Privacy Policy - Algar Tech

Privacy Policy

LGPD

What is LGPD?

The General Data Protection Act provides for the processing and protection of personal data and sensitive personal data. This law requires companies to handle customers’ personal data securely and with maximum protection. The availability of data for data subjects should be facilitated, within the limits of the LGPD, through governance and compliance practices that are more appropriate and efficient to the process.

LGPD and Algar Tech

We are working to comply with the provisions of the LGPD and to ensure that your data is increasingly secure on our platforms and software.

What are my rights?

Confirmation of Treatment

You have the right to confirm whether we, as controller, carry out the processing of your personal data.

Data Access

You can request information about the processing of your personal data carried out by us within the limits provided by the LGPD through our means of communication.

Data Correction

You may request the correction of your data that is outdated, incomplete or inaccurate.

Anonymization, blocking or deletion of unnecessary, excessive or non-compliant data

In accordance with the LGPD, whenever possible, your personal data may be anonymized, i.e. processed in a way that does not allow your identification. You also have the right to have incorrect or incomplete personal data corrected and, if personal data is not required to be kept by law, you have the right to request its deletion.

Portability

You may expressly request at any time the portability of your personal data with other service or product providers, within the limits established by the LGPD.

Deletion of personal data processed with consent

You have the right to request the deletion of your personal data in the company database, provided that these data are being treated in any case not permitted by the LGPD. It is worth noting that this right is not absolute, personal data necessary for compliance with legal or regulatory obligations, as well as financial data and other data treated for a legitimate purpose that transcends the will of the holder will not be deleted.

Sharing of Personal Data

You have the right to know with which entities (companies, government agencies, etc.), whether public or private, and what personal data we share.

Information on non-consent and what the consequences of refusal will be

If you choose not to consent to the processing of your personal data, we have a duty to inform you of the consequences of refusal.

Revocation of consent

You can at any time revoke the consent to the processing of your personal data previously granted, free of charge and easily.

You can easily exercise your rights by filling in the form available below:

LGPD
Information Security Policy

Objective

Provide guidance and support for information security in accordance with business requirements and relevant laws and regulations, thus contributing to the financial sustainability of the organization.

Reference Documents

• Algar Tech’s Code of Conduct;
• Algar Tech Logical Access Control Policy;
• Procedure Physical Management of Algar Tech Assets;
• NBR ISO 20000-1:2018;
• NBR ISO 27001:2013;
• Law 13.709/18 – General Law of Personal Data Protection (LGPD)

Definition

1. Scope

This “Security Policy” maintains integrity in service delivery across all units of the Algar Tech according to the company’s strategies, current legislation and contractual requirements. The guidelines established here should be followed by all associates, service providers, suppliers, trainees, contractors, partners and customers who use Algar Tech’s information.

Note 01: Exceptions only when approved by the governing body.

.2 Information Security

Are ongoing efforts to protect information assets from various types of threats to ensure business continuity, minimize risk to the organization, helping Algar Tech to to fulfill its mission; It is obtained from the implementation of control objectives and adequate controls to ensure that the organization’s business and safety objectives are met.

.3 ISMS (SGSI)

Information Security Management System.

Description

– Responsibities

Algar Tech, through its presidency and board affirms its commitment to information security, laws and
regulations applicable to the business, from this “Information Security Policy”.

– Main areas of the information security management system

Presidency;
Information Technology;
Infrastructure;
Human Talents;
Operations.

– Safety objective

Ensure the applicability of rules, policies, and procedures for information security, reflected in the organization’s business.

– People

4.1.1 – Algar Tech Associates

All associates, young apprentice, trainees, service providers, suppliers, contractors, visitors, partners, startups and customers in the Algar Tech environment should be aware of the Algar Group’s Code of Conduct and Information Security Awareness training and be consistent with them.

Every associate shall sign the “Confidentiality Agreement” upon his/her admission or whenever requested by the company.
Any associate is forbidden to unduly use the information of the company and/or its customers, pass them on to competitors, use them for their own benefit and/or store files and emails improperly.

Algar Tech can automatically receive and store information about the activities of anyone using your resources, including IP address, user, applications, screen/page and conversation carried out in or through the company.

Any authentication ID (user and password) on the corporate network or in applications provided by Algar Tech is personal and non-transferable and each user will be responsible for the storage and use of the same.

