LGPD - General Data Protection Law

Last update: January 2026

Cargolys is in full compliance with the General Data Protection Law (Law No. 13,709/2018). This document describes how we process your personal data in accordance with Brazilian legislation.

Data Protection Officer (DPO): For LGPD-related questions, contact us by email contact@cargolys.com

1. Legal Bases for Processing

We process your personal data based on the following legal hypotheses provided for in the LGPD:

  • Contract execution: to provide our fleet management services.
  • Consent: for marketing communications and optional features.
  • Legitimate interest: to improve our services and ensure security.
  • Legal obligation compliance: to meet regulatory requirements.

2. Your Rights as Data Subject

According to the LGPD, you have the following rights:

  • Confirmation and access: confirm the existence of processing and access your data.
  • Correction: request correction of incomplete, inaccurate or outdated data.
  • Anonymization, blocking or deletion: of unnecessary data or data processed in non-compliance.
  • Portability: request data portability to another provider.
  • Deletion: request deletion of data processed with consent.
  • Information: be informed about data sharing.
  • Revocation: revoke consent at any time.
  • Opposition: oppose processing in case of LGPD non-compliance.

3. How to Exercise Your Rights

To exercise any of the above rights, you can:

  • Send an email to contact@cargolys.com with the subject "LGPD Request".
  • Clearly describe which right you wish to exercise.
  • Provide information to confirm your identity.

We will respond to your request within 15 business days, as required by law.

4. Security and Technical Measures

We adopt technical and administrative security measures to protect your data:

  • End-to-end encryption.
  • Role-based access control.
  • Periodic security audits.
  • Employee training on data protection.
  • Security incident response plan.

5. International Transfer

Your data may be processed on servers located outside Brazil. In these cases, we ensure that the transfer occurs to countries with an adequate level of protection or through specific contractual clauses.

6. Data Retention

We keep your personal data for the period necessary to:

  • Fulfill the purposes for which they were collected.
  • Meet legal and regulatory obligations.
  • Exercise rights in judicial or administrative proceedings.

7. Security Incidents

In case of a security incident that may cause risk or relevant damage to data subjects, we will communicate to the National Data Protection Authority (ANPD) and the affected data subjects, as required by the LGPD.

8. Updates

This policy may be updated to reflect changes in our practices or in legislation. We recommend periodic review of this document.