Axur values the privacy of its users and has therefore created a Privacy and Personal Data Protection Policy to demonstrate its commitment to the protection of personal data, in accordance with international legislation on the subject. This policy aims to inform Data Subjects about which personal data is processed within its entire ecosystem, how it is collected, the processing performed, storage methods, whether there is sharing with third parties, and other essential information about privacy and protection.
Axur is responsible for various personal data processing activities and, in addition to applying best practices in privacy, data protection, and information security, has created this and other policies as part of its privacy and data protection governance program. The goal is to ensure transparency and establish effective rules.
AXUR: AXUR SEGURANÇA E DEFESA CIBERNÉTICA LTDA, headquartered at Rua Mostardeiro, No. 777, room 1401, 14th floor, Rio Branco district, Porto Alegre/RS, ZIP Code 90430-001, registered with CNPJ/MF under No. 10.318.969/0001-69.
LEGAL BASIS: The legal foundation that legitimizes the processing of personal data for a specific purpose by Axur.
PERSONAL DATA: Information related to an identified or identifiable natural person.
PURPOSE: The reason for which Axur processes Personal Data.
PRIVACY POLICY: This document contains Axur's operational guidelines for Personal Data Processing.
PROCESSING: Any operation performed with Personal Data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation, control, modification, communication, transfer, dissemination, or extraction.
NECESSITY: The justification for which Axur processes Personal Data.
PRODUCTS/SERVICES: All events, websites, products, and/or services managed, maintained, created, or marketed by Axur, including but not limited to its websites, blogs, Axur One platform, Polaris, webinars, training sessions, live streams, etc.
DATA SUBJECT: A natural person whose Personal Data is processed by Axur.
USER: A natural person who is at least 18 (eighteen) years old, fully capable, and uses Axur's products/services.
By accessing and/or using Axur's products/services, the user declares that they are at least 18 (eighteen) years old and have full and express capacity to accept the terms and conditions of this Privacy Policy for all legal purposes.
If the user does not meet the above description and/or does not agree, even partially, with the terms and conditions contained in this Privacy Policy, they must not access and/or use any products/services offered by Axur.
Axur processes the data of Personal Data Subjects from various origins and in different ways:
i. For the formalization of proposals for the acquisition of products and services;
ii. For the formalization of the acquisition or contracting of products and services;
iii. For receiving information about products and services;
iv. For access to Axur’s Platforms, Products, and Solutions;
v. For the execution of Products and Solutions contracted by its Clients;
vi. For compliance with legal and regulatory obligations.
When registering directly or filling out forms provided by Axur, the Data Subject may provide certain Personal Data. Additionally, Axur may receive Personal Data through its Clients, Partners, and Suppliers. Such information will be processed exclusively for the purposes described in this Policy, observing applicable legal bases as specified below.
Via “Contact Us” / “Speak with a Specialist” (website and social networks):
Data collected: Full name, email, corporate phone/WhatsApp, position, field of activity, company name, number of employees.
Purpose of use/data processing: If the user wishes to contact Axur to seek more information about its products/services, Axur will need this data to respond and assist the user effectively, possibly referencing the user’s interaction history with the company.
Legal Basis: Consent.Consent statement: "I have read and agree to the Terms and Privacy Policy and consent to receiving messages about new events, content, and solutions."
Via Axur Content (blog, podcast) and resources:
Includes Axur blog articles, new e-books, new reports, offers or promotions, upcoming webinars, webinar participation information, Axur podcasts, smart content (aligned with the user’s role), specialized contact (from our experts for scheduling meetings, negotiations, opportunities, etc.).
Data collected: Full name, email, phone number, position, and company name.
Purpose of use/data processing: If the user subscribes to the above content, Axur will need contact details to inform them about new content availability. Axur will also send marketing emails to users who provide this information and may contact them regarding products/services.
Legal Basis: Consent.Consent statement: "I have read and agree to the Terms and Privacy Policy of Axur and consent to receiving messages about new events, content, and solutions." All emails include an “unsubscribe” option.
Via WhatsApp Community:
The community is a space dedicated to professionals in cybersecurity and related fields, where members can share information, discuss trends, and participate in exclusive events. This group includes clients, partners, and professionals interested in cybersecurity, fostering collaboration and networking.
Data collected: First name, last name, corporate email, company name, WhatsApp phone number, LinkedIn profile.
Purpose of use/data processing: Collected data is used to identify community members, facilitate communication, promote networking among industry professionals, and enable the organization and management of relevant events and discussions within the group. Additionally, this data helps personalize participants’ experiences and ensure the community’s security and proper functioning.
Legal Basis: Consent.Consent statement: The user registers on Axur’s website under "Discover the CTI Community" to request community access, declaring: "I have read and agree to the Code of Conduct and the Privacy Policy."
