Privacy Policy

Effective Date: January 10, 2025
Last Updated: January 10, 2025

1. Introduction

Sigma Business Intelligence ("we", "us", "our", "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or engage with our business intelligence and data science solutions.

2. Information We Collect

2.1 Personal Information

We may collect personal information that you voluntarily provide, including:

Contact Information:

• Name and title
• Email address
• Phone number
• Company name and address
• Professional background

Business Information:

• Industry and company size
• Business requirements and objectives
• Project specifications
• Financial and operational data (for consulting services)

Technical Information:

• IP address and location data
• Browser type and version
• Device information
• Website usage patterns
• Dashboard and platform interactions

2.2 Automatically Collected Information

• Cookies and Tracking: Website analytics, user preferences
• Server Logs: Access times, pages viewed, referring sites
• Platform Usage: Dashboard interactions, feature utilization

2.3 Client Data

When providing services, we may process:

• Business data and analytics
• Financial information (for CFO services)
• Operational metrics and KPIs
• Employee and customer data (anonymized when possible)

3. How We Use Your Information

3.1 Service Delivery

• Provide business intelligence and data science consulting
• Develop and maintain dashboards and analytics platforms
• Deliver financial and operational insights
• Provide customer support and technical assistance

3.2 Business Operations

• Communicate about services and projects
• Process payments and manage contracts
• Improve our services and develop new solutions
• Conduct market research and analysis

3.3 Legal and Compliance

• Comply with legal obligations
• Protect against fraud and security threats
• Enforce our terms and agreements
• Respond to legal requests and investigations

4. Information Sharing and Disclosure

4.1 We Do Not Sell Personal Information

We never sell, rent, or trade personal information to third parties for marketing purposes.

4.2 Limited Sharing

We may share information only in these circumstances:

Service Providers:

• Cloud hosting providers (AWS, Azure, Google Cloud)
• Analytics and monitoring tools
• Payment processors
• Professional service providers (legal, accounting)

Legal Requirements:

• Comply with court orders or legal processes
• Protect our rights and property
• Investigate fraud or security issues
• Respond to government requests

Business Transfers:

• In case of merger, acquisition, or asset sale (with privacy protections)

4.3 Data Processing Agreements

All third-party processors sign data processing agreements ensuring appropriate protection of your information.

5. Data Security

5.1 Security Measures

We implement industry-standard security measures:

Technical Safeguards:

• Encryption in transit and at rest (AES-256)
• Multi-factor authentication
• Regular security audits and penetration testing
• Secure cloud infrastructure with SOC 2 compliance

Administrative Safeguards:

• Staff training on data protection
• Access controls and principle of least privilege
• Regular security policy updates
• Incident response procedures

Physical Safeguards:

• Secure data centers with restricted access
• Environmental controls and monitoring
• Backup and disaster recovery procedures

5.2 Data Breach Response

In case of a security incident:

• We will investigate and contain the breach immediately
• Affected individuals will be notified within 72 hours
• Regulatory authorities will be notified as required
• We will provide credit monitoring if sensitive data is involved

6. Data Retention

6.1 Retention Periods

• Client project data: Retained for 7 years post-project completion
• Contact information: Retained while business relationship exists + 3 years
• Website analytics: Retained for 2 years
• Financial records: Retained per legal requirements (typically 7 years)

6.2 Secure Deletion

When retention periods expire, data is securely deleted using industry-standard methods.

7. Your Privacy Rights

7.1 General Rights

You have the right to:

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal information
• Portability: Receive your data in a machine-readable format
• Objection: Object to certain processing activities

7.2 GDPR Rights (EU Residents)

Under GDPR, you additionally have:

• Right to restrict processing
• Right to data portability
• Right not to be subject to automated decision-making
• Right to lodge a complaint with supervisory authorities

7.3 CCPA Rights (California Residents)

Under CCPA, you have:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of sale (we don't sell data)
• Right to non-discrimination for exercising privacy rights

7.4 Exercising Your Rights

To exercise your rights:

• Email: privacy@sigmabusinessint.com
• Phone: +1 (561) 726-0051
• Written request to our business address

We will respond within 30 days (or as required by applicable law).