At the end of the employment and/or contractual relationship of the associates and/or service providers, Algar Tech will disable all authentication ID’s used during the provision of service.

– Supplier and Third Party

Every creation, invention and development of ideas, processes, systems, products and services performed during the provision of services at Algar Tech should be transferred to it.

Any service provider shall be prohibited from misusing information from the company and its customers, pass them on to competitors, use them for one’s own benefit and/or store files and emails improperly.

c) Receiving access to any resource of Algar Tech, the service provider will be subject to the internal policies and guidelines of the organization and to all the criteria established in the clauses of confidentiality available in the service provision contract signed at the time of the hiring.

(d) at the end of the contractual relationship, the head of the contract of the service providers of Algar Tech should ensure that the authentication ID’s used during the work are
properly disabled.

– Assets

Each member shall be responsible for the proper functioning and integrity of any resources provided by the company for carrying out its activities and, when applicable, must sign a resource use agreement.

Every Algar Tech product or equipment that needs to be transported should be safely accommodated, thus ensuring its physical and logical integrity when applicable.

In the corporate network, the use of personal computers is not allowed. With the exception of the following previously authorized by the information security area.

Access via mobile devices (smartphones, mobile phones, tablets, ipads, etc.) will be allowed through the SSID AlgarTec_Mobile, which allows only the use of applications required for this type of device. For these cases the only person responsible for looking after the operation of these assets is the associate owner of the equipment.

All entry, movement and exit of assets of Algar Tech units should obey to the company’s internal procedures.

– Processes

The company must map all critical processes to the business and conduct an assessment of risks with controls and treatment. These must be known, approved and accepted by the governing body.

The mapping of critical processes shall be reviewed whenever changes in impact occur in the environment.

– Risk

the undertaking shall establish and implement a process for the assessment of security risks information for existing processes and technologies and their results should be comparable and reproducible, making up the Corporate Risk Map.

the risk assessment shall be able to identify vulnerabilities, threats, impacts and acceptable levels of risk to assets, people, information, systems, application and mapping of the main business processes according to the company’s strategies, current legislation and contractual requirements;

The risk assessment shall be reviewed at least once every year or whenever impact changes occur in the environment.

– Information

a) Access to Algar Tech’s or its customers’ information in their business environment and computing is restricted and will only be made available to the profile of persons formally authorized.

(b) All confidentiality clauses agreed with clients in relation to their information should be respected by Algar Tech associates or third parties to services that may have access to this information.

It is expressly forbidden for any user who does not have a formal authorization to use the access to any systems and applications or even the simple attempt to access them.

Any information generated within Algar Tech or on its behalf, which is the result of work of associates, suppliers or service providers are the right of Algar Tech and it alone can determine its destiny and purpose.

(e) Every creation, invention and development of ideas, processes, systems, products and services, created within the scope of work or the responsibilities and mission of the function or position of the associate in the company, should be transferred to Algar Tech.

f) It is prohibited to disclose any information of the company or its customers to others who does not belong to the same working group, in public media (including photos/filming on social networks) or internal, without prior authorization or that is bound to the Liability and Confidentiality Agreement, subject to exceptions when provided in contract.

(h) Information generated within the organization must be stored in an backup with guaranteed restore in a safe place validated by the competent team.

The use of pen drives, external HD or any other type of device is not allowed removable for transport or storage of data. Exceptions must be formally stated authorized by the information security area.

At the end of the contractual relationship with the client or service provider, all information stored in Algar Tech’s equipment should be erased or passed on to the same when provided for in the contract;

At the end of the employment and/or contractual relationship, the associates and/or service providers who may have permission to access equipment or storage media shall eliminate any physical and/or logical traces of information generated or acquired inside Algar Tech.

– Systems and Applications

All software installed on machines owned or operated by Algar Tech must have a license to use previously acquired, and the user area must register request to the Service Desk for installation, authorization and use.

Installation of shareware, freeware or equivalent software that does not is provided for in the list of approved solutions.
All security updates and patches shall be deployed according to the each application and approved by the security and information technology team.

All equipment (servers, desktops, notebooks, among others) that allow the antivirus installation, they must have them installed and updated online, and the user disable or uninstall.

All anti-virus software must guarantee the blocking of viruses, worms, spyware or other new existing attack technology.
All e-mail and internet access must be monitored and protected with antivirus and firewall.

