This Privacy and Personal Data Protection Policy of the IGC Group (“Policy”) regulates the use of personal data received and/or collected, whether through the exchange of emails, access to the content of the site, or any other means of service developed and/or provided by IGC ASSOCIADOS — CONSULTORIA EM FINANÇAS LTDA. (“IGC”) or any company controlled, controlling or under common control of IGC (together with IGC, “IGC Group”). This Policy demonstrates the values and reiterates the commitment of the IGC Group to treat personal and/or professional data in a legal and ethical manner, respecting the requirements established in the applicable legislation. This describes the types of personal data received and/or collected by the IGC Group (“Personal Data”), the treatment given to them, such as sharing, storage and deletion, in accordance with current laws and regulations. This Policy is automatically effective and applies to all those who relate to the IGC Group, so that the maintenance of any relationship with the IGC Group constitutes acceptance of the terms established here. It is recommended to read this Policy carefully and, in case of doubt, the IGC Group will be available to assist you. In order to facilitate understanding, we have divided our Policy as follows:
1. Institutional Commitment
2. Responsibility for treatment activities
3. Form of Collection of Personal Data
4. Purposes of the processing of Personal Data:
5. Sharing Personal Data
6. International Transfer of Personal Data
7. Rights of the holder of the Personal Data
8. Retention of Personal Data
9. Security of the Personal Data processed
10. Rules for updating and changes to the Policy
11. Get in touch with us
The IGC Group recognizes the importance and relevance of the electronic records and Personal Data provided when using its websites, systems and services and, consequently, for the protection of your privacy. In this sense, through this Policy, the IGC Group communicates to its clients, collaborators, partners and any third parties with whom it relates its commitment to: (i) protect the security and privacy of Personal Data; (ii) communicate its Personal Data processing activities in a transparent manner; (iii) implement and properly execute mechanisms and processes for the exercise of the rights of the holders of Personal Data; (iv) respect and comply with the legislation and good governance practices applicable to the processing of Personal Data. We emphasize that the promotion of privacy, transparency, and the ethical and secure treatment of Personal Data are fundamental values for the IGC Group, so we will do our best to adopt the best practices that allow their adequate and lawful treatment.
The IGC Group informs that the Personal Data processing agents received or collected may be both the IGC Group and also a partner linked to it and, in this regard, clarifies that the IGC Group will act as a controlling agent or joint controller, establishing the purposes of the processing of Personal Data and being the main responsible for these activities, and it is up to the possible partner to act as the operator of the Personal Data, if necessary.
The IGC Group processes the Personal Data necessary to fulfill its corporate purpose, in accordance with the obligations imposed on it by law. Thus, the types and volume of Personal Data that are processed vary according to the purposes of use, the activities carried out, as well as the interaction with the IGC, always observing an analysis guided by the principles of purpose, need and appropriateness. In this sense, the IGC Group may collect Personal Data in various ways, and such data may be provided directly by the owner, automatically through the use of our services, or even by third parties as a result of their relationship with the IGC Group. We also clarify that the IGC Group may have access to the Personal Data of third parties related to its clients for the purpose of providing the advisory services for which it may be hired. In this regard, the IGC Group clarifies that all those who provide or allow access to other people's Personal Data to the IGC Group (including through access to documents sent to potential interested parties and their respective advisors as part of a transaction being advised by the IGC Group), must assure the IGC Group that: (i) they comply with the legal provisions and obligations imposed on them by the applicable Personal Data privacy regulations and legislation, (ii) IGC will be authorized to process and share said Personal Data with third parties for the applicable purposes, and (iii) will be responsible for any losses and damages that may be incurred by the IGC Group as a result of the provision of Personal Data in disagreement with applicable law. In order to present our processing activities in a transparent manner, we present below the main data we use and their respective purposes. (i) Biographical attributes data of the natural person, such as civil or social name, date of birth, affiliation, nationality, gender, address, e-mail addresses, telephone numbers; (ii) Registration data profession, occupation, marital status, classification as a Politically Exposed Person, identifying information when registering public bodies such as registration number in the Register of Physical Persons - CPF, Social Identification Number - NIS, registration number in the Social Integration Program - PIS, registration number in the Public Servant Asset Formation Program — PASEP, voter registration number, National Driver's License number — CNH, ID number — RG or RNE, among others; (iii) Financial and transactional data, information about financial statements and transactions related to the subject of the advisory services provided, bank account and card numbers, billing address, transaction records, and third-party data information relating to our clients and partners; (iv) Data collected automatically characteristics of the access device, browser, IP (with date and time), location, origin of the IP, information about clicks, pages accessed, the next page accessed after leaving the page of the IGC Group sites, or any search term entered on or in reference to our sites, among others. For this collection, IGC will make use of standard technologies, such as cookies, pixel tags, and others, which are used for the purpose of improving the user's browsing experience, according to their habits and preferences. In order to enable the provision of the services for which the IGC Group is contracted and due to technological development, it is important to clarify that biometric attributes may be collected, with the user's consent. That is, information with measurable biological and behavioral characteristics of the natural person. This information may be collected for automated recognition and fraud prevention. Also, when you access our websites and social networks, your electronic device will automatically provide some information about how you can interact with our tools. This information is provided by your browser or device through the use of cookies and other related resources and is used by the IGC Group to help us identify preferences and improve your experience on our official websites and social networks. It is also important to remember that the IGC Group does not individually collect or identify this information for analysis purposes and does not collect data after you log in to our systems and/or applications. The IGC Group only analyzes this data statistically, never individually, and always with the objective of better understanding the interests and needs of the users of its channels. To prevent the indiscriminate use of data from the IGC Group's website and official social networks by Internet users or market analysts in general, visitors to our sites can install security features such as an add-on or even disable, through the settings of their internet browser, the automatic collection of information using certain technologies, such as cookies and caches. But it is worth being aware that, once these technologies are disabled, some features offered by the site and/or social networks may stop working properly. Personal Data collection activities by the IGC Group take place through digital or physical forms, as well as through telephone calls or when directly accessing our websites and/or social networks, communication channels, tools, “software” (computer programs) or applications. We also clarify that we may collect Personal Data during the campaigns, events and surveys that we carry out or during the provision of our services. Notwithstanding the means used to obtain Personal Data, its processing will only take place to achieve the purposes mentioned in this Privacy Policy, especially for the provision of advisory services, in compliance with applicable laws and regulations.
