Legal · Privacy

Privacy policy.

How WTM International collects, uses, stores and protects your personal data.

Contents

  1. Information and company
  2. Your rights
  3. Data we collect
  4. Why we process data
  5. Cookies & tracking
  6. Data sharing
  7. Retention & security
  8. Privacy channel

Section 01Information and company

This Privacy Policy describes how WTM International collects, uses, stores, shares, and protects personal data obtained through our websites, landing pages, in-person and virtual events, social media channels, and direct interactions with our team. By using any of our digital properties or providing your information to us, you acknowledge the practices described below.

WTM International operates through two Brazilian legal entities, each registered under its own corporate Tax ID (CNPJ). Both entities act as joint data controllers for the personal data processed in the scope described here and apply consistent privacy practices across all touchpoints.

For any privacy-related question, request, or complaint, you can reach our Data Protection Officer (DPO) at dpo@wtmdobrasil.com. We treat every inbound request seriously and respond within the timeframes required by applicable law.

Section 02Your rights as a data subject

In accordance with the Brazilian General Data Protection Law (LGPD) and equivalent regulations in other jurisdictions where we operate, you, as the data subject, may exercise the following rights at any time, free of charge, regarding the personal data we hold about you:

  • Right to confirm the existence of processing activities involving your personal data.
  • Right to access the personal data we hold about you, in a clear and human-readable format.
  • Right to correct incomplete, inaccurate, or outdated information.
  • Right to restrict, anonymize, or delete data processed in non-compliance with the law, or that is excessive or unnecessary for the original purpose.
  • Right to data portability to another service or product provider, subject to commercial and industrial secrecy regulations.
  • Right to delete personal data processed under your consent (except where retention is legally required).
  • Right to information about the public and private entities with which we have shared your data.
  • Right to withdraw consent at any time, with effect from the moment of withdrawal forward.
  • Right to review decisions made solely on the basis of automated processing of personal data that affect your interests.

To exercise any of these rights, send your request to dpo@wtmdobrasil.com. We may ask for additional information to verify your identity before fulfilling the request, in order to protect your data against unauthorized access.

Section 03Data we collect

Depending on how you interact with us, we may collect the following categories of personal data, either directly from you or through your use of our digital properties:

  • Contact information, full name, business email address, phone number, WhatsApp number, country and city of residence or operation.
  • Professional & business data, job title, decision-making role, company name, industry, country of operation, company size, revenue tier, products and services you offer, and the markets you serve.
  • Access & device information, IP address, browser type and version, operating system, device identifiers, language preferences, referral source, pages visited, time spent on each page, and clickstream data on our websites.
  • Email interaction metrics, opens, clicks, replies, bounces, unsubscribes, and engagement signals collected when you receive communications from us.
  • Communication content, messages you submit via contact forms, chat tools, scheduling tools, or other channels you choose to use to reach us.
  • Event & webinar data, registration information, attendance, questions submitted, and any feedback shared during events we host or co-host.

User classifications

For the purposes of this policy, we classify users in three ways depending on the depth of the relationship:

  • Visitors, individuals who browse our websites anonymously, without submitting forms or creating an account. We process technical and behavioral data to operate the site and produce aggregated analytics.
  • Leads, individuals who have submitted a form, registered for an event, downloaded a resource, or otherwise provided contact information. We process their data to follow up on the request and to communicate about related services.
  • Users with platform access, clients, partners, or authorized personnel who hold credentials to our internal platforms. Their data is processed to operate the service, fulfill contracts, and meet legal obligations.

