Regiões metropolitanas
+55 (11) 4020.2469
Outras regiões
+55 (11) 3777.8410

Your Data Safe

We protect your data and guarantee your privacy. Read the terms below.

Version 008 – March 2025

This Privacy Policy (“Policy”) seeks to provide transparency to you, the holder of personal data, about how data processing takes place at Skymail, clarifying how collection and storage are carried out, the purposes of processing and the legal hypotheses that legitimize it.

With nearly 10 years of experience, over one million users, and a high customer satisfaction rate, Skymail remains committed to intelligent, qualified, and ethical performance. Therefore, this Policy aims to strengthen the bond of trust with our customers, employees, and partners, as well as clarify details about the processing performed, always observing the provisions of the General Data Protection Law (LGPD), good governance practices, the guidelines of the National Data Protection Authority (ANPD), and a commitment to transparency, respecting the credibility invested in us.

Definition of agents and legal terms of processing

For a better understanding of this Policy, we will use the expressions below with the following meaning:

  1. Holder of personal data: Natural person to whom the personal data being processed refer;
  2. Data Controller: The person responsible for data processing decisions, such as determining which data, for what purpose, and how personal data will be processed. For example, Skymail acts as the data controller for our customers’ registration data for contractual, support, and billing purposes;
  3. Data Processor: The party processing personal data solely for the purpose previously authorized by the Controller and on its behalf. For example, Skymail acts as a data processor for customer data stored in our infrastructure through the various managed services we offer;
  4. Personal data: Information related to an identified or identifiable natural person, such as full name, CPF number, email, telephone number, among others;
  5. Sensitive personal data: Personal data with a greater discriminatory potential, such as racial or ethnic origin, religious belief, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, relating to health or sexual life, genetic or biometric data;
  6. Treatment: Any operation carried out with personal data, such as those relating to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or extraction;
  7. Data Protection Officer (DPO): Person appointed by Skymail who will act as a communication channel to meet internal demands and those of our customers regarding the processing of personal data, as well as those that may come from the National Data Protection Authority, which can be contacted via email: privacidade@skymail.com.br.

Data subjects processed by Skymail

Personal data is processed solely and exclusively for the purposes of performing the activities required to provide the contracted services. Therefore, the personal data processed is primarily owned by:

  • Customers and individuals who operate using Skymail solutions;
  • Potential customers;
  • Employees and their dependents;
  • Suppliers and Third Parties;
  • Skymail website visitors;
  • Interested parties should fill out the form in the communication channel for candidates in the “Work with Us” field on the website.

Skymail may process data of other data subjects, depending on the process it establishes, always prioritizing full compliance with the LGPD, especially regarding the rights of data subjects.

Rights of personal data holders

The following rights are established for data subjects, in accordance with article 18 of the General Personal Data Protection Law:

  • Confirm the existence of personal data processing and obtain, at any time, access to your data;
  • Correction of data that is incomplete, inaccurate or outdated;
  • Request the anonymization, blocking or deletion of unnecessary, excessive data or data processed in non-compliance with the General Data Protection Law;
  • Request information from public and private entities with which Skymail shared data;
  • Request the deletion of your collected and stored data, provided that the minimum legal period related to its storage has elapsed;
  • Port data to another service provider, upon your request;
  • In cases where Skymail requires your consent to collect data, you may request information about the possibility of refusing consent and the consequences thereof. If consent is granted, you may subsequently revoke your consent and request the deletion of your data.

Skymail solutions are designed for corporate use. If you use a product with an account provided by a company, your use of the products will be subject to your organization’s policies, and data control and management will be handled by the company to which you are affiliated.

Therefore, most questions and concerns about the protection of your data should be directed to your organization’s data controller or legal representative.

However, if you still have questions regarding the processing carried out by us or how you can exercise your rights, we recommend consulting our Data Subject Rights Guide, or contacting Skymail’s Data Protection Officer (DPO) by email: privacidade@skymail.com.br.

Legal basis

The General Personal Data Protection Law – LGPD (Law No. 13,709/2018), was created with the objective of guaranteeing the security of individuals’ personal data, avoiding processing for discriminatory purposes and purposes other than those initially informed, in addition to harmful and undue processing.