In general, the IGC Group processes Personal Data to enable the conduct of its business, in particular, to provide the advisory services for which it is contracted. The processing of Personal Data will only be carried out when the law allows, that is, when it is necessary to, for example: (i) comply with contractual obligations and perform services for which the IGC Group was contracted; (ii) comply with legal and regulatory obligations; (iii) exercise rights in judicial or extrajudicial, administrative or arbitral proceedings, or even to investigate and remedy complaints and/or complaints; (iv) to ensure their legitimate interests (for example, conducting our business in an efficient and consistent manner); (v) enable supervisory actions by administrative bodies and authorities, including any activity of accessing, obtaining and verifying data and information, through procedures and techniques applied by a Supervisory Agent for the purpose of gathering evidence to ascertain compliance with obligations and compliances on the part of the inspectorate; (vi) detect and prevent situations of compliance with its internal policies and regulations; (vii) promote the security of its facilities and systems; (viii) allow the analysis and protection of credit and reputational risks. In this sense, Personal Data may be used by the IGC Group for the following purposes, among others: (i) management and compliance with commercial, financial and other contracts of any kind; (ii) administrative management of suppliers and contractors, (iii) management of the team and labor relations and recruitment of new employees; (iv) communication, marketing and prospecting for new clients; (v) maintenance recording accounting records and promoting internal audits; (vi) records of calls, visits, and messages; (vii) intelligence and “analytics” activities, in which case the data will be grouped in order to provide a macro analysis of a given scenario and, therefore, they will not seek to identify or make identifiable the holders of Personal Data, but only to better understand how they access our platforms, in order to improve the provision of services and customize products more aimed at the interests of users, in accordance with the mechanisms described in Section 3 above; and (viii) other purposes, such as conservation of transaction history and documents to meet regulatory, administrative and auditor requirements, and also the safeguarding and exercise of their rights. In addition, the IGC Group may process Personal Data to maintain contact with you, by: (i) sending institutional communications and announcing transactions; (ii) organizing events, including managing registrants, reminders and thanks; and (iii) carrying out satisfaction surveys and feedback on our services and initiatives.
The IGC Group does not sell Personal Data, but such data may be shared with third-party collaborators, representatives and affiliated or partner companies of the IGC Group based in Brazil or abroad, for the purpose of fulfilling the purposes described in this Policy. It is worth saying that during the data sharing process, the IGC Group will adopt the best governance and information security practices to ensure the protection of your privacy. In this sense, the IGC Group may share Personal Data with: (i) Outsourced Companies: In the course of providing the services for which we are contracts, we may rely on third-party companies to assist us and, for this reason, we will eventually share Personal Data with them to provide the services for which we are contracted. Such third parties may include, among others, correspondents, dispatchers, consultants, legal and accounting specialists, and software providers, such as data hosting services for storing our database and management services that allow us to manage and automate our activities. We emphasize that such third parties are only authorized to use the shared Personal Data for the specific purposes of fulfilling the services for which they were contracted and are required to treat them with the security standards established by themselves or by our internal policies; (ii) Banks, financial companies, and card and payment operators: We may share Personal Data with payment processors, fraud prevention agents, identification number agencies tax, companies that are members of payment arrangements and banks, so that we can process payments for the goods and services contracted by you; (iii) Analytics: We may share Personal Data with partners that provide intelligence and analytics services to better carry out our activities. In this sense, the information shared is only that necessary for the analysis to be carried out and, whenever possible, we will anonymize the Personal Data that could identify the owner; (iv) Marketing Companies: We may share Personal Data with marketing companies to send communications. All Personal Data shared has an adequate legal basis that justifies this type of treatment, which may be your consent or a legitimate interest of IGC. In any case, during this process, we will always consider your privacy and, when applicable, your right to object to the processing of this data; and (v) Regulatory and supervisory bodies: Finally, when required, when there is a legal obligation or even in the regular exercise of our rights, share Personal Data with regulatory and supervisory bodies such as Ministries, State and Municipal Secretaries, Councils and Development Agencies, including filing documents in judicial and administrative proceedings, if necessary, or to comply with a court order or request from a competent authority. Additionally, in the context of providing advisory services to a client, the IGC Group clarifies that it may share Personal Data (including those of third parties, as applicable) with potential companies interested in the transactions for which the IGC Group has been hired to provide advice and their respective advisors and representatives. If the IGC Group decides to sell or buy companies, subsidiaries, products, assets or even participate in corporate reorganizations and, considering that in such transactions information about clients, employees and/or partners is generally one of the transferable assets of the business, your Personal Data may be transferred to interested third parties, as well as their respective advisors, including abroad.
