LGPD Compliance

The Brazilian General Data Protection Law (LGPD) is the Brazilian legislation that regulates the processing of personal data by individuals and legal entities, both digitally and offline, with the aim of protecting fundamental privacy rights.

The LGPD applies to any personal data processing operation carried out in Brazilian territory, regardless of the medium, the country of the operator's headquarters, or the location where the data is stored.

Agrobyte acts both as a Controller and as a Processor of personal data, depending on the processing context. As a Controller, we determine the purposes of processing our direct users' data. As a Processor, we process data on behalf of contracting organizations.

All personal data processing carried out by Agrobyte is based on at least one of the legal bases provided in Article 7 of the LGPD. The main bases we use are:

Contract execution: we process data necessary for the provision of contracted services, including account creation, field collection processing, and report generation.

Consent: for specific purposes such as sending marketing communications, using non-essential cookies, and collecting precise geolocation data. Consent may be revoked at any time.

Legitimate interest: for platform security purposes, fraud prevention, service improvement, and communications about relevant updates. We conduct proportionality tests to ensure balance between our interests and data subjects' rights.

The LGPD guarantees data subjects a series of rights that Agrobyte respects and facilitates the exercise of. You may request at any time:

Confirmation and access: know whether we process your data and obtain a complete copy of the information we hold about you, in a readable and structured format.

Correction and update: request the correction of incomplete, inaccurate, or outdated personal data maintained in our systems.

Deletion and anonymization: request the deletion or anonymization of unnecessary, excessive, or non-compliant personal data processed under the LGPD.

Portability: request the transfer of your personal data to another service provider, in an interoperable format, respecting trade and industrial secrets.

To exercise your rights, send your request to dpo@agrobyte.com.br. We process all requests within the legal deadline of 15 business days.

Registration data: full name, professional email, phone number, CPF (when applicable), job title, department, and organization information.

Access data: login records, IP address, browser type and version, operating system, pages visited, and time spent on the platform.

Field data: GPS coordinates, georeferenced photographs, completed forms, notes, and other information collected during field operations through the FCR platform.

Communication data: messages sent through the platform, notifications received, and records of interactions with our technical support.

We implement a comprehensive information security program that includes technical, administrative, and organizational measures to protect personal data under our responsibility.

Technical measures: AES-256 encryption for data at rest, TLS 1.3 for data in transit, multi-factor authentication, role-based access control (RBAC), continuous threat monitoring, and regular backups with geographic redundancy.

Organizational measures: internal security policies, regular employee training, confidentiality agreements, incident management, periodic audits, and continuous risk assessment.

We conduct regular penetration tests and maintain a vulnerability management program to ensure our systems remain secure against emerging threats.

The sharing of personal data is carried out only when necessary and always with adequate safeguards. Recipients include:

Infrastructure service providers: cloud providers and hosting services that store and process data on our behalf, bound by contracts with data protection clauses.

Contracting organizations: field data collected is made available to the contracting organization according to the purposes defined in the service agreement.

We do not carry out international transfers of personal data. All data is stored and processed in Brazilian territory, using data centers located in Brazil.

Agrobyte has appointed a Data Protection Officer (DPO) as required by the LGPD, responsible for acting as the communication channel between the company, data subjects, and the National Data Protection Authority (ANPD).

The DPO is responsible for: accepting complaints and communications from data subjects; providing clarifications; adopting measures; receiving communications from the ANPD; and performing other duties provided by law.

To contact our Data Protection Officer, use the email: dpo@agrobyte.com.br. All requests will be answered within the applicable legal deadline.

Agrobyte maintains a security incident response plan involving personal data, in accordance with ANPD guidelines and market best practices.

In case of a security incident that may pose a risk or relevant damage to data subjects, we will notify the ANPD and affected data subjects within a reasonable timeframe, as determined by the authority, informing the nature of the affected data, the risks involved, and the measures adopted.

We maintain detailed records of all security incidents, including corrective measures adopted, and use this information to continuously improve our security program.