The LGPD presents some hypotheses in which data processing can occur, structuring guidelines and methods so that it occurs correctly, respecting the privacy of the data subjects.

Therefore, Skymail uses, in its operations, mainly the following legal hypotheses:

  • Consent (article 7, paragraph I, and article 14, paragraph 1);
  • Legal or regulatory obligation (item II of article 7);
  • Execution of contract (item V of article 7);
  • Regular exercise of rights in judicial, administrative or arbitration proceedings (item VI of article 7);
  • Legitimate interest (item IX of article 7).

Skymail will always process personal data with due legal basis, as well as full compliance with the determinations and principles established by law.

Personal data collection method

The following rights are established for data subjects, in accordance with article 18 of the General Personal Data Protection Law:

  • Confirm the existence of personal data processing and obtain, at any time, access to your data;
  • Request the correction of data that is incomplete, inaccurate or outdated;
  • Request the anonymization, blocking or deletion of unnecessary, excessive data or data processed in non-compliance with the General Data Protection Law;
  • Request information from public and private entities with which Skymail shared data;
  • Request the deletion of your collected and stored data, provided that the minimum legal period related to its storage has elapsed;
  • Port data to another service provider, upon your request;
  • In cases where Skymail requires your consent to collect data, you may request information about the possibility of refusing consent and the consequences thereof. If consent is granted, you may subsequently revoke your consent and request the deletion of your data.

Skymail solutions are designed for corporate use. If you use a product with an account provided by a company, your use of the products will be subject to your organization’s policies, and data control and management will be handled by the company to which you are affiliated.

Therefore, most questions and concerns about the protection of your data should be directed to your organization’s data controller or legal representative.

However, if you still have questions regarding the processing carried out by us or how you can exercise your rights, we recommend consulting our Data Subject Rights Guide, or contacting Skymail’s Data Protection Officer (DPO) by email: privacidade@skymail.com.br.

Legal basis

The General Personal Data Protection Law – LGPD (Law No. 13,709/2018), was created with the objective of guaranteeing the security of individuals’ personal data, avoiding processing for discriminatory purposes and purposes other than those initially informed, in addition to harmful and undue processing.

The LGPD presents some hypotheses in which data processing can occur, structuring guidelines and methods so that it occurs correctly, respecting the privacy of the data subjects.

Therefore, Skymail uses, in its operations, mainly the following legal hypotheses:

  • Consent (article 7, paragraph I, and article 14, paragraph 1);
  • Legal or regulatory obligation (item II of article 7);
  • Execution of contract (item V of article 7);
  • Regular exercise of rights in judicial, administrative or arbitration proceedings (item VI of article 7);
  • Legitimate interest (item IX of article 7).

Skymail will always process personal data with due legal basis, as well as full compliance with the determinations and principles established by law.

Personal data collection method

Valuing transparency and accountability, values ​​adopted by Skymail and guaranteed by privacy and personal data protection legislation, we clarify the means used to collect the processed personal data, namely:

  • Forms, registrations, contacts made via the Skymail call center or website;
  • Internal registration of employees, partners or third parties, for hiring or compliance with legislation;
  • Signing service provision contracts with suppliers or customers;
  • Customer service channels;
  • Access to customer infrastructure for technical support;
  • Mobile applications developed by Skymail.

Our personal data collection points follow information security standards, with technical and organizational measures capable of ensuring the privacy and protection of personal data, with only the information necessary for the established purpose being collected.

