COMPLIANCE

This page presents the formal commitments that underpin our operations and our relationships with clients, partners, employees, and society.

Principles

We conduct our activities based on four principles:

Integrity. We act with honesty in all commercial and institutional relationships. We do not tolerate corruption, fraud, bribery, or any conduct that undermines the trust of our stakeholders.

Transparency. We clearly communicate our capabilities, timelines, limitations, and costs. We do not make promises outside our scope. We do not conceal relevant information from clients.

Technical accountability. Every delivery is treated as a critical client asset. We document architectural decisions, maintain auditable code, and operate with observability.

Respect. We build diverse teams and work environments where people have a voice, security, and the opportunity to grow.

Legal compliance

The Chosing company operates in compliance with applicable legislation in each jurisdiction where it operates. Among the main standards observed, in alphabetical order by topic:

Anti-corruption.

  • OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions.
  • Foreign Corrupt Practices Act (FCPA), applicable to operations under US jurisdiction.
  • Brazilian Anti-Corruption Law (Law 12,846/2013).
  • UK Bribery Act, applicable to operations with links to the United Kingdom.

Internet framework and digital relations.

  • ePrivacy Directive and related national legislation, in the European Union.
  • Brazilian Internet Civil Rights Framework (Law 12,965/2014).

Personal data protection.

  • California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA), and other US state privacy laws.
  • Codice in materia di protezione dei dati personali, in Italy.
  • Brazilian General Data Protection Law (LGPD, Law 13,709/2018).
  • Ley Orgánica de Protección de Datos Personales y Garantía de los Derechos Digitales (LOPDGDD), in Spain.
  • Loi Informatique et Libertés, in France.
  • General Data Protection Regulation (GDPR, EU Regulation 2016/679), in the European Union.

Sector-specific regulations.

We apply the specific regulatory requirements of the sectors in which our clients operate, in each relevant jurisdiction.

Data protection

We process personal data in accordance with the principles common to applicable data protection legislation: purpose limitation, adequacy, necessity, free access, data quality, transparency, security, prevention, non-discrimination, and accountability.

In projects involving third-party data, we act as Processors (under GDPR; Service Providers under US laws), under instruction from the Controller client, with specific contractual clauses governing security, retention, international transfer, and disposal.

For international data transfers involving the European Union, we apply Standard Contractual Clauses approved by the European Commission, supplemented by additional technical and organizational measures when necessary.

Information
security

We maintain technical and organizational practices to protect client and operational information, including:

  • Role-based access control and least-privilege principle.
  • Multi-factor authentication for internal systems.
  • Encryption in transit and at rest for sensitive data.
  • Audit logs and periodic log review.
  • Regular security testing on critical systems.
  • Confidentiality agreements with employees and suppliers.
  • Incident response plan aligned with notification deadlines required by applicable laws.

Anti-corruption and anti-bribery

CHOSING© repudiates any form of corruption, active or passive. We do not offer, promise, authorize, or accept undue advantages to obtain or retain contracts, public or private. Gifts, hospitality, and courtesies follow reasonable market standards and must never influence business decisions. In any doubt, the principle of abstention prevails.

Conflicts of interest

Employees and partners must formally report any situation that may constitute a conflict between personal interests and the interests of CHOSING© or its clients. Each case is handled on a case-by-case basis, always with transparency.

Diversity and workplace

We do not tolerate discrimination based on gender, race, sexual orientation, gender identity, religion, origin, age, disability, or any other attribute protected by law. We build a harassment-free environment, with formal channels for handling complaints.

Sustainability and impact

We aim to operate with awareness of the environmental and social impact of the technologies we build. We assess computational resource consumption, energy efficiency of models, and the externalities of the systems we design.

Whistleblower channel

Conduct contrary to these principles can be reported through the channel compliance@chosingdept.com. Reports are handled confidentially, and retaliation against whistleblowers is prohibited. We investigate each case independently and take appropriate action, which may include warnings, termination, contract cancellation, or referral to competent authorities.

The channel is available for reports originating from any jurisdiction. We observe the legal protections for whistleblowers applicable in each country, including EU Directive 2019/1937 and the national laws that transpose it.

REVISION

This document is reviewed periodically. Relevant updates are published on this page, with a new reference date.
Last updated: June 11, 2026.