RUFIX PRIVACY AND PERSONAL DATA PROTECTION POLICY

RUDOLPH FIXAÇÕES LTDA (“RUFIX”) understands as relevant the electronic records and personal data registered by you in the use of your website, serving this Privacy Policy to regulate, in a simple, transparent and objective way, what personal data will be obtained, as well as when and in what way they may be used.

This policy applies to all movements contained on the official website of RUFIX, on www.rufix.team. This policy is intended for customers of RUFIX and the general public, and encompasses, in a basic way, the forms in which RUFIX it deals with the personal data of these people. If you are an employee or supplier of RUFIX, or if you are participating in a specific project or activity with RUFIX, you should seek the respective privacy notice issued by RUFIX, or the person responsible for its hiring in RUFIX, to provide you with the applicable terms and inform you of your data rights.

To better illustrate how we process data, we present our privacy and Personal Data Protection Policy (“Policy”):

This policy may be updated at any time by RUFIX, upon notice on the website and / or by e-mail.

  1.     Definitions

If you have any questions about the terms used in this policy, we suggest consulting the table below:

Personal Data: any information relating to a person that identifies that person or that, used in combination with other processed information, identifies an individual. Also, any information through which it is possible to identify a person or contact them;

Sensitive Personal Data: personal data on racial or ethnic origin, religious conviction, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data, when linked to a natural person;

Holder: Natural person to whom the personal data refer, such as former, present or potential customers, suppliers, employees, contractors, business partners and third parties.

Charge: person nominated by RUFIX to act as a communication channel between the controller, data subjects and the National Data Protection Authority (ANPD);

Storage: Cloud computing is a service virtualization technology built from the interconnection of more than one server through a common information network (e.g. the Internet), with the aim of reducing costs and increasing the availability of sustained services.

Solely automated decisions: These are decisions that affect the user that have been programmed to work automatically, without the need for a complement to human operation, based on automated processing of personal data.

  1.     WHAT DATA WE USE

RUFIX may collect the information actively entered by the owner at the time of contact or registration and, also, information collected automatically when using the services and/or the network, such as, for example, identification of the commercial establishment used, IP with date and time of connection, among others.

There are two types of personal data: (a) those provided by the holder itself; and (b) those automatically collected: (a) personal data provided by the holder: RUFIX collects all personal data entered or actively forwarded by the holder when contacting or accessing the portals of RUFIX, such as full name, e-mail, gender, date of birth, city and state, when filling out forms, including at dealerships, with the addition of other personal data actively provided by the holder when contacting RUFIX. Regardless of what data the data subject actively provides to RUFIX, we will only make use of those actually relevant and necessary for the achievement of the purposes stated to it on a case-by-case basis; (b) data collected automatically: RUFIX also collects a series of information automatically, such as: characteristics of the browser Access Device, IP (with date and time), IP origin, information about clicks, pages accessed, search terms entered in our portals, among others. For such collection, RUFIX will make use of some standard technologies, such as cookies, pixel tags, beacons and local shared objects, which are used for the purpose of improving the browsing experience of the holder according to their habits and preferences.

It is possible to disable through the settings of your internet Browser, the automatic collection of information through some technologies such as cookies and caches, as well as on our own website. However, the owner should be aware that if these technologies are disabled, some features offered by the website, which depend on the processing of said data, may not function correctly.

RUFIX reinforces that it does not process, for the general purposes provided herein, data considered sensitive by Law No. 13,709/2018, understood as those related to racial or ethnic origin, religious conviction, political opinion, membership of a union or organization of a religious, philosophical or political nature, data related to health or sexual life, genetic or biometric data, being certain that, in the case of the remote and specific hypotheses in which it does so, the treatment is based on specific terms previously made available to the holders, with their specific consent or based on Express legal authorization.

III.     HOW WE USE DATA

The personal data processed by RUFIX their predominant purpose is the establishment of a contractual relationship or the management, administration, provision, expansion and improvement of services to the holder, including adapting them to their preferences and tastes, as well as the creation of new services and products to be offered to holders.

RUFIX, in some cases, may also process personal data when necessary to comply with Legal or regulatory obligations.

In addition, RUFIX may also process personal data on the basis of its legitimate interest (or the legitimate interest of other units of CHRISTAL “Rudolph Investimentos e Participações Ltda.”), always to the limit of what is expected by the holder and never to the detriment of their interests, rights and fundamental freedoms.

