DATA PROTECTION

LGPD

DX.On values privacy and the protection of personal data. As a technology company operating in the data market, we adopt practices aligned with the principles of the General Data Protection Law (LGPD), with a focus on transparency, security, and responsibility in handling information. In this portal you will find guidance on our practices and on the rights of data subjects.

DX.ON - LGPD Data Protection
Privacy Portal
LGPD

What is it?

LGPD is the Brazilian law that defines how personal data should be collected, used, stored, and protected by companies. More than a legal obligation, it represents an important advance in how organizations handle information, promoting transparency, security, and respect for people's privacy.

What is the impact of the General Data Protection Law?

LGPD brought important changes to how companies use personal data in Brazil. Today, most organizations use information from customers, users, and partners to offer services, conduct transactions, and develop increasingly efficient solutions. With the arrival of LGPD, companies have better structured their processes, invested in information security, and adopted more transparent practices in personal data processing. This movement strengthens trust between companies, customers, partners, and users, promoting safer and more responsible relationships in the digital environment.

What are your rights protected by law?

LGPD guarantees data subjects a series of rights related to the processing of their information. Among them are the right to confirm whether their data is being processed, access their personal information, request correction of incomplete or outdated data, and obtain information about how their data is used. The law also ensures the right to request clarification about data sharing, as well as exercise other rights provided in legislation, always in accordance with the legal hypotheses applicable to information processing.

Types of data protected by LGPD:

Information related to an identified or identifiable natural person, such as name, ID number, address, phone number, or email. Even data that does not directly identify a person can be considered personal data when it allows their identification.

Personal Data

Information related to an identified or identifiable natural person, such as name, ID number, address, phone number, or email. Even data that does not directly identify a person can be considered personal data when it allows their identification.

Sensitive Data

Data that requires a higher level of protection, as it may generate discrimination or risks to the holder's privacy. Among them are:

  • Racial or ethnic origin;
  • Religious or philosophical beliefs;
  • Political opinions;
  • Union membership;
  • Genetic or biomedical data;
  • Health-related data;
  • Data related to sexual life or sexual orientation

Personal data of children and adolescents

LGPD establishes specific rules for the processing of personal data of children and adolescents. In general, such processing must occur with the specific consent of at least one parent or legal guardian, as provided in legislation.

Why is data important?

Data is part of our daily lives and helps companies better understand needs, behaviors, and trends. When used responsibly, it contributes to the development of more efficient services, safer decisions, and solutions that generate value for people and organizations. At DX.On, we believe that data should be used with responsibility, security, and transparency. Therefore, we adopt practices aligned with LGPD to ensure that information processing respects the privacy of data subjects and contributes to building trust relationships.

Contact

If you have any questions about our privacy practices or about the processing of personal data, please contact our Data Protection Officer (DPO) via email: dpo@dxon.com.br

Data Subject Rights

The General Data Protection Law (LGPD) guarantees people a series of rights related to the processing of their personal data. These rights exist to ensure more transparency, control, and security over how their information is used by organizations. At DX.On, we respect these rights and seek to ensure that data subjects have clear access to information about the processing of their data.

Personal data belongs to individuals as a constitutional right to privacy. Generally, providing data is voluntary, often exchanged for services or discounts. In some cases, legal requirements require the provision of data.

What are the rights protected by law?

LGPD provides various rights for personal data subjects. Among the main ones are:

  • 1
    Confirmation of the existence of personal data processing: You can request confirmation that your personal data is being processed by our company.
  • 2
    Access to data: You can request access to information we have about you and understand how your data is being used.
  • 3
    Correction of incomplete, inaccurate or outdated data: If you identify incorrect or outdated information, you can request the correction of this information.
  • 4
    Information about data sharing: You can request clarification on how your data is used and with which partners or organizations it may be shared, when applicable.
  • 5
    Data portability: When applicable, you can request the transfer of your personal data to another service provider.
  • 6
    Deletion of personal data: In cases provided by law, you can request the deletion of personal data processed based on consent or when there is no legal obligation to retain it.
  • 7
    Revocation of consent: In cases where data processing occurs based on consent, you may revoke this authorization at any time.
  • 8
    Review of automated decisions: Whenever applicable, you can request information or review of decisions made exclusively based on automated data processing that may impact your interests.
  • 9
    Exercising your rights: To facilitate service to data subjects, DX.On provides a Privacy Portal, where it is possible to register requests related to rights provided in LGPD and track the status of service. If you wish to exercise any of these rights or obtain more information about the processing of your personal data, access the Privacy Portal available on this website.
Data Processing

How we process personal data

DX.On operates in the technology and data market, developing solutions that help companies in decision-making and risk management. To do this, we responsibly process personal data, always respecting the principles and guidelines established by the General Data Protection Law (LGPD).

Our commitment is to ensure that the use of information occurs with transparency, security, and respect for the rights of data subjects.

Where the data comes from

Data used by DX.On can be obtained from different legitimate sources, such as:

  • Information provided directly by customers and partners
  • Public databases available from official agencies
  • Private databases obtained legally and contractually
  • Information generated from the use of our services

We always seek to ensure that data is processed according to legitimate purposes and with the legal bases provided in legislation.

