1. Purpose of the Policy
PHISHING PLUS SECURITY (“Organization” or “we”) is committed to protecting personal data and raising awareness among our community, including employees and business partners. This Privacy Policy aims to provide clear and precise information regarding the collection, use, storage, and processing of personal data, in compliance with the Florida Information Protection Act (FIPA) and Brazilian General Data Protection Law (LGPD – Law No. 13.709/18).

‍2. Applicable Laws
‍Florida, USA: Florida Information Protection Act (FIPA) Brazil: LGPD – Law No. 13.709/18
‍
‍3. Scope
This Policy applies to all data subjects, their legal representatives, employees, contractors, and business partners of PHISHING PLUS SECURITY.

‍4. Data Controller
PHISHING PLUS SECURITY acts as the data controller, responsible for decisions regarding the processing of personal data.

‍5. Personal Data Processed
We may process the following categories of personal data: Identification and contact details: full name, date of birth, gender, email, phone number, address, and image (when applicable). Contractual and financial information: data required for service provision and payment management. Sensitive data will not be collected unless strictly required by law.

‍6. Purposes of Processing
Personal data may be processed for the following purposes: Contract formalization and management. Compliance with legal and regulatory obligations. Defense of rights in judicial, administrative, or arbitration proceedings. Institutional communications and event organization. Ensuring organizational security and fraud prevention.

‍7. Data Sharing
Personal data may be shared with: Cloud service providers and IT vendors. Collection agencies and credit bureaus. Third-party service providers engaged as needed. Public authorities and regulators, when legally required. Entities involved in mergers, acquisitions, or corporate restructuring.

‍8. International Data Transfers
When transferring personal data outside Brazil or the United States, PHISHING PLUS SECURITY will adopt appropriate safeguards, including contractual clauses and recognized mechanisms to ensure adequate protection.

‍9. Data Retention
Data will be retained: For the period required by law. As long as necessary to fulfill contractual and legal obligations. While legitimate interests of the Organization exist. Until deletion is requested by the data subject, when applicable.

‍10. Data Subject Rights
Data subjects have the following rights: Access and confirmation of data processing. Correction of inaccurate or outdated data. Request for deletion or anonymization. Data portability. Withdrawal of consent at any time. Filing complaints with the U.S. relevant authorities and Brazilian National Data Protection Authority (ANPD)

‍11. Data Breach Notification
In the event of a data breach: Florida (FIPA): data subjects and authorities will be notified within 30 days. Brazil (LGPD): notification will be made to the ANPD and affected data subjects within a reasonable timeframe, as required by law.

‍12. Data Protection Measures
We implement appropriate technical and organizational measures to safeguard personal data against unauthorized access, accidental loss, destruction, or alteration. Access is restricted to individuals with legitimate business needs.

‍13. Policy Updates
PHISHING PLUS SECURITY reserves the right to update this Privacy Policy at any time. Significant changes will be communicated via notices on our website.

‍14. Contact Information
For questions or to exercise your rights, please contact our Data Protection Officer (DPO): privacy@phishingplus.com