Privacy Policy

The data controller responsible for your personal data is:

We also maintain operations in Brazil through our Curitiba office (R. Vol. da Pátria, 475 – Sala 1212 – Centro, Curitiba, PR), acting as co-controller or operator depending on the processing activity under LGPD.

We collect only the minimum data necessary for the purposes described in this policy. The categories we may process include:

We do not process sensitive/special-category data (health, race, religion, biometric data, etc.) and ask that you do not submit it through our website.

• Directly from you when you fill in a contact or application form on our website
• Through cookies and similar tracking technologies when you browse our website
• From publicly available sources such as LinkedIn or business directories, in the context of B2B outreach
• From our clients or partners where they share contact details as part of a project engagement
• Through our recruitment processes and job-application portals

We process your personal data on one or more of the following lawful grounds:

• To respond to enquiries and provide the services you have requested
• To evaluate job applications and manage our recruitment pipeline
• To improve our website content, user experience and performance
• To send you relevant service updates or thought-leadership content (only with your consent)
• To comply with legal obligations including tax, accounting and regulatory requirements
• To detect and prevent fraud, abuse or security incidents
• To manage our contractual relationships with clients and partners

We do not sell, rent or trade your personal data. We may share data with:

As a company with offices in Spain (EU) and Brazil, and clients across 25+ countries, your data may be transferred to and processed in countries outside the European Economic Area (EEA) or Brazil. We ensure adequate safeguards are in place for all such transfers, including:

• European Commission adequacy decisions (where applicable)
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding Corporate Rules (BCRs) or equivalent mechanisms under LGPD
• Your explicit consent, where required and appropriate

Brazil is recognised as having an adequate level of protection by relevant EU authorities in the context of our operations. For transfers to other third countries, appropriate safeguards are applied on a case-by-case basis.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Contact form enquiries: up to 24 months from last interaction, unless a commercial relationship develops
• Client data: for the duration of the contract plus 7 years for accounting/tax records (as required under Spanish law)
• Job applications: 12 months if unsuccessful, unless you consent to retention for future roles
• Website analytics data: 26 months (anonymised after 14 months)
• Marketing consent records: until consent is withdrawn, plus 3 years for audit purposes

After the applicable retention period, data is securely deleted or anonymised.

Our website uses cookies and similar technologies to operate, improve and analyse your experience. Types include:

You can manage your cookie preferences at any time via our cookie consent panel or your browser settings. Note that disabling certain cookies may affect website functionality.

Depending on your jurisdiction, you have the following rights regarding your personal data. We respond to all legitimate requests within 30 days (GDPR / LGPD standard).

To exercise any of the above rights, contact us at info@meisters.solutions. We may need to verify your identity before processing your request.

We implement appropriate technical and organisational security measures to protect your personal data against accidental loss, unauthorised access, alteration or disclosure. These include:

• Encryption of data in transit (TLS/HTTPS) and at rest
• Role-based access controls with principle of least privilege
• Regular security assessments and penetration testing
• Staff training on data protection and information security
• Incident response procedures and breach notification protocols (72-hour GDPR deadline)

Our website and services are directed exclusively at businesses and professionals. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has provided us with personal data, please contact us immediately at info@meisters.solutions so we can delete it promptly.

Our website may contain links to third-party websites, plug-ins and applications (including LinkedIn, partner portals, and client platforms). Clicking on those links may allow third parties to collect or share data about you. We do not control those websites and are not responsible for their privacy statements. We encourage you to read the privacy policy of every website you visit.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our website following any update constitutes acceptance of the revised policy.

For any questions, concerns or requests relating to this Privacy Policy or the processing of your personal data, please contact:

You also have the right to lodge a complaint with the relevant supervisory authority in your country. In Spain: Agencia Española de Protección de Datos (AEPD). In Brazil: Autoridade Nacional de Proteção de Dados (ANPD).