Algar Tech’s corporate e-mail should be used only to deal with matters related to the company, being the information stored or transmitted proprietary of the organization, being up to the user to ensure its correct classification and treatment according to Procedure – Information Classification and Labelling.

The use of corporate e-mail for personal purposes, registration on shopping and other sites forms is not allowed.

No access to systems and applications of Algar Tech or its customers can be shared, with the member who owns the user being solely responsible for maintaining the confidentiality of your logon passwords, network user, internet, work files and other Algar Tech applications.

It is forbidden to use Instant Messaging tools not approved by the safety and technology, subject to exceptions, when their effective use in the activities is proven performed by the associate or customer.

It is forbidden to transfer files by any Instant Messaging tool and file sharing, with the exception of authorized exceptions and/or approved tools, and authorized.

– Violation of ISMS Policies and Guidelines

Security breaches must be reported to the Information Security area, by through the Service Desk. Every violation or deviation shall be investigated for the determination of necessary measures, aimed at correcting the fault or restructuring processes.

These are considered security breaches:

– Illegal use of software;
– Introduction (intentional or not) of computer viruses;
– Sharing sensitive business information;
– Sharing of personal data;
– Undue exposure of data related to contracts and customers;
– Breach of confidentiality of confidential information and/or sensitive data;
– Other violations set forth in the Algar Group’s Code of Conduct, the Algar Group’s Information Security Policy and current legislation.
– Disclosure of information on clients and the operations contracted.

The safety principles established in this policy are in full compliance with the presidency and board of directors of Algar Tech and must be observed by all in the execution of their functions.

Failure to comply with the guidelines of this policy or other policies and guidelines of the organization are subject to the Action Plans and Disciplinary Management Enforcement.

– Auditing

All associates, as well as third parties that use Algar’s technological environment

Tech, are subject to auditing of network, telephony and application usage.
The audit and monitoring procedures will be carried out periodically by the information security or contracted company, in order to observe compliance with the guidelines established in this policy by users and with a view to managing the performance of the network.
Where there is evidence of activities that might compromise the security of the network, it shall be allowed the information security area to audit and monitor the activities of a user, and inspect its files and access records, in the interest of Algar Tech, being the fact immediately reported to senior management.

5. General provisions

This Privacy Policy is subject to regular amendment to ensure that it is up to date with applicable legislation.

Website Terms of Use

These Terms and Conditions of Use, relate the rules that must be observed by you when accessing or using the features of the site and applications of the domain https://teste.algartech.com/, owned by the company called “ALGAR TECH” or “we” / “our” whose qualifications are: ALGAR TECNOLOGIA E CONSULTORIA S.A inscribed under the CNPJ of nº 21.246.699/0001-44, ALGAR TI CONSULTORIA S/A inscribed under the CNPJ of nº 05.510.654/0001-89, ENGESET ENGENHARIA E SERVIÇOS DE TELECOMUNICAÇÕES S/A inscribed under the CNPJ of nº 08.162.032/0001-03 located in Floriano Peixoto Avenue, nº 6.500, zip code: 38405-184, Uberlândia/MG.
As a condition for access and use of the site’s exclusive functionalities, you declare to be over 18 (eighteen) years of age, to have full legal capacity and that you have read and fully understood the rules of this document and the Privacy Policy, being fully aware, thus conferring your free agreement with the terms set forth herein.
By browsing the site and using its features, you accept and agree to the Terms and Conditions of Use that are in effect on the date of your access.

1. RESPONSIBILITIES OF ALGAR TECH

1.1. The site and its features are presented to you as available and may undergo constant improvements and updates, committing Algar Tech to:
a) Preserve its functionality, with links not broken and using layout that facilitates usability and navigability, whenever possible;
b) Display the functionalities in a clear, complete, precise and sufficient manner so that there is an exact perception of the operations performed;
c) Protect, by means of the state of the art available, the data collected by the functionalities made available.
1.2. Algar Tech makes its best efforts to maintain the continuous and permanent availability of the site. However, some temporary unavailability may eventually occur due to necessary maintenance or even generated by unforeseen circumstances or force majeure, such as, but not limited to natural disasters, failures in communication systems and Internet access or third party events beyond the scope of surveillance and responsibility.
1.2.1. If this occurs, Algar Tech will do what it can to reestablish access to the site as soon as possible, within the technical limitations of our services and third-party services, on which we depend to stay online.
1.2.2. Algar Tech reserves the right to change the rules and established criteria, type of services provided, companies responsible for its intermediation and everything it deems necessary for the correct functioning of the site.
1.3. You do not have any right to demand Algar Tech’s availability, nor may you plead for compensation or reparation of damages in case the site remains out of air, regardless of the reason.
1.4. Algar Tech is not responsible:
1.4.1. For any problems, bugs, glitches or malfunctions that occur on your devices and equipment and are a direct or indirect result of your regular use of the Website.

