Privacy Policy

Last update: October 15, 2025

Controller: DUX DIGITAL S/A, CNPJ 40.703.728/0001-02, headquartered at Avenida Presidente Vargas, nº 3131, Centro, Rio de Janeiro – RJ, CEP 20299-902.
Related entity (accounts receivable anticipation): DUX FACTORING E SOLUÇÕES FINANCEIRAS LTDA, CNPJ 60.180.043/0001-28, headquartered at Avenida Presidente Vargas, nº 3131, room 604, Cidade Nova, Rio de Janeiro – RJ, CEP 20.210-030.
Contact/DPO: juridico@wearedux.com
Sector regulatory basis: Law no. 6.385/1976; CVM Resolution no. 24/2021 (art. 73); CVM Resolution no. 88/2022.


This Policy describes how we handle personal data in compliance with the General Data Protection Law (LGPD – Law no. 13.709/2018) and other applicable regulations, including AML/CFT, CVM, and good financial compliance practices.



1. Scope and Coverage

Applies to:

  • Visitors to wearedux.com and associated pages.

  • Interested parties interacting with ads, landing pages, and forms (including LinkedIn Lead Gen Forms).

  • Leads, clients, business partners, qualified investors when applicable, and job candidates.

  • Participants in events, webinars, and promotional activities.

  • People receiving communications (email, SMS, WhatsApp, calls).



2. Essential Concepts (Summary)

  • Personal data: information related to identified or identifiable natural persons.

  • Sensitive personal data: racial/ethnic origin, religious beliefs, political opinion, health, sexual life, genetic/biometric data, etc.

  • Controller: who makes decisions about processing (DUX DIGITAL S/A; and DUX Factoring when acting in its specific purpose).

  • Processor: who processes data on behalf of the controller (providers, consultancies, tools).

  • DPO/Responsible person: contact channel regarding personal data (juridico@wearedux.com).



3. What Data We Collect

3.1 Provided by you

  • Identification and contact: name, email, phone/WhatsApp, position, company, city/UF/country.

  • Marketing and commercial interactions: interests, preferences, messages, consents.

  • Events/webinars: registration and participation data.

  • Selection and recruitment: resume, professional history, portfolio, references (when provided).


3.2 Collected automatically (site/landing pages)

  • Technical and usage: IP, date/time, accessed pages, traffic source, user agent (browser, OS, device), language, events (clicks, conversions), approximate geolocation inferred by IP.

  • Cookies and online identifiers: own and third-party cookies, pixels and tags (e.g.: events from LinkedIn Insight Tag).


3.3 From third parties (when applicable)

  • Media and ad platforms (e.g.: LinkedIn, Google, Meta) — campaign metrics.

  • CRM, email, and automation tools — lead status and interaction history.


We do not request sensitive data. If sent inadvertently, we will evaluate the legal basis; if absent, we will delete it with a record of the incident.




4. Purposes, Legal Bases, and Examples


Purpose

Examples

Legal basis (LGPD)

Meet requests and business contacts

Respond to forms, prepare proposals, demonstrations

Contract execution or preliminary procedures

Marketing and relationship

Emails, newsletters, educational materials, invitations

Consent and/or legitimate interest (with opt-out)

Events and webinars

Registration, confirmation, pre/post-event communication

Contract execution / consent

Site measurement and improvement

Analytics, usability, basic anti-fraud

Legitimate interest

Legal/regulatory compliance

Responses to CVM and authorities, AML/CFT

Legal/regulatory obligation

Recruitment and selection

Receive/evaluate applications

Contract execution / preliminary procedures

When based on consent, you may revoke it at any time through the indicated channels.



5. LinkedIn Lead Gen Forms

When submitting data via LinkedIn Lead Gen, DUX receives the information you authorized LinkedIn to share. Main uses:

  • Contact about products, services, content, and events from DUX.

  • Sending requested materials (e-books, studies, newsletters).

  • Invitations and business communications (based on consent or legitimate interest, always with opt-out).

The form may include optional/mandatory checkboxes for specific consents (e.g.: contact via WhatsApp). Sending indicates acknowledgement of this Policy.



6. Cookies and Tracking Technologies


6.1 Categories

  • Strictly necessary: site operation, security, consent management.

  • Performance/Analytics: aggregate metrics and experience improvements.

