Privacy Policy (GDPR + LGPD compliant)

ABCDHost – Operated by ABCD Brasil
Last Updated: 22/11/2025

1. Introduction

1.1. This Privacy Policy describes how ABCD Brasil (“we”, “us”, “our”), operating the SaaS service known as ABCDHost, collects, uses, stores, and protects personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Brazilian General Data Protection Law (Law No. 13.709/2018 – “LGPD”), and other applicable international data protection regulations.

1.2. This policy applies to all clients, users, institutions, and individuals who access or use the ABCDHost service, including clients located in the European Union, Latin America, Africa, and other regions.

1.3. ABCD Brasil acts primarily as a Data Processor on behalf of its clients (the “Data Controllers”), who control and manage all data uploaded to their ABCD installations hosted on ABCDHost infrastructure.

2. Identity and Contact Details of the Company

2.1. Company Name: ABCD Brasil
2.2. Commercial Service: ABCDHost
2.3. Address:
Avenida Edgar Pires de Castro, 2018
Bairro Hípica
Porto Alegre – RS – Brazil
ZIP/Postal Code: 91787-861

2.4. Email for Privacy Matters: privacy@abcdhost.net

2.5. ABCD Brasil is not currently obligated to appoint an EU Representative under Article 27 of the GDPR; however, this policy may be updated when EU clients are onboarded.

3. Types of Data Processed

3.1. Client Account Data
Information provided by the customer to maintain an account, such as:

  • name and contact details of institutional representatives
  • billing information
  • login credentials (administrative accounts only)
  • communication records (emails, support tickets)

3.2. Technical and Operational Data
Automatically collected information, including:

  • server access logs
  • IP addresses
  • performance metrics
  • system error logs
  • infrastructure usage statistics

3.3. Data Stored by Clients in Their ABCD Instance
Clients may store:

  • bibliographic data
  • archival records
  • museum collections metadata
  • non-personal cultural heritage information

3.4. Data Minimization
ABCD Brasil does not access client databases unless explicitly authorized for support or maintenance purposes.

4. Legal Bases for Processing

4.1. When ABCD Brasil acts as Data Processor, the legal bases are determined by the Data Controller (the client).

4.2. When ABCD Brasil processes personal data as a Data Controller, the processing relies on:

  • performance of a contract (Article 6(1)(b) GDPR)
  • legitimate interests related to service operation (Article 6(1)(f) GDPR)
  • compliance with legal obligations (Article 6(1)(c) GDPR)
  • consent where applicable (Article 6(1)(a) GDPR)

5. Purposes of Processing

5.1. To provide, maintain, and improve the ABCDHost service.
5.2. To ensure platform security, incident response, and fraud prevention.
5.3. To deliver technical support and troubleshooting.
5.4. To issue billing, invoices, and administrative communications.
5.5. To comply with legal or regulatory requirements.

6. Data Storage and International Transfers

6.1. All ABCDHost servers are hosted by Hostinger, acting as a Sub-processor under GDPR and LGPD.

6.2. Hostinger datacenters may be located outside the client’s jurisdiction. International data transfers follow:

  • Standard Contractual Clauses (SCCs) when applicable
  • LGPD international transfer rules under Articles 33–36
  • adequate safeguards and technical protections

6.3. Backups and operational data may also be processed in Hostinger’s infrastructure or equivalent secure environments.

7. Data Retention

7.1. Client database contents are retained only for the duration of the service contract.

7.2. Logs, backups, and operational data follow predefined retention periods depending on operational needs (typically 30–180 days).

7.3. Upon service termination, clients may request:

  • full data export
  • secure deletion of all instances
  • anonymisation of logs when technically possible

8. Data Sharing and Sub-processing

8.1. ABCD Brasil does not sell or commercialise personal data.

8.2. Sub-processors include:

  • Hostinger (hosting, servers, infrastructure)
  • Additional subprocessors may be added with prior notice.

9. Security Measures

9.1. ABCD Brasil implements appropriate technical and organisational measures such as:

  • encrypted transmission (HTTPS/TLS)
  • restricted server access
  • firewalls and intrusion detection
  • regular security updates
  • backup routines
  • vulnerability assessments when applicable

9.2. Access to client databases occurs only with explicit permission.

10. Rights of Data Subjects

Data subjects may exercise:
10.1. Right to access
10.2. Right to rectification
10.3. Right to erasure (“right to be forgotten”)
10.4. Right to restriction of processing
10.5. Right to data portability
10.6. Right to object
10.7. Rights related to automated decision-making (not applicable to ABCDHost)
10.8. LGPD rights (Articles 17–20)

Requests should be addressed to: privacy@abcdhost.net

11. Responsibilities of Clients (Data Controllers)

11.1. Clients determine which data they store, publish, or process within the ABCD system.
11.2. Clients must ensure that their use of ABCDHost complies with GDPR, LGPD, and local laws.
11.3. Clients remain responsible for consent, legitimacy of data input, and data governance.

12. Breach Notification

12.1. ABCD Brasil will notify affected clients of any personal data breach without undue delay.

12.2. The Data Controller remains responsible for notifying supervisory authorities and end users when required.

13. Changes to this Policy

13.1. ABCD Brasil may update this Privacy Policy periodically. Changes will be communicated via the website or email.

14. Contact

For any privacy-related inquiries:

ABCD Brasil
Avenida Edgar Pires de Castro, 2018
Bairro Hípica
Porto Alegre – RS – Brazil
ZIP Code: 91787-861
Email: privacy@abcdhost.net

Scroll to Top