Privacy Policy - DevOps Services

This Privacy Policy explains how MATHEUS DA CONCEICAO HOFSTEDE (VAT MT31675812) ("Company", "we") collects, uses, stores, and protects your personal data when you access our website or contract our DevOps services. We comply with major data protection legislation, including the European Union's General Data Protection Regulation (GDPR) and applicable U.S. privacy laws.

Last updated: July 20, 2025

Overview

We collect personal data transparently and securely through our contact form and during commercial negotiation processes. We apply privacy-by-design principles and data minimization, ensuring compliance with both European and American regulations.

Data Collected

Through the Contact Form

Full name
Corporate email
Phone number (optional)
Company name
Project description or requirement

During Negotiation and Contracting

Identification data: Name, company tax document, position
Contact information: Corporate address, phone, email
Contractual data: Service scope, timeline, agreed values
Financial information: Billing data (when applicable)

Automatic Technical Data

IP address (anonymized when possible)
Browser information and operating system
Website navigation data

Legal Bases and Compliance

Legal Basis	Application	Article
Consent	Newsletter, analytical cookies	Art. 6(1)(a)
Contract performance	DevOps service provision	Art. 6(1)(b)
Legitimate interest	Website security, commercial communication	Art. 6(1)(f)
Legal obligation	Tax and accounting retention	Art. 6(1)(c)

For Users in the United States

We follow applicable federal and state laws, including:

California Consumer Privacy Act (CCPA) for California residents
Federal Trade Commission Act for commercial practices
Specific state laws where applicable

Processing Purposes

Response to inquiries via contact form
Development of personalized commercial proposals
Execution of contracted DevOps services
Client relationship management with active customers
Billing and collection of provided services
Communication about ongoing projects
Compliance with legal and tax obligations
Security and fraud prevention

Authorized Partners

Infrastructure providers (AWS, Azure, Google Cloud) — with adequate contractual clauses
Development tools (GitLab, GitHub) — only necessary technical data
Third-party accounting — financial data with confidentiality agreement
Specialized suppliers — minimal data for specific project execution

Government Authorities

Tax authorities — when required by law
Judicial authorities — under legal order

Commitment: We do not sell, rent, or commercialize personal data with third parties for marketing purposes.

International Data Transfers

European Union ↔ United States

We use the EU-US Data Privacy Framework of 2023 for secure transfers between EU and US. This mechanism:

Enables secure flow of personal data between EU and certified American companies
Establishes safeguards for access by American intelligence agencies
Offers redress mechanism through the Data Protection Review Court

Other Transfers

For countries outside EU/US, we apply:

Standard Contractual Clauses approved by the European Commission
International security certifications (ISO 27001)
Adequate technical security measures

Data Retention

Category	Period	Justification
Contact form	2 years	Future business opportunities
Contractual data	7 years after termination	Legal obligations and warranties
Tax information	10 years	Tax legislation
Security logs	12 months	Incident analysis and audit

Your Rights

Universal Rights

✅ Access to your personal data
✅ Rectification of incorrect information
✅ Erasure when there's no legal basis
✅ Portability in structured format

✅ Objection to processing based on legitimate interest
✅ Restriction of temporary processing
✅ Complaint to data protection authorities

US-Specific Rights

✅ Opt-out of data sales (where applicable)
✅ Non-discrimination for exercising privacy rights
✅ Information about categories of collected data

How to exercise: Send request to contato@mediato.dev

Response time: Up to 30 days

Security Measures

Technical Protections

TLS 1.3 encryption for data transmission
AES-256 encryption for stored data
Multi-factor authentication for critical systems
Continuous security monitoring

Organizational Protections

Need-to-know access basis
Regular training on data protection
Strict access controls
Incident response plan

Cookies and Tracking Technologies

Essential Cookies

Website functionality and forms
Security and attack prevention

Google Analytics with anonymized IP
Website performance metrics

Management

You can control cookies through browser settings or our cookie preference panel.

Data Breach Notification

For EU Users

72 hours to data protection authorities
Without undue delay to affected data subjects
Detailed information about the incident

For US Users

According to applicable state legislation
Notification to competent authorities
Transparent communication to affected parties

Minors

Our services are exclusively directed to businesses (B2B). We do not intentionally collect data from minors under 16 years old (EU) or 13 years old (US). If we identify such data, it will be deleted immediately.

Policy Changes

Significant changes will be communicated through:

Prominent banner on the website
Email to registered contacts
30-day advance notice for substantial changes

Data Protection Officer

MATHEUS DA CONCEICAO HOFSTEDE

VAT: MT31675812
Email: contato@mediato.dev
Responsibility: Compliance supervision and data subject rights

Contact and Complaints

Company Details