PRIVACY AND PERSONAL DATA HANDLING POLICY
The Privacy and Data Protection Policy of M. DIAS BRANCO SA INDÚSTRIA E COMÉRCIO DE ALIMENTOS (“Policy”), a publicly-held corporation, registered with the CNPJ under number 07.206.816/0001-15, headquartered in the Municipality of Eusébio, State of Ceará, at Rodovia BR 116 – KM 18, Jabuti, Zip Code 61760-000 (“M. DIAS BRANCO”), aims to demonstrate our commitment of safeguarding your privacy and protect your Personal Data, establishing the rules on the Handling, as well as explaining your rights and how to exercise them. Please read this Policy carefully and, if you still have questions, feel free to contact us through the Service Channels available here.
This Policy applies to all brands and businesses of M. Dias Branco.
For a better understanding of this Policy, the following definitions should be considered:
Cookies: small files sent to your browser or devices, which store your preferences and other information about how and when our environments are accessed, as well as the number of people who access them.
Personal Data or Data: means the data relating to any individual, which is able to identify them or make them identifiable.
Sensitive Personal Data: means any data on racial or ethnic origin, religious belief, political opinion, union membership or organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data, when linked to the individual.
Data Protection Officer (DPO): person appointed to act as a communication channel between us, the holders of personal data and the National Data Protection Authority (ANPD).
Applicable Law: all laws addressing privacy and protection of Personal Data, particularly Law No. 13.709/2018 (General Law for the Protection of Personal Data – LGPD).
Brands: means the brands belonging to M. Dias Branco, existing or that will exist, among which we can mention Adria, Basilar, Bonsabor, Delicitos, Estrela, Finna, Fortaleza, Isabela, Adorita, Amorela, Puro Sabor, Medalha de Ouro, Pelaggio, Pilar, Piraquê, Richester, Salsitos, Vitarella and Zabet.
Our environments: means the electronic address https://mdiasbranco.com.br/ and its subdomains.
Policy: means this Privacy and Personal Data Handling Policy
Data Holder: means you, the individual to whom the Personal Data refer, whether as a consumer, website user, investor, service provider, employee.
Handling: any transaction performed with Personal Data, such as those referring to the collection, production, receiving, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, assessment or control of information, modification, communication, transfer, diffusion or extraction.
ABOUT DATA WE COLLECT
How we collect data: Data may be collected directly from you, by filling out forms, or when you interact with our environments, including those belonging to our Brands.
In case of doubts, the Data Holder may contact the Human Resources area of M. Dias Branco or the Data Protection Officer.
Why do we collect?
Investor Relations Mailing Register: Sending new information published in our environments, as well as the latest communications to the market and corporate events of M. Dias Branco.
What do we collect?
Full name; Email; Company; Position/Job; Which Screens You have accessed.
Data update and veracity. You are the sole responsible for the accuracy, veracity or updating of the Data you provide to us. We are not required to handle your Data if there are reasons to believe that such Handling may imply a breach of any applicable law, or if you use our environments for any illegal, unlawful or contrary to morality purposes.
Visitation program. There is no collection of Personal Data under our visitation program, only data from the Institutions are collected. Even so, if Personal Data of children and adolescents is shared with us, the Public and Private Institutions shall be exclusively responsible for obtaining the appropriate authorizations for such sharing from the legal guardians.
Database. The database built through the collection of Data is our property and is under our responsibility, and its use, access and sharing, when necessary, shall be made within the limits and purposes of the business described in this Policy.
Data of children and adolescents. For the handling of data of children and adolescents, the Data Holder declares that they are a parent or legal guardian, recognizing the handling of personal data of minors to the extent required by applicable law.
HOW WE SHARE DATA AND INFORMATION
Data sharing events. Data collected and activities recorded may be shared:
(i) With the relevant judicial, administrative or governmental authorities, whenever there is a legal decision, request, requisition or court order;
(ii) With the companies and business areas of M. Dias Branco, which are in compliance with this Policy; and
(iii) Automatically, in the event of corporate transactions, such as mergers, acquisitions and consolidations. If you have any questions about who we share your Data with, please contact us through the Service Channels available in this Policy.
Data Anonymization. For the purposes of market intelligence research, disclosure of data to the press and advertising, the data provided by you shall be shared anonymously, so that this shall not allow your identification.