1.4.2.For any direct or indirect damage caused by third party events, such as, but not limited to, hacker attacks, system, server or internet connection failures, including the actions of software that may in any way damage your physical or logical assets or your connection as a result of accessing, using or browsing the site, as well as the transfer of data, files, images, text, audio or video contained therein.

1.4.3. By your navigation of external links eventually made available on the website, being your duty to read the Terms and Conditions of Use and Privacy Policy of the third party service accessed.

1.4.4. To verify, control, approve or guarantee the adequacy or accuracy of the information or data available on such links, not being, therefore, responsible for losses, damages or injuries occurred by visiting such sites, being up to you to verify the reliability of the information and data displayed there before making any decision or performing any act

2. THEIR RESPONSIBILITIES

2.1. You are responsible and obligated to:

2.1.1. Use the website correctly and ethically, respecting the conditions governing its use and purpose.

2.1.2. Provide correct, complete and updated registration data, in addition to informing the appropriate contact channel to be activated by Algar Tech for the proper provision of services. If at any time it is found that you provided false data or data not consistent with reality, Algar Tech reserves the right to suspend or cancel your Access Account, without prejudice to adopting the measures it deems appropriate.

2.1.3. Maintain the confidentiality of your Access Account data, especially your login and password, from third parties and use it individually and nontransferable, not making available, disclosing or sharing your password or any authentication mechanism with anyone, including on Platforms offered by third parties. If you suspect that the confidentiality of your password has been violated, you should change or update it as soon as possible or contact the available customer service channels.

2.1.4. Acknowledge that all accesses and operations performed after their successful digital authentication are interpreted as being their responsibility in an undisputable way, including those derived from misuse or disclosure of this to third parties.

2.1.5. Leave your anti-spam systems, similar filters or message redirection settings adjusted so that they do not interfere in the receipt of communications and materials from Algar Tech, not being acceptable any excuse if you have not had access to any e-mail or electronic message because of the resources mentioned.

2.1.6. Respect all intellectual property rights owned by Algar Tech, including all rights relating to third parties that may be, or have been, somehow available there.

2.1.7. Do not access programming areas of the site, its database, source codes or any other set of data available in the environment.

2.1.8. Do not reverse engineer or permit reverse engineering, translate, decompile, copy, modify, reproduce, rent, lease, sublicense, publish, post, transmit, loan, distribute, or otherwise inappropriately dispose of the Site’s functionality.

2.1.9. Do not use software to automate access to the site, as well as software for mining or automated data collection, of any type or kind, in addition to other not typified herein that acts in a similar manner.

2.2. In the incidence of damage to the site or third parties, you are responsible and you commit to bear all obligations to compensate the injured party, including those whose origin is from acts performed through your Access Account, assuming the passive pole of legal action or administrative procedure and requesting the exclusion of Algar Tech, and must fully bear all related expenses and procedural costs, leaving it free of losses and burdens.

2.3. Algar Tech has the power to refuse to grant, suspend or cancel your Access Account if you use the site fraudulently, violate or attempt to violate these Terms and Conditions of Use, the Privacy Policy or any other right of Algar Tech.

3. SERVICE CHANNELS

3.1. Contact Algar Tech through the link: https://teste.algartech.com/pt/contato/

4. ALGAR TECH'S COMMUNICATION WITH YOU

4.1. Algar Tech may use all communication channels provided and authorized by you, in its various forms, including, but not limited to sending e-mail, phone calls, sending SMS or any other form of instant electronic message.

4.2. The responsibility for receiving communications and notifications is solely yours, so it is essential that you always provide correct and accurate data and keep them up to date.

5. PROTECTION OF YOUR PERSONAL DATA

5.1. Algar Tech has its own document called Privacy Policy, which regulates the treatment of data collected in the site, being an integral and inseparable part of these Terms and Conditions of Use and can be accessed through the link found at the bottom of the site.

