CHRISTAL PRIVACY AND PERSONAL DATA PROTECTION POLICY

RUDOLPH INVESTIMENTOS E PARTICIPAÇÕES LTDA. (“Christal”) understands as relevant the electronic records and personal data recorded by you in the use of its website, serving this Privacy Policy to regulate, in a simple, transparent and objective way, what personal data will be obtained, as well as when and in what way they may be used.

This policy applies to all movements contained on the official website of Christal, on www.christal.team. This policy is intended for customers of Christal and the general public, and encompasses, in a basic way, the forms in which the Christal deals with the personal data of these people. If you are an employee or supplier of Christal, or if you are participating in a specific project or activity with Christal, you should seek the respective privacy notice issued by Christal, or the person responsible for your hiring in Christal, to provide you with the applicable terms and inform you of your data rights.

To better illustrate how we process data, we present our privacy and Personal Data Protection Policy (“Policy”):

This policy may be updated at any time by Christal, upon notice on the website and/or by e-mail.

  1.     Definitions

 If you have any questions about the terms used in this policy, we suggest consulting the table below:

Personal Data: any information relating to a person that identifies them or that, used in combination with other processed information, identifies an individual. Also, any information through which it is possible to identify a person or contact them;

Sensitive Personal Data: personal data on racial or ethnic origin, religious conviction, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data, when linked to a natural person;

Holder: Natural person to whom the personal data refer, such as former, present or potential customers, suppliers, employees, contractors, business partners and third parties.

In Charge: person nominated by Christal to act as a communication channel between the controller, the data subjects and the Data Protection National Authority (ANPD);

Storage: Cloud computing is a service virtualization technology built from the interconnection of more than one server through a common information network (e.g. the Internet), with the aim of reducing costs and increasing the availability of sustained services.

Solely automated decisions: These are decisions affecting the user that have been programmed to work automatically, without the need for a complement to human operation, based on automated processing of personal data.

  1.     WHAT DATA WE USE

Christal may collect the information actively entered by the owner at the time of contact or registration and, also, information collected automatically when using the services and/or the network, such as, for example, identification of the commercial establishment used, IP with date and time of connection, among others.

There are two types of personal data: (a) those provided by the holder itself; and (b) those automatically collected: (a) personal data provided by the holder: Christal collects all personal data entered or actively forwarded by the holder when contacting or accessing the portals of Christal, such as full name, e-mail, gender, date of birth, city and state, when filling out forms, including at dealerships, with the addition of other personal data actively provided by the holder when contacting Christal. Regardless of what data the data subject actively provides to Christal, we will only make use of those actually relevant and necessary for the achievement of the purposes stated to it on a case-by-case basis; (b) data collected automatically: Christal also collects a series of information automatically, such as: characteristics of the browser Access Device, IP (with date and time), IP origin, information about clicks, pages accessed, search terms entered in our portals, among others. For such collection, Christal will make use of some standard technologies, such as cookies, pixel tags, beacons and local shared objects, which are used for the purpose of improving the browsing experience of the holder according to their habits and preferences.

It is possible to disable through the settings of your Internet Browser, the automatic collection of information through some technologies, such as cookies and caches. However, the owner should be aware that if these technologies are disabled, some features offered by the website, which depend on the processing of said data, may not function correctly.

Christal reinforces that it does not process, for the general purposes provided herein, data considered sensitive by Law No. 13,709/2018, understood as those related to racial or ethnic origin, religious conviction, political opinion, membership of a union or organization of a religious, philosophical or political nature, data related to health or sexual life, genetic or biometric data, being certain that, in the case of the remote and specific hypotheses in which it does so, the treatment is based on specific terms previously made available to the holders, with their specific consent or based on Express legal authorization.

III.     HOW WE USE DATA

The personal data processed by Christal predominant purpose is the establishment of a contractual relationship or the management, administration, provision, expansion and improvement of services to the holder, including adapting them to their preferences and tastes, as well as the creation of new services and products to be offered to holders.

Christal in some cases may also process personal data when necessary to comply with Legal or regulatory obligations.

In addition, Christal may also process personal data on the basis of its legitimate interest (or the legitimate interest of other units of Christal “Rudolph Investimentos e Participações Ltda.”), always to the limit of what is expected by the holder and never to the detriment of his interests, rights and fundamental freedoms.

In addition, the information collected may, with the consent of the owner, be used for advertising purposes, such as sending product information and promotions, as well as the dissemination of events or to conduct research related to its activities.

  1.     HOW WE USE COOKIES

Cookies are files or information that may be stored on your devices when you visit our websites or use our online services. Christal. Generally, a cookie contains the name of the website that originated it, its lifetime and a value, which is generated randomly.

Christal uses cookies to facilitate use and better adapt its pages to the interests and needs of the owners, as well as to compile information about the use of our websites and services, helping to improve their structures and their content. Cookies may also be used to speed up your future activities and experiences on our website. After the owner consents to the use of cookies, when using the pages of Christal, it will store a cookie on your device to remember this in the next session.

At any time, the owner may revoke his consent to the use of cookies, which must delete the cookies from the pages of Christal using your preferred browser settings. Finally, we remind you that if the owner does not accept some cookies from the pages of Christal, certain services may not function properly or optimally.

  1.     WITH WHOM WE WILL SHARE THE DATA

The information collected is treated within Christal and they will only be shared when they are needed: (a) for the adequate provision of the services that are the subject of its activities with partner companies; (b) for protection in case of conflict; (c) upon a court decision or request from a competent authority; (d) with companies providing technological and operational infrastructure, such as payment intermediaries and information storage service providers.

  1.     HOW WE KEEP DATA SAFE

Christal uses the reasonable means of the market and legally required to guarantee the protection of the personal data it processes or will process. In this way, it adopts several precautions. In addition to technical efforts, Christal also adopts institutional measures aimed at the protection of personal data, so that it maintains a privacy governance program applied to its activities and governance structure, constantly updated.

Although Christal adopts the best efforts to preserve the privacy to protect the data of the holders, no transmission of information is completely secure, so that Christal cannot fully guarantee that all the information it receives or sends will not be the target of unauthorized access perpetrated through methods developed to obtain information improperly.

For this reason, Christal encourages the holders to take appropriate measures to protect themselves, such as, for example, keeping confidential all the names of holders and passwords, being certain that such information is personal, non-transferable, and the sole and entire responsibility of the holders themselves.

VII.     RETENTION OF COLLECTED INFORMATION

In order to protect the privacy of the holders, the personal data processed by Christal will be automatically deleted when they are no longer useful for the purposes for which they were collected, or when the owner requests their elimination, unless their maintenance is expressly authorized by applicable law or regulation.

However, the information may be kept for compliance with Legal or regulatory obligations, transfer to third parties-provided that, respecting the requirements of data processing – and exclusive use of Christal, including for the exercise of their rights in judicial or administrative proceedings.

VIII.     YOUR RIGHTS

In compliance with the applicable regulations, with regard to the processing of personal data, Christal respects and guarantees the holder the possibility of submitting requests based on the following rights: (I confirmation of the existence of processing; (II access to data; (III) the correction of incomplete, inaccurate or outdated data; (IV the anonymisation, blocking or deletion of unnecessary, excessive or non-compliant data; (V) the portability of your data to another service or product provider, upon express request by the owner; (VI) the deletion of the data processed with the consent of the data subject; (VII) obtaining information about the public or private entities with which Christal shared your data; (VIII) information about the possibility of not providing your consent, as well as to be informed about the consequences in case of refusal; (IX) the revocation of consent.

Christal will make every effort to fulfill such requests in the shortest possible time, however, justifiable factors, such as the complexity of the requested action, may delay or prevent its immediate and rapid fulfillment.

Finally, the holder must be aware that his request may be legally rejected, either for formal reasons (such as his inability to prove his identity) or legal (such as the request for deletion of data whose maintenance is free exercise of right by Christal).

  1.     LEGISLATION AND FORUM

This policy will be governed, interpreted and executed in accordance with the laws of the Federative Republic of Brazil, especially Law No. 13,709/2018, regardless of the laws of other states or countries, with the domicile of Timbó/SC being fully competent to resolve any doubts arising from this document.

This policy was updated on May 30, 2022 and may be modified or updated at any time, and it is up to users to be aware of changes. Suggestions, questions or complaints can be sent to the Ombudsman via e-mail: conduta@christal.team.