Legal

GDPR Compliance

Your data, your rights — here is how we uphold them

The General Data Protection Regulation (GDPR) gives people in the EU and EEA strong rights over their personal data. This page explains how BoldFolio meets those requirements and what those rights mean for you in practice.

Who is responsible for your data

The data controller is Landim IT Tecnologia e Educacao Ltda (trading as BoldFolio), represented by Alessandro Landim. We decide what personal data is collected and how it is used.

If you have a question or request about your data, contact us directly:

Data protection contact: Alessandro Landim
Email: contact@theboldfolio.com
Address:ST SHIN CA 09, Bloco A, Torre 3, Sala 105, Brasilia — DF, 71503-509, Brazil
Website: theboldfolio.com

On what basis do we process your data

Under the GDPR, every processing activity must have a lawful basis. Here is how each basis applies to our services:

Contract performance— when we deliver your prototype, process payments, or manage your account, we process data because it is necessary to fulfil the agreement between us.
Consent— for optional activities like sending you marketing emails, we rely on your explicit, freely given consent. You can withdraw it at any time.
Legitimate interest— for things like improving our website, preventing fraud, and ensuring security, we rely on our legitimate business interests — but only where they do not override your rights.
Legal obligation— certain data (for example, financial records for tax purposes) must be retained because the law requires it.

Your rights in detail

The GDPR gives you a comprehensive set of rights. Below is what each one means and how to exercise it with BoldFolio.

Right of access (Article 15)

You can request a full copy of all personal data we hold about you. We will provide it in a commonly used electronic format within 30 days.

Right to rectification (Article 16)

If any of your data is inaccurate or incomplete, you can ask us to correct it. Many details — such as your name or email — can also be updated directly in your account settings.

Right to erasure (Article 17)

Also known as the “right to be forgotten”. You can request that we delete your personal data when it is no longer needed, when you withdraw consent, or when there is no other legal basis for keeping it.

Right to restrict processing (Article 18)

In certain situations — for example, while we verify the accuracy of your data or assess an objection — you can ask us to pause processing instead of deleting it.

Right to data portability (Article 20)

You have the right to receive your data in a structured, machine-readable format (such as JSON or CSV) and to transfer it to another service provider.

Right to object (Article 21)

You can object to processing based on legitimate interests or direct marketing at any time. If you object to marketing, we stop immediately — no questions asked.

Automated decision-making (Article 22)

You have the right not to be subject to decisions made solely by automated means that produce legal or similarly significant effects. For the record: BoldFolio does not use automated decision-making or profiling.

How to make a request

Send your request to contact@theboldfolio.com with the subject line “GDPR Request”. Here is what to expect:

Verification— we will confirm your identity to protect against unauthorised requests. This usually takes 1–2 business days.
Response— we will act on your request within 30 calendar days. If the request is unusually complex, we may extend this by up to 60 days — but we will let you know within the initial 30-day window.
No fee— exercising your rights is free of charge, unless a request is manifestly unfounded or excessive.

International data transfers

Some of the service providers we use are based outside the EEA. When personal data leaves the EEA, we ensure it remains protected through one or more of the following safeguards:

Standard Contractual Clauses (SCCs) — contracts approved by the European Commission that bind the recipient to EU-level data protection standards.
Adequacy decisions— transfers to countries the European Commission has recognised as providing adequate data protection.
Your explicit consent— for one-off transfers where the above mechanisms do not apply.

What happens if there is a data breach

In the unlikely event of a breach that risks your rights and freedoms, we will:

Notify the relevant supervisory authority within 72 hours of becoming aware of the breach.
Inform you directly and without undue delay if the breach is likely to pose a high risk to you.
Document the incident, its impact, and the corrective steps taken.

Right to complain

If you feel your data protection rights have not been respected, you have the right to lodge a complaint with a supervisory authority in the EU member state where you live, work, or where the issue occurred.

We encourage you to contact us first so we can try to resolve the matter directly.

Related policies

Privacy Policy — full details on what we collect and why.
Cookie Policy — every cookie explained with opt-out instructions.
Terms of Service — the agreement governing use of our platform.