Deskbee | Privacy Policy

Published in October/2021

The DESKBEE Platform Privacy Policy (“Policy”) was created to demonstrate the commitment of INVENTSYS DESENVOLVIMENTO E LICENCIAMENTO DE SOFTWARE E SISTEMAS LTDA-ME, a company registered under CNPJ No. 09.591.453/0001-04 (herein referred to as “Inventsys” , “we” or “our”), with the security and privacy of the information collected from Users of the DESKBEE platform (“Platform”).

The Policy clarifies the general conditions for the collection, use, storage and other forms of treatment and protection of personal data that the Platform may have access to, with the treatment being carried out in accordance with the Brazilian legislation currently in force regarding privacy and protection of personal data in Brazil, including, but not limited to, Law No. 12.965, of April 23, 2014 and Decree No. 8771, of May 11, 2016 (“Marco Civil da Internet”) and Law No. 13.709, of 14 of August 2018 (“General Data Protection Law” or “LGPD”).

The data that Inventsys obtains access comes from a contract signed between an individual or legal entity (“Subscriber Customer”) and Inventsys, whose object is to contract the Platform, which allows users to interact with the infrastructure and offers of the Subscriber Customer’s workspace, optimizing the use of resources and respecting health and safety rules.

The information entered on the Platform may be related to the Subscriber Customer’s employees (“Employees”) and the Subscriber Customer’s guests (“Guests”), who are, together, the holders of the personal data (“Holders”, “Users”, “Users” or simply “you”). In addition to the Subscriber Customer, Collaborators and Guests will also interact with the Platform, and may enter their personal or third-party data.

To learn more, read our Terms of Use available on the Platform.

To maintain direct contact with you, a communication channel has been designated. If you have any questions and comments regarding this Policy, please send an email to our Personal Data Protection Officer, for the attention of Gabriela Coelho Glitz (“Person”).

By using our Platform, you freely, informed, unequivocally, expressly and fully express your agreement with this Policy. We recommend that you read it carefully.


This Policy applies to all Users of our Platform, and your personal data is collected whenever you interact with the Platform or if the Subscriber Client enters your information on the Platform.

Our Subscriber Clients can be natural or legal persons, established anywhere in the world, but Users will always be natural persons or, otherwise, generic users created to link to environments, devices or things. Below, we list the types of Platform Users:

– Registered DeskbeeUser;
– Deskbee Contributor User or Admin;
– Guest Deskbee User.

In order to use the Platform, Inventsys may process the following personal data that you or the Subscriber Client inform us of:

Information regarding the Registered DESKBEE User:

Information regarding Employee or Admin Users: full name and e-mail. It is at the sole discretion of the Subscriber Customer to attach an account profile picture for each User, as well as assigning a GROUP to the User, for the purposes of training TEAM and work TEAMS. (eg Marketing Team, IT, etc). User and password data for access are created by the Admin User of the account or via SSO integration with Microsoft AD or Google G Suite, via SAML 2.0 protocol.

Information regarding the guest users: full name, e-mail, identification document (Drivers License, Personal ID or passport), and photo.

Information regarding third-party users: full name and e-mail. It is at the sole discretion of the Subscriber Customer to attach an account profile picture for each third-party User, as well as assign a GROUP to the User, for the purposes of training TIMES and work TEAMS. (e.g.: Cleaning, Concierge, etc).

Inventsys may also automatically collect the data listed below for audit control and log failed login attempts to identify improper login attempt behavior. These data, when linked to information that identifies the user, will be treated as personal data in accordance with the law:

Log data and information of your device: IP address, access dates and times, hardware and software information, device information and device name.

Cookies and similar technologies: in accordance with our Cookie Policy.

Please note that the personal data listed above will be collected by Inventsys and further processed only as necessary to achieve the purposes set out herein.

The classification of the legal basis of the data stored and processed by Inventsys listed in Section 2 takes place by analyzing the specific context in which we collect them.

The data processed by Inventsys will only be collected for the execution of the contract signed between the Subscriber Customer and Inventsys.

It will be up to the Subscriber Customer, controller of the data entered on the Platform, to choose the appropriate and consistent legal bases, in accordance with the General Data Protection Law.