6. COPYRIGHT AND INTELLECTUAL PROPERTY

6.1. The commercial use of the expressions “Algar Tech“, or words that resemble these, but with differentiated spelling, as trademarks, company names or domain names, in addition to the contents of the site screens, as well as computer programs, databases, networks and their files, are owned or licensed to Algar Tech and are protected by international laws and treaties for the protection of intellectual property, including, but not limited to, the Federal Laws 9.609/98, 9.610/98, 9.279/96, 10.406/2002, 12.737/2012 (cybercrime) and 12.965/14 (Marco civil da internet)

6.2. No element found in the site may be copied, reproduced, modified, re-edited, loaded, altered, transmitted or distributed in any way or form, partially or entirely, without the previous and express authorization of Algar Tech.

6.3. By accessing the site you declare that you will respect all intellectual property rights of Algar Tech, including, but not limited to computer programs, copyrights and industrial property rights over trademarks, logos, patents, domain names, corporate name and industrial designs, possibly deposited or registered in the name of Algar Tech, as well as all rights relating to third parties that may be, or were, somehow, available in the site, and its infraction may lead to blocking of your Access Account at the discretion of Algar Tech, besides subjecting you to payment of compensation for losses and damages judicially determined.

7. MODIFICATIONS TO THESE TERMS AND CONDITIONS OF USE

7.1. These Terms and Conditions of Use are subject to constant improvement and refinement. Thus, Algar Tech reserves the right to modify them at any time, according to its purpose or convenience, as well as for adequacy and legal compliance of the provision of law or standard that has equivalent legal force, being up to you to check them whenever you access the site.

7.2. Occurring updates in this document, Algar Tech will notify you through the tools available in the site.

7.3. The tolerance of any breach of any provision of the Terms and Conditions of Use shall not constitute a waiver or novation of the obligations set forth herein, and shall be interpreted as mere liberality, nor shall it prevent or inhibit the enforceability of the same at any time.

7.4. If any provision of the Terms and Conditions of Use is found to be unenforceable or ineffective, the remainder of the document shall continue in effect, without the need for declaratory judicial relief.

8. GENERAL PROVISIONS

8.1. In the event of any divergence between the provisions of the Terms and Conditions of Use, the Privacy Policy, or any other document of the website, the most specific rule shall prevail.

8.2. You must bear the necessary means to navigate the site, including the possession of appropriate equipment for access, as well as in contracting telecommunications service provider to provide Internet connection.

8.3. You acknowledge that all communication made by e-mail, electronic message or SMS (to the addresses informed in your registration) are also valid, effective and sufficient for the dissemination of any matter relating to the services provided by Algar Tech, as well as the conditions of its provision or any other matter addressed therein, except for the expressly different provisions set forth in the Terms of Use.

8.4. All registrations and data storage performed on the site will be made and catalogued based on the official time of Brasilia.

8.5. The Terms and Conditions of Use shall be interpreted according to the Brazilian legislation, in the Portuguese language, being elected the Court of the District of Uberlândia / MG to settle any dispute or controversy involving this document, unless specific exception of personal, territorial or functional competence by the applicable legislation

9. GLOSSARY

For the purposes of this document, the following definitions apply:

Anti-Spam: System that prevents unwanted correspondence, such as mass advertising, by blocking messages or moving them to a specific folder.

Bugs: Used when some logical failure prevents the execution of some operation on the site.

Access Account: Credential required to use or access the exclusive features of the website.

Glitches: Used to designate an unexpected operation that prevents the execution or proper functioning of the intended operation on the site.

Layout: Set comprised of appearance, design and flows of the site.

Link: Terminology for internet address.

Privacy Policy: document available at https://teste.algartech.com/pt/politica-de-privacidade/Website: www.algatech.com.

Cookies Policy
Privacy Policy

Date Created/Amended: 11/22/2022 | Version 07

OBJECTIVE

This Privacy Policy aims to highlight the commitment of Algar Tech (companies:
Algar TI Consultoria S/A.; Algar Tecnologia e Consultoria S/A) with the protection of
privacy and personal data in the treatment of the same by the organization in its
processes, systems and services, in order to establish the rules about the collection,
registration, storage, use, sharing, enrichment and deletion of collected data in
accordance with current legislation. This policy applies to all holders of personal data
treated by Algar Tech, which are: Job Applicants, Employees, Customers,
Suppliers, Partners
and Visitors.

