HD Doctor Logo
Back to home
HD Doctor Legal

Privacy & Information Security Policy

HD Doctor Brazil — HD Doctor Group. Compliant with the Brazilian General Data Protection Law (LGPD — Law nº 13.709/2018).

Última atualização: December 2025Download PDF version

1. Introduction

HD Doctor is a company specialized in data recovery and cyber incident response. This Policy sets the guidelines and best practices for personal data protection, privacy and information security that govern all internal operations and relationships with clients, partners and suppliers. It is compliant with the Brazilian General Data Protection Law — LGPD (Law nº 13.709/2018).

HD Doctor is the Controller of the Data Subject's personal data and is responsible for ensuring processing is performed transparently, lawfully and securely. Contact details are in section 7.

2. Purpose

To ensure confidentiality and integrity of the information handled, especially sensitive and privileged client data, observing the principles of LGPD. It also protects HD Doctor's know-how, methodologies, technologies, trade secrets and other intellectual assets.

3. Scope

  • All employees, contractors, service providers and interns of HD Doctor.
  • All business partners, suppliers and clients that share personal data or use our systems, labs and platforms.
  • Any and all personal data, including sensitive data, processed by HD Doctor.
  • Any personal data processing performed on behalf of HD Doctor, regardless of medium or country.

4. Privacy Principles

  • Purpose: processing only for legitimate, specific, explicit purposes.
  • Adequacy: compatibility with the purposes communicated.
  • Necessity: processing limited to the minimum necessary.
  • Free access: easy, free consultation about form and duration of processing.
  • Quality: accuracy, clarity and up-to-date data.
  • Security: technical and administrative measures to protect data.
  • Prevention: actions to prevent processing-related damages.
  • Accountability: evidence of effective compliance measures.

5. Information Security Policy

5.1 Information Classification

  • Public: may be disclosed without restriction.
  • Internal: restricted to corporate environment.
  • Confidential: strategic data, contracts, trade secrets and know-how.
  • Sensitive: sensitive personal data as defined by LGPD.

5.2 Access Controls

  • Least-privilege principle.
  • Mandatory two-factor authentication (2FA) for remote access.
  • Automatic lock of idle sessions.
  • Periodic review of permissions.

5.3 Monitoring and Logging

  • All access is monitored and audited.
  • Logs retained for a minimum of 5 years or as legally/contractually required.

5.4 Backup and Continuity

  • Daily encrypted backups stored in distinct environments.
  • Regular restoration tests; contingency plan validated every six months.
  • Secure disposal of retired media and equipment.

5.5 Physical Environment

  • Physical access to labs controlled via biometrics or RFID badges.
  • 24/7 CCTV with minimum 90-day retention.
  • Access restricted to authorized personnel.

6. Data-Subject Rights

Under the LGPD, data subjects may at any time request:

  • Confirmation that their data is being processed.
  • Access to data.
  • Correction of incomplete, inaccurate or outdated data.
  • Anonymization, blocking or deletion of unnecessary data.
  • Portability, in accordance with ANPD rules.
  • Deletion of data processed with consent, except legal hold cases.
  • Information about entities with whom data is shared.
  • Information about the option to withhold consent and the consequences.
  • Revocation of consent.

7. Data Protection Officer (DPO)

Name: Juan Cuello
Email: [email protected]
Address: Rua Desembargador Jorge Fontana, nº 428, Suite 1201, Belvedere, Belo Horizonte/MG, Brazil, 30320-670

8. Data Sharing

HD Doctor does not sell personal data. Data may be shared with strategic suppliers under confidentiality agreements or with judicial/regulatory authorities upon legal request.

9. Training and Awareness

  • Mandatory periodic training on LGPD and information security.
  • Phishing simulations and incident response drills.

10. Data Retention

We retain personal data only for as long as strictly necessary. Data is kept while a relationship with the data subject exists or while a valid legal basis remains. After that, data is retained only for the contractual term and applicable statute of limitations, then securely and permanently deleted.

11. Know-How and Confidentiality

HD Doctor's technical, commercial, strategic and operational know-how — including methodologies, internal procedures, databases, client information, contracts, technologies and trade secrets — is classified as confidential and exclusive property. Its use, reproduction or disclosure is expressly forbidden without prior written authorization, including after the end of the contractual relationship.

12. Confidentiality

HD Doctor will use the information provided exclusively for service delivery or previously communicated purposes, maintaining strict confidentiality over all data accessed during service delivery.

13. Internal Penalties

Non-compliance triggers administrative and disciplinary sanctions, including warnings, suspension of access, disciplinary suspension, just-cause dismissal and reimbursement of damages, without prejudice to applicable judicial measures.