Privacy Policy

BR4Business Group Privacy Policy

BR4Business Group, on its own behalf and through its collaborators (“BR4Business”), aware of the importance and duty to safeguard the privacy of personal information and documents provided by its external and internal users (hereinafter referred to as “Data Subjects”), stored in the various databases of BR4Business, including its internet portals and physical documents under its custody, acting as the Controller for the processing of such personal data, establishes this Privacy Policy.

Applicability

This Privacy Policy applies solely and exclusively to the clients and personal data subjects of BR4Business.

Applicable Legislation

This Privacy Policy is governed by the current Brazilian legislation, particularly Law No. 13,709/18 (“General Data Protection Law”) and Law No. 12,965/14 (“Civil Rights Framework for the Internet”).

Definitions

For the purposes of this Privacy Policy, the following definitions apply:

• Data Subject: A natural person (clients, employees, partners, suppliers, and contractors) to whom the personal data being processed pertains.
• Personal Data: Information related to an identified or identifiable natural person. Examples include name, address, email, phone number, debit/credit card number, IP address, and geolocation data.
• Sensitive Personal Data: A special category of personal data related to racial or ethnic origin, religious beliefs, political opinions, union membership, or membership in organizations of a religious, philosophical, or political nature; data related to health, sexual life, genetic or biometric information.
• Anonymized Data: Information that, alone or combined with other anonymized data, does not allow the identification of a person, using reasonable technical means available at the time of processing. Examples include gender, age, generalized geolocation (e.g., city), and statistical data.
• Database: A structured set of personal data located in one or more sites, either electronic or physical.
• Personal Data Processing: Any operation performed on personal data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation, control, modification, communication, transfer, dissemination, or extraction.
• Controller: A natural or legal person, public or private, responsible for decisions regarding the processing of personal data.
• Processor: A natural or legal person, public or private, who processes personal data on behalf of the Controller.
• Data Protection Officer (DPO): The individual designated by the Controller and Processor to act as a communication channel between the Controller, data subjects, and the National Data Protection Authority (ANPD).
• User: Individuals who access or interact with activities offered on BR4Business’s internet portals or those of companies within its corporate group, under direct or indirect control.

Purpose of the Privacy Policy

The purpose of this Privacy Policy is to inform Data Subjects about the guidelines for the collection, processing, storage, and protection of information and physical and digital documents (hereinafter “Personal Data”) collected by BR4Business or on its behalf or entered directly by Data Subjects (external and internal) into its digital and physical platforms. It clarifies how Personal Data will be handled, the rights of Data Subjects, and how these rights can be exercised.

Processing of Personal Data

Personal data collected by BR4Business will be processed in accordance with the principles established in the General Data Protection Law, always observing good faith and being incorporated into physical and electronic records (hereinafter, “Records”) or Databases over which BR4Business acts as Controller.

BR4Business clarifies that Personal Data will only be processed when there is a lawful and regular purpose, under the Data Subject’s consent or legal provisions, including when necessary to meet BR4Business’s legitimate interests, provided these do not conflict with the fundamental rights and freedoms of the Data Subject.

Data anonymized during processing (“Anonymized Data”) will not be considered Personal Data for the purposes of this Privacy Policy, as it loses the ability to be associated, directly or indirectly, with an individual, in accordance with applicable laws.

Purpose of Personal Data Processing

The processing of personal data by BR4Business aims to comply with legal or regulatory obligations, achieve legitimate, specific, and explicit purposes under current legislation, or execute contracts involving the Data Subject.

Types of Personal Data Collected and Processed

• Registration and/or contact data
• Professional and/or legal data
• Identification data generated by official agencies
• Financial/payment data
• Data on the Data Subject’s preferences (e.g., browsing data on BR4Business websites or related sites)

Methods of Personal Data Collection

• Provided directly by the Data Subject or their legal representatives: Personal data submitted physically, electronically, or through BR4Business’s channels (websites or applications) when consulting, applying for, or contracting services or products offered by BR4Business.
• Collected directly by BR4Business with the Data Subject’s consent: Data obtained during commercial processes, marketing campaigns, or from authorized third parties.
• Provided by contracted third parties: Data received from third parties acting in partnership with BR4Business, such as service providers enhancing directly collected data, with express authorization from the Data Subject.
• Collected from public databases: Data available from public authorities, credit agencies, or made public by the Data Subject (e.g., social media), safeguarding the fundamental rights and freedoms of the Data Subject.
• Automatically collected: Information automatically gathered using technologies like cookies, which will be disclosed to the Data Subject.

Data Subject Rights

Data Subjects are entitled to the fundamental rights of freedom, privacy, and the protection of their Personal Data stored in physical and electronic records maintained by BR4Business or its authorized service providers. Specific rights include:

• Confirmation of the existence of data processing
• Access to their Personal Data
• Correction of incomplete, inaccurate, or outdated Personal Data
• Anonymization, blocking, or deletion of unnecessary, excessive, or unlawfully processed Personal Data
• Data portability to another service or product provider, upon express request and in accordance with national authority regulations, respecting commercial and industrial confidentiality
• Deletion of Personal Data processed with consent, except where legally required
• Information about public and private entities with which BR4Business has shared Personal Data
• Awareness of the consequences of denying consent
• Revocation of consent for data processing under applicable laws

To exercise these rights, Data Subjects may contact the DPO via contact@br4business.com.br.

Personal Data Protection Measures

BR4Business adopts all legal security measures to protect Personal Data, including internal reviews of data collection, storage, and processing practices, encryption, and physical security measures. In case of incidents involving Personal Data that could harm Data Subjects, BR4Business will notify the ANPD and collaborate with investigations, working effectively to mitigate potential damages.

Sharing of Personal Data

Personal Data may be shared, as permitted by law and/or with the Data Subject’s prior consent, with other companies in the BR4Business group, its controlling or controlled entities, subsidiaries, and affiliates, respecting the purposes outlined in this Policy and applicable laws. Additionally, data may be shared with contracted and authorized partners (“Processors”), ensuring contractual safeguards to protect Personal Data and Data Subject rights, allowing processing only for specified purposes.

Cookies

By accepting this Privacy Policy, the Data Subject consents to the use of cookies under the terms defined below:

• Definition: Cookies are data files stored on a user’s device (via smartphone, tablet, or computer) that record user preferences, location, pages visited, and other information, offering greater convenience during navigation.
• Classification by Validity:
  • Session cookies: Temporary cookies deleted when the browser or webpage is closed.
  • Persistent cookies: Remain after the browser is closed and are used to store login credentials or preferences.
• Classification by Purpose:
  • Strictly necessary cookies: Essential for website functionality.
  • Performance cookies: Collect anonymous information to improve user experience.
  • Functional cookies: Remember user preferences for enhanced customization.
  • Analytical and advertising cookies: Deliver targeted ads and measure campaign effectiveness.

Users may configure their browser settings to manage cookies but should note that disabling essential cookies may affect the functionality of BR4Business websites.

Additional Considerations

The Data Subject guarantees that the Personal Data provided to BR4Business is truthful and legitimate, free from consent defects, and commits to promptly notifying BR4Business of any changes. Responses to questions about Personal Data are optional unless otherwise indicated, and their absence does not affect service quality.

Amendments to This Policy

BR4Business reserves the right to update or modify this Privacy Policy at any time, ensuring compliance with applicable laws and providing specific communication about changes if necessary.