The collection of information has the sole and exclusive purpose of providing, maintaining and improving the services provided to offer you a better experience. In this way, as necessary, the information collected will be used for the following purposes:

– Provide the service contracted by the Subscriber Customer;
– Meet your eventual Platform support requests;
– Send communications about activities on the Platform;
– To defend against legal claims or as required by law;
– Investigate, deter or take action related to illegal activities, suspected fraud or situations involving potential threats to the physical and technological security of anyone and Inventsys, or if otherwise legally required, within the limits permitted by applicable law;
– For auditing and logging failed login attempts to identify improper login attempt behavior.

When necessary to achieve the purposes described in Section 4, Inventsys may share your personal data with the third parties listed below for the correct provision of the services offered, the security of storage of your personal data and a better experience with Inventsys. Whenever carried out, data sharing will be carried out within the limits and purposes of our business, in accordance with the purpose of the processing of personal data and in accordance with what is authorized by applicable law. In this way, your data can be shared with:

– For audit control and registration of failed login attempts, in order to identify the behavior of outsourced service providers hired only by the SUBSCRIBER CLIENT, the in order to guarantee the execution of your requests on the Platform;
– Gates and receptions of business condominiums where the Subscriber is established software platforms and tools for managing the provision of services offered by Inventsys, including: CRM (PIPE RUN), MAILING (GET RESPONSE), TASK MANAGEMENT (TRELLO) and SUPPORT (AGIDESK). All this data is mapped in our Data Mapping to fulfill requests for editing, removal or access.
– Tax authorities and government, police, public and judicial bodies for the purpose of responding to complaints, investigations, judicial measures and legal proceedings, if requested, provided that they are equipped with an adequate instrument to request information (e.g. court order) as well as complying with legal, regulatory and tax obligations; improper login tactics.

Under the terms of the LGPD, the controller and the operator of personal data are processing agents, the controller being the natural or legal person responsible for the decisions regarding the processing of personal data and the operator the natural or legal person who carries out the data processing on behalf of the controller.

Considering that the Subscriber Customer is the Controller of personal data, under the terms of the LGPD, his request must be directed to him, and he must fulfill his request considering the deadlines and terms provided for in the applicable legislation.

In the form and within the limits of the applicable legislation, you, as the subject of personal data, may contact the Personal Data Controller to exercise your rights, in order to request:

confirmation of the existence of processing of your personal data;
access to your data;
correction of your incomplete, inaccurate or outdated data;
the anonymization, blocking or deletion of your data that are unnecessary, excessive, or treated in breach of the provisions of applicable legislation;
the portability of your data to another service or product provider, subject to commercial and industrial secrets;
the elimination of your personal data, except in the cases provided for in the applicable legislation, to exercise rights pertaining to Inventsys and to comply with legal requirements;
information from public and private entities with which Inventsys has shared its data;
information about whether you may not provide consent and the consequences of your denial;
the revocation of your consent, when you have provided us, safeguarding the public interest that may justify the continuity of the treatment or the existence of another legal basis that authorizes it; and opposition to any processing of personal data based on one of the cases in which their consent is waived, provided that the provisions of the applicable legislation have not been complied with and that the public interest that may justify the continuity of the processing has been safeguarded.

Inventsys is not responsible for the correctness, veracity, authenticity, completeness and updating of the data provided by the User and the Subscriber Customer, not even for any possible misuse of published information or for fraud.

It is your sole responsibility to provide only correct, true, authentic, complete and updated information, as well as to ensure the confidentiality of your password, when applicable, not disclosing it to third parties.

Inventsys maintains in a controlled and secure environment the personal data collected in order to serve specific purposes, as explained in Section 4.

The stored data uses “secure socket layer” (SSL) and is stored with AES-256 encryption. In addition, we follow all PCI-DSS requirements and implement additional generally accepted industry standards. Login data is stored encrypted using the Bcrypt tool and we perform PENTEST penetration tests every 180 days on our software.

All our software infrastructure is stored in a state-of-the-art, high-performance/security datacenter at Oracle CLOUD, owned by the American company ORACLE INC., headquartered in Redwood City, California, USA. The terms of privacy and data security can be accessed through the ORACLE CLOUD website.

Furthermore, all our employees who can access data from Subscriber Customers sign a Term of Responsibility on any problems with misuse, leakage or change of software settings, and may be penalized as co-responsible together with Inventsys if responsibility for part of our team.

Even so, the Owner must be aware that no Internet security system is guaranteed against unwanted intrusions, and Inventsys’ commitment is limited to the adoption of recommended protection measures in accordance with the current state of the art.


Inventsys does not carry out international transfer of your data to other countries or international bodies, and all personal data that you may have access to due to the Platform is stored on servers located in Brazil.

