360 Consult Brazil processes personal data in full compliance with the following legal frameworks, applied according to the jurisdiction of each client or counterparty:
Brazil LGPD — Lei Geral de Proteção de Dados (Law 13.709/2018), regulated by the Autoridade Nacional de Proteção de Dados (ANPD). All obligations applicable to data controllers and operators within Brazilian territory are observed.
European Union GDPR — General Data Protection Regulation (EU) 2016/679. Engagements involving EU data subjects are conducted under the full scope of GDPR obligations, including lawful basis and data subject rights.
United Kingdom UK GDPR — Data Protection Act 2018 and the retained UK GDPR. Applicable to all engagements involving UK-based individuals or entities.
United States CCPA / CPRA — California Consumer Privacy Act and California Privacy Rights Act. The rights of California residents — including the right to know, delete, and opt out — are fully honoured.
Canada PIPEDA — Personal Information Protection and Electronic Documents Act. All commercial activity involving Canadian residents observes PIPEDA's fair information principles.
Personal data submitted through this website is processed solely for the purpose of responding to your enquiry and, where applicable, managing an advisory engagement. The legal basis is legitimate interest and, where required, explicit consent (LGPD: Art. 7; GDPR: Art. 6(1)(f) and Art. 6(1)(a)).
We do not sell, license, or transfer personal data to third parties for commercial purposes.
To exercise any right, please use the contact form. All requests are acknowledged within legally required timeframes.
As a firm specialising in cybersecurity, we hold our own systems to the same standard we prescribe to clients. Data is encrypted in transit (TLS 1.3) and at rest. Access is restricted on a strict need-to-know basis, and all systems undergo regular security assessment. Incident response procedures comply with LGPD (Art. 48) and GDPR (Art. 33) notification requirements.
Where personal data is transferred internationally, equivalent protections are ensured through Standard Contractual Clauses (GDPR), ANPD-approved mechanisms (LGPD Art. 33), or other applicable lawful transfer instruments.
360 Consult Brazil · Brazil
To submit a data subject request or direct a data protection enquiry, please use the contact form on this website. All such requests are handled with priority and in full compliance with applicable legal response timeframes.
We operate at the intersection of technology, finance and geopolitics — where the most consequential business decisions are made. Our practice spans corporate transactions in the ISP and software sectors, advanced cybersecurity programs, technical due diligence, and high-stakes international business development.
Complexity is not a barrier — it is our domain. We navigate the most demanding intersections of capital, technology and sovereign risk so our clients can act with complete clarity.
Discreet advisory on acquisitions, divestitures and strategic partnerships within the ISP, telecom and software sectors. Rigorous valuation, negotiation and post-deal integration.
Independent assessment of infrastructure, architecture, security posture and operational risk — conducted before commitments are made, not after.
Structured security programs: threat modelling, penetration testing, SOC design, incident response and compliance frameworks for regulated environments.
Proactive protection of critical digital infrastructure. Adversarial simulation, continuous monitoring and strategic hardening for assets that cannot afford to be compromised.
Systematic review of security controls, governance frameworks, supply-chain exposure and regulatory compliance. Independent. Unsparing. Actionable.
Market entry, cross-border partnerships and the navigation of regulatory and geopolitical complexity for technology companies expanding beyond their home markets.
Persistent adversaries require persistent vigilance. We design and operate defence programs calibrated to each client's specific threat profile — not off-the-shelf frameworks.
Security is not a product. It is a discipline. We embed rigorous security thinking into every layer of your organisation — from board governance to network perimeter.
Before you can protect what matters, you must know precisely where you stand. Our audits deliver a clear, unvarnished picture of exposure — and a defined path forward.
Protection of critical assets in agricultural operations and industrial environments. Security for IoT, OT and automation systems in sectors where a digital failure produces immediate physical and economic consequences. Brazil's position as a global agribusiness power demands a security posture that matches its strategic weight.
"Real security begins with the willingness to examine your own systems with the same rigour — and the same intent — as those who seek to compromise them.
We provide that rigour."
A firm that advises on cybersecurity must itself operate at the highest standard of data governance. We comply with every applicable privacy framework across every jurisdiction in which we practise.
"Your data is never sold, never profiled, never shared beyond what a specific engagement requires. This is not a policy — it is a principle."
Full compliance with the Lei Geral de Proteção de Dados, regulated by the ANPD. Lawful bases, data subject rights and incident notification obligations are strictly observed.
Applied to all engagements involving EU data subjects. We maintain records of processing activities and honour the full catalogue of data subject rights.
Processing of personal data relating to UK residents follows the standards of the retained UK GDPR and the Data Protection Act 2018.
The rights of California residents under the California Consumer Privacy Act and California Privacy Rights Act are fully honoured.
All commercial activity involving Canadian residents is conducted in accordance with PIPEDA's fair information principles.
International data transfers are governed by Standard Contractual Clauses, ANPD-approved mechanisms and equivalent safeguards under each applicable jurisdiction.
Every engagement operates under absolute discretion. Our protocols exceed market standards because the stakes often require it.
We hold no product mandates, no vendor affiliations, no conflicts of interest. Our only obligation is the accuracy of our counsel.
We do not deliver reports. We deliver decisions — grounded in evidence, sharpened by experience, and ready to act on.
Whether you are navigating a transaction, assessing a threat or entering a new market — the first conversation is confidential and without obligation.
Use the form to reach us directly. All enquiries are handled with full discretion and typically acknowledged within one business day.
All correspondence is treated with strict confidentiality under our Privacy & Data Protection Policy (LGPD · GDPR · CCPA).