NBR Company – Strategic process for your profits The most optimal consulting solution.

We’re working on opening new lines soon!

Send mail: support@nbr.company

En
EN
VN
KR
Plan With Us
Plan With Us

Data Protection & Security Policy

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus pharetra tortor eget lacus ullamcorper, posuere fringilla justo convallis.

Effective Date: January 1, 2025
Last Updated: January 1, 2025

At NBR. Company Ltd. (“NBR”, “we”, “our”, “us”), safeguarding information assets, ensuring compliance, and protecting the integrity of our ecosystem are core principles. This Data Protection & Security Policy (“Policy”) defines the standards, practices, and responsibilities governing how NBR collects, processes, secures, and manages client and organizational data across all business units and services.

1. Purpose

The purpose of this Policy is to:

  • Ensure compliance with global data protection frameworks (LGPD, GDPR, CCPA, HIPAA, and other applicable regulations).
  • Protect client and corporate data against unauthorized access, disclosure, alteration, and destruction.
  • Define clear rules for handling sensitive information.
  • Promote a culture of security, confidentiality, and resilience across NBR operations.

2. Scope

This Policy applies to:

  • All employees, contractors, consultants, and partners of NBR.
  • All Services provided by NBR, including consulting, technology, financial, digital, and cybersecurity engagements.
  • All forms of data, including personal data, client-provided information, proprietary research, system logs, and business intelligence.

3. Data Collection & Processing

  • Minimal Data Collection: NBR only collects data necessary to fulfill contractual, regulatory, and operational requirements.
  • Lawful Basis: Data is processed under lawful bases such as consent, contractual necessity, legitimate interest, or legal obligation.
  • Client Ownership: Client data remains the property of the client. NBR acts as a data processor and custodian, not a data owner, unless otherwise contractually agreed.
  • Transparency: Data subjects are informed about collection, processing purposes, retention periods, and rights.

4. Data Classification

All data handled by NBR is classified into the following tiers:

  • Public Data: Non-sensitive, openly shareable information.
  • Internal Data: Internal business communications, non-public reports, and procedural information.
  • Confidential Data: Client deliverables, contracts, proprietary systems, and sensitive research.
  • Restricted Data: Personally Identifiable Information (PII), financial data, strategic intelligence, and high-risk security information.

5. Security Controls

NBR enforces layered, enterprise-grade security controls:

  • Encryption: All sensitive data is encrypted at rest and in transit using industry standards (AES-256, TLS 1.3).
  • Access Control: Role-based access, least-privilege principles, and multi-factor authentication are mandatory.
  • Monitoring: Continuous monitoring, anomaly detection, and intrusion detection systems (IDS/IPS) are deployed.
  • Backups & Recovery: Data is backed up regularly with integrity checks and tested disaster recovery procedures.
  • Network Security: Segmented environments, firewalls, and zero-trust architecture protect against breaches.
  • Endpoint Security: Devices used for NBR operations require endpoint protection, full-disk encryption, and patch management.

6. Employee & Contractor Responsibilities

  • All NBR personnel must complete mandatory data protection and cybersecurity training.
  • Unauthorized storage of client data on personal devices or unapproved platforms is strictly prohibited.
  • Employees must immediately report any suspected data breach, phishing attempt, or anomalous activity to NBR Security Operations (SecOps).

7. Data Retention & Disposal

  • Retention: Data is retained only as long as necessary to meet contractual, regulatory, and business obligations.
  • Secure Disposal: Upon expiration of retention periods, data is securely destroyed using industry-approved methods (digital wiping, shredding, degaussing).
  • Client Rights: Clients may request deletion, anonymization, or retrieval of their data in accordance with applicable laws.

8. Third-Party and Vendor Management

  • Vendors, subcontractors, and technology partners engaged by NBR must comply with equivalent or stronger security standards.
  • Third-party access to client data requires prior approval, contractual safeguards, and audit rights.
  • NBR conducts due diligence, ongoing monitoring, and risk assessments for all external parties with access to sensitive data.

9. Incident Response & Breach Management

  • Detection: Security incidents are logged, analyzed, and escalated by the NBR Security Operations Center (SOC).
  • Response: A documented incident response plan (IRP) ensures immediate containment, forensic investigation, and mitigation.
  • Notification: Affected clients and regulators are notified in compliance with applicable data breach laws.
  • Review: Post-incident reviews identify root causes, lessons learned, and required policy or control improvements.

10. Regulatory Compliance

NBR aligns with global and regional data protection frameworks, including:

  • Brazil: LGPD (Lei Geral de Proteção de Dados).
  • European Union: GDPR (General Data Protection Regulation).
  • United States: CCPA, HIPAA, GLBA, and other relevant laws.
  • Global: ISO 27001, NIST CSF, CIS Controls, PCI-DSS where applicable.

11. Enforcement & Accountability

  • Violations of this Policy by employees, contractors, or partners may result in disciplinary action, up to and including termination of employment, contracts, or partnerships.
  • Clients found misusing NBR platforms or attempting to compromise system integrity will face immediate service suspension and potential legal action.

12. Policy Review & Updates

This Policy is reviewed annually or following major regulatory or operational changes. Updates are communicated through NBR’s official communication channels.

13. Contact Information

For inquiries regarding this Policy, data protection requests, or reporting security concerns, contact us:

NBR. Company Ltd.
📍 Global Headquarters: We’re working on opening new offices soon!
📞 Corporate Contact Number: We’re working on opening new lines soon!
📧 support@nbr.company

x

Consulting Services

Marketing

IT Solutions Services

Contact With Us!

We’re working on opening new offices soon!

We’re working on opening new lines soon!

Mail Us: support@nbr.company

Mon – Sat: 8.00am – 18.00pm / Holiday : Closed