CORPORATE DATA PROTECTION POLICY
1. Introduction and Purpose
SpeedSellX Tecnologia em Pagamentos LTDA (“SpeedSellX,” “we,” or “our”) establishes this Data Protection Policy to formally define how we collect, use, store, share, and protect personal, financial, and commercial data in the course of our operations as a Merchant of Record in a global marketplace for digital and nutraceutical products.
This policy applies to all users, sellers, affiliates, buyers, service providers, and employees who interact with SpeedSellX.
2. Legal Basis and Compliance
SpeedSellX processes data in compliance with:
● General Data Protection Law (LGPD – Law No. 13,709/2018) – Brazil
● General Data Protection Regulation (GDPR – EU Regulation 2016/679) – European Union
● California Consumer Privacy Act (CCPA) – United States
● PPayment Card Industry Data Security Standard (PCI DSS) Level 1 – card data security
● Rules from financial partners and regulatory authorities in the countries where we operate.
3. Data Collected (Mandatory Registration)
To operate on the SpeedSellX platform, registration requires mandatory collection and verification of the following data:
3.1 Personal or Business Data
● Full name or company name.
● Valid identification document: CPF, CNPJ, EIN, or equivalent in other countries.
● Full address with proof of residence.
● Contact email and phone number.
3.2 Mandatory Verification Documents
● Copy of official photo ID (e.g., RG, driver’s license, or passport).
● Selfie or biometric video for identity verification.
● For companies: articles of incorporation, certificate of formation, or equivalent document.
3.3 Transaction and Payment Data
● Sales/purchase history.
● Amounts, dates, and payment methods.
● Credit/debit card information (stored in tokenized form), bank account details, and other payment methods.
3.4 Additional Data for Risk and Compliance Analysis (when necessary)
● Bank statements.
● Due diligence questionnaires.
● Information obtained from public and private databases for integrity verification.
4. Purpose of Data Processing
Collected data are used to:
● Process payments and fulfill contractual obligations.
● Perform identity verification and fraud prevention.
● Comply with legal, regulatory, and tax requirements.
● Manage relationships with sellers, affiliates, and buyers.
● Conduct risk analyses and compliance investigations.
5. Information Security
SpeedSellX holds PCI DSS Level 1 certification and adopts robust security measures including:
● Encryption of data in transit and at rest.
● Role-Based Access Control (RBAC).
● Continuous monitoring and incident detection systems.
● Network segmentation for sensitive data.
● Periodic internal and external audits.
6. Cookie Policy
SpeedSellX uses cookies and similar technologies to enhance user experience, analyze traffic, and personalize content and ads. Users may configure their browser to refuse cookies, but this may affect platform functionality. Cookies are classified as:
● Essential: Necessary for basic site and account functionality.
● Analytical: Used to understand user behavior and improve services.
● Marketing: Used to deliver relevant advertisements.
7. Data Sharing
Data sharing occurs only when necessary and with authorized parties such as:
● Payment processors, anti-fraud, and acquiring partners.
● Logistics and operational partners related to product delivery.
● Regulatory or judicial authorities as required by law.
SpeedSellX does not sell personal data to third parties.
8. Data Retention and Disposal
Data are retained as long as necessary to fulfill legal, contractual, and regulatory obligations. After this period, data are deleted or anonymized unless otherwise required by law.
9. Data Subject Rights
Data subjects have the right to:
● Access and obtain copies of their data
● Request correction or update.
● Request deletion or anonymization, when applicable.
● Request data portability.
● Revoke consent.
Requests should be sent to dpo@speedsellx.com
10. International Data Transfers
As a global operator, data may be transferred to other countries, always ensuring the protection level is equivalent to that required by applicable law, using standard contractual clauses and technical security measures.
11. Sanctions for Non-Compliance
Failure to comply with this policy by employees, partners, or suppliers may result in disciplinary actions, contract termination, and civil or criminal liability.
12. Policy Review
This policy will be reviewed annually or whenever there are relevant changes in legislation, operations, or SpeedSellX’s infrastructure.
