Privacy Policy
​
1. Scope
This Privacy Policy applies to the website https://www.algor.uk, its public pages, members’ area, groups, forums, event pages, certification and association pages, newsletter subscriptions, scheduling interfaces and related digital services made available under the ALGOR brand by XPER GLOBAL LIMITED (“ALGOR”, “we”, “us” or “our”). It explains how we collect, use, share, store and protect personal data, and how data subjects may exercise their rights under applicable data protection laws, including the Lei Geral de Proteção de Dados Pessoais – LGPD (Law No. 13,709/2018).
​
2. Controller identification
​
For the purposes of the services described in this Policy, the data controller is XPER GLOBAL LIMITED, operating the ALGOR platform and activities. Public contact details currently disclosed on the website are: 60 St Martins Lane, Covent Garden, London, WC2N 4JS, United Kingdom; Brazil operational contact: Ed. Etevaldo Nogueira, Av. Dom Luís, 807, 21º andar, Meireles, Fortaleza/CE, CEP 60160-230; email: global@algor.uk. Until a dedicated privacy channel is published, privacy requests may be sent to global@algor.uk with the subject line “Privacy / LGPD request”.
​
3. Categories of personal data we may collect
​
Depending on the way you interact with ALGOR, we may collect: (a) identification and contact data, such as name, email address, phone number, country, organization, role and professional profile; (b) account and access data, such as login credentials, membership status, authentication records and account preferences; (c) community participation data, such as messages, comments, posts, forum contributions, chapter participation and event registration information; (d) commercial and transactional data, such as selected products or certifications, order details, payment status, invoices, and records generated by external payment processors; (e) scheduling and service request data, such as consultation subject matter, requested dates and related communications; (f) technical and usage data, such as IP address, device/browser information, cookies, timestamps, logs and navigation events; and (g) any information voluntarily provided to us through forms, email, surveys, applications or support interactions.
​
4. How we collect data
​
We collect personal data directly from you when you create an account, join as a member, subscribe to newsletters, register for events, submit forms, request consulting, purchase products or certifications, interact in groups or forums, or contact us. We also collect limited technical data automatically through cookies, server logs and similar technologies when you access our website. In some cases, data may be received from service providers that support hosting, authentication, payments, communications, scheduling, analytics and customer support.
​
5. Purposes of processing and legal bases
​
We process personal data for the following purposes, using the legal bases permitted by the LGPD and, where relevant, other applicable laws:
(a) to create and manage user accounts, memberships, chapter participation and community access, based on contract performance and legitimate interest;
(b) to provide requested products, events, certifications, consulting and support, based on contract performance and pre-contractual measures;
(c) to send administrative, transactional and service communications, based on contract performance and legitimate interest;
(d) to send newsletters, educational content, invitations and marketing communications, based on consent where required, or legitimate interest when permitted by law and with an opt-out mechanism;
(e) to operate, secure and improve the website, prevent fraud, maintain logs and troubleshoot incidents, based on legitimate interest and legal/regulatory obligations;
(f) to comply with tax, accounting, consumer, audit, regulatory or judicial obligations, based on legal obligation and regular exercise of rights;
(g) to analyze aggregate demand, engagement and service quality, based on legitimate interest, with safeguards where feasible; and
(h) to protect rights, safety and integrity of ALGOR, its users and third parties, based on legitimate interest and regular exercise of rights.
​
6. Sensitive data and minors
​
ALGOR does not intentionally request sensitive personal data except where strictly necessary for a lawful and specific purpose and with an appropriate legal basis. The website and services are primarily directed to adults and professionals. We do not knowingly collect personal data from children or adolescents without the participation or authorization required by applicable law. If we become aware of improper collection involving minors, we will take reasonable steps to delete or regularize the data.
​
7. Cookies and similar technologies
​
We use cookies and similar technologies that may be necessary for website operation, authentication, security, language settings, audience measurement and user experience enhancement. Non-essential cookies, where applicable, should be subject to a preference or consent mechanism. Users may also manage cookies through browser settings, although disabling certain cookies may affect functionality. A specific Cookie Notice or Cookie Preferences banner may complement this section and prevail for technical details such as cookie categories, duration and providers.
​
8. Sharing of personal data
​
We may share personal data on a need-to-know basis with: (a) technology providers that support website hosting, CMS, authentication, forms, analytics, email delivery, scheduling, cloud infrastructure and community features; (b) payment processors and financial intermediaries, including Mercado Pago or equivalent providers used in purchase flows; (c) professional advisers, auditors and service providers bound by confidentiality obligations; (d) public authorities, regulators, courts or law-enforcement bodies when required by law, regulation or legal process; and (e) other entities involved in corporate restructuring, provided applicable safeguards are adopted. We do not sell personal data.
​
9. International data transfers
​
Because ALGOR operates internationally and maintains public contacts in the United Kingdom and Brazil, personal data may be processed or accessed in different jurisdictions, including by cross-border service providers. Whenever international transfer of personal data occurs, ALGOR will adopt an appropriate legal basis and safeguards compatible with the LGPD, such as contractual clauses, technical and organizational measures, assessment of destination context, or other mechanisms permitted by applicable law.
​
10. Retention
​
We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, to comply with legal or regulatory obligations, to preserve evidence, to exercise rights in administrative, judicial or arbitral proceedings, and to meet legitimate business continuity and security needs. Retention periods may vary according to the type of relationship, legal obligation, product or service, and the applicable statute of limitations. After the end of the retention period, data will be deleted, anonymized or securely archived, as appropriate.
​
11. Security measures
​
ALGOR adopts reasonable technical and organizational measures designed to protect personal data against unauthorized access and accidental or unlawful destruction, loss, alteration, disclosure or any form of improper processing. Such measures may include access controls, authentication safeguards, backup routines, provider due diligence, confidentiality duties, monitoring and incident response procedures. No environment is entirely risk-free, but we seek to apply security measures proportionate to the nature of the data and the risks involved.
​
12. Data subject rights
​
Under the LGPD and, where applicable, other laws, data subjects may request: confirmation of processing; access to personal data; correction of incomplete, inaccurate or outdated data; anonymization, blocking or deletion of unnecessary or excessive data, or data processed unlawfully; portability, subject to regulation and trade secrets; deletion of data processed based on consent; information about public and private entities with which data is shared; information about the possibility of denying consent and the consequences; revocation of consent; and review of decisions made solely on automated processing when legally applicable. We may request information necessary to verify identity before fulfilling a request.
​
13. How to exercise rights
​
Requests related to privacy and personal data may be submitted to global@algor.uk with the subject line “Privacy / LGPD request”. To protect the data subject, ALGOR may request reasonable proof of identity and additional information necessary to locate the relevant records and assess the request. Requests will be handled within the legal timeframe and subject to the limitations and exceptions established by law.
​
14. Incident response
​
If a security incident occurs that may result in relevant risk or damage to data subjects, ALGOR will assess the event, contain its effects and, where legally required, notify the competent authority and the affected data subjects within the applicable timeframe, with the information required by law.
​
15. Third-party websites and services
​
The website may contain links to third-party pages, payment environments, social media services or partner platforms. This Policy does not govern the privacy practices of those third parties. Users should review the relevant external terms and privacy notices before providing information directly to them.
​
16. Updates to this Policy
​
We may update this Privacy Policy from time to time to reflect legal, operational or technological changes. The current version should always be made available on the website with its effective date. Where required by law or where changes materially affect data subjects, we will adopt appropriate notice mechanisms.
​
17. Contact
​
For privacy, data protection and LGPD matters, contact: global@algor.uk.