REFERENCE DOCUMENTS

  • ISO 27001:2013;
  • Information Security Policy – Algar Tech;
  • Logical Access Control Policy – Algar tech;
  • General Data Protection Law – (LGPD) – Law No. 13.709/2018.

DEFINITIONS

The definitions of the terms Personal Data, Sensitive Personal Data, Treatment,
Holder, Controller, Operator, Data Controller are specified in the General Data
Protection Act – Law 13.709/2018, made available at: http://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htm

DESCRIPTION

1.1. PROCESSING OF PERSONAL DATA


1.1.1
In the general context of the services performed by Algar Tech, personal data
may be processed for the purposes listed below, always respecting and observing
the principles set forth in the General Law of Data Protection:

  • Selling a product or service, collecting debts, answering questions, indicating
    technical assistance or various requests from clients, clients of your clients or
    potential clients of your clients.
  • Solve problems related to information security in the environment of Algar
    Tech;
  • Access information of employees of a team, in order to evaluate the data and
    manage it;
  • Recruit and screen prospective employees or even to discard resumes;
  • Approve vacation, travel and purchasing requests;
  • Obtain miscellaneous reports;
  • Control the physical access to the environment of Algar Tech, as well as
    monitor these accesses via internal system of security footage;
  • Record recordings of services provided by members to their customers;
  • Create users within the Algar Tech network environment;
  • Update area indicators;
  • Manage SLAs indicators;
  • Clear internal investigations;
  • Generate performance reports;
  • Generate Leads;
  • Improve and increase the efficiency of the Services provided;
  • Review bids, RFI, RFQ and RFPs;
  • Update master data;
  • Prospect new customers;
  • Manage Judicial, Extrajudicial and Administrative Proceedings;
  • Entering into contracts and legal instruments;
  • Hire suppliers and Partners;
  • Perform Citations and subpoenas Judicial and Extrajudicial.

Such purposes are justified by contractual, legal or legitimate interest of Algar Tech.

1.2. DATA COLLECTED, PURPOSE OF COLLECTION AND LEGAL BASIS

The data is collected in the various treatments performed by Algar Tech in its systems and services, which can be collected personal data such as name, CPF, ID number, e-mail, address, telephone, user, banking data, data related to employment
contract, automobile data, position/profession, network login, education, photograph, biometrics, among others, always with the specific purpose and legitimization
according to the current legislation.
The detailed table on the types of data processed, their purposes and legitimations can be requested via e-mail: dataprivacy@algartech.com

1.3. PERIOD OF RETENTION OF PERSONAL DATA

1.3.1. STORAGE

4.3.1.1 Personal data will be kept for the period necessary to fulfil the purposes of the processing. Thus, whenever appropriate, unnecessary or excessive personal data will be deleted or anonymized or when expressly requested by the data subject or the National Authority information required for compliance with legal and regulatory obligations or for the exercise of rights in administrative, judicial or
arbitration proceedings will be preserved

1.3.1.2 Physical storage of personal data

The physical storage of personal data reported in this item 4.3 and its sub-items, also respected the deadlines informed therein for proper disposal.

1.3.2 Exclusion of Data

4.3.2.1 Data may be deleted before the time limits established above, if requested by the data subject. However, it may occur that the data needs to be kept for a longer period, in accordance with article 16 of the General Data Protection Law, in order to comply with a legal or regulatory obligation, to fulfil a contract, or to transfer the data to a third party (in compliance with the data processing requirements set out in the same law). Upon expiry of the period and the legal requirement, they will be deleted using secure disposal methods or used in an anonymized form for statistical
purposes.

1.4. DATA SECURITY

4.4.1 – Algar Tech commits to expend its best efforts for information protection, especially personal data, applying and adopting the necessary administrative and technical protection measures and establishing good governance practices through
the resources available at the time, requiring from its suppliers and clients the same acceptable level of Information Security, based on best market practices, from contractual clauses.

1.5. STORAGE SERVERS

4.5.1 – The collected data will be stored in Algar Tech’s own servers located in Brazil,
as well as in an environment of resource use or cloud servers (cloud computing), which allows, in the latter case, the transfer or processing of data outside Brazil,
complying with provisions on international data transfer, according to article 33 of the
General Law of Data Protection or other applicable rules.