In addition, the information collected may, with the consent of the owner, be used for advertising purposes, such as sending product information and promotions, as well as the dissemination of events or to conduct research related to its activities.

  1.     HOW WE USE COOKIES

Cookies are files or information that may be stored on your devices when you visit  RUFIX websites or use its online services. Generally, a cookie contains the name of the website that originated it, its lifetime and a value, which is generated randomly.

RUFIX uses cookies to facilitate use and better adapt its pages to the interests and needs of the owners, as well as to compile information about the use of our websites and services, helping to improve their structures and their content. Cookies may also be used to speed up your future activities and experiences on our website. After the owner consents to the use of cookies, when using the pages of RUFIX, it will store a cookie on your device to remember this in the next session.

At any time, the owner may revoke his consent to the use of cookies, which must delete the cookies from the pages of RUFIX using your preferred browser settings. Finally, we remind you that if the owner does not accept some cookies from the pages of RUFIX, certain services may not function properly or optimally.

  1.     WITH WHOM WE WILL SHARE THE DATA

The information collected is treated within the RUFIX and they will only be shared when they are needed: (a) for the adequate provision of the services that are the subject of its activities with partner companies; (b) for protection in case of conflict; (c) upon a court decision or request from a competent authority; (d) with companies providing technological and operational infrastructure, such as payment intermediaries and information storage service providers.

  1.     HOW WE KEEP DATA SAFE

RUFIX uses the reasonable means of the market and legally required to guarantee the protection of the personal data that it processes or will process. In this way, it adopts several precautions. In addition to technical efforts, RUFIX also adopts institutional measures aimed at the protection of personal data, so that it maintains a privacy governance program applied to its activities and governance structure, constantly updated.

Although RUFIX adopt the best efforts to preserve the privacy and protect the data of the holders, no transmission of information is completely secure, so that RUFIX cannot fully guarantee that all the information it receives or sends will not be subject to unauthorized access perpetrated through methods developed to obtain information improperly.

For this reason, RUFIX encourages the holders to take appropriate measures to protect themselves, such as, for example, keeping confidential all the names of holders and passwords, being certain that such information is personal, non-transferable, and the sole and entire responsibility of the holders themselves.

VII.     RETENTION OF COLLECTED INFORMATION

In order to protect the privacy of the holders, the personal data processed by RUFIX will be automatically deleted when they are no longer useful for the purposes for which they were collected, or when the owner requests their elimination, unless their maintenance is expressly authorized by applicable law or regulation.

However, the information may be kept for compliance with Legal or regulatory obligations, transfer to third parties-provided that, respecting the requirements of data processing – and exclusive use of RUFIX, including for the exercise of their rights in judicial or administrative proceedings.

VIII.     YOUR RIGHTS

In compliance with the applicable regulations, with regard to the processing of personal data, RUFIX it respects and guarantees the holder the possibility of submitting requests based on the following rights: (I confirmation of the existence of processing; (II access to data; (III) the correction of incomplete, inaccurate or outdated data; (IV the anonymisation, blocking or deletion of unnecessary, excessive or non-compliant data; (V) the portability of your data to another service or product provider, upon express request by the owner; (VI) the deletion of the data processed with the consent of the data subject; (VII) obtaining information about the public or private entities with which RUFIX shared your data; (VIII) information about the possibility of not providing your consent, as well as to be informed about the consequences in case of refusal; (IX) the revocation of consent.

RUFIX will make every effort to fulfill such requests in the shortest possible time, however, justifiable factors, such as the complexity of the requested action, may delay or prevent its immediate and rapid fulfillment.

Finally, the holder must be aware that his request may be legally rejected, either for formal reasons (such as his inability to prove his identity) or legal (such as the request for deletion of data whose maintenance is free exercise of right by RUFIX).

  1.     LEGISLATION AND FORUM

This policy will be governed, interpreted and executed in accordance with the laws of the Federative Republic of Brazil, especially Law No. 13,709/2018, regardless of the laws of other states or countries, with the domicile of Timbó/SC being fully competent to resolve any doubts arising from this document.

This policy was updated on May 30, 2022 and may be modified or updated at any time, and it is up to users to be aware of changes. Suggestions, questions or complaints can be sent to the Ombudsman via e-mail: [email protected].