  • Functional: remembering preferences (language, forms).

  • Advertising/Retargeting: measuring and optimizing campaigns (e.g.: LinkedIn Insight Tag).


6.2 Preference management

  • Cookie banner on the site (when displayed) and browser settings.

  • Disabling certain categories may limit functionalities.


6.3 Examples of tools (may vary)

  • Analytics/Tagging: Google Analytics/Tag Manager; Session/UX: Hotjar.

  • Ads: LinkedIn Insight Tag, Google Ads, Meta Pixel.

  • Consent Management: CookieYes/OneTrust.



7. Sharing and Processors

We share personal data only when necessary:

  • Processors: hosting, CDN, CRM, marketing/email automation, analytics/ads, support, consultancies, and audits.

  • Event co-produced partners: when you register — we will inform you at the time of collection.

  • Public authorities and self-regulators (e.g.: CVM): when there is a legal/regulatory obligation or valid order.

We require contractual clauses on data protection, confidentiality, and security measures.



8. Related Controllers

  • DUX DIGITAL S/A acts as the controller of the data processed for marketing, relationship, website, events, and operations regulated under its scope.

  • DUX FACTORING E SOLUÇÕES FINANCEIRAS LTDA acts as a controller with respect to accounts receivable anticipation operations.
    When necessary, we may act in co-control and make this clear in specific instruments or communications.



9. International Transfers

Some providers may be outside Brazil. In these cases, we adopt appropriate safeguards (e.g., standard contractual clauses, impact assessments, and technical measures) in compliance with the LGPD.



10. Information Security

We maintain technical and organizational controls proportionate to the risk, including:

  • Encryption in transit, authentication, and access control based on minimum privileges.

  • Log records, environment segregation, and backups.

  • Vulnerability management and periodic updates.

  • Training of employees and confidentiality agreements.


No environment is 100% immune. In case of an incident with significant risk, we will adopt appropriate measures and inform affected individuals and the ANPD, when required.



11. Retention and Disposal

We keep data for as long as necessary to fulfill the purposes and/or legal/regulatory deadlines (including those related to CVM and AML/CFT).
Once the purposes are fulfilled and there is no obligation to retain, we carry out deletion or anonymization with the minimum auditing records required.



12. Your Rights (Data Subject)

You can request, at any time:

  • Confirmation of the existence of processing and access to data.

  • Correction of incomplete, inaccurate, or outdated data.

  • Anonymization, blocking, or deletion of unnecessary/excessive data.

  • Portability, when applicable.

  • Information about sharing and about the possibility of not consenting.

  • Revocation of consent and objection to applicable processing.

How to exercise: send your request to juridico@wearedux.com with the subject “LGPD Rights”. For your protection, we may request proof of identity.
Response times: we will follow the reasonable timeframes provided for in the LGPD and applicable regulations.



13. Communications (Email, SMS, WhatsApp, and Calls)

  • Email marketing/newsletter: unsubscribe link available in all messages.

  • WhatsApp/phone: specific consent when applicable; we respect requests to interrupt (opt-out) at any time.

  • Preference records: we maintain a record of consents and revocations for auditing.



14. Automated Decisions and Profiling

Currently, we do not make exclusively automated decisions that have significant legal effects or affect the data subject significantly.
We may use segmentation (profiling) for personalized communication and campaign measurement based on consent and/or legitimate interest, always with opt-out available.



15. Children's and Teenagers' Data

Our services are not aimed at minors. If we identify improper collection, we will delete the data and, if necessary, inform the ANPD.



16. Records and Privacy Governance

  • Record of operations (RoPA) and data classification by purpose and legal basis.

  • Internal policies and procedures (security, incident response, retention).

  • Data Protection Impact Assessments (DPIA/RIPD) when required by risk.

  • Periodic audits and continuous improvement.



17. Changes to this Policy

We may update this Policy to reflect legal, regulatory, or operational changes. The current version will always be available at wearedux.com/privacy-policy, with the update date. Relevant changes may be communicated via email, banners, or notices on the site.



18. How to Contact Us

Responsible Person (DPO): DUX DIGITAL S/A
Email: juridico@wearedux.com
Address: Avenida Presidente Vargas, nº 3131, Centro, Rio de Janeiro – RJ, CEP 20299-902.
Reference Authority: ANPD — National Data Protection Authority (gov.br/anpd).