1. Who We Are

FARIAS ("we," "us," or "our") is an experiential marketing agency with operations in New York, United States and São Paulo, Brazil. We are the data controller responsible for your personal data collected through this website.

For privacy inquiries, contact us at privacy@farias.co or by mail at: FARIAS, New York, NY, United States.

2. What We Collect

We collect only the information you voluntarily provide through our contact form:

• Name
• Email address
• Company name
• Message content

We do not use cookies, tracking pixels, analytics tools, or any other automated data collection technologies. We do not create user accounts or require login credentials.

3. Why We Collect It

We process your data solely to respond to your inquiry and communicate with you about our services.

Our legal bases for processing, depending on your jurisdiction:

• GDPR (EU/UK): Legitimate interests — responding to your business inquiry (Article 6(1)(f))
• LGPD (Brazil): Legitimate interests — responding to your inquiry (Article 7(IX))
• CCPA/CPRA (California): Notice provided at collection
• PIPEDA (Canada): Implied consent through form submission

If we wish to use your information for any purpose beyond responding to your inquiry, such as marketing communications, we will seek your explicit consent first.

4. Who We Share It With

Your data is processed through the following service providers:

• Google Sheets — secure storage of form submissions
• Gmail (via Google Workspace) — sending email notifications to our team
• Vercel — hosting our website and serverless contact form handler

We do not sell, rent, or share your personal information with third parties for advertising or marketing purposes. We do not share your data with data brokers or ad networks.

5. International Data Transfers

Your data is stored on Google's infrastructure in the United States and may be accessed by our team in New York and São Paulo.

We rely on the following safeguards for international transfers:

• Brazil to US: Standard Contractual Clauses as required by ANPD regulations
• EU/UK to US: EU-US Data Privacy Framework and Standard Contractual Clauses
• Other jurisdictions: Contractual safeguards ensuring equivalent data protection

6. How Long We Keep It

We retain contact form submissions for up to 24 months from your last communication with us. After this period, your data is permanently deleted. If you request deletion sooner, we will honor that request promptly.

7. Your Rights

Depending on your location, you have some or all of the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate or incomplete data
• Deletion — request that we erase your personal data
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interests
• Restrict processing — request that we limit how we use your data
• Withdraw consent — where processing is based on consent, withdraw it at any time
• Information about sharing — request details about third parties who received your data
• Lodge a complaint — file a complaint with your local data protection authority

Relevant supervisory authorities include:

• Brazil: Autoridade Nacional de Proteção de Dados (ANPD)
• EU: Your local Data Protection Authority (e.g., CNIL in France, ICO in the UK)
• California: California Attorney General
• Canada: Office of the Privacy Commissioner (OPC)
• South Africa: Information Regulator

To exercise any of these rights, contact us at privacy@farias.co. We will respond within 30 days, or sooner where required by applicable law.

8. Security

We protect your data using HTTPS encryption for all website traffic, serverless architecture with no persistent server storage, and Google's enterprise-grade infrastructure security. No personal data is stored on local devices or unencrypted systems.

9. Do Not Sell or Share

We do not sell or share your personal information as defined under the California Consumer Privacy Act (CCPA/CPRA). We honor Global Privacy Control (GPC) signals received from your browser.

10. Children

This website is not directed at children under 16 years of age. We do not knowingly collect personal information from children. If you believe a child has submitted information through our contact form, please contact us and we will promptly delete it.

11. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

12. Contact Us

For any questions about this privacy policy or to exercise your data rights, contact us at:

Email: privacy@farias.co

FARIAS
New York, NY
United States