Purpose of personal data processing

The LGPD establishes that data processing must be carried out for specific, explicit, legitimate, and declared purposes, and only when strictly necessary to achieve the intended purpose. In this sense, Skymail highlights some of its purposes:

  • For the proper provision of the contracted service (Execution of Contract);
  • Guarantee of rights, including in judicial, arbitration or administrative proceedings;
  • To comply with legal obligations, that is, data that is required by authorities, such as the Federal Revenue Service, E-social, INSS, among others;
  • Management of personal documents of Skymail employees;
  • Protect information contained in processes and systems;
  • For hiring and managing employees and service providers;
  • For personalized communication with our customers and those interested in our service;
  • Account Registration;
  • Prevent and detect fraud and manage credit risks;
  • Inbound Marketing;

Data collected by Skymail

Valuing transparency in its relationship with data subjects, Skymail informs that, in order to fulfill the purposes indicated in this Policy, it collects personal data, such as the following:

Purpose Data collected Legal Basis
Formalization of contracts Name, signature. Execution of Contract
Service through the link https://conteudo.skymail.com.br/contato Name, company, email, telephone, state. Legitimate Interest
Online chat support Name, email, phone number. Legitimate Interest
Customer Helpdesk Name, email, phone. Contract Execution
Support via email, control panel, WhatsApp or RD Station Name, email, phone, position. Contract Execution
Customer acquisition through social networks Name, email, telephone, company name. Legitimate Interest
Skymail service marketing through landing pages Name, email, phone, company name. Consent
Satisfaction survey Name, email, telephone, company. Legitimate Interest
Activation of Skymail services Name, email, phone. Execution of Contract
Email marketing and newsletter Name, email, telephone. Legitimate interest
Sending images and searching for contacts in the Skymail Talk applicationImage, mobile device contact list, Consent

If you have any questions regarding the collection activities carried out by Skymail, you can contact the Data Controller (DPO) at: privacidade@skymail.com.br.

Storage of personal data

For Skymail, it is very important that personal data is stored for the period necessary to fulfill the purpose of processing, in safe and reliable locations, through systems and physical environments, which can only be accessed by authorized persons.

With this, Skymail seeks to ensure the application of information security principles and practices, aiming at strict and standardized security control measures, which may be required of partners, also taking care to implement a culture of privacy within the organization.

The data processed will remain stored in the company’s systems during the contractual relationship, according to the duration of the initial purpose or as a result of the period established by legal and/or regulatory obligation.

Use of cookies on the Skymail website

Cookies are small files that are inserted into the browser (Chrome, Mozilla Firefox, Microsoft Edge, etc.) or users’ devices that allow the activation of functionalities by collecting basic information about them or their devices.

Users may, at any time, change their permissions, block, or reject cookies, and configure them according to their preferences. However, it is important to note that revoking consent for certain cookies may prevent some website features from functioning properly.

In addition to the banner displayed on our web platform (www.skymail.com.br), users can manage cookie collection directly through their browser settings, in the “Cookie Management” area. Tutorials on this topic can be accessed directly from the links below:

Sharing of personal data

For economic activity and the provision of cloud solutions in the technology services sector, there may be a need to share personal data with some partners in third-party sectors, such as:

  • Information technology companies (Management Systems, Support and Applications);
  • Internal information management software, among others;
  • Marketing and communication companies;
  • Banking institutions;
  • Service providers and suppliers.

It’s worth noting that the LGPD allows for data sharing upon request by administrative or judicial authorities. Such requests will be duly analyzed by Skymail, which will verify the validity and legal basis of the request and ensure that the request meets all mandatory legal requirements.

It is important to note that Skymail only shares information in situations where it is strictly necessary and using contractual and technical guarantees appropriate for each situation.

Hiring suppliers/third parties

Suppliers or third parties that maintain a contractual relationship with Skymail, and as a result need to process personal data, must observe all guidelines contained in this Policy.

Furthermore, when these are classified as personal data operators, they must ensure that all processing complies with the provisions of the General Personal Data Protection Law – LGPD, in addition to ensuring that the processing will occur in accordance with the purpose intended by Skymail, together with the guidelines and codes of conduct issued by the National Data Protection Authority (“ANPD”) and other competent bodies.

They must also ensure that the personal data they access is stored in secure repositories, implementing techniques and tools that guarantee the integrity and security of the information. After fulfilling its purpose, personal data provided by the company must be immediately discarded, and its use for purposes other than those established by the company is inadmissible.

All Skymail business partners, including suppliers, third parties, and service providers, must have processes in place to ensure the security of personal information and timely responses to data subject requests. In cases of joint processing of personal data, Skymail may request that they collaborate by providing the information necessary to respond to data subject requests. If these partners receive a direct request from data subjects, they must notify the Data Protection Officer (DPO) by contacting privacidade@skymail.com.br.