What we use data for

Data processing carried out by DX.On aims to support legitimate market activities, such as:

  • Risk analysis
  • Fraud prevention
  • Support for business decision-making
  • Product and service improvement
  • Development of technological solutions

These activities contribute to making transactions and commercial relationships safer and more efficient.

Security and responsibility

DX.On adopts technical and organizational measures to protect personal data against unauthorized access, misuse, loss, alteration, or improper disclosure.

These measures include data governance practices, access control, security monitoring, and internal processes aimed at protecting information.

Transparency and data subject rights

We respect the rights of data subjects provided in LGPD and make specific channels available so that requests related to data processing can be registered and tracked.

If you wish to exercise your rights or obtain more information about personal data processing, access our Privacy Portal.

Automated decisions and data analysis

DX.On develops technological solutions that use data analysis to support companies in assessment processes, risk prevention, and decision-making. In some cases, these activities may involve the use of statistical models or automated processes to generate indicators and analyses.

In various scenarios, DX.On acts as a personal data processor, processing information according to its clients' instructions, who act as data controllers. In these cases, the analytical criteria, statistical models, and parameters used for profile composition or decision support are defined by the clients themselves.

These activities are conducted in compliance with the principles of the General Data Protection Law (LGPD), seeking to ensure transparency, security, and respect for the rights of data subjects.

If you wish to obtain more information or exercise your rights related to personal data processing, use the channels available in our Privacy Portal.

About Cookies

To improve the browsing experience and website functionality, DX.On uses cookies and similar technologies. These features help understand how visitors interact with the site, allowing the improvement of functionality, performance, and security. Cookies are small text files stored on the user's device when they access a website. They allow recognizing preferences, remembering settings, and making navigation more efficient.

Cookies are used for different purposes, such as:

  • 1
    Ensuring proper website functionality
  • 2
    Remembering browsing preferences
  • 3
    Analyzing website usage statistics
  • 4
    Supporting security measures and fraud prevention

This information helps DX.On offer a more secure, functional digital environment aligned with users' needs.

Types of cookies that may be used

DX.On uses cookies for essential operations, improving user experience and identifying traffic from advertising.

Cookie Types

Essential Cookies

These are essential for the website to function. They allow basic functionalities to operate correctly, such as navigation between pages and access to secure areas.

Performance or Analytics Cookies

These cookies help understand how visitors use the site, allowing analysis of browsing metrics and continuous improvement of services offered.

Functionality Cookies

Allow remembering user preferences, such as language or browsing settings, providing a more personalized experience.

Cookie Management

Most browsers allow users to manage or disable cookies in the browser settings themselves. However, disabling some cookies may impact the website's functionality or browsing experience.

Privacy Recommendation

If you wish to obtain more information about the use of cookies or how to manage your preferences, consult your browser settings or contact us.

Questions about cookies: dpo@dxon.com.br

Privacy Policy

Last update: March/2026

Privacy Policy

DX.On values privacy and the protection of personal data. This Privacy Policy aims to clearly explain how we process personal data in our activities, what information may be used, and what are the rights of data subjects.

Our commitment is to carry out data processing with responsibility, transparency, and security, always in compliance with the General Data Protection Law (LGPD) and other applicable regulations.

Who we are

DX.On is a technology company that develops data-based solutions to support organizations in analysis processes, risk prevention, and decision-making.

In different data processing contexts, DX.On may act both as a controller, when it defines the purposes and means of personal data processing, and as a processor, when it processes data on behalf of its clients and according to their instructions.

When DX.On acts as a processor, data processing will occur according to the responsible controller's instructions.

What personal data may be processed

In the context of its activities and technological solutions, DX.On may process different categories of personal data. The type of information processed may vary according to the nature of services provided, the relationship with clients and partners, and the specific purposes of each operation.

Among the categories of data that may be processed are:

  • Identification data: Such as name, document number, or other information that allows identifying a person.
  • Contact data: Such as address, phone, or email.
  • Professional or business relationship data: Information related to professional activities, relationships with companies, or commercial interactions.
  • Browsing and system use data: Information related to access and use of platforms, systems, or websites, such as access logs, IP address, and date and time of access.
  • Data from public sources or databases provided by clients: In certain services, DX.On may process data from public databases or databases provided by clients who use our solutions.

The nature and volume of processed data may vary according to the service contracted by DX.On's clients.

Data sources

Personal data processed by DX.On may be obtained from different legitimate sources, including:

  • Information provided directly by clients or partners
  • Databases provided by companies that use our solutions
  • Records from public sources
  • Data generated from the use of systems, platforms, or technological services

The use of this information always occurs according to the specific purposes of each service and with the legal bases provided in applicable legislation.

Use of data for risk and credit analysis

Some of the technological solutions developed or operated by DX.On may support risk analysis processes, fraud prevention, and credit assessment carried out by client companies.

These activities may involve processing data from public sources, databases provided by the clients themselves, or databases authorized by applicable legislation.

