Privacy Policy

1. Introduction

This Policy describes how NicePayer processes personal data in compliance with the General Data Protection Law (Law No. 13,709/2018 – LGPD, Brazil) and Regulation (EU) 2016/679 – GDPR, applicable in Portugal and the European Economic Area. It applies to the website, contact and lead capture forms, WhatsApp requests, online scheduling, embedded third-party content, and payment flows that we may provide, including SIBS integrations.

NicePayer acts as controller when it determines the purposes and means of processing. In specific business projects, it may also act as processor or subcontractor, as defined in the contract.

1.1. Key Definitions

• Personal Data any information relating to an identified or identifiable natural person.

• Processing any operation involving personal data, such as collection, storage, use, consultation, sharing, anonymization, and deletion.

• Controller the entity that determines the purposes and means of processing.

• Processor the entity that processes data on behalf of the controller.

• Cookies files stored in the browser that enable functionalities, analytics, and marketing.

2. What data we collect

We collect only data that is adequate, relevant, and limited to what is necessary to provide services, respond to contacts, operate the website securely, and measure its use.

2.1. Information provided by you

• Identification and contact data sent through forms, commercial requests, andWhatsApp messages, including name, email, phone, and company.

• Booking data in Microsoft Bookings, such as name, email, company, selected time, and any additional information you include in the request.

• Contractual, billing, and service execution data when there is a proposal,contract, onboarding, analysis, consultancy, or support.

• When a payment flow is made available, we may receive from SIBS or other payment providers minimum transactional data, such as payment status, reference, amount, date, operation identifier, and anti-fraud elements required for validation.

2.2. Automatic collection and measurement

We use two distinct measurement layers. The first is our own audience measurement with self-hosted Matomo, hosted on our infrastructure, which works without tracking cookies before consent and with anonymized IP. The second includes optional third-party cookies and scripts, such as Google Analytics 4, Meta Pixel, LinkedIn Insight Tag, Mautic, Chatwoot, and embedded content, which remain blocked until you give consent.

2.3. Embedded content and external channels

Third-party videos and Microsoft Bookings remain blocked until consent. By clicking to load that content, you authorize communication with the respective provider and the possible creation of cookies or other identifiers by that provider.

2.4. Information from Other Sources

We may receive data from marketing partners, advertising platforms, payment providers such as SIBS, and communication or support providers when this is necessary to perform a requested service, validate a transaction, or measure campaigns for which consent exists.

3. Purposes of Processing

• Respond to contacts, handle commercial requests, manage leads, and provide requested demos, analyses, and services.

• Carry out pre-contractual steps, contracts, billing, collection, support, and administrative obligations related to the commercial relationship.

• Validate payments, prevent fraud, perform financial reconciliation, and record operations processed by providers such as SIBS.

• Maintain website security, prevent abuse, validate forms, and record technical evidence required for the operation.

• Measure audience, visit origin, navigation, and technical performance with self-hosted Matomo in our own statistics layer.

• Load optional cookies and integrations for analytics, automation, advertising, chat, and embedded content only after consent.

4. Legal Bases

LGPD (Brazil – art. 7): consent; performance of a contract and preliminary procedures; compliance with a legal obligation; regular exercise of rights; legitimate interest for security, abuse prevention, and strictly statistical first-party measurement.

GDPR (EU – art. 6): consent; pre-contractual steps and performance of a contract; compliance with a legal obligation; legitimate interests related to security, fraud prevention, proof of operation, and non-advertising first-party measurement.

As a general rule, we do not process special categories of data. If a clientor user shares that type of content in a contractual context, processingwill follow only the applicable instructions, the appropriate legal basis,and enhanced measures proportionate to the risk.

5. Cookies and Consent Management

Our consent banner distinguishes between our own statistics layer and optional third-party cookies. By clicking “Accept”, you authorize the loading of optional integrations and their respective cookies. By clicking “Reject”, we keep only strictly necessary cookies, embedded content blocking, and first-party Matomo measurement without tracking cookies.

Consent can be changed at any time. Revocation blocks new third-party loadsand attempts to remove first-party cookies and current-domain cookies thatwe can directly control.

5.1. Essential cookies currently used

• cms_consentimento first-party cookie required to remember your consent choice. When accepted,it may remain for up to 12 months; when rejected, it is kept for a shortperiod to avoid continuously showing the banner again.

• nicepayer legacy compatibility cookie, read only for migration and continuity ofconsent status in browsers that still have it.

• nicepayer_linguagem functional cookie used to remember the language manually chosen on the site.

• django_language legacy language cookie, kept only for compatibility with choices made before the language selector update.

• csrftoken Django security cookie, required to protect forms against forged requests.

• sessionid session cookie used when the requested flow depends on an active session orprotected functionality.

5.2. First-party measurement with Matomo

We use self-hosted Matomo on our own domain to measure page views,approximate geographic origin, traffic source, key interactions, and thesite's technical performance. Before consent, this measurement operateswithout tracking cookies, with anonymized IP, and for statistical purposesonly. After consent, Matomo may also use its own first-party cookies toimprove the distinction between visits and sessions.