Personal data collected for participation in the WhatsApp Community is not automatically deleted when the user leaves the group or is removed due to rule violations. Data deletion can be formally requested to the DPO via privacy@axur.com by revoking consent.
Via Executives & VIPs Product:
Data collected: Personal identification documents (CPF, SSN, DNI, driver’s license, passport), email addresses (personal and/or corporate), four phone numbers, four credit/debit cards, and links to official social media accounts (for automatic addition to a Safelist).
Purpose of processing: Axur uses the data provided by the client to monitor publicly accessible sources for fraud and threats against Executives or VIPs (who are employees or partners), including the surface web, deep/dark web groups and pages, data leaks, social networks, among others. Axur only checks these sources for data that the executive (data subject) directly provided through their employer or data provided by the client.
Additionally, links to official social media accounts are used for automatic Safelist inclusion, ensuring Axur does not request the removal of the person’s official profile. In these cases, Axur acts as a Personal Data Processor.
Official document data and credit card details submitted via forms are encrypted, with no human interaction, and stored directly in AWS Secrets.
Legal Basis: Consent obtained by the client from their executives and contract execution.
Via Axur One Platform:
Data collected:
(i) Full name, corporate email, company, and industry;
(ii) Audit logs.
Purpose of use/data processing:
(i) The data is necessary to contact the client regarding the products/services they have contracted. Additionally, the Axur One Platform is accessible only to registered users. If the user does not agree with the processing of their data, they will not be able to access the platform, and the service cannot be properly provided.
(ii) Compliance with current legislation.
(iii) Data regarding user interactions on the platform, such as navigation, searches, and other actions. Axur also collects time spent on each page or file, as well as device-related data, such as browser and operating system.
Legal basis:
(i) Contract execution.
(ii) Compliance with legal or regulatory obligations by the controller.
(iii) Legitimate interest.
Via Polaris Platform:
Data collected:
(i) Full name and corporate email. Corporate phone contact is optional and, if provided by the data subject, is used for receiving platform alerts.
(ii) Audit logs.
Purpose of use/data processing:
(i) Personal data is necessary to contact the client regarding the products/services they have contracted and to access the Polaris Platform. If the user does not agree with the processing of their data, they will not be able to access the solution, and the service cannot be properly provided.
(ii) Compliance with current legislation.
(iii) Data on interactions within the platform, including navigation, pages and content accessed or created, searches, and other actions. Axur also collects time spent on each page or file, as well as device-related data, such as browser and operating system.
Legal basis:
(i) Contract execution.
(ii) Compliance with legal or regulatory obligations by the controller.
(iii) Legitimate interest.
Cookies:
Cookies are small file fragments or pairs of text-format data that may be stored on your devices when you use or access Axur's products/services. Typically, a cookie contains the name of its originating site, its lifetime, and a randomly generated value.
Axur uses cookies to facilitate usage and provide greater adaptability of its Pages/Platforms’ content to the interests and needs of data subjects. Cookies can also accelerate your activities and future experiences with the products/services.
Necessary/mandatory cookies:
These cookies are essential for the operation of the site/platforms and cannot be disabled in our systems. Generally, they are set in response to actions you take, such as setting your privacy preferences, logging in, or filling out forms. Learn more about necessary cookies.
Analytical cookies:
These cookies help us understand how visitors engage with the site/platforms. We may use a set of cookies to collect information and generate reports on site/platform usage statistics. The data collected, along with some of the advertising cookies described, may also be used to display more relevant ads on the web and measure interactions with the advertisements we display. Learn more about analytical cookies.
Advertising cookies:
We use cookies to make our advertisements more engaging and valuable to site visitors. Common applications of these cookies include selecting ads based on user relevance, improving campaign performance reports, and preventing ads unrelated to user interests. Learn more about advertising cookies.
Functionality cookies:
We use a set of functionality cookies to enhance your experience. These cookies are set based on your responses provided on the site or platforms to personalize and optimize your experience and remember your history.
Axur will store these cookies on your device to remember them for the next session.If you want to learn more about cookies and how to manage them in your browser, learn more here:
Google Chrome
Internet Explorer
Microsoft Edge
Mozilla Firefox
Safari
If you wish to revoke cookies, simply adjust your browser settings.
Axur will store the information collected on cloud servers of service providers contracted by Axur, located in the state of Northern Virginia, United States of America, and located in the city of Frankfurt, state of Hesse, Germany. These providers are evaluated to ensure they deliver the security standards expected by Axur, ensuring that all personal data processed by Axur is kept confidential, intact, and accessible when necessary. If there is any change in the cloud hosting country, Axur will notify its clients, and such change will only be made if the new cloud provider offers the same level of security, privacy, and data protection. Additionally, the data may also be accessed by employees and clients located in other countries, maintaining an adequate level of security and in compliance with applicable laws.