1.6. ACCURACY OF DATA

4.6.1 Algar Tech is not responsible for the accuracy, veracity or lack of accuracy in the information provided by the owner of the personal data, or for its outdated, forwarded documents, since the person who provided them is the one responsible for providing them with accuracy and/or updating them. Algar Tech is not obliged to process or treat any of your data if there are reasons to
believe that such treatment may impute to it violations of any applicable legislation, as well as for illegal, illicit or contrary to morality purposes.

1.7. RIGHTS OF THE DATA SUBJECT

1.7.1 It is the responsibility of those collecting the data to ensure that the Data
Subject can exercise their rights over the data collected.

1.7.2 The data subject has the right to request confirmation that his or her data is being processed, to request access to his or her data, the correction of any which is
inaccurate, incomplete or out of date, to request the anonymization, blocking or deletion of unnecessary or excessive data, to request portability and to request the
deletion of his or her personal data. You also have the right to request details of who your data has been shared with, to receive information about the consequences of refusing to provide your consent and to withdraw previously given consent at any
time.

1.7.3. Express their opposition and/or revoke consent as to the use of their Personal Data;

1.7.4 Every request should be made upon express request of the holder or his/her legally constituted representative, in such cases, should there be any request or complaint or any eventual doubts about his/her respective personal data, the holder
or his/her representative should contact directly Algar Tech’s DPO, https://algartech.com/pt/politica-de-privacidade/.

1.7.5. Occurring updates in this document that require new consent collection, Algar Tech will notify the holder of the personal data through the contact means provided.

1.7.6 Moreover, in any situation, the holder of the personal data has the right to lodge a complaint with the competent data protection authority.

1.8. SHARING DATA WITH THIRD PARTIES

1.8.1. The corporate instruments, powers of attorney and copies of personal documents of the legal representatives of ALGAR TECH may be shared by email with employees, customers and suppliers, as a way to prove the veracity of the
identification and qualification information.

1.8.2 Physical and scanned copies of documents that will instruct processes, regarding summonses and judicial, extrajudicial and administrative notifications may
be requested by Algar CSC for instruction of processes, which may be shared with law firms and outsourced experts.

1.8.3. Personal documents and documents of the legal representatives necessary
for the preparation of legal instruments may be shared, in cases of updating of corporate instruments, before third parties, including those granted to external proxies, such as lawyers and accountants.

1.8.4 The Legal area uses reports generated by ALGAR CSC to manage the
accruals required by ALGAR TECH’s accounting management, so that personal data contained in the reports in question are shared with ALGAR CSC’s accounting that
makes the accounting management of ALGAR TECH.

1.8.5 Because it works with a base of its customers, the GRC area operates with databases that its customers share. They involve a large amount of data holders and personal data, much of which is processed in an automated manner or enriched by ALGAR TECH suppliers.

1.8.6 Documents and personal data of employees with customers of ALGAR TECH may be shared when necessary for the implementation of the contract or preliminary procedures related to the contract, if the data are shared through portals provided by
customers and / or suppliers, it will require the evaluation of the area of Information Security through a call recorded in the management tool of calls in force.

1.8.7. personal data may be shared with Public Authorities, government entities with legal powers requiring ALGAR TECH to share specific Personal Data, such as an investigation, we will share, except if we understand there is abuse of power.

1.8.8 Personal data may be shared with partner companies and suppliers for the development of activities and provision of services that are duly contractually supported.

1.9. INTERNATIONAL TRANSFER

1.9.1 – Personal data may be transferred to other countries (international transfer), in
projects involving cloud services, to the extent that the servers of the supplier that performs this service, AWS, are located in the United States of America and Europe, which requires the adaptation of the contract with said supplier to ensure compliance
with Chapter V of LGPD.

4.10. SENDING EMAIL MARKETING AND REMOVING CONSENT

1.10.1 – The RD Station tool is intended to automate the actions of the Marketing area, after generating leads, managing the sending of marketing emails to people listed in the mailing.

1.10.2 – Your configuration is shared between ALGAR TECH and the
Outmarketing supplier when the marketing area itself provides the triggering of e- mails, as requested by the area. All emails marketing allow the owner of the data
to stop receiving them (“opt-out”), although he is only excluded from the list of assets and not have their data, in fact, discarded from the database of RD Station or other mailing lists, except when requested.

