Skip to content
Meridius Advisory
← BACK TO HOME

LEGAL

Privacy Policy

LAST UPDATED: MAY 2026

1. Introduction

Meridius Advisory ("Meridius", "we", "our", or "us") is committed to protecting the privacy, confidentiality, and security of personal data processed through our website and related interactions. This Privacy Policy explains how we collect, use, store, share, and protect personal information in connection with our website, communications, and advisory activities. This Privacy Policy is designed in accordance with the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados — LGPD, Law 13.709/2018) and, where applicable. By accessing or using this website, you acknowledge the practices described in this Privacy Policy.

2. Who We Are

Meridius is an advisory firm operating at the intersection of regulation, strategy, governance, and technology, supporting organizations navigating complex and evolving regulatory environments. For privacy-related inquiries, please refer to Section 16 (Contact Information) of this Privacy Policy.

3. Information We Collect

We may collect and process the following categories of information:

3.1 Information You Provide Voluntarily

  • Name
  • Business email address
  • Company or organization name
  • Job title or role
  • Information submitted through contact forms, Calendly scheduling forms, or direct communications
  • Information related to regulatory, governance, operational, or strategic inquiries

3.2 Automatically Collected Information

When you access our website, certain technical and usage information may be collected automatically, including:

  • IP address
  • Browser type and device information
  • Operating system
  • Website usage and navigation data
  • Cookies and similar technologies (see Section 12)
  • Referral URLs and session data

4. How We Use Information

We may use personal information for the following purposes:

PurposeLegal Basis (LGPD Art. 7)
Respond to inquiries and requestsLegitimate interest; steps prior to a business relationship
Schedule and manage meetings or introductory conversationsSteps prior to a business relationship; consent
Provide advisory-related communications and supportLegitimate interest; performance of a contract
Improve website functionality, performance, and user experienceLegitimate interest
Maintain security, prevent unauthorized access, and monitor operational integrityLegitimate interest; compliance with legal obligations
Comply with applicable legal, regulatory, and contractual obligationsCompliance with legal or regulatory obligations
Develop insights related to our services, capabilities, and market activitiesLegitimate interest

We do not sell personal information.

5. Legal Basis for Processing

Where applicable under data protection laws, we process personal information based on the following legal grounds, as provided under Article 7 of the LGPD:

  • Consent: when freely, specifically, and unambiguously provided by the data subject;
  • Legitimate interests: when processing is necessary for legitimate business purposes, provided such interests do not override the data subject's fundamental rights and freedoms;
  • Legal or regulatory obligations: when processing is required to comply with applicable legal, regulatory, or supervisory requirements;
  • Pre-contractual steps: when processing is necessary for steps taken at the data subject's request prior to entering into a business relationship or contractual engagement.

6. Data Sharing

We may share information with trusted third-party service providers that support our operations, including:

  • Website hosting providers
  • Scheduling platforms (e.g., Calendly)
  • Cloud and infrastructure providers
  • Analytics and performance tools
  • Security and monitoring tools
  • Professional advisors and service providers

Information may also be disclosed when required by law, regulation, court order, or supervisory authority.

We do not share personal data with third parties for marketing purposes.

A detailed list of third-party service providers currently engaged may be requested through the contact information provided in Section 16 of this Privacy Policy.

7. International Data Transfers

Depending on the technologies and service providers used, personal information may be processed or stored outside the country of origin, including in countries that may not provide the same level of data protection as the data subject's jurisdiction.

Where personal data is transferred internationally, Meridius relies on mechanisms recognized under applicable law, including standard contractual clauses, adequacy decisions, or specific and informed consent, as appropriate under the LGPD (Article 33).

8. Data Retention

Personal information is retained only for as long as necessary to fulfill the purposes described in this Privacy Policy, comply with legal or regulatory obligations, resolve disputes, or support legitimate business activities. Retention periods are determined based on the nature of the data, the purpose of processing, applicable legal or regulatory requirements, and legitimate business needs. As a general reference:

  • Contact and communication data: retained for up to 5 (five) years following the last interaction, unless a longer period is required by law or regulation.
  • Website usage and analytics data: retained for up to 2 (two) years.
  • Data subject to legal or regulatory retention requirements: retained for the period required under applicable law.

