DIGITAL BRANDING GROUP PARTICIPACOES LTDA, a legal entity governed by private law, registered with CNPJ No. 11.894.249/0001-04, established at AV INDEPENDENCIA, No. 1299, 3rd floor, State of Rio Grande Do Sul, city of Porto Alegre, CEP 90.035 -073 (“DBG&Co”), processes some of your Personal Data to provide you with products and services.

This Privacy Policy aims to inform all Customers, Partners and the market in general how we treat the Personal Data collected and/or received in our operation. This Privacy Policy also serves to clarify to our Customers what are the main rights guaranteed by Law 13.709/2018 (the “General Data Protection Law” or “LGPD”) and how DBG&Co – always guided by the ethics, transparency and compliance – it is prepared to comply with this regulation and guarantee the privacy of all players around it. If you have any questions, please contact us through the channels indicated at the end of this Policy (item 10).

1. IMPORTANT DEFINITIONS

The following definitions are important for you to understand the position and role of each person involved in our business, what are the main concepts defined in the LGPD and how DBG&Co is structured to protect the Privacy of all its Customers and Partners:

• “Controller”: the company (or the subject) responsible for deciding on the processing of the Data Subject;
• “Operator”: the company (or the subject) that carries out the processing of any Personal Data on behalf of the Controller;
• “Personal Data”: information relating to any identified or identifiable natural person; ie, any information passed by a Customer to the Supplier, for example, that identifies or may identify a natural person;
• “Sensitive Personal Data”: Data of the Holder about his racial or ethnic, religious, political, genetic, biometric origin, indicative of sexual preference or health status;
• “Processing”: any operation involving Personal Data that is carried out directly by the company;
• “Holder”: natural person to whom the Data to be processed in the transaction refers;
• “Anonymization​”: use of technical means available in the processing of Data, in which a Data loses the possibility of association, directly or indirectly, with an individual.;
• “Shared Use of Data”: communication, dissemination, international transfer, interconnection of Personal Data or shared treatment of Personal Data banks by public bodies and entities in the fulfillment of their legal competences, or between these and private entities, reciprocally, with specific authorization , for one or more treatment modalities allowed by these public entities, or between private entities;
• Partner: Supplier and/or Third Parties linked to the operation that are related to the services provided by DBG&Co in favor of the Personal Data Holder for the purposes of processing Personal Data;

2. WHAT PERSONAL DATA CAN WE COLLECT, PROCESS AND HOW DO WE DO IT?

DBG&Co strictly collects and treats the Data necessary for the execution of its corporate purpose, such as, but not limited to, Data relating to qualification (name, CPF/CNPJ, profession, gender, address) and/or those voluntarily provided by Users through the Sites/Applications/Tools. Any and all processing of Personal Data of Customers and Partners carried out by DBG&Co strictly observes the following principles:

• Purpose: the treatment must have a clear, specific and specific purpose.
• Adequacy: treatment must be compatible with the context informed to the Owner and respect the purpose;
• Necessity: treatment must be limited to the minimum necessary to perform the operation;
• Free Access: obligation to provide the Data Subject with immediate and free consultation on the processing of their Data;
• Data Quality: need for proof to the Holder of clear, relevant and up-to-date Data storage;
• Transparency: obligation to guarantee to the Holder clear, correct and easily accessible information at any time;
• Security: obligation to use technical measures capable of preventing leaks, unauthorized access, loss and/or unauthorized alteration of Data;
• Prevention: prior adoption of measures to prevent and contain possible violations of LGPD obligations;
• Non-Discrimination: impossibility of processing Data for discriminatory, illegal, abusive purposes;
• Accountability: obligation for the agent to prove the adoption of effective measures to ensure compliance with the law and all its principles;

Upon prior and express consent by the Holder, we may also – in order to make the service to Customers and Partners more efficient – collect Personal Data from the following sources:

• Sales management platforms in physical stores and via the internet
• Application Programming Interface (API): service that facilitates communication between two parties
• Cookies: registration of the Holder’s activities on our Sites / Applications / Tools with the aim of optimizing searches, always with the Client’s consent. For more information, see our Cookies Policy (https://cadastra..com/pt/politica-de-cookies-e-uso-do-site).

