Pricing
Contact Sales
Privacy and Data Protection Policy
Your trust is the foundation of our work. This page explains how we handle personal data under the European GDPR regulatory framework.
Who We Are
DPOSaaS is a GDPR-compliant Data Protection Officer-as-a-Service platform, developed by BIS CRM, headquartered in Europe and Brazil. Our mission is to help organizations strengthen data governance and comply with data protection laws intelligently and transparently.
We operate under the most stringent European data protection standards, ensuring that every process is designed with privacy by design. Our specialized team works continuously to maintain compliance and excellence in all aspects of personal data processing.
Privacy Contact
📧 dpo@dposaas.com.br
🌐 www.dposaas.com
Latest Version Nov 11 2025
Personal Data We Collect
We collect only the data strictly necessary for the provision of our professional services. All data relates exclusively to business use and legitimate business purposes.
Identification Data
  • Full name
  • Email address
  • Company name
  • Role or function
Technical Data
  • Session cookies
  • Analytics identifiers
  • IP addresses
  • Browsing metadata
Professional Data
  • Business communications
  • Support tickets
  • Interaction history
  • Corporate documentation
Platform Usage Data
  • Audit logs
  • User preferences
  • Platform actions
  • Account settings
Why We Process Your Data
We process personal data exclusively for legitimate and transparent purposes. Each data processing operation has a clear purpose and is aligned with GDPR's legal and contractual obligations.
1
Service Provision
We provide full access and functionality to the DPOSaaS platform, ensuring secure and efficient operation.
2
Account Management
We manage customer accounts, access permissions, and personalized settings for each user.
3
Continuous Improvement
We analyze usage data to enhance the user experience and optimize platform performance.
4
Support and Communication
We offer qualified technical support and send important service updates.
5
Legal Compliance
We comply with applicable legal and regulatory obligations regarding the processing of personal data.

Commitment to Non-Commercialization: We do not sell or share personal data with third parties for marketing purposes. Your privacy is non-negotiable.
Legal Basis for Data Processing
All our processing activities are founded on at least one of the legal bases established by the GDPR. We operate with full transparency regarding the legal grounds that authorize each data processing.
Contract Performance
Article 6(1)(b) — Processing necessary for the performance of a contract with the data subject.
Legal Obligation
Article 6(1)(c) — Compliance with a legal obligation to which the controller is subject.
Legitimate Interest
Article 6(1)(f) — Legitimate interests of the controller or a third party, balanced against the rights of the data subject.
Consent
Article 6(1)(a) — Explicit and informed consent of the data subject when required by law.
We carefully evaluate each processing operation to ensure there is an adequate legal basis. In cases where consent is required, it is requested clearly, specifically, and prominently, allowing you to understand exactly what you are consenting to.
Data Retention and Lifecycle
We retain personal data only for the time necessary to fulfill the described purposes or to meet legal retention requirements. We apply strict policies for data lifecycle management.
1
Collection
Data is collected for a specific purpose and with consent when necessary.
2
Active Processing
Data is used during the provision of services and account management.
3
Archiving
Inactive data is archived with restricted access for legal compliance purposes.
4
Secure Deletion
When no longer needed, data is securely deleted or anonymized.
Our retention periods are determined by objective criteria, including contractual obligations, regulatory requirements, and legitimate business purposes. You can request specific information about the retention periods applicable to your personal data.
Sharing and International Transfers
We use secure cloud services hosted preferably within the European Economic Area (EEA). The protection of your data is a priority in all our operations, regardless of geographical location.
When data transfers outside the EEA are necessary, we implement adequate safeguards as required by GDPR, including:
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Impact Assessments on data transfers
  • Security certifications and supplier compliance
  • Data Processing Agreements with robust contractual guarantees
We maintain a detailed record of all international transfers and regularly review the protection measures applied.
100%
Protected Transfers
All international transfers use approved safeguards
EEA
Priority Hosting
Servers located in the European Economic Area
Your Rights as a Data Subject
In compliance with GDPR, you have comprehensive rights regarding your personal data. We respect and facilitate the exercise of all these rights, responding to requests within the established legal deadlines.
Right of Access
Obtain confirmation regarding the processing of your data and access a copy of the information we hold about you.
Right to Rectification
Request the correction of inaccurate or incomplete personal data held by the platform.
Right to Erasure
Request the deletion of your personal data when there is no longer a legal basis for processing.
Right to Restriction of Processing
Restrict the processing of your data in specific circumstances provided by GDPR.
Right to Object
Object to data processing based on legitimate interests or for direct marketing purposes.
Data Portability
Receive your data in a structured, machine-readable format for transfer to another controller.
Withdrawal of Consent
Withdraw your consent at any time when processing is based on this legal ground.
Right to Lodge a Complaint
Lodge a complaint with the competent data protection authority if you believe there has been a violation.

How to Exercise Your Rights: Contact us at privacy@dposaas.com. We will respond to your request within one month, which may be extended by two further months in complex cases.
Security and Confidentiality
DPOSaaS implements robust technical and organizational measures to protect your data against unauthorized access, loss, destruction, or alteration. Our security approach is multi-layered and continuously updated.
Advanced Encryption
Data encrypted in transit (TLS 1.3) and at rest (AES-256), ensuring protection at all stages.
Multi-factor Authentication
Access protected by multiple layers of identity verification.
Continuous Monitoring
Intrusion detection systems and 24/7 monitoring for suspicious activities.
Regular Audits
Periodic security reviews and risk assessments to identify vulnerabilities.
Organizational Controls
  • Access policies based on the principle of least privilege
  • Regular staff training on information security
  • Well-defined incident response procedures
  • Confidentiality agreements with all employees
  • Segregation of production and development environments
Your data is treated with strict confidentiality. Access is restricted exclusively to authorized personnel who need the information to perform their professional duties.
Cookies, Tracking, and Commitment to Transparency
Cookie Management
The platform uses strictly necessary cookies for operation, in addition to optional analytical cookies for performance improvement. You retain full control over your preferences.
Types of cookies used:
  • Essential: Necessary for basic platform functionality
  • Analytics: Help understand how you use the service (requires consent)
  • Preferences: Store your personalized settings
You can manage your preferences through your browser settings or the cookie banner displayed on your first visit.
Our Commitment to Transparency
At DPOSaaS, privacy is not just a checkbox — it's a fundamental design principle. We continually review our practices to align them with evolving GDPR standards and maintain full transparency with all users and clients.
Full Transparency
We clearly communicate all data processing practices, without obscure language or hidden clauses.
Continuous Updates
We monitor regulatory changes and update our policies to reflect industry best practices.
Dedicated Support
Our privacy team is always available to answer questions and assist in exercising your rights.

Last Updated: This privacy policy was updated in November 2025. We will notify you of any substantial changes via your registered email or a notice on the platform.
Corporate Information
About DPOSaaS
A solution developed by BIS CRM to offer professional Data Protection Officer services, combining SaaS technology with human expertise in regulatory compliance.
© 2025 BIS CRM DPOSaaS
All rights reserved
Connect With Us
Follow us on social media for exclusive content on data protection and regulatory updates.
Developed with excellence by BIS CRM — Your partner in digital transformation and data protection