Thus, we make you aware that your personal data will be shared and stored on the following servers:


We store and maintain your information: (i) for as long as required by law or (ii) until the end of the processing of personal data, as mentioned below. Thus, we will treat your data, for example, during the applicable statute of limitations or as necessary to comply with a legal or regulatory obligation.

The termination of the processing of personal data will occur in the following cases:

When the purpose for which the Data Subject’s personal data were collected is achieved and/or the collected personal data are no longer necessary or relevant to the achievement of such purpose;
When the Subscriber Client requests data deletion from Inventsys; and

When there is a legal determination in this regard.

Observing the principle of necessity, some data sent through the Platform may be deleted from our records by maintaining routine records, as contractually stipulated with the Subscriber Customer. We are under no obligation to store personal data indefinitely and we disclaim any liability arising out of or related to the destruction of such personal data.

Upon termination of the processing of your personal data, except in the cases established by applicable law or by this Privacy Policy, the Subscriber Customer must download the personal data, if desired, which will be deleted from the Inventsys database. If deletion is not possible in the first instance, the data will be securely stored and isolated from further processing until deletion is possible.

Our Platform, in its entirety or in each of its tabs and sections, may be unilaterally terminated, suspended or interrupted by Inventsys, or upon request of the Subscriber Client, at any time and without prior notice.

This Privacy Policy may be updated or changed at any time, with the changes being prominently informed on the Platform.

If you are under the jurisdiction of the General Data Protection Regulations (“GDPR”) of the European Union and the United Kingdom, this topic applies to you in addition to the rest of this Privacy Policy.
Pursuant to Article 27 of the GDPR, Inventsys has appointed Luiz Mário Verdi as its Representative to the European Union. To get in touch about issues related to the GDPR, send an e-mail to

Pursuant to Article 27 of the UK GDPR, Inventsys has appointed Luiz Mário Verdi as its Representative to the European Union and the United Kingdom. To contact us about UK GDPR issues, send an email to

11.1. Legal Basis for the Treatment of Your Data in the GDPR and in the UK GDPR
Inventsys is the Operator of Personal Data processed under the jurisdiction of the European Union and the United Kingdom. In this sense, your Personal Data are processed only in the circumstances authorized by the GDPR and the UK GDPR and under the orders of the Subscriber Client, and the Subscriber Client, the Controller, is responsible for the decision to choose the most appropriate legal basis, in accordance with its Data processing purpose.

11.2. International Data Transfer
To facilitate our global operations, Inventsys may transfer and store your Personal Data in Brazil. The applicable law in Brazil differs from the data protection laws applicable in your country of residence, therefore, Inventsys adopts measures in accordance with the requirements of the GDPR and UK GDPR, such as the insertion of standard contractual clauses with the Subscriber Customer.

If any information in this topic conflicts with the rest of this Policy, the provisions of this topic will prevail.

We seek to prevent the sending of unsolicited emails by restricting communications with you to matters that are relevant or of specific interest to you.

If you prefer not to receive any more information from us, you can request to unsubscribe via the unsubscribe link contained in the email or in the message received, or uncheck the option that authorizes the sending of emails and promotional messages (opt out ) present on your registration page.

You should be aware that many fraudsters try to use reputable brands to obtain personal information such as passwords and financial data. Inventsys WILL NEVER REQUEST YOUR FINANCIAL DATA VIA E-MAIL OR PHONE CONTACT. IN THE EVENT OF ANY OTHER SUSPECTED ATTITUDE, SEND YOUR QUESTION OR ALERT BY E-MAIL TO

Our Platform may contain links or frames from other websites. These links or frames seek to provide additional benefits to the content and services offered to the User.

We clarify that the inclusion of these links on our Platform does not mean that Inventsys is aware of, agrees with or is responsible for the content of such links and frames. It is important to emphasize that our objective is to only provide links or frames of reputable and trustworthy companies, and Inventsys is not responsible for the information, products and services obtained by the User on these sites, nor for the commercial practices and privacy policies adopted by these companies, and Inventsys cannot be held responsible for any losses and damages or loss of profits suffered as a result of the use of these resources.

To the extent that the linked sites are not part of our Site, we do not control, recommend or endorse these sites and their content, products, services, policies and their privacy practices; we do not have access to their personal data collected and processed by them and their advertising policies, cookies and terms of use. Therefore, we recommend that you carefully read these documents from third-party sites.

By providing us with your data and interacting with the Platform, you agree and accept the terms set forth herein.