Privacy Policy

The Bakery discloses its Privacy Policy, confirming our commitment to protect the data of those who interact with our website and those who subscribe to our newsletter. The references of this Privacy Policy are based on LAW No. 13,709/18 - GENERAL LAW FOR THE PROTECTION OF PERSONAL DATA.

In accordance with the regulations outlined in the General Data Protection Law (Law 13,709/18), which deals with the protection of personal data, and other relevant legislations, we present The Bakery Brasil's Privacy and Security Policy.

This document is linked to and is an integral part of the Terms and Conditions of Use of this site, subject to change at any time for compliance with rules established by laws governing the treatment of data.

Accessing, visiting, and remaining on this website/blog is a matter of free choice and occurs according to the will/desire of the user, with their visit and continuation on the site being a choice of the user.

By reading this document, you are aware that, from the moment you access and stay on any of our pages, you are automatically demonstrating explicit agreement with all the rules and terms outlined in the Privacy and Security Policy described below.

It is your right at any time to contact us for further information on what has been described here, as well as clarification of any doubts that may arise.

The website was created in July 2022 and is fully owned by THE BAKERY BRASIL ASSESSORIA, CONSULTORIA E TREINAMENTO S.A., registered under CNPJ no. 29,272,953/0001-90 and Municipal Registration no. 5,865,688-0.

The data protection officer of The Bakery Brasil is Gabriel Juarez, and any inquiries related to personal data can be addressed to him via email: If you wish to send a letter to The Bakery addressing the topic of personal data, you should do so by sending it to the following address: R. Arizona, 491 – 23rd Floor – Cidade Monções, São Paulo – SP, 04567-001.

General Information

Our website is committed to complying with and respecting the principles set forth in Article 6 of the General Data Protection Law, which are listed below and explained in accordance with the data processing performed:

I – Purpose Principle: This website/blog adheres to the purpose principle outlined in the aforementioned legislation, conducting treatment with a legitimate and specific purpose. This Privacy and Security Policy explicitly informs the reason for the treatment. No treatment will be carried out in a manner incompatible with the purposes specified in this document;

II – Necessity Principle: We collect and process only the data necessary for the explicit purposes on our site, with a commitment to collect and process the minimum personal information of the user on our site. We only use relevant information/data, proportionate to the activity carried out by us, without exceeding any limits in the relationship between the user and our site/blog. All data collected and processed is in accordance with the purposes established on our pages;

III – Adequacy Principle: All treatment carried out on our pages is consistent with the purposes informed to the user/client, the respective data subject. No action or mechanism is taken that is inconsistent and disrespects the necessary treatment context;

IV – Non-Discrimination: The data we collect, store, and process are not used for any discriminatory, humiliating, illegal, or abusive purposes;

V – Data Quality Principle: We ensure data subjects clarity and relevance at the time of data collection and processing, as well as the possibility of updating as necessary to fulfill the purpose of the treatment, according to the user/client's activity on our site;

VI – Free Access Principle: We clarify through this Privacy and Security Policy that we guarantee all data subjects whose data we process free and easy access to consultation at any time they wish. This can be done through a specific channel, providing information about the data collected, and allowing for updates to personal data without the need for any request from our site;

VII – Prevention Principle: We adopt and ensure the prevention of any act that may cause harm to the data collected from users/clients, implementing measures to prevent any inconvenient, illegal, or potentially damaging situations to the personal data we handle;

VIII – Transparency Principle: We work with clarity, precision, accuracy, and truthfulness in all information provided about data processing. Access to this information is easy and available to the user/client in this Privacy Policy, as well as in the Terms of Use on our website/blog. Information regarding data processing agents follows the same transparency criteria outlined above. All information provided about processing and processing agents respects trade secrets and industrial secrets;

IX – Security Principle: We inform you that we use all applicable and possible technical and administrative measures to ensure the greater protection of personal data from the moment we access it. The techniques used aim to protect personal data from any unauthorized access, as well as from situations that may cause harm to the data subject, whether accidental or unlawful. The techniques we use seek to bring security and protection to the data subject, as they are implemented to prevent and protect collected information from any unlawful situation, including loss, destruction, sharing, communication, or unauthorized dissemination;

X – Accountability and Accountability Principle: The data controller will demonstrate and prove compliance with all applicable standards for Personal Data Protection, adopting effective measures for this purpose. Our website goes through all the steps related to the processing of personal data of users/clients who access it, without violating any norms or principles present in Law 13,709/2018. The purpose for processing each collected personal information is clearly and objectively stated.

About Our Website/Blog

Our website/blog features texts, videos, images, audios, e-books, reports, newsletters, and other content that you can view when accessing our tabs, all without any discriminatory, illegal, or defamatory content.

We set plans and goals to provide valuable content with relevant information on the topic discussed here.

Through this document, we commit to delivering the best possible result during the navigation of our user/client, pledging to act and work with total security and respect for the privacy of the processed personal data.

Please pay attention to all the information provided on this page, as it clearly and directly explains all stages of the processing of collected personal information, including making it clear the sharing and disclosure (in some cases) we engage in with partners such as The Bakery UK, our parent company located in London, England. Even outside our country, it adheres to all legislation related to data processing.

This Privacy and Security Policy may be modified at any time due to regulatory updates or the need for changes. Therefore, we invite our user/client to periodically consult this document to be immediately aware of any changes that may occur.

Information about the Data Controller

According to the provisions of Article 5 of the General Data Protection Law, we provide information here about the controller defined by the legislation "verbatim":

Article 5, VI – Controller: a natural or legal person, public or private, who is responsible for decisions regarding the processing of personal data;

The Bakery Brasil is the controller responsible for defining and making any decisions regarding the processing of data.

Information about the Website/Blog Content and Age Rating

The content presented is intended for individuals who are interested, curious, or seeking information about the content of our site.

All content covered on our pages is produced by our team or partners, respecting national legislation, as well as ethical and human values, in addition to moral principles, ensuring transparency and accuracy in all information provided.

Our site, along with its content and partners, is recommended for individuals aged 18 and older.

If you are not 18 years old, be aware that permission from your guardian is required for you to access the content presented on our pages. It is the complete responsibility of the GUARDIAN of the minor to access our material, as well as the content provided by our partners.

About Data Processing

Our website engages in certain operations and functionalities that require the processing of personal data, from the stage of collection to its elimination or storage, as detailed below:

Data Collection:

We collect data from users/visitors/customers of our site not only to provide the services we offer but also for security purposes, as any irregular or illicit act by them may be subject to specific consequences for the responsible party.

The use of certain functions on our site expressly depends on the collection of user data, such as: name, contact phone, email, and data requested in registration forms for job applications.

Data Collection may occur in all areas of our site/blog, as it happens through form filling, FAQ, sending questions, email, or registration.

We also inform that by filling out forms/FAQs/registrations or any type of area related to contact feedback or questions on our site, as well as ACCEPTANCE of the COOKIES we use, the USER/CLIENT expresses CLEAR and EXPLICIT CONSENT for the collection and processing of their data by the site/site team/site partners, respecting all personal data protection standards.

Method of Data Collection:

Data collection from our users/customers occurs in accordance with all principles and regulations outlined in the General Data Protection Law, and such diligence takes place in accordance with the relevant legal bases specified by the LGPD.

We do not use any coercive, authoritarian, oppressive, repressive, or abusive means to obtain user consent for the processing of their data.

The table below informs how data collection occurs:

Data How Collection Occurs
User's Personal Data Collected through forms, FAQs, contact, newsletters after filling in the requested fields for registration
Access Records Collected/Transmitted/Transferred through access to the service that occurs via the internet
Browsing Data Collected through cookies during site navigation

Personal data collection can occur on various locations, pages, and tabs of our site, through the completion of forms, FAQs, contact, and registrations necessary for sending materials/content or information.

Navigation data is collected by our cookies from the moment browsing starts on our site/blog.

Purpose of personal data processing.

All data subject to processing is used in accordance with the principles of the General Data Protection Law, especially those of purpose, adequacy, and necessity, being retained in our system only for as long as its purpose continues to exist.

Data/Information Purpose
User/Client Data Identify the user/client for registration purposes, content delivery, answering queries, sending updates, newsletter distribution, and other actions relevant to our work segment and of interest to our user/client.
Access Records Through these data, we provide increased security for site owners and users, as we can identify any activities occurring within our site/blog.
Browsing Information Through this information, we better understand our user, enabling us to provide content of interest and recommend services from our partners that align with the user's preferences, identified based on the pages they most frequently visit.

User data is collected and processed solely for the purpose for which it is provided, explicitly stated on each part of our site/blog, whether through registration, FAQ, form submissions, or newsletter sign-ups, etc.

Device data is processed to provide the best experience during site access, allowing us to adapt the site/blog display to the device/browser used.

Access logs are essential items during data collection and processing by our site/blog, providing increased security for users and our team. Through these logs, information such as IP address, date, time, and activities performed can be identified in any area of our site/blog, helping to detect any illicit activities that may occur.

Browsing information is the best way to deliver our content and that of our partners to you. Through browsing information, we tailor news, advertisements, and other materials based on user preferences. User preferences are determined by data found on the most frequently visited pages by the user/client.

Data Processing

Data processing on our site/blog complies with all regulations outlined in data protection legislation. The processing is based on (i) user consent; (ii) the need for contract execution or preliminary procedures related to a contract in which the data subject is a party, at the request of the data subject; (iii) The Bakery Brasil's legitimate interest in supporting and promoting its activities and protecting, in relation to the data subject, the regular exercise of their rights or providing services that benefit them, respecting their legitimate expectations and fundamental rights and freedoms; (iv) compliance with legal or regulatory obligations by the data controller.

All processed data is available for modification and updating at any time, including during storage. In case of a need, the data subject should make such a request to The Bakery Brasil.

All collected data may be deleted or retained for (i) compliance with legal or regulatory obligations; (ii) research by a research institution, ensuring, whenever possible, the anonymization of personal data; (iii) transfer to a third party, provided that the data processing requirements set forth in this Law are respected; or (iv) exclusive use by the controller, prohibited from being accessed by a third party, and provided that the data is anonymized.

Data Not Collected

Respecting the principles outlined at the beginning of this Privacy and Security Policy, we do not collect any data that is not necessary for the services we provide or that has a different purpose from the ones informed.

We do not collect sensitive data, except in cases where there is a legal requirement to do so. The user will be expressly informed of the need for processing, as well as the treatment that will be carried out with it.

Sharing/Disclosure/Publication of Collected Data

We respect all limits set forth in the General Data Protection Law regarding the sharing/disclosure or publication of data collected by us, acting in good faith and morally with no intention of causing harm to our user/client.

Data will only be shared with partners, if necessary, with the parent company. Users are aware that they consent to the sharing of their data when accepting to fill out forms on our site/blog in exchange for free materials.

In cases provided for by laws and regulations, or if we receive any type of determination from public authorities or regulatory bodies, data sharing, publication, or disclosure is carried out.

The data subject has the right to allow the sharing and access of their data with a third party, provided that they expressly inform the permission given to the data subject.

In situations where we are informed of a criminal investigation and cooperation is requested from our site, we make our users/clients aware that we cooperate in the manner required.

About Our Partners

All partners working with us adhere to the regulations outlined in the General Data Protection Law, as well as other legislations addressing this matter.

We would like to inform you that our site contains links and hyperlinks to our partners. By clicking on any of these links or hyperlinks, you will be directed to an external site that has no affiliation with our site and has a Privacy and Security Policy, Internal Policy, and Terms of Use different from ours.

We do not have the power or information to explain how data is handled by our partners. Therefore, please familiarize yourself with their Privacy Policy, Terms of Use, and other documents related to their data processing. The Bakery Brasil is not responsible for any inappropriate treatment by them, and under no circumstances can it be held accountable for such actions.

About Our Team

Our team is well-versed in all the technical and administrative mechanisms that must be employed in data processing, ensuring that every stage of data treatment aligns with privacy guidelines and all regulations outlined in Law 13,709/18.

Every member of our team is knowledgeable about the practices and techniques involved in data treatment. Any action deemed illicit or harmful to the data subject, undertaken by a team member, will result in direct accountability.

Data Treatment Security

Our website is committed to implementing every technical, administrative, and institutional measure related to the protection of personal data.

The security techniques employed safeguard user/client data from unauthorized third-party access and any circumstances that might lead to modification, destruction, diffusion, sharing, disclosure, and communication of data without authorization, in violation of the General Data Protection Law.

All protection and security measures are specifically tailored to the collected data, respecting the context and purpose of the information. Our website employs encryption and/or firewall measures, ensuring secure, private, and confidential transmission of data.

Transmissions between the transmitter and the users/clients occur entirely encrypted, aiming to protect the collected data.

We provide a communication channel at the end of this text for our user/client to report any situation indicating a security flaw, vulnerability, or defect in the processing of collected data.

Gabriel Juarez

Cookies and Newsletter

Cookies are small-sized files sent by our website to your computer to store browsing information and user/client data necessary for the services we provide.

Cookies are the means by which we quickly record data and preferences of our users/clients, enabling us to provide a tailored experience when accessing our page. This includes offering services related to the searches you conduct on our site/blog.

We also inform you that not all cookies used on this site/blog collect and store personal data, as some are employed solely for the performance of specific services we provide.

The newsletter is the means by which we notify and inform our users/clients of any updates we make.

The data provided for the newsletter is used solely for that purpose, with no contrary destination or violation of Data Protection legislation.

You are not obligated to accept cookies or the newsletter, as it is your free choice to opt-in or opt-out of cookie tracking. If you do not wish for it to occur, use the option in your browser/device settings to disable cookie tracking.

We inform you that disabling cookies may result in an incomplete or faulty experience during your visit to our site/blog, as well as an incorrect performance of the tools and functions available on our pages.

Disabling cookies may also lead to disruptions in the provision of our final service, and, in some cases, we may not be able to provide a more tailored experience based on your preferences as we will not have access to them.

Data processing for other purposes

In accordance with the General Data Protection Law, we inform our users/clients that, when necessary, we may process their data for various purposes later on, without causing any harm or disrespect to the data subject. The subsequent use purposes of the collected information are outlined below.

If the data subject requests the deletion of their data, they can contact us via the email provided in this Privacy Policy.

After the data subject's request for data deletion, we may either delete or anonymize the data. In the latter case, anonymization will be used to support future research or information inquiry needs.

User Consent

By accessing our site/blog, the user/client demonstrates agreement with all the information contained in our Privacy Policy and Terms of Use. Additionally, they willingly and freely grant permission for their data to be processed by our team, respecting the principles of purpose, necessity, and adequacy.

User/client consent is voluntary, as we do not use any means of coercion, obligation, inducement, constraint, threat, or imposition for the user/client to grant permission for the processing of their data.

Data Deletion

If the user/client does not permit the storage of their data, they can contact us via email:

Upon the request for data deletion, we have a period of 7 (seven) days to either delete or anonymize the data. However, such a request may be denied if it is determined that such deletion or anonymization violates any rights or governing legislation.

We provide contact channels for our user/client to maintain a clear and cordial relationship, making ourselves available to clarify any doubts about our site and how we handle their data.

We aim to have better and more direct communication with our users/clients through this professional.

Below is the contact channel for you to get in touch with our data controller:

This Privacy and Security Policy becomes effective as of September 15, 2022, with an indefinite validity period.