1.10.3 – The Card Holder, at any time, has the right to withdraw the consent as to the sending of e-mail marketing previously granted.

1.11. AUTOMATED DECISIONS

1.11.1 – Regarding Security solutions at Algar Tech, detections can be automated, through monitoring software, such as Qradar or Sentinella tool.

1.11.2 – Personal data required for user creation in Active Directory is entered into an Excel Spreadsheet, so that the industry associate automates user and password creation.

1.11.3 – The RD Station tool is intended to automate the actions of the Marketing area, according to item 4.10.1

1.11.4 – The GRC operational area may request, by email or by opening a call through the CA Service Desk tool, the implementation of a tool for automated activities (“bot”), describing the business rules and purpose, which are, selling products and services, answering calls, debt collection. The developed and approved tool is tested before going into production, using a mass of internal tests, with real personal data (production base), which is sent by e-mail in Excel
Spreadsheet format by the area that requested the bot, without being anonymized or pseudonymized (masked), so that the personal data involved in the tests can be the most varied, according to the purpose of the bot. Reports are generated describing
the functionalities tested and any successes or errors found, including the CPFs of data owners used in that test.

1.12. DATA CONCERNING MINORS

1.12.1 – The member’s employment contract should contain specific provisions for underage dependents, since parental or legal guardian consent is required for processing the personal data of minors.

1.12.2 – The same occurs with the visitation of minors to Algar Tech’s facilities, when
their legal guardian must sign a consent form for data collection authorizing the treatment of the minor’s data.

1.13. SENSITIVE DATA

1.13.1 – Eventually, Algar TECH may collect sensitive data regarding racial or ethnic origin, religious belief, political opinion, union membership, and data concerning
health or life, genetic and biometric data. The treatment of these data follows expressly the provisions in the current legislation, always meeting the purpose of treatment, as well as respecting the necessary legal bases. Personal data and other
information are anonymized through encryption and restricted access control.

1.13.2 – Leads is intended to obtain personal data of employees of a company that have decision-making power or influence on the hiring of a service provided by ALGAR TECH to initiate a contact. In some cases sensitive personal data such as
religious beliefs, biometric or health data and personal data of children may be collected by social networks, and if they have been made available by the data subject, because they are considered sensitive or depend on specific consent, it is
recommended to avoid such practice and remedy the past collections, by obtaining specific and appropriate consent or disposal of such personal data.

1.14. NOTIFICATION OF INCIDENTS

1.14.1 – In case Algar TECH verifies or becomes aware of any violation or incident that results in the destruction, loss, alteration, disclosure or unauthorized access
during the respective treatment of data that results in potential data to the holder, this company undertakes to investigate the incident, notify the owner of the data within a legally specified period and take reasonable measures to mitigate or minimize any damage resulting from this incident and / or violation.

1.14.2 – The notifications of incidents will be delivered to the holder by any means that Algar TECH selects, including electronic means, so it is the sole responsibility of
the holder to ensure that Algar TECH has the exact contact information.
1.14.3 – The owner of the data, whether an employee, supplier, customer, among others, who becomes aware of any possible use / misuse, incident or violation of their data related to the services and that have a relationship with Algar TECH should notify that company immediately.

1.15. APPLICABLE LAW AND JURISDICTION

1.15.1 – This Privacy Policy will be governed and interpreted according to the Brazilian legislation, in the Portuguese language.

1.16. COMMUNICATION

1.16.1 – The Holder of the personal data acknowledges that all communications made by e-mail to the addresses informed in his/her registration, SMS (“short
message service”), instant communication applications or any other digital and virtual form are also valid as documentary evidence, being effective and sufficient for
the disclosure of any matter referring to the services provided by Algar Tech, as well as the conditions of its provision or any other matter addressed therein, except for
the provisions expressly provided in this Policy.

Any questions, requirements or requests may be directed to the Data Protection Officer/DPO, Mr. Carlos Eduardo Lopes, through the e-mail:
dataprivacy@algartech.com.

Algar Tech reserves the right to change the contents of this Policy at any time, according to the purpose or need, such as for adequacy and legal compliance of the law or standard provision that has equivalent legal force, being the owner of the
personal data responsible for verifying it with Algar Tech through the site www.algartech.com.br.