8. International Data Transfers

8.1 Cross-Border Transfers

We operate in multiple jurisdictions (US, EU, Portugal). Data may be transferred between:

• Our offices in different countries
• Cloud providers with global infrastructure
• Service providers in various locations

8.2 Transfer Safeguards

We ensure appropriate safeguards for international transfers:

• EU-US: Standard Contractual Clauses (SCCs)
• Adequacy decisions: Where available
• Binding Corporate Rules: For internal transfers
• Certification schemes: When applicable

9. Cookies and Tracking

9.1 Cookie Types

We use:

• Essential cookies: Required for website functionality
• Analytics cookies: To understand website usage (Google Analytics)
• Preference cookies: To remember your settings
• Marketing cookies: For relevant advertising (with consent)

9.2 Cookie Management

You can control cookies through:

• Browser settings
• Our cookie banner preferences
• Opt-out tools for analytics and advertising

9.3 Do Not Track

We respect Do Not Track signals where technically feasible.

10. Children's Privacy

We do not knowingly collect information from children under 16. If we discover we have collected such information, we will delete it immediately.

11. Third-Party Links

Our website may contain links to third-party sites. We are not responsible for their privacy practices. Please review their privacy policies.

12. AI and Automated Processing

12.1 AI Usage

We use artificial intelligence and machine learning for:

• Data analysis and insights generation
• Business intelligence automation
• Predictive analytics
• Customer service chatbots

12.2 Automated Decision-Making

• We may use automated processes for routine data analysis
• Significant decisions always involve human review
• You can request human intervention for automated decisions affecting you

13. Data Controller and Processor Roles

13.1 When We Are Data Controller

For our own business operations (marketing, sales, HR), we act as data controller.

13.2 When We Are Data Processor

For client consulting projects, we typically act as data processor under client instructions.

14. Privacy by Design

We implement privacy by design principles:

• Proactive measures: Privacy built into systems from the start
• Default settings: Highest privacy settings as default
• Data minimization: Collect only necessary information
• Transparency: Clear information about processing
• User control: Tools to manage privacy preferences

15. Contact Our Data Protection Officer

Data Protection Officer:
Paulo Loureiro Campos
Email: dpo@sigmabusinessint.com
Phone: +1 (561) 726-0051

EU Representative:
Available upon request for EU-related inquiries

16. Regulatory Compliance

We comply with:

• GDPR (General Data Protection Regulation)
• CCPA (California Consumer Privacy Act)
• PIPEDA (Canada)
• LGPD (Brazil)
• Industry-specific regulations (HIPAA, SOX, etc.)

17. Updates to This Policy

17.1 Policy Changes

We may update this Privacy Policy to reflect:

• Changes in our services
• Legal or regulatory requirements
• Industry best practices

17.2 Notification

We will notify you of material changes:

• Email notification to registered users
• Prominent notice on our website
• 30 days advance notice for significant changes

17.3 Continued Use

Continued use of our services after policy updates constitutes acceptance of the new terms.

18. Supervisory Authorities

You may contact relevant supervisory authorities:

EU/Portugal:
Comissão Nacional de Proteção de Dados (CNPD)
Website: cnpd.pt

California:
California Attorney General
Website: oag.ca.gov

Other jurisdictions: Contact your local data protection authority

19. Complaints and Disputes

If you have privacy concerns:

1. Contact us directly first
2. Contact our Data Protection Officer
3. File a complaint with supervisory authorities
4. Seek legal remedies if necessary

20. Acknowledgment

By using our services, you acknowledge that you have read and understood this Privacy Policy and consent to the processing described herein.

Contact Information:

Sigma Business Intelligence
Privacy Team
Email: privacy@sigmabusinessint.com
Phone: +1 (561) 726-0051
Florida, United States

For EU-specific inquiries:
Email: eu-privacy@sigmabusinessint.com

This Privacy Policy is effective as of the date above and supersedes all prior privacy statements.