The IGC Group is headquartered in Brazil and data processing operations are subject to Brazilian legislation. Therefore, when accessing or using the services we provide, the user located outside the country consents to the transfer of their Personal Data to Brazil and other countries, within the limits of the legality of the Brazilian legal system. Although primarily carrying out our processing activities on national territory, the IGC Group may, through operators, carry out international transfers of Personal Data through its partners and/or suppliers. Nevertheless, the IGC Group clarifies that when your Personal Data is transferred outside of Brazil, appropriate measures will be taken to seek the protection of the shared data in accordance with the requirements of the applicable legislation. However, by using our products or services or providing Personal Data to the IGC Group, you are aware of and agree to the international processing and transfer of such data.
Subject to the terms of the applicable legislation, the holder of the Personal Data may request the IGC Group, at any time: (i) access and confirmation of the existence of processing of their Personal Data, allowing the holder to be aware of whether their Personal Data is processed or not and with whom they were shared; (ii) correction of incomplete, inaccurate or outdated Personal Data; (iii) anonymization, blocking or elimination of Data Unnecessary or excessive personnel and also the opposition to the treatment given in non-compliance with the provided for in the applicable legislation; (iv) portability of Personal Data to a new supplier or service provider; (v) revocation of consent for the processing of Personal Data, under the terms of the applicable legislation; and (vi) information about the possibility of not providing consent to the processing of your Personal Data and its consequences.
The IGC Group will keep your Personal Data stored only for as long as necessary to fulfill the purposes for which they were collected, including to comply with legal, regulatory, tax, contractual, and accountability obligations, to safeguard or even regularly exercise our rights. To determine the appropriate retention period, we consider the amount, nature, sensitivity of the Personal Data, and the potential risk of harm resulting from its unauthorized use, as well as the purpose of the processing and whether we can achieve such purposes by other means, as well as the applicable legal requirements.
The IGC Group adopts security measures to protect your Personal Data and prevent it from being accidentally lost, used, altered, or disclosed in an unauthorized manner. Personal Data is stored in a secure operating environment that is not accessible to the public and we seek to limit access to such data to those who need your knowledge, and it is certain that anyone who has access to Personal Data will be subject to confidentiality obligations. Our Policy follows good market practices to protect the Personal Data sent to us, however, although we take the best efforts to preserve your privacy and protect your Personal Data, we cannot guarantee total security of data transmission, and we are always susceptible to the occurrence of information security incidents. In the unlikely event of episodes of this nature, the IGC Group will adopt the measures it deems appropriate to remedy The consequences of the event, always seeking due transparency reference to the data subject. In addition, we request that in addition to adopting good security practices in relation to your account and your data, if you identify or become aware of something that compromises the security of your data, please contact us.
The IGC Group recognizes the importance and relevance of the electronic records and Personal Data provided when using its websites, systems and services and, consequently, for the protection of your privacy. In this sense, through this Policy, the IGC Group communicates to its clients, collaborators, partners and any third parties with whom it relates its commitment to: (i) protect the security and privacy of Personal Data; (ii) communicate its Personal Data processing activities in a transparent manner; (iii) implement and properly execute mechanisms and processes for the exercise of the rights of the holders of Personal Data; (iv) respect and comply with the legislation and good governance practices applicable to the processing of Personal Data. We emphasize that the promotion of privacy, transparency, and the ethical and secure treatment of Personal Data are fundamental values for the IGC Group, so we will do our best to adopt the best practices that allow their adequate and lawful treatment.
The IGC Group has appointed a Personal Data Protection Officer (“DPO”) to provide clarifications regarding the protection of the Personal Data collected, receive complaints, adopt whatever measures may be necessary in relation to the protection of the privacy of Personal Data or to receive communications from the National Data Protection Authority (ANPD), as well as other functions provided for by law or established by law said Authority. The DPO is available at the following contacts: Personal Data Protection Officer (DPO): Priscila Sartori Pacheco e Silva Mailing address: Av. Brigadeiro Faria Lima, 2277, 6th floor, Jardim Paulistano, São Paulo, SP, CEP 01452-000 E-mail: priscila.pacheco@igcp.com.br