Privacy Policy
1. Purpose
This privacy policy aims to define and explain, for your easy understanding, how we process personal data, including aspects such as what data we collect, the purposes of this collection, the legal bases for processing, with whom they will be shared, and the rights and duties of each data subject.
It applies to all users, employees, and third parties who provide or use any of our services or digital channels at Sioux, as defined below.
2. Definitions used in this policy
“User” or “User” means any person who accesses or browses the Company's website.
“Sioux” means:
- Sioux Social Agência de Publicidade Ltda, a private legal entity, registered under CNPJ No. 19.614.018/0001-01, located at Av. Nova Independência, 87, suite 92, room 2 – Brooklin, São Paulo – SP, and/or;
- Sioux Consulting Ltda, a private legal entity, registered under CNPJ No. 00.316.268/0001-37, located at Av. Nova Independência, 87, 9th floor – Brooklin, São Paulo – SP.
3. Data collection
Individual personal information will not be sold or provided to third parties under any circumstances, except in strict compliance with court orders or related legal proceedings. We may disclose your personal information in a single specific case to our employees, in the normal course of Sioux's business (and for processing purposes). They are duly authorized and contracted to ensure the consistency and operational continuity of our services.
3.1. Employees
The user will have their data collected through the tools below:
- Gupy — view privacy policy
- Quickin — view privacy policy
And/or upon hiring by Sioux, in which case the collected data will be stored in a controlled directory available to specific employees with appropriate permission levels per employee. Additionally, access, editing, and deletion logs are recorded for future audits.
The data collected and stored includes:
- Nome completo
- Telefone/Celular
- Data de nascimento
- Endereço de redes sociais
- Foto de rosto
- Cópia de RG
- Cópia de CPF
- Cópia de cartão PIS/NIS (se aplicável)
- Cópia de título de eleitor (se aplicável)
- Cópia de reservista (se aplicável)
- Cópia de habilitação (se aplicável)
- Cópia de certidão de nascimento e/ou casamento (se aplicável)
- Cópia de comprovante de endereço
- Cópia de comprovante de escolaridade
- Cópia de separação oficial (se aplicável)
- Cópia de certidão de nascimento de filhos (se aplicável)
- Cópia de carteira de vacinação de filhos de até 7 anos (se aplicável)
- Currículo atualizado
- Cópia de comprovante de vacina de COVID-19 (todas as doses recebidas)
- Identificação como PCD
- Identificação como LGBTQIA+
- Identificação de raça de acordo com a classificação do IBGE (Auto declaração)
3.2. Third parties and suppliers
The user will have their data collected from the third-party registration form registration form and subsequently transferred to some tools, including:
- Google Drive — view privacy policy
- ZapSign — view privacy policy
- Internal intranet for storage and payment control of third parties and/or suppliers.
The data collected includes:
- Nome completo
- RG
- CPF
- Telefone/Celular
- Bank details (Personal bank details will be collected if the third party chooses to submit personal bank details when their business type is MEI (Individual Microentrepreneur)), otherwise bank details will be corporate only.
3.3. Clients
The user will have their data collected through Sioux's website, after submitting data to express interest in Sioux's services, or any other matters when contacting Sioux.
Data will be captured through the website forms and stored on the platforms and tools used by Sioux, including:
- Pipedrive — view privacy policy
- MailChimp — view privacy policy
- Meetime — view privacy policy
In addition to data capture through the contact form, media campaigns may be run on Facebook, Instagram, and LinkedIn for lead generation, meaning data is collected directly through these tools and subsequently transferred to the tools and/or platforms listed above.
The data collected will be:
- Nome
- Telefone
- Empresa
- Área
- Cargo
- Endereço do perfil do LinkedIn
4. Browser cookie usage
Cookies are small units of data stored on your computer's hard drive by your browser. Some cookies are essential for the Sioux website to function, while others help us improve your experience, analyze traffic, and display relevant content.
Cookies allow our website to remember information about user visits, preferred language, session frequency, and other variables that Sioux considers relevant to make the experience much more efficient.
Analytics and marketing cookies help us determine the usefulness, interest, and number of site uses, enabling faster and more efficient navigation. Strictly necessary cookies do not store personally identifiable data. Analytics and marketing cookies, however, may collect browsing identifiers and interactions, as detailed in the inventory below. All non-essential cookies are stored only with the user's authorization.
Sioux may adopt analytical data collection technologies, such as Google Analytics, to improve the performance and experience of users with Sioux's website. However, this analytical data will be anonymized, not allowing identification of the natural person related to it.
Minimization of personal data is important to us. We do not collect or process personal data beyond what is strictly necessary for the purposes intended and governed by this Privacy Policy.
4.1. Cookie inventory
The table below identifies all cookies used on this website, organized by category, with their respective purposes, processed data, classification, retention period, and origin.