CORPORATE DATA PROTECTION POLICY
1. Introduction and Purpose
SpeedSellX Tecnologia em Pagamentos LTDA (“SpeedSellX,” “we,” or “our”) establishes this Data Protection Policy to formally define how we collect, use, store, share, and protect personal, financial, and commercial data in the course of our operations as a Merchant of Record in a global marketplace for digital and nutraceutical products.
This policy applies to all users, sellers, affiliates, buyers, service providers, and employees who interact with SpeedSellX.
2. Legal Basis and Compliance
SpeedSellX processes data in compliance with:
● General Data Protection Law (LGPD – Law No. 13,709/2018) – Brazil
● General Data Protection Regulation (GDPR – EU Regulation 2016/679) – European Union
● California Consumer Privacy Act (CCPA) – United States
● PPayment Card Industry Data Security Standard (PCI DSS) Level 1 – card data security
● Rules from financial partners and regulatory authorities in the countries where we operate.
3. Data Collected (Mandatory Registration)
To operate on the SpeedSellX platform, registration requires mandatory collection and verification of the following data:
3.1 Personal or Business Data
● Full name or company name.
● Valid identification document: CPF, CNPJ, EIN, or equivalent in other countries.
● Full address with proof of residence.
● Contact email and phone number.
3.2 Mandatory Verification Documents
● Copy of official photo ID (e.g., RG, driver’s license, or passport).
● Selfie or biometric video for identity verification.
● For companies: articles of incorporation, certificate of formation, or equivalent document.
3.3 Transaction and Payment Data
● Sales/purchase history.
● Amounts, dates, and payment methods.
● Credit/debit card information (stored in tokenized form), bank account details, and other payment methods.
3.4 Additional Data for Risk and Compliance Analysis (when necessary)
● Bank statements.
● Due diligence questionnaires.
● Information obtained from public and private databases for integrity verification.
4. Purpose of Data Processing
Collected data are used to:
● Process payments and fulfill contractual obligations.
● Perform identity verification and fraud prevention.
● Comply with legal, regulatory, and tax requirements.
● Manage relationships with sellers, affiliates, and buyers.
● Conduct risk analyses and compliance investigations.
5. Information Security
SpeedSellX holds PCI DSS Level 1 certification and adopts robust security measures including:
● Encryption of data in transit and at rest.
● Role-Based Access Control (RBAC).
● Continuous monitoring and incident detection systems.
● Network segmentation for sensitive data.
● Periodic internal and external audits.
6. Cookie Policy
SpeedSellX uses cookies and similar technologies to enhance user experience, analyze traffic, and personalize content and ads. Users may configure their browser to refuse cookies, but this may affect platform functionality. Cookies are classified as:
● Essential: Necessary for basic site and account functionality.
● Analytical: Used to understand user behavior and improve services.
● Marketing: Used to deliver relevant advertisements.
7. Data Sharing
Data sharing occurs only when necessary and with authorized parties such as:
● Payment processors, anti-fraud, and acquiring partners.
● Logistics and operational partners related to product delivery.
● Regulatory or judicial authorities as required by law.
SpeedSellX does not sell personal data to third parties.
8. Data Retention and Disposal
Data are retained as long as necessary to fulfill legal, contractual, and regulatory obligations. After this period, data are deleted or anonymized unless otherwise required by law.
9. Data Subject Rights
Data subjects have the right to:
● Access and obtain copies of their data
● Request correction or update.
● Request deletion or anonymization, when applicable.
● Request data portability.
● Revoke consent.
Requests should be sent to dpo@speedsellx.com
10. International Data Transfers
As a global operator, data may be transferred to other countries, always ensuring the protection level is equivalent to that required by applicable law, using standard contractual clauses and technical security measures.
11. Sanctions for Non-Compliance
Failure to comply with this policy by employees, partners, or suppliers may result in disciplinary actions, contract termination, and civil or criminal liability.
12. Policy Review
This policy will be reviewed annually or whenever there are relevant changes in legislation, operations, or SpeedSellX’s infrastructure.