When Matomo's cookie mode is active after consent, cookies such as_pk_id*, _pk_ses*, _pk_ref*, andequivalent technical identifiers from Matomo itself may be created. Thesecookies are used to distinguish visits, sessions, referrals, and recurrence,not for behavioral advertising.

If you prefer, you can object to Matomo measurement through the opt-outmechanism below. When activated, your browser signals that you do not wantto be included in this site's statistics.

5.3. Optional cookies and integrations loaded only with consent

• Google Analytics 4 may create cookies such as _ga, _gid, _gat, _gcl_au and equivalent identifiers of the type _ga_* for traffic and campaign measurement.

• Meta Pixel may create cookies such as _fbp and _fbc for campaign attribution and measurement.

• LinkedIn Insight Tag may create cookies such as li_gc, lidc, bcookie, bscookie, UserMatchHistory, AnalyticsSyncHistory and other identifiers from the LinkedIn ecosystem.

• Mautic may create cookies and identifiers such as mautic_device_id, mtc_id, mtc_sid and mautic_referer_id for automation and interaction history.

• Chatwoot may create cookies or equivalent keys such as cw_conversation, cw_client and cw_session for chat support continuity.

• Embedded Content such as Microsoft Bookings, YouTube, and Vimeo may create those providers’ own cookies when you authorize content loading.

5.4. Forms, voluntary requests, and cookies

Your consent for cookies does not prevent the processing of data you voluntarily send through a form, contact request, commercial request, WhatsApp, scheduling, or payment. In these cases, we process the data to respond to your request, carry out pre-contractual steps, provide the requested service, or validate the operation. This may include sending data to operational tools used by NicePayer, such as Mautic for lead management, Microsoft Bookings for scheduling, or SIBS for payment, always with the appropriate legal basis for that flow.

5.5. Cookies and Consent Management

The button below deletes the consent record, attempts to remove optional first-party cookies and optional cookies stored on the current domain, shows the banner again, and prevents new analytics, advertising, chat, and embedded content loads until new authorization.

Some third-party cookies may remain visible until they expire or are removed in browser settings, because they are stored on external domains and cannot be fully deleted by this site.

Revoke consent

6. Sharing Data with Third Parties

We share data only when necessary for the stated purpose, due to a legal obligation, or with your consent. Recipients may include infrastructure and hosting providers, scheduling services, automation and CRM, support, communications, analytics, advertising, embedded video, and payment providers such as SIBS, always under appropriate contracts and security measures.

When payment is processed by an external provider such as SIBS, that provider may act as an independent controller or as a service provider, depending on the operation architecture and the respective payment method rules.

7. International transfers

Some providers may process data outside your country. For the EU/Portugal, we use appropriate safeguards under GDPR (e.g., Standard Contractual Clauses). For Brazil, we comply with LGPD requirements for international transfers.

8. Security measures

We adopt technical and organizational measures proportionate to the risk, such as access control, environment segregation, encryption in transit, audit logs, permission reviews, retention policies, and operational monitoring. No measure is absolute, so we continuously assess and improve controls.

9. Retention Periods

We keep data for as long as necessary to fulfill the stated purposes and meet legal, tax, contractual, and rights-defense deadlines. Leads, commercial requests, contractual records, and payment evidence may be retained for the period required for operation and legal compliance. In Matomo, we apply automatic retention to limit the storage of detailed logs and aggregated reports. After the applicable period, data is securely deleted or anonymized.

10. Your rights

LGPD (Brazil): confirmation of processing, access, correction, anonymization, blocking, deletion, portability, information on sharing, revocation of consent, and review of automated decisions.

GDPR (EU/Portugal): access, rectification, erasure, restriction, portability, objection, and withdrawal of consent; right to lodge a complaint with the supervisory authority.

11. Privacy of children and teenagers

Our services are not intended for minors. If you believe we have collected data from a minor without proper authorization, please contact us for removal.

12. Terms and Conditions

This Privacy Policy must be read together with our Terms and Conditions. Use of the site and services

13. Changes to this Policy

We may update this Policy to reflect legal, technical, contractual, or operational changes, including changes to cookie, analytics, payment, and support integrations. The “Last updated” date indicates the version in force.

14. How to contact us

• Brazil: Av. Paulista, 1636 – Conj. 4 Pavimento 15 – Bela Vista – São Paulo/SP – CEP 01310-200. WhatsApp: +55 11 94571-0882. Email: falecom@wanzeller.com

• Portugal: Rua Engenheiro João Branco, no. 87 - District: Viana do Castelo — Municipality: Viana do Castelo — Parish: Santa Maria Maior e Monserrate e Meadela. Phone: +351 258 093 697 (toll landline call). E-mail: falecom@wanzeller.com

15. Business identification

Brazil: WENDERSION F. WANZELLER LTDA – CNPJ 44.728.577/0001-90 – Address as above.

Portugal: Wanzeller, Unipessoal Lda – NIPC 514873078 – address as stated above.