Axur employs recognized and legally required measures to preserve the privacy of the data collected. It is noteworthy that Axur's suppliers adhere to standards that are equivalent to or stricter than those required by law. To this end, the following precautions are adopted:
i. When necessary, Axur uses standard and market methods to encrypt and anonymize the collected data;
ii. Axur has protection mechanisms against unauthorized access to its systems and databases; and
iii. Individuals who come into contact with the information are contractually obligated to maintain absolute confidentiality regarding any personal data they have access to, under penalty of liability, in accordance with international legislation.
Axur makes its best efforts to preserve user data privacy. Furthermore, Axur incorporates the practices of ISO 27001, ISO 27701, and TSC 2017 Section 100 into its operations. However, no website or platform is completely secure, and Axur cannot fully guarantee that all information transmitted through its pages will not be subject to unauthorized access by methods designed to unlawfully obtain information.
For this reason, we encourage users to take appropriate measures to protect themselves, such as keeping all usernames and passwords confidential.
Like any other technology company, Axur operates in partnership with various companies to offer its services and products, all of which adhere to the same level of security and commitment. Axur may disclose the personal data collected to third parties under the following circumstances and within the limits authorized by law:
i. In the event of a merger, spin-off, acquisition, or incorporation of Axur;
ii. To deliver the product and/or service contracted by the client with Axur;
iii. When necessary to comply with a legal obligation, determination of a competent authority, or court order;
iv. With suppliers, service providers, and business partners, such as cloud hosting companies, cybersecurity firms, security companies, companies that intermediate employee benefits, among others.
In certain cases, Axur may disclose the personal data collected to comply with applicable laws or through a judicial or administrative order or subpoena.
i. Compliance with legal or regulatory obligations imposed by a public authority;
ii. Cooperation with investigations by public bodies and authorities and/or for the protection of national security;
iii. Execution of contracts;
iv. Investigation and defense against third-party claims;
v. Protection of the security or integrity of the services provided by Axur.
Axur retains personal data only for the period necessary to fulfill the stated purpose. Axur adheres to retention and disposal practices in compliance with applicable laws. Data may be retained, for example, to meet regulatory or contractual obligations, defend against litigation, among other purposes.
Some rights are guaranteed to data subjects, in accordance with applicable legislation in the USA, Brazil and foreign law. Below we provide examples:
i. Confirmation of the existence of data processing;
ii. Access to the data;
iii. Correction of incomplete, inaccurate, or outdated data;
iv. Anonymization, blocking, or deletion of unnecessary, excessive, or non-compliant data, when applicable;
v. Portability of data to another service or product provider, upon the data subject’s express request;
vi. Deletion of data processed with the data subject’s consent, upon request;
vii. Obtaining information about public or private entities with whom Axur has shared data, where legally permitted;
viii. Information about the possibility of denying consent and the consequences of such denial; and
ix. Revocation of consent.
Axur is available to fulfill data subjects’ rights upon request, which should be sent via email to privacy@axur.com. If a request for data deletion is made, and there is a need to retain such data due to legal or regulatory obligations or other legal bases, this will be communicated to the data subject.
It is important to note that Axur, as a B2B company without a direct legal relationship with data subjects in these cases, may rely on legal grounds other than consent. This does not affect your right to object or contact Axur regarding your concerns.
When Axur acts as a Data Processor and receives a request, it will forward the request to the Data Controller for a direct response within the legal timeframe or inform the data subject of this redirection.
Axur recognizes the importance of a prompt and effective response to security incidents involving personal data. According to the General Data Protection Regulation (GDPR), the communication of a security incident involving personal data that may result in a risk to the rights and freedoms of data subjects must be made to the competent supervisory authority and to the data subject without undue delay and, where possible, within 72 (seventy-two) hours of the organization becoming aware of the incident. If the notification is not made within this period, a documented justification for the delay must be provided.
We are available to address any questions regarding personal data processing or requests from data subjects or competent authorities via the email privacy@axur.com.
Designated DPO: Paula Lima Zanona
Direct Email: privacy@axur.com
This Policy will be governed, construed, and enforced in accordance with the EUA and foreign laws. To resolve any dispute arising from this policy, the Parties elect the Courts of Delaware - United States of America, expressly waiving any other, however privileged it may be.
Axur’s Privacy Policy will be reviewed at least once every twelve (12) months, following its internal procedures or to incorporate improvements and updates. We recommend periodically reviewing this Policy.
Last updated: February 28, 2025
Previous versions: To access previous versions, please email privacy@axur.com.
06.00.01 AN - Privacy Policy - Revision February 28, 2025
