When you hire our services, we request company information, representatives, and contact points, making decisions to deliver the service in the most secure and efficient way possible.

We process third-party personal data entered into our solutions by contracting clients, based on their decisions as data controllers. This includes customer contact details, messages, and employee information related to customer service.

We do not control the data that client companies request or enter into the platform. Therefore, it is the client’s responsibility to inform data subjects about any data processing carried out through Digisac and to fulfill their obligations as data controllers. To assist in this process, we provide a manual.

To enable our solution, as required by WhatsApp Business API (WABA) hiring rules, companies must contract the service through brokers. In the case of Digisac, we partner with 360Dialog and Positus.

We may collect and store user information through:

User registration on the platform
Direct sales process
Contact forms on our website or during material downloads
Forms filled out by the user or navigation with enabled cookie preferences
Third-party data related to the client’s business, stored solely for providing the contracted service.

We fully comply with the principles of the General Data Protection Regulation (GDPR) and process personal data for:

User identification and contact during platform use
Executing the services for which the user signed up
Sending sales and marketing communications
Validating user identity to prevent security risks

We implement measures suggested by the National Data Protection Authority (ANPD) in its Guidance Guide for Small-Sized Data Processing Agents, using various security technologies and procedures to protect your information. Additionally, we conduct risk assessments and vulnerability mapping, implementing measures against security incidents.

To provide secure and high-quality services, we may contract operators, such as servers and payment gateways. These partners follow Digisac’s decisions, and we establish minimum security requirements for partnerships. We do not share data with other controllers that could identify the user.

We process personal data for as long as our service is provided, as required by law, or when necessary to resolve legal issues.
For marketing communications, we will process data until you request to be removed from our lists.

Data subjects have the right to request certain information and actions from the controller. While not all requests may be granted, we guarantee a response in every case:

Confirmation of data processing existence
Access to personal data
Correction of incomplete, inaccurate, or outdated data
Anonymization, blocking, or deletion of unnecessary or improperly processed data
Data portability to another provider upon express request
Deletion of data processed with consent, except when required by law
Information about public and private entities with whom Digisac has shared data
Awareness of the possibility of refusing consent and its consequences
Withdrawal of consent