Privacy policy
Last updated: April 2026
This Privacy Policy explains how Netmantos ("we", "us", "our") collects, uses, and protects your personal data when you visit netmantos.site or contact us through any of our channels.
By using this website, you acknowledge that you have read and understood this policy.
1. Who we are (Data Controller)
For the purposes of the GDPR, Netmantos is the data controller of personal data collected through this website.
Legal name: Henrique Draugelis Maluf (trading as Netmantos)
CNPJ: 60.186.249/0001-65
Contact: contact@netmantos.site
2. What data we collect
Data you provide directly:
- Contact details: name, email address, phone number
- Shipping and billing address
- Order details: products purchased, size selection, delivery notes
- Messages you send us via email, WhatsApp, or contact forms
Data collected automatically:
- Device and usage data: IP address, browser type, operating system, pages visited, time and date of visit
- Location data: approximate geolocation derived from IP address
- Cookies and similar technologies (see Section 8 below)
We do not intentionally collect special category data such as health or biometric information.
3. Why we collect your data and the legal basis
| Purpose | Legal basis |
|---|---|
| Processing and fulfilling your order | Performance of a contract |
| Sending order confirmations and shipping updates | Performance of a contract |
| Handling returns, exchanges, and complaints | Performance of a contract / Legal obligation |
| Responding to your questions and support requests | Legitimate interests |
| Fraud prevention and security | Legitimate interests / Legal obligation |
| Marketing communications (only with your consent) | Consent. You may opt out at any time. |
4. How we share your data
We share your data only with trusted service providers who help us operate our business, including:
- E-commerce and payment platforms (Shopify and integrated payment gateways like Stripe)
- Shipping carriers and fulfilment providers
- Customer communication tools
These providers act as data processors and are bound by appropriate data protection agreements. We do not sell your personal data to third parties.
We may also disclose data when required by law or to protect our legal rights.
5. Data Security
We implement industry-standard measures to protect your information, including:
- Encryption: SSL/TLS encryption protects data during transmission between your browser and our site.
- Secure Payments: Payment processing is handled exclusively by Stripe, a PCI-DSS Level 1 certified provider. We do not store, see, or access your card details at any point.
- Access Control: Access to personal data is strictly limited to those who need it to perform their duties.
6. International data transfers
Your data may be processed in countries outside the EU/EEA, including Canada, the United States, and Brazil, where Shopify Inc. and its service providers operate. In such cases, we implement appropriate safeguards to ensure your data remains protected in accordance with GDPR requirements.
7. How long we keep your data
- Order and invoice records: retained for as long as required by applicable law (typically 5–10 years depending on jurisdiction)
- Customer support messages: kept for up to 3 years from the date of your last contact
- Marketing data: until you withdraw consent or opt out, and no longer than 2 years from your last interaction
8. Cookies
We use cookies and similar technologies to enable essential site functions, remember your preferences, and measure performance. You can manage your cookie preferences through our cookie banner or your browser settings.
9. Your rights under the GDPR
If you are based in the EU/EEA or UK, you have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Ask us to correct inaccurate or incomplete data.
- Erasure: Request deletion of your data where there is no legitimate reason for us to continue processing it.
- Data portability: Receive your data in a structured, commonly used, machine-readable format.
- Object or restrict: Object to or request restriction of certain processing activities.
- Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at contact@netmantos.site. We will respond within 30 days.
You also have the right to lodge a complaint with the competent data protection supervisory authority. You may contact the Autoridade Nacional de Proteção de Dados (ANPD) at www.gov.br/anpd or, for EU residents, the supervisory authority in your country of residence.
10. Changes to this policy
We may update this policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date at the top.
11. Contact
Email: contact@netmantos.site
WhatsApp: +34 742 01 96 58