Skymail partners need to be aware that personal data protection is a collective commitment, so the company expects everyone to be aware of their responsibilities as data controllers and to implement a minimum framework related to personal data protection.

Improper processing of personal data or processing in violation of the Law may result in termination of the contract or even liability for violations, as provided for in the LGPD.

Skymail may occasionally audit the level of security applied by third parties and suppliers to ensure they meet the minimum requirements set by the company.

Data transfer

Skymail does not perform international data transfers to provide its services, as all data centers are located within Brazil. We may offer the option for customers to contract storage on platforms of national or international commercial partners. This option is open to client companies, who will be duly informed at the time of contracting.

Furthermore, the company ensures, when contracting a system or service, that the third party complies with data protection regulations and adopts technical and administrative security measures to safeguard the personal data processed.

Security

Security is our priority and begins at our core infrastructure with technical and organizational security measures applicable to all services provided, designed to prevent unauthorized access or disclosure. Our organization operates in accordance with Internal Security guidelines, which include technical measures to maintain data integrity, reliability, and confidentiality.

Skymail uses data centers that have security certifications and comply with the General Personal Data Protection Law, such as those listed below:

  • Infrastructure: TÜV and TIER III;
  • Physical and logical security: SOC 3 and 2, ISAE 3402, SSAE18, PCI-DSS and ISO 27001;
  • IT Services: ISO 20000;
  • Management and Anti-bribery: ISO37001;
  • Environment: 14001;
  • 24-hour monitoring systems;
  • Anti DDoS System;
  • Automatic attack detection and prevention;
  • Constant updating of security hardware and software.

Depending on the type of service contracted, your data may also benefit from the following additional protections:

  • 2-layer firewall;
  • Backups stored in different data centers;
  • Antivirus and AntiSpam systems;
  • Web application Firewall.

Our infrastructure is monitored 24/7 to ensure data confidentiality, integrity, and availability. As a Skymail customer, regardless of your size or location, you receive all these benefits.

Customers using Skymail services must maintain control over their content and, depending on their needs, implement additional security measures including classification, encryption, access management, and security credentials for their content.

However, if you have any questions regarding Skymail’s information security, you can consult our Information Security Policy – ​​PSI or contact Skymail’s Data Protection Officer (DPO) by email: privacidade@skymail.com.br.

Our responsibility

As personal data processing agents, it is our responsibility to keep the processed data secure, in addition to processing it within the limits informed, always taking care that third parties only access it in the cases provided for herein.

We conduct training and internal communication with our entire team, raising awareness about Skymail’s responsibility and commitment to complying with the General Personal Data Protection Law (LGPD), especially regarding the confidentiality of the information processed and the trust placed in us by our customers, employees, and others involved in our activity.

Skymail is committed to transparency and informs you that it will always comply with all the content of this Privacy Policy, ensuring that your rights can be exercised. In case of any questions regarding the processing of personal data, you can contact us through the official communication channel.

Treatment agent

SKYMAIL COMPUTING SERVICE, a private law legal entity registered with the CNPJ/MF under number 17,644,286/0001-40, headquartered in São Paulo/São Paulo, at Av. Pedroso de Moraes, 433 – 14th Floor, Pinheiros, CEP 05419-902.

Communication channel

For any information, including to exercise your rights as the holder of the personal data entrusted to us, you can contact Skymail’s Data Protection Officer (DPO):

  • Person in Charge (DPO): Pironti Lawyers and Associated Consultants – Responsible: Eduardo Bermann Moura
  • Deputy DPO: Pablo Werneck
  • Email: privacidade@skymail.com.br

Updates

Skymail is constantly improving its activities, management, and business, and it is our role to ensure our policies keep pace with this evolution. Therefore, this Policy may undergo changes and updates over time to continually improve personal data processing practices and provide greater security and transparency to Skymail’s operations. In such cases, we will disclose these changes on our website and via email to our customers registered in our database.

Access the Data Subjects’ Rights Guide