Section 04Why we process data

We process personal data under specific legal bases provided by the LGPD, with legitimate interest, consent, contract performance, and legal/regulatory obligations being the most relevant. The processing purposes include:

  • Responding to inquiries from prospective clients, partners and suppliers.
  • Sending email marketing, newsletters, and communications about new services, events and content we believe are relevant for your role.
  • Promoting our services to qualified audiences through paid media platforms (e.g. LinkedIn Ads, Meta Ads, Google Ads).
  • Producing analytics on site usage, content engagement, and campaign performance so we can improve our offering.
  • Operating, monitoring, and improving our digital products and internal platforms.
  • Fulfilling contractual obligations with clients and partners.
  • Complying with legal, tax, accounting, and regulatory requirements that apply to our business.
  • Detecting and preventing fraud, abuse, and security incidents.

When we rely on legitimate interest, we perform a balancing test to ensure our purpose does not override your fundamental rights and freedoms. When we rely on consent, you may withdraw it at any time without affecting the lawfulness of past processing.

Section 05Cookies & tracking

We use cookies and similar tracking technologies to make our websites work, understand how visitors use them, and deliver more relevant communications. The main categories we use are:

Category Purpose Lifetime
Strictly necessary Authentication, security, load balancing, language preference. Session, 1 year
Analytical Google Analytics, internal analytics. Measure page views, sessions, conversions, and content engagement. 1 day, 2 years
Marketing automation RD Station, lead scoring, form attribution. 30 days, 2 years
Advertising Google Ads / DoubleClick, Meta Pixel, LinkedIn Insight Tag. Audience building, retargeting, conversion measurement. 30 days, 9+ years

You can manage or disable cookies at any time through your browser settings or the cookie banner shown on our sites. Disabling certain categories may affect site functionality or the relevance of content you see.

Section 06Data sharing

We share personal data with carefully selected third parties only when necessary to operate our business, deliver the services you requested, or meet legal obligations. Recipients include:

  • Service providers and processors, cloud hosting, email delivery, CRM, marketing automation, analytics, and customer-support tools. These vendors process data on our behalf, under written data protection agreements.
  • Commercial partners, when a partner provides part of the service you requested (e.g. payment processing, local invoicing, cross-border remittance), we share the minimum data needed to complete the operation.
  • Advertising platforms, anonymized or pseudonymized data used to measure campaign performance and reach similar audiences.
  • Authorities and regulators, whenever sharing is required by law, judicial order, or to protect our rights and the rights of others.

We do not sell personal data to third parties. Any international transfer of personal data is done with appropriate safeguards in place, as required by the LGPD and the regulations of the destination country.

Section 07Retention & security

We retain personal data only for as long as necessary to fulfill the purpose for which it was collected, or to comply with legal, contractual, or regulatory obligations. Examples of retention periods we apply:

  • Access logs, up to 6 months, per Brazilian Civil Rights Framework for the Internet (Marco Civil).
  • Lead and prospect data, up to 24 months after the last meaningful interaction, unless you ask to be removed earlier.
  • Customer and contractual data, for the duration of the contract plus the limitation period applicable to civil, tax, and accounting obligations.
  • Marketing communications, until you unsubscribe or withdraw consent.

After the retention period, we anonymize the data so it can no longer identify an individual, or we securely delete it. We apply technical and organizational safeguards proportional to the risk: encryption in transit (TLS), encryption at rest where appropriate, role-based access controls, multi-factor authentication for administrative access, regular security reviews, and incident-response procedures.

Despite our efforts, no system is 100% secure. In the event of a security incident that creates a risk or relevant harm to data subjects, we notify the affected individuals and the National Data Protection Authority (ANPD) within the legal deadline.

Section 08Privacy channel

For privacy complaints, requests under LGPD or equivalent law, or any concern about how we handle your data, reach out to our DPO at dpo@wtmdobrasil.com. We acknowledge each request within five business days and provide a substantive response within the legal deadline (15 days for most LGPD rights, extendable in limited cases).

If you believe your request was not properly addressed, you may file a complaint directly with the Brazilian National Data Protection Authority (ANPD) at gov.br/anpd, or with the data protection authority of your country of residence.

Last updated: March 8, 2024
Controller: WTM International, Tax ID 20.711.662/0001-87