Privacy Policy

1.Who we are

Horizonta is a commercial structuring and activation consultancy dedicated to AgriTech and FoodTech startups. We operate in Brazil and France, helping founders and commercial teams turn campaigns, events, materials, CRM, partnerships, post-sale and learnings into an integrated system of generation and conversion.

For the purposes of this policy, Horizonta acts as the data controller of personal data collected through the website horizonta.co and the contact channels listed on it.

2.Data we collect

2.1. Data you provide voluntarily

When you contact us by email (celia@horizonta.co), we receive the data you choose to share, typically:

• Full name
• Professional email address
• Company, role and commercial context mentioned in your message
• Phone number (when you provide it)
• Content of the messages exchanged

This data does not come from automated forms — it exists only when you decide to write to us. Our website currently does not include lead capture forms, social media pixels, or marketing automation tools.

2.2. Data collected automatically

Our hosting provider (Cloudflare) records technical data on each visit to the site, for the purpose of service security and reliability:

• IP address
• Browser type and version (user-agent)
• Operating system
• Pages visited, date and time
• Referring website, when applicable

These records are used exclusively for technical operation (protection against attacks, cache optimization, error diagnostics). They are not used for advertising profiling and are not cross-referenced with personally identifiable data.

3.Purposes of processing

We process your personal data for the following purposes:

• Responding to your inquiry and continuing the commercial conversation you initiated
• Conducting the commercial cycle: scheduling meetings, sending proposals, explanatory materials, presentations and contracts
• Managing the ongoing relationship: keeping records of history, follow-ups, commercial stages and learnings
• Complying with legal and regulatory obligations, including responding to lawful requests from competent authorities
• Ensuring technical security of the site and preventing fraud or abuse

We do not use your data for automated marketing communications, advertising segmentation, or sale to third parties.

4.Legal basis

The processing of your data relies on the following lawful bases under Article 6 of the GDPR:

• Steps taken at your request prior to entering into a contract (Art. 6(1)(b)) — when you contact us to discuss a possible engagement
• Performance of a contract (Art. 6(1)(b)) — when there is an accepted proposal or active engagement
• Legitimate interests (Art. 6(1)(f)) — for commercial follow-up, technical security and operational diagnostics. Our legitimate interest is to develop and maintain B2B relationships with professionals who have themselves initiated contact. We have assessed that this processing does not override your fundamental rights and freedoms.
• Compliance with a legal obligation (Art. 6(1)(c)) — when required by applicable law
• Consent (Art. 6(1)(a)) — when you explicitly opt in to receive specific materials or periodic communications

5.Who we share data with

We do not sell, rent, or trade your personal data. We share information only with third parties strictly necessary to operate the site and communicate with you:

• Cloudflare, Inc. — hosting, CDN and site protection provider. Processes technical records (IP, user-agent, access logs).
• Google LLC (Google Workspace) — corporate email service. Stores and routes messages sent to celia@horizonta.co.
• Public authorities, exclusively when required by law, court order or valid administrative request.

From time to time, contracted service providers (accounting, legal, technical infrastructure) may have restricted access to certain data, always under contractual obligations of confidentiality and protection equivalent to those described in this policy.

6.International transfers

Some of the providers listed above (Cloudflare, Google) operate infrastructure in the United States and other countries outside the European Economic Area (EEA). When personal data is transferred outside the EEA, we rely on appropriate safeguards recognized by the GDPR, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• EU–U.S. Data Privacy Framework certifications, where applicable to the recipient
• Additional technical measures (encryption in transit and at rest) implemented by the providers

By contacting us, you acknowledge that part of the technical processing (email storage, access logs) takes place outside the EEA, under the safeguards described above.

7.Retention and deletion

We keep your personal data only for the time required to fulfill the purposes described in this policy:

• Active commercial conversations: for the duration of the commercial relationship
• Commercial conversations closed without engagement: up to 24 months after the last contact, in case of future re-engagement
• Contracts and accounting data: for the legal retention periods applicable in France (typically up to 10 years for accounting documents, in accordance with Article L123-22 of the French Commercial Code)
• Technical site logs: in accordance with the provider's retention policy (Cloudflare), typically between 4 hours and 30 days

After these periods, data is anonymized or deleted, unless a longer legal retention obligation applies.

8.Cookies

The Horizonta website currently does not use tracking, analytics or advertising cookies. There is no Google Analytics, Meta Pixel, LinkedIn Insight Tag or any similar tool installed.

Strictly necessary cookies may be used by Cloudflare for security purposes (bot and attack protection). These cookies are essential to the technical operation of the site and, in accordance with the GDPR and the guidelines of the CNIL (French Data Protection Authority), do not require prior consent.

Should Horizonta begin to use non-essential cookies (analytics, marketing), this policy will be updated and a consent banner will be presented before any such use, with separate "Accept" and "Reject" options of equivalent prominence, as required by the CNIL.

9.Your rights

Under the GDPR (Articles 15 to 22), you have the following rights regarding your personal data:

• Right of access (Art. 15) — to obtain confirmation that your data is being processed and to receive a copy of it
• Right to rectification (Art. 16) — to have inaccurate or incomplete data corrected
• Right to erasure (Art. 17) — also known as the "right to be forgotten"
• Right to restriction of processing (Art. 18)
• Right to data portability (Art. 20) — to receive your data in a structured, commonly used and machine-readable format
• Right to object (Art. 21) — to object to processing based on legitimate interests
• Right not to be subject to automated decision-making (Art. 22) — Horizonta does not perform automated decision-making with legal or similarly significant effects
• Right to withdraw consent at any time, where processing is based on consent (Art. 7(3))
• Right to set directives regarding the fate of your data after death, in accordance with Article 85 of the French Data Protection Act

To exercise any of these rights, write to celia@horizonta.co. We will respond within one month, in accordance with Article 12(3) of the GDPR. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.

You also have the right to lodge a complaint with the French Data Protection Authority (CNIL) at www.cnil.fr if you believe that the processing of your personal data infringes the GDPR.

10.Data security

We implement reasonable technical and organizational measures to protect your personal data against unauthorized access, loss, alteration or improper disclosure. These include:

• Encrypted connections (HTTPS/TLS) across the entire site
• Two-factor authentication on administrative accounts
• Access controls limiting data to authorized personnel only
• Infrastructure providers with internationally recognized security certifications

Despite these measures, no system is entirely immune to incidents. In the event of a personal data breach likely to result in a risk to the rights and freedoms of natural persons, we will notify the CNIL within 72 hours and, where the risk is high, the affected individuals without undue delay, in accordance with Articles 33 and 34 of the GDPR.

11.Children's data

Horizonta's services are intended exclusively for professionals and organizations. We do not knowingly collect personal data from children under 15 (the digital age of consent in France). If we become aware of any unintended collection, the data will be deleted immediately.

12.Changes to this policy

This policy may be updated to reflect changes in our practices, new tools adopted, or legal requirements. Any update will be signaled by the change of the date at the top of the document. Material changes (those affecting data subject rights) will be communicated in advance whenever possible.

We recommend reviewing this document periodically.

13.Contact

Questions, requests to exercise your rights, or any privacy-related communications should be sent to:

• Email: celia@horizonta.co