NOTE: Any Data provided on Third Party websites and applications may be subject to Privacy practices that may differ from the practices adopted by DBG&Co. If Personal information is submitted to any of these websites, the information will be governed by the Privacy Policies of those sites.

3. WHY DO WE COLLECT PERSONAL DATA?

We take appropriate steps to ensure that all processing of your Personal Information by us or our service providers is lawful. The legal basis for processing your Personal Information will depend on the purposes for which we process your information.

• Consent: upon prior consent by the Data Subject, in applicable cases;
• Customer Efficiency: through the Data collected and stored with the Owner’s consent, we can optimize search times when browsing, eliminate inefficient offers to the Customer and reduce transaction costs to focus on what really matters;
• Legitimate Interest: use of Personal Data by DBG&Co – always for legitimate and previously informed purposes – to promote essential activities and/or regular exercise of rights;
• Protection of Acquired Rights: we use Personal Data to exercise any contractual or legal right that must be protected before Customers, Partners and the market in general, including to protect DBG&Co’s Privacy right and the Data Holders whose Data has been entrusted to it.

4. WHO DO WE SHARE PERSONAL DATA WITH?

We guarantee that only people authorized by DBG&Co and bound by the same criteria of security, confidentiality and purpose can access your Personal Data when strictly necessary for the purposes of managing our business relationship or complying with our legal obligations.

In addition, sharing – with consent or for the exercise of legitimate interest – may occur in the following cases:

• Sharing in the Economic Group: sharing of Personal Data by DBG&Co – upon consent or for the regular exercise of right – with the companies of the DBG Group, which may act as Operators in the treatment of this information specifically in order to guarantee commercial management and greater efficiency in the campaigns Of marketing;
• Partners: Third parties who provide services to DBG&Co, such as providers of information technology services, communication or marketing services, as well as statistical services, limited to the sharing of Personal Data strictly necessary to perform the contracted activities and always with the prior consent of the Owner .
• Media campaign management tools: with the aim of sending advertisements adapted to your selected preferences based on your browsing and/or your requests on the Sites;
• Behavioral analysis tools: with the aim of improving the user experience regarding the use of the Site by storing cookies – always previously accepted by the User – or by analyzing Personal Data voluntarily provided by the Owner with prior knowledge and agreement for this purpose.

Upon prior knowledge and agreement, the sharing of Users’ Personal Data with Partners will be carried out in connection with one or more of the purposes described in item 2 of this Policy, respecting the limits and purposes strictly necessary to carry out our activity.

DBG&Co may also be required to communicate your Personal Data, upon receiving a binding order or subpoena, to any authority with jurisdiction over our activity to comply with legal, regulatory obligations and/or to respond to the subpoena received. In this case, the sharing will take place within the strict limits punctuated by the order given and, whenever possible, will be preceded by a notification to the Holder to take all appropriate measures in order to, if desired, seek appropriate measures to try to revoke the order. of sharing.

Finally, in compliance with the principles mentioned above, at any time the Holder may request DBG&Co access to all of its Data.

5. HOW DO WE STORE PERSONAL DATA?

DBG&Co seeks to make it easy for the Holder to keep his/her Personal Information accurate, complete and up to date. If the Holder deems it necessary to update his Personal Data, he may request DBG&Co through the channels mentioned at the end of this Policy (item 10).

These rights conferred on the Holder apply exclusively in relation to their own Personal Data. DBG&Co does not share any Third Party Data with the User, including Personal Data of other Users that have been collected in our operation.