Strictly necessary cookies
| Cookie | Purpose | Data processed | Type | Duration | Origin |
|---|---|---|---|---|---|
| c15t-consent | Stores the user's cookie consent preferences | Accepted/rejected cookie categories. Does not contain personally identifiable data | Persistent | 1 year | First-party (Sioux) |
Analytics cookies
| Cookie | Purpose | Data processed | Type | Duration | Origin |
|---|---|---|---|---|---|
| _ga | Anonymous Google Analytics identifier to distinguish unique visitors | Random identifier, first visit date, visit count, traffic source | Persistent | 2 years | Third-party (Google) |
| _gid | Google Analytics session identifier to group actions within a visit | Random session identifier. Anonymized data | Persistent | 24 hours | Third-party (Google) |
| _gat | Rate-limit requests to Google Analytics | No personal data. Rate control only | Session | 1 minute | Third-party (Google) |
Marketing cookies
| Cookie | Purpose | Data processed | Type | Duration | Origin |
|---|---|---|---|---|---|
| _fbp | Meta Pixel identifier for conversion tracking and remarketing | Browser identifier, pages visited, ad interactions | Persistent | 90 days | Third-party (Meta/Facebook) |
| _fbc | Stores Facebook ad click for conversion attribution | Ad click identifier (fbclid) | Persistent | 90 days | Third-party (Meta/Facebook) |
| li_sugr | LinkedIn identifier for browser matching | Browser identifier. May be linked to the user's LinkedIn profile | Persistent | 90 days | Third-party (LinkedIn) |
| AnalyticsSyncHistory | Syncs analytics data from LinkedIn Insight Tag | Analytics sync data | Persistent | 30 days | Third-party (LinkedIn) |
4.2. Third-party cookie usage
Sioux has partnerships with advertising networks that use essential cookies and other similar technologies for data collection and processing. For more information about this practice and to learn how to prevent companies from using this data, access the links of the respective partners:
- Facebook — view privacy policy
- Google — view privacy policy
- LinkedIn — view privacy policy
4.3. How to prevent cookies from being stored on your hard drive and/or delete them
Most internet browsers are configured to automatically accept cookies. The user can change the settings to block the use of cookies or alert them when a cookie is being sent to their device.
After authorizing the use of cookies, the user can always disable some or all of our cookies.
All browsers allow the user to accept, refuse, or delete cookies, namely by selecting the appropriate settings in the respective browser. The user can configure cookies in the "options" or "preferences" menu of their browser.
Note that disabling cookies may prevent some web services from working correctly, partially or totally affecting website navigation.
4.4. Documentation and periodic review
This cookie inventory is reviewed and updated periodically, at least every 6 months or whenever there is a change in the tracking technologies used on the website. The last review of this inventory was carried out in April 2026. Any changes will be communicated through updates to this Privacy Policy.
5. Controller information
The controller of your personal data, for the purposes of this privacy policy, is:
- Sioux Social Agência de Publicidade Ltda, a private legal entity, registered under CNPJ No. 19.614.018/0001-01, located at Av. Nova Independência, 87, suite 92, room 2 – Brooklin, São Paulo – SP, and;
- Sioux Consulting Ltda, a private legal entity, registered under CNPJ No. 00.316.268/0001-37, located at Av. Nova Independência, 87, 9th floor – Brooklin, São Paulo – SP.
6. Data Protection Officer contact details (Our DPO)
All questions, suggestions, and complaints about this Privacy Policy or about how Sioux processes personal data can be directed to the DPO through the following contact:
7. Data subject rights
Whether you are a user, the following rights are available to you:
- Right to confirm the existence of processing of your personal data, as per Article 18, I, of the General Data Protection Law – Law No. 13,709/2018;
- Right of access to your personal data, as per Article 18, II, of the General Data Protection Law – Law No. 13,709/2018;
- Right to correction of incomplete, inaccurate, or outdated data, as per Article 18, III, of the General Data Protection Law – Law No. 13,709/2018;
- Right to deletion of personal data, as per Article 18, IV and VI, of the General Data Protection Law – Law No. 13,709/2018;
- Right to block the processing of personal data, as per Article 18, IV, of the General Data Protection Law – Law No. 13,709/2018;
- Right to anonymization, as per Article 18, IV, of the General Data Protection Law – Law No. 13,709/2018;
- Right to data portability, as per Article 18, V, of the General Data Protection Law – Law No. 13,709/2018;
- Right to information about with whom your personal data has been shared, as per Article 18, VII, of the General Data Protection Law – Law No. 13,709/2018;
- Right to information about the possibility of not providing consent and the negative consequences, as per Article 18, VIII, of Law No. 13,709/2018;
- Right to revoke consent, in a simple, accessible, and facilitated manner, as per Article 18, IX, of the General Data Protection Law – Law No. 13,709/2018;
- Right to petition against the Controller before the National Data Protection Authority, consumer protection bodies, and/or the Judiciary, as per Articles 18, § 1, § 8, and 22, of the General Data Protection Law – Law No. 13,709/2018;
- Right not to be subject to, or to request reviews of decisions made solely based on automated processing of your personal data, including profiling, as per Article 20, of the General Data Protection Law – Law No. 13,709/2018.
8. Limitation of liability
Certain breaches of the confidentiality of your personal data may occur exclusively due to failures related exclusively to your conduct in digital environments. For this reason, users acknowledge and are aware that Sioux will not be responsible:
For the presence of viruses, malware, ransomware, or other harmful elements in digital environments that are capable of making changes, known or unknown, to their computer systems or data and documents stored in their computer systems, resulting in improper access to their personal data by third parties;
For damages of any nature arising from unauthorized third-party access to their personal data, when such access occurred due to failure exclusively related to users or third parties and beyond the reasonable control of the firm.
9. General provisions
The terms of this Privacy Policy may be changed at any time, as needed for its adequacy and review of the data collected and the purposes for which they are processed, and data subjects should check it from time to time.
If substantial changes are made to the purposes for which we collect personal data or to the legal bases that allow data processing, affected data subjects will be notified by email or through a prominent notice on the Sioux website homepage.
In the event that any provision of this Privacy Policy is deemed illegal or invalid, the remaining conditions shall remain in full force and effect.
10. Applicable law and jurisdiction
This Privacy Policy shall be governed and interpreted in accordance with the current legislation of the Federative Republic of Brazil, in particular the provisions of the General Data Protection Law – Law No. 13,709/2018. Any litigation or disputes related to this Privacy Policy shall be resolved before the Central Civil Court of the District of São Paulo, State of São Paulo, with express waiver of any other, however privileged.