interact with our platforms and services, we may process the following categories of data:

  • Identification data (name, email address)
  • Contact details
  • Professional information (organization, role, department)
  • Account and platform usage data (login records, course history, progress, certifications)
  • Payment and billing information, where applicable
  • Technical and usage data (IP address, access timestamps, device and browser information)

We do not intentionally collect special category data unless it is strictly necessary for a specific service and processed in accordance with applicable legal requirements.

3. Purposes of Processing

We process personal data for the following purposes:

  • Creating and managing user accounts
  • Providing access to training courses, certifications, and educational content
  • Managing subscriptions, licenses, and organizational access
  • Processing payments and fulfilling contractual obligations
  • Sending operational communications related to contracted services
  • Providing technical support and responding to inquiries
  • Ensuring platform security and preventing misuse
  • Demonstrating compliance with GDPR and UK GDPR requirements

Personal data is not used for purposes incompatible with those described in this Policy.

4. Legal Bases for Processing

Processing occurs in accordance with Article 6 of the GDPR and UK GDPR, relying on:

  • Performance of a contract
  • Compliance with a legal obligation
  • Legitimate interests pursued by BIS CRM, balanced against data-subject rights
  • Consent, where required

When processing is grounded in legitimate interest, BIS CRM applies appropriate assessments and safeguards.

5. Data Sharing and Transfers

Personal data may be shared only where necessary with:

  • Cloud hosting and infrastructure providers
  • Payment service providers
  • Technology partners essential to service delivery
  • Public authorities, where mandated by law

BIS CRM does not sell personal data. Where transfers occur outside the EU or UK, we apply appropriate safeguards aligned with GDPR and UK GDPR requirements.

6. Data Security and Retention

We implement technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or disclosure, such as:

  • Role-based access controls
  • Encryption of data in transit and at rest
  • System monitoring and audit logging
  • Secure cloud environments and vetted service providers

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal and contractual obligations.

7. Your Rights as a Data Subject

Under the GDPR and UK GDPR, individuals have the right to:

  • Confirmation of whether personal data is processed
  • Access to personal data
  • Rectification of inaccurate or incomplete data
  • Erasure of personal data, where applicable
  • Restriction of processing
  • Objection to processing based on legitimate interests
  • Data portability
  • Withdrawal of consent, where processing relies on consent

Requests are handled within statutory time limits and should be addressed to the Data Protection Officer (DPO).

8. Data Protection Officer (DPO)

BIS CRM has appointed a DPO to handle privacy-related inquiries and data-subject requests.

📧 Contact email: dpo@dposaas.com.br

Please include sufficient information about your request and the relevant service or training context.

9. Cookies and Similar Technologies

Our platforms use cookies and similar technologies for essential functionality, security, and service improvement. Users may manage preferences through browser settings or available cookie controls.

10. Changes to This Policy

This Privacy Policy may be updated from time to time to reflect legal, regulatory, or operational changes. The most current version will always be available on this page.

11. Final Provisions

By using BIS CRM services and platforms, users acknowledge that they have read and understood this Privacy Policy. For any questions or requests related to personal data protection, please contact our DPO using the details provided above.

Have a question about how BIS CRM processes personal data or need help exercising your rights? Our DPO team is available to support you.

Contact the DPO →