We guarantee the Data Subject the following rights:

• Existence and Access: the Holder has the right to obtain confirmation of the existence of the activity of processing their Personal Data. If there is processing, the Data Subject has the right of access, that is, to obtain a simplified or complete statement about the categories of Personal Data processed, the origin of the Data and the purposes of the treatment. If your Personal Data is processed based on your consent, or on a contract signed between the Holder and DBG&Co, the Holder also has the right to obtain a full copy of the Personal Data that is processed based on the consent or contract;
• Correction: the Holder has the right to request the correction of incomplete, inaccurate or outdated Data about him/her;
• Anonymization, blocking and/or deletion: in certain cases, when the Personal Data is unnecessary, excessive or is treated in disagreement with the LGPD, the Holder has the right to request the anonymization, blocking or deletion of such Data;
• Portability: in certain cases, as defined and to the extent required by the ANPD, and always respecting the commercial and industrial secrets of DBG&Co, the Holder has the right to portability of his Personal Data to another company.
• Shared Use of Data: the Holder has the right to obtain information about the public and private entities with which DBG&Co made shared use of their Personal Data;
• Withdrawal of consent: whenever DBG&Co requests consent to process Personal Data, the Data Subject has the right to refuse consent. DBG&Co always informs you about this right and the consequences if you choose not to consent to a processing activity. In addition, whenever the Data Subject consents to the processing of their Personal Data for a specific purpose, they may revoke their consent at any time, with all the processing activities carried out up to the date of revocation being validated.
• Opposition Right to object to certain types of processing, including processing for direct marketing (which we do only with your consent).
• Deletion of Personal Data allows you to request the deletion or removal of your Personal Information if there is no compelling reason for us to continue to use it. Remembering that this is not a general right to erasure, except in cases of mandatory storage as provided by law.

For more information and/or requests, the Holder must contact us through the channels indicated at the end of this Policy (item 10). The analysis and response period is up to 30 days.

6. WHAT RIGHTS DO WE GUARANTEE TO THE HOLDER?

DBG&Co processes Personal Data only for the purposes described in this Policy.

Personal Data is kept to the extent necessary for the purposes of processing, and must be deleted:

as soon as the reason for its use ends, or
within the period determined by law.

7. COMMUNICATIONS AND MODIFICATION OF THIS POLICY

The security and confidentiality of your Personal Information is extremely important to us. We have technical, administrative and physical security measures in place to:

• protect your Personal Information from unauthorized access and misuse
• protect our IT systems against leakage of Personal Data
• ensure that we can restore your information in situations where Data is corrupted or lost in a disaster recovery situation
• where appropriate, use encryption or other security measures
• review security procedures periodically considering appropriate new technologies and updated methods.

While no measure is 100% effective, we are committed to ensuring that your Personal Information remains secure.

8. MINORS DATA

DBG&Co’s products and services are not intended for minors.

9. INTERNATIONAL TRANSFER OF PERSONAL DATA

We may transfer your Personal Information to DBG Group companies, IT providers and other Suppliers in other countries. For companies outside the Brazilian Economic Area with whom we may share your Personal Data, we ensure that this is done using specific and legally approved safeguards.

10. CHARGED FOR THE TREATMENT

The DBG Group, to which DBG&Co belongs, has a Person in Charge of the Processing of Personal Data, responsible for guiding the conduct of our activities in accordance with the legislation, as well as for receiving complaints and communications from the Holders of Personal Data and the Authorities, and provide them with clarification.

In case of doubt, complaint or any indication of violation of the terms of this Privacy Policy, or to exercise rights as a Data Subject, contact us through:

• email to [email protected]
• correspondence to Av. Eng Luís Carlos Berrini, nº 1511, 17th floor, State of São Paulo, city of São Paulo, CEP 04.571-011 for the care of the Personal Data Officer (DPO).

11. PRIVACY POLICY UPDATES

The DGB Group may, at any time, update this Privacy Policy to reflect improvements implemented. Please check this page regularly for updates.