Privacy Policy

Effective date: April 13, 2026  |  Version 1.0

This Privacy Policy describes how Brilla Consulting Group ("Brilla," "we," "our," or "us") collects, uses, and protects personal information when you visit brilla-group.com or engage with our services. We are committed to handling your data with transparency and in accordance with applicable privacy regulations, including the EU General Data Protection Regulation (GDPR) and Brazil's Lei Geral de Protecao de Dados (LGPD).

1. Data Controller

The data controller responsible for your personal information is:

2. Information We Collect

We collect information you provide directly and data generated by your use of this website:

• Contact and inquiry data: name, email address, company name, and message content submitted via contact forms or direct email.
• Client data: billing details, delivery preferences, and correspondence related to report or study purchases.
• Usage data: pages visited, time on site, referral source, and browser/device type, collected through analytics tools (aggregated and anonymized where possible).
• Communication records: emails and messages exchanged with our team.

We do not collect sensitive personal data (such as health, financial account, or biometric data) through this website.

3. How We Use Your Information

We use the information collected for the following purposes:

• Responding to inquiries and providing requested reports, dashboards, or strategic studies.
• Processing and fulfilling report orders and invoices.
• Sending updates about new Brilla reports, methodologies, or events when you have opted in.
• Improving website usability and content based on aggregated usage patterns.
• Complying with legal and regulatory obligations.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we rely on the following legal bases:

• Contract performance: processing necessary to deliver purchased reports and services.
• Legitimate interests: responding to inquiries, maintaining business records, and improving our services.
• Consent: sending marketing communications — you may withdraw consent at any time.
• Legal obligation: retaining financial records as required by applicable accounting law.

5. Data Retention

• Inquiry and contact data: retained for 36 months from last contact, then securely deleted.
• Client and transaction data: retained for 7 years from the invoice date to meet accounting and tax obligations.
• Marketing consent records: retained for the duration of the relationship plus 12 months after unsubscription.

6. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information. We may share data only in the following circumstances:

• With service providers who assist in delivering our services (e.g., email platforms, payment processors), bound by data processing agreements.
• When required by law, court order, or regulatory authority.
• With your explicit consent for any purpose not described here.

All third-party processors are required to maintain appropriate security safeguards and may not use your data for their own purposes.

7. International Data Transfers

Brilla operates with clients and team members across Latin America, Europe, and North America. Where personal data is transferred outside your home jurisdiction, we apply appropriate safeguards — including standard contractual clauses approved by the European Commission or equivalent protections — to ensure your data receives an adequate level of protection.

8. Cookies and Tracking

This website uses minimal cookies. Strictly necessary cookies support basic site functionality. We do not currently deploy third-party advertising or behavioral tracking cookies. If analytics tools are used, data is processed in aggregate form. You may configure cookie preferences through your browser settings.

9. Your Rights

Depending on your location and applicable law, you may have the right to:

• Access: request a copy of personal data we hold about you.
• Rectification: request correction of inaccurate or incomplete data.
• Erasure: request deletion of your data where there is no overriding legal ground for retention.
• Restriction: request that we limit processing in certain circumstances.
• Portability: receive your data in a structured, machine-readable format.
• Objection: object to processing based on legitimate interests.
• Withdraw consent: at any time for consent-based processing, without affecting prior lawful processing.

To exercise any of these rights, contact us at staff@brilla-group.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

10. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. These include encrypted transmission (HTTPS), access controls, and secure handling procedures for client deliverables. In the event of a data breach that is likely to result in a risk to your rights, we will notify affected individuals and relevant authorities as required by law.

11. Children's Privacy

Our services are directed exclusively at business professionals and are not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. The effective date at the top of this page indicates the most recent revision. For material changes, we will notify active clients by email prior to the change taking effect.

13. Contact

For questions, requests, or concerns about this Privacy Policy or our data practices, please contact: