top of page
GAB Logo - Gustavo Alonso Borges

Privacy and Confidentiality

We understand that trust is the foundation of any great project. That's why we treat data protection not just as a legal obligation, but as an extension of our commitment to excellence and attention to detail.

Our Commitment to Privacy

We are a company dedicated to enabling and implementing large-scale projects that transform cities. Our work, centered on purposeful innovation and executive excellence, involves strategic collaboration with diverse partners and the management of valuable information. We believe that architecture is, above all, a response to human needs and aspirations. This value of contemporary humanism guides our commitment to privacy and data protection.

This Privacy and Confidentiality Policy ("Policy") describes how Barch, as Data Controller, collects, uses, stores, shares, and protects the personal data and confidential information of our clients, partners, employees, and visitors. Our goal is to be transparent about our practices and ensure that the processing of any information is carried out ethically, securely, and in accordance with applicable law, including the Brazilian General Data Protection Law (LGPD, Law No. 13.709/2018) and international best practices.

1. Scope of the Policy

This policy applies to all personal data and confidential information processed by Barch, by any means, including but not limited to:

  • Email communication: Exchange of messages, metadata, and attachments.

  • Collaboration Platform (Nextcloud): Storage, access, and sharing of project files, documents, and other data.

  • Website and other digital channels: Information is collected through forms or browsing.

  • Business relationships: Data on customers, suppliers, and strategic partners.

2. Essential Definitions

To ensure clarity in this Policy, we present some key definitions based on the LGPD (Brazilian General Data Protection Law):

  • Personal Data: Any information relating to an identified or identifiable natural person.

  • Sensitive Personal Data: Personal data concerning racial or ethnic origin, religious beliefs, political opinions, membership of a trade union or religious, philosophical or political organization, data concerning health or sex life, genetic or biometric data, when linked to a natural person.

  • Data subject: The natural person to whom the personal data being processed refers.

  • Processing: Any operation performed on personal data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or extraction.

  • Controller: A natural or legal person, governed by public or private law, who is responsible for decisions regarding the processing of personal data. In this case, Barch.

  • Operator: A natural or legal person, governed by public or private law, who processes personal data on behalf of the controller.

  • Data Protection Officer (DPO): Person appointed by the controller and processor to act as a communication channel between the controller, data subjects, and the National Data Protection Authority (ANPD).

  • Confidential Information: Any non-public information of a technical, commercial, strategic, or financial nature relating to Barch's projects, clients, and operations, including, but not limited to, architectural designs, BIM models, client data, and trade secrets.

3. Data Collected and Purpose of Processing

As a systems and framework integrator, Barch collects only the data strictly necessary to achieve its business objectives, always with a clear and legitimate purpose. The table below details the types of data we process and their respective purposes:

see data table

We do not routinely collect sensitive personal data. If it is necessary for a specific project, the processing will be carried out based on an appropriate legal basis and with the implementation of enhanced security measures.

4. Legal Basis for Treatment

All processing of personal data carried out by Barch is based on one of the legal bases provided for in the LGPD (Brazilian General Data Protection Law), primarily:

  • Contract Execution (Art. 7, V): When we process data to fulfill our obligations under a contract with you or your company (e.g., developing a contracted project).

  • Legitimate Interest (Art. 7, IX): When we use data for legitimate purposes, such as prospecting for new projects or improving our services, always respecting the rights and freedoms of the data subjects.

  • Compliance with Legal or Regulatory Obligation (Art. 7, II): To comply with legal requirements, such as issuing invoices or maintaining access logs.

  • Consent (Art. 7, I): In specific situations, we will request your free, informed, and unequivocal consent for the processing of your data.

5. Data Sharing and Confidentiality

Strategic collaboration is central to Barch, but it is always exercised with the utmost responsibility. Data sharing is restricted and carried out under strict controls.

5.1. Sharing of Personal Data
Your personal data may be shared with:

  • Data Processors: Technology providers (such as cloud services and software) that process data on our behalf and according to our instructions.

  • Project Partners: Architects, engineers, consultants, and other authorized stakeholders, strictly for the execution of the contracted projects and under confidentiality agreements.

  • Public Authorities: To fulfill legal obligations or court orders.

  • We do not sell, rent, or exchange your personal data with third parties for marketing purposes.


5.2. Confidentiality of Project Information
We recognize that the data from our projects (BIM models, technical documents, business strategies) are assets of extremely high value and sensitivity. Access to this information is controlled as follows:

  • Restricted Access: The information is stored in our Nextcloud system, hosted on our own servers located in our office in Piracicaba-SP, with access restricted to authorized employees and stakeholders.

  • Permission Control: Access to files is granular, ensuring that each user views or edits only what is strictly necessary for their role in the project.

  • Non-Disclosure Agreements (NDAs): We require all partners and collaborators who have access to confidential information to sign robust non-disclosure agreements.

6. Data Security and Protection

In line with our value of executive excellence, we have implemented technical and administrative security measures to protect the information we handle. Our practices include:

  • Encryption: We use encryption to protect data in transit (TLS/SSL) and at rest on our servers.

  • Access Control: Multi-factor authentication (MFA) and strong password policies are applied for access to our critical systems.

  • Secure Infrastructure: We keep our servers in a secure and controlled environment in our office, minimizing exposure to external risks.

  • Monitoring and Auditing: We record and monitor access logs to identify and respond to any suspicious activity.

  • Data Minimization: We collect and store only the data strictly necessary for the stated purposes.

7. Rights of Data Subjects

Barch respects and guarantees your rights as a personal data subject. You may request this at any time:

  • Confirmation that your data is being processed.

  • Access to your data.

  • Correcting incomplete, inaccurate, or outdated data.

  • Anonymizing, blocking, or deleting unnecessary data or data processed in violation of the law.

  • The portability of your data to another service or product provider.

  • The deletion of personal data processed with your consent.

  • Information about the entities with which we share your data.

  • Revocation of consent, when this is the legal basis for the processing.

  • To exercise your rights, please contact us through the channel indicated in section 10 of this Policy.

8. Data Retention and Deletion

In line with our value of proactive sustainability, we adopt a responsible approach to the data lifecycle. We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or to comply with legal, tax, and contractual obligations.

After the retention period ends, the data will be securely deleted or anonymized so that it can no longer be linked to you.

9. Changes to this Policy

Urban planning is a living thing, and ecosystems are dynamic. Similarly, this Policy may be updated periodically to reflect changes in our practices or legislation.

When we make changes, we will update the date at the top of this document and, if the changes are significant, we will notify you by email or through a prominent notice on our website.

10. Contact

If you have any questions about this Policy, how we process your data, or wish to exercise your rights as a data subject, please contact our Data Protection Officer (DPO):
•Name: Rafael Alonso Borges
•E-mail: it@barch.com.br
•Address: Rua Dr. João Sampaio, 995 - Cidade Jardim - Piracicaba - SP

11. Applicable Law and Jurisdiction

This Policy shall be governed by, interpreted and enforced in accordance with the laws of the Federative Republic of Brazil, especially Law No. 13.709/2018. The courts of the District of Piracicaba, State of São Paulo, are hereby chosen as the exclusive forum for resolving any dispute or controversy involving this document, with express waiver of any other jurisdiction, however privileged it may be.

bottom of page