CORPORATE DATA PROTECTION POLICY
1. Introduction and Purpose
SpeedSellX Tecnologia em Pagamentos LTDA (“SpeedSellX,” “we,” or “our”) establishes this Data Protection Policy to formally define how we collect, use, store, share, and protect personal, financial, and commercial data in the course of our operations as a Merchant of Record in a global marketplace for digital and nutraceutical products.
This policy applies to all users, sellers, affiliates, buyers, service providers, and employees who interact with SpeedSellX.
2. Legal Basis and Compliance
SpeedSellX processes data in compliance with:
● General Data Protection Law (LGPD – Law No. 13,709/2018) – Brazil
● General Data Protection Regulation (GDPR – EU Regulation 2016/679) – European Union
● California Consumer Privacy Act (CCPA) – United States
● PPayment Card Industry Data Security Standard (PCI DSS) Level 1 – card data security
● Rules from financial partners and regulatory authorities in the countries where we operate.
3. Data Collected (Mandatory Registration)
To operate on the SpeedSellX platform, registration requires mandatory collection and verification of the following data:
3.1 Personal or Business Data
● Full name or company name.
● Valid identification document: CPF, CNPJ, EIN, or equivalent in other countries.
● Full address with proof of residence.
● Contact email and phone number.
3.2 Mandatory Verification Documents
● Copy of official photo ID (e.g., RG, driver’s license, or passport).
● Selfie or biometric video for identity verification.
● For companies: articles of incorporation, certificate of formation, or equivalent document.
3.3 Transaction and Payment Data
● Sales/purchase history.
● Amounts, dates, and payment methods.
● Credit/debit card information (stored in tokenized form), bank account details, and other payment methods.
3.4 Additional Data for Risk and Compliance Analysis (when necessary)
● Bank statements.
● Due diligence questionnaires.
● Information obtained from public and private databases for integrity verification.
4. Purpose of Data Processing
Collected data are used to:
● Process payments and fulfill contractual obligations.
● Perform identity verification and fraud prevention.
● Comply with legal, regulatory, and tax requirements.
● Manage relationships with sellers, affiliates, and buyers.
● Conduct risk analyses and compliance investigations.
5. Information Security
SpeedSellX holds PCI DSS Level 1 certification and adopts robust security measures including:
● Encryption of data in transit and at rest.
● Role-Based Access Control (RBAC).
● Continuous monitoring and incident detection systems.
● Network segmentation for sensitive data.
● Periodic internal and external audits.
6. Cookie Policy
SpeedSellX uses cookies and similar technologies to enhance user experience, analyze traffic, and personalize content and ads. Users may configure their browser to refuse cookies, but this may affect platform functionality. Cookies are classified as:
● Essential: Necessary for basic site and account functionality.
● Analytical: Used to understand user behavior and improve services.
● Marketing: Used to deliver relevant advertisements.
7. Data Sharing
Data sharing occurs only when necessary and with authorized parties such as:
● Payment processors, anti-fraud, and acquiring partners.
● Logistics and operational partners related to product delivery.
● Regulatory or judicial authorities as required by law.
SpeedSellX does not sell personal data to third parties.
8. Data Retention and Disposal
Data are retained as long as necessary to fulfill legal, contractual, and regulatory obligations. After this period, data are deleted or anonymized unless otherwise required by law.
9. Data Subject Rights
Data subjects have the right to:
● Access and obtain copies of their data
● Request correction or update.
● Request deletion or anonymization, when applicable.
● Request data portability.
● Revoke consent.
Requests should be sent to dpo@speedsellx.com
10. International Data Transfers
As a global operator, data may be transferred to other countries, always ensuring the protection level is equivalent to that required by applicable law, using standard contractual clauses and technical security measures.
11. Sanctions for Non-Compliance
Failure to comply with this policy by employees, partners, or suppliers may result in disciplinary actions, contract termination, and civil or criminal liability.
12. Policy Review
This policy will be reviewed annually or whenever there are relevant changes in legislation, operations, or SpeedSellX’s infrastructure.