Upon expiration of applicable retention periods, personal data will be securely deleted, anonymized, or disposed of in accordance with applicable data protection requirements.

9. Information Security

Meridius adopts reasonable administrative, technical, and organizational measures designed to protect personal information against unauthorized access, disclosure, alteration, misuse, or destruction. However, no method of transmission or storage is entirely secure, and absolute security cannot be guaranteed.

9.1 Security Incident Notification

In the event of a security incident involving personal data that may result in relevant risk or harm to data subjects, Meridius will notify the Brazilian National Data Protection Authority (ANPD) and affected individuals within a reasonable timeframe, in accordance with Article 48 of the LGPD.

10. Automated Decision-Making

Meridius does not currently engage in automated decision-making or profiling activities that produce legal effects or similarly significant effects on data subjects. Should this change, this Privacy Policy will be updated accordingly, and data subjects will be informed in advance.

11. Your Rights

Under the LGPD (Article 18), data subjects may exercise the following rights in relation to their personal information:

  • Confirmation and access: confirm whether personal data is being processed and request access to such data;
  • Correction: request correction of incomplete, inaccurate, or outdated information;
  • Anonymization, blocking, or deletion: request anonymization, blocking, or deletion of unnecessary or excessive data, or data processed in non-compliance with applicable law;
  • Portability: request portability of personal data to another service provider, in accordance with applicable regulations;
  • Deletion: request deletion of personal data processed on the basis of consent;
  • Information on sharing: request information about public and private entities with which personal data has been shared;
  • Information on consent: receive information about the possibility of not providing consent and the consequences of such refusal;
  • Withdrawal of consent: withdraw consent at any time through a simplified procedure, without affecting the lawfulness of processing based on consent prior to withdrawal;
  • Review of automated decisions: request review of decisions made solely based on automated processing, where applicable;
  • Opposition: object to processing activities carried out in non-compliance with applicable data protection law.

Requests may be submitted through the contact information provided in Section 16 of this Privacy Policy. Meridius will respond to requests within the timeframes established by applicable law. If you believe your rights have not been adequately addressed, you may file a complaint with the Brazilian National Data Protection Authority (ANPD) at www.gov.br/anpd.

12. Cookies and Tracking Technologies

Our website may use cookies and similar technologies to support website functionality, analytics, performance, and user experience.

12.1 Types of Cookies

  • Strictly necessary cookies: required for basic website functionality and security; cannot be disabled.
  • Analytics and performance cookies: used to collect aggregated information about website usage and performance.
  • Functional cookies: used to enhance user experience and remember preferences.

12.2 Cookie Consent

Upon first access, users are presented with a cookie consent mechanism allowing them to accept or reject non-essential cookies before any non-essential data collection takes place. Preferences can be updated at any time through the cookie settings available on the website. Users may also manage cookie preferences through browser settings.

13. Third-Party Links

Our website may contain links to third-party websites or services. Meridius is not responsible for the privacy practices, content, or security of third-party websites. We recommend reviewing the privacy policies of any third-party websites you visit.

14. Changes to This Privacy Policy

Meridius may update this Privacy Policy from time to time to reflect changes in legal, regulatory, operational, or business practices. The updated version will be published on this page with a revised "Last updated" date. Where changes are material, Meridius will take reasonable steps to notify data subjects in advance.

15. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of the Federative Republic of Brazil. Any disputes arising from or in connection with this Privacy Policy shall be submitted to the courts of São Paulo, State of São Paulo, Brazil, to the exclusion of any other jurisdiction, however privileged.

16. Contact Information and Data Protection Officer

For questions related to this Privacy Policy, personal data processing practices, or to exercise your rights as a data subject, please contact: joaovictor@meridiusadvisory.com