When applicable, these operations observe the provisions of:

  • Law No. 12,414/2011 - Positive Credit Registry Law
  • Complementary Law No. 166/2019
  • Decree No. 9,936/2019
  • CMN Resolution No. 4,737/2019

In various scenarios, DX.On acts as a processor of personal data, processing information according to its clients' instructions.

DX.On does not make commercial decisions directly about data subjects, acting primarily as a provider of technological solutions and information analysis for its clients.

Automated decisions and data analysis

DX.On develops technological solutions that use data analysis to support companies in assessment processes, risk prevention, and decision-making.

In some cases, these activities may involve the use of statistical models or automated processes for generating indicators and analyses.

In various scenarios, DX.On acts as a processor of personal data, processing information according to its clients' instructions, who act as data controllers. In these cases, the analytical criteria, statistical models, and parameters used for profile composition or decision support are defined by the clients themselves.

These activities are conducted in compliance with the principles of the General Data Protection Law (LGPD), seeking to ensure transparency, security, and respect for the rights of data subjects.

Limitations and context of data analyses

The analyses, indicators, or information generated by DX.On's technological solutions are informative in nature and support decision-making.

The use of this information and any commercial decisions made from it are the responsibility of companies that use DX.On's solutions, observing their own policies, business criteria, and legal responsibilities.

Legal bases for personal data processing

Personal data processing carried out by DX.On always occurs based on one of the legal bases provided in the General Data Protection Law (LGPD).

Depending on the nature of the activity or service provided, data processing may occur based on different legal grounds, including:

  • Contract execution
  • Compliance with legal or regulatory obligation
  • Legitimate interest
  • Credit protection
  • Data subject's consent

The applicable legal basis may vary according to the specific purpose of processing.

Sharing of personal data

DX.On may share personal data when necessary to carry out its activities, always observing applicable legislation.

Sharing may occur, for example, with:

  • Clients who use DX.On's solutions
  • Partners and technological service providers
  • Suppliers responsible for infrastructure and system hosting
  • Public authorities or regulatory bodies when there is a legal obligation

When DX.On acts as a processor of personal data, information sharing will occur according to the responsible controller's instructions.

International data transfer

In some cases, DX.On may use technological infrastructure, storage, or data processing services that involve the transfer or access to personal data from other countries.

When this occurs, DX.On will seek to ensure that these operations observe the requirements provided in applicable legislation, adopting appropriate measures for data protection and information security.

Information security

DX.On adopts technical and organizational measures to protect personal data against unauthorized access, misuse, loss, alteration, or improper disclosure.

These measures include access controls, security monitoring, data governance practices, and internal processes aimed at protecting information.

Data governance and protection

DX.On adopts governance practices aimed at the protection of personal data and information security, seeking to ensure that data processing occurs responsibly and in compliance with legislation.

Among these practices are:

  • Definition of internal data protection policies
  • Information access controls
  • Security monitoring
  • Periodic review of processes related to data processing
  • Channels for service to data subjects' rights

Data retention

Personal data processed by DX.On is stored only for the time necessary to fulfill the purposes for which it was collected, meet legal or regulatory obligations, or protect the rights of the company and its clients.

After the end of the applicable retention period, data may be deleted or anonymized as permitted by legislation.

Data subject rights

The General Data Protection Law guarantees data subjects various rights related to the processing of their personal data, including:

  • Confirmation of the existence of processing
  • Access to data
  • Correction of incomplete or outdated data
  • Anonymization, blocking, or deletion of data
  • Data portability
  • Revocation of consent
  • Information about data sharing

Data Protection Officer

DX.On has a Data Protection Officer (DPO), responsible for acting as a communication channel between the company, data subjects, and the National Data Protection Authority (ANPD).

The officer also assists in internal guidance on data protection practices and in responding to requests related to personal data processing.

Privacy Portal and contact

To facilitate the exercise of data subjects' rights, DX.On provides a Privacy Portal, where it is possible to register requests related to personal data processing.

If you have questions about this policy or about the processing of personal data carried out by DX.On, you can also contact our Data Protection Officer.

Email: dpo@dxon.com.br

Updates to this policy

This Privacy Policy may be updated periodically to reflect legal, regulatory changes, or improvements in our data protection practices.

We recommend that this page be consulted regularly to follow any updates.

Contact Us

At DX.On, we believe that transparency and dialogue are fundamental to building trust relationships.

If you have questions about this Privacy Policy, about how we process personal data, or want to exercise any of your rights provided in the General Data Protection Law (LGPD), we are available to help.

Our team is prepared to receive requests, clarify doubts, and provide guidance on issues related to personal data processing carried out by DX.On.

Whenever possible, we recommend that requests related to personal data be made through our Privacy Portal, which was developed to facilitate the registration, tracking, and management of data subject requests.

If you prefer, you can also contact our team directly through the address below.

Data Protection Officer (DPO)

dpo@dxon.com.br

When contacting us, if possible, provide as much detail as possible about your request. This helps us analyze and respond more quickly and accurately.

Our commitment is to treat all requests with attention, responsibility, and in compliance with applicable legislation.