HOW WE PROTECT YOUR DATA AND HOW YOU CAN ALSO PROTECT IT
Security and Governance Practices. To safeguard your privacy and protect your Personal Data, we have a governance program that contains rules of good practices, policies and internal procedures, which provides for organizational conditions, training, educational actions and mechanisms for supervising and mitigating risks related to the handling of Personal Data.
Access to Personal Data, proportionality and relevance. Internally, the Personal Data collected are accessed only by duly authorized professionals, subject to the principles of proportionality, necessity and relevance to our business objectives, in addition to the commitment to confidentiality and preservation of your privacy under the terms of this Policy.
Adoption of good practices. You are also responsible for the confidentiality of your Personal Data and you should always be aware that the sharing of passwords and access data violates this Policy and may jeopardize the security of your Data and our environments. If you identify or become aware of any risk to the security of your Data, please contact our Data Protection Officer through the Service Channels provided in this Policy.
Handling by third parties under our guideline. We seek to carefully assess those who provide services to us and we establish contractual provisions on information security and Personal Data protection for them in order to protect you.
HOW WE STORE YOUR PERSONAL DATA AND ACTIVITY RECORD
Storage location. Personal Data collected and activity records are stored in a secure and controlled environment, which can be on our servers located in Brazil, as well as in an environment of use of resources or servers in the cloud (cloud computing), which may require transfer and/or processing your Data abroad. Such transfers involve only companies that evidence compliance with applicable laws, maintaining a level of compliance similar or more stringent than that provided for in Brazilian law.
Storage term. We store Personal Data only for as long as is necessary to fulfill the purposes for which it was collected or to comply with any legal, regulatory or rights preservation requirements. For this purpose, we have a safe Information Retention and Disposal Policy.
Disposal of Personal Data. Once the maintenance period and the legal need expires, Personal Data shall be deleted using safe disposal methods or used anonymously for statistical purposes.
WHAT ARE YOUR RIGHTS AND HOW TO EXERCISE THEM
Your basic rights. Personal Data is your property and the applicable legislation establishes a series of rights related to it, which may be exercised by you by requesting our Data Protection Officer through the Service Channel provided in this Policy.
(i) Confirmation and access: you may request confirmation of the existence of Handling and access to your Personal Data, including by requesting copies of records held by us about you.
(ii) Correction: you may request the correction of your Personal Data that are incomplete, inaccurate or out of date.
(iii) Anonymization, blocking or deletion: you may request the anonymization of your Personal Data, so that they can no longer be related to you, the blocking of your Personal Data, temporarily suspending the possibility of Handling for certain purposes, or the deletion of your Personal Data.
(iv) Portability: you may request that we provide your Personal Data in a structured and interoperable format in order to transfer it to a third party, subject to our intellectual property or business secret.
(v) Information about sharing: you may request information about third parties with whom we share your Personal Data, being such disclosure limited to information that does not violate our intellectual property or business secret.
(vi) Revocation of consent: you may decide to withdraw consent for any purpose that you have consented to. Such revocation shall not affect the legality of any handling carried out previously. If you withdraw your consent for fundamental purposes for the regular operation of our environments and services, these may be unavailable to you.
(vii) Opposition: you may oppose the Handling of your Personal Data, if you do not agree on any purpose.
Request. For security reasons, whenever you make a request for the exercise of your rights, we may request additional information to prove your identity, in order to prevent fraud.
Failure of meeting requests. We may fail to meet any request to exercise rights, if the meeting violates our intellectual property or business secret, as well as when there is a legal or regulatory obligation to retain Personal Data. In addition, we may fail to meet your request if we need to retain the Data to enable our defense or that of third parties in disputes of any nature.
Responses to requests. We undertake to answer all requests within a reasonable term and in compliance with applicable law.
INFORMATION ON THIS POLICY
Content change and update. You acknowledge our right to amend the content of this Policy at any time, according to the purpose or need, such as for the adequacy and legal compliance with any provision set by law or rule that has equivalent legal effect, and you should check it whenever you access our environments. In the event of updates to this document that require a new collection of consent, you shall be notified through the contact channels informed by you.
Unenforceability. In the event any point of this Policy is deemed unenforceable by a Data Authority or court, the remainder of the conditions shall remain in full force and effect.
Service Channels. If you have any questions about the provisions of this Policy, including for the exercise of your rights, you may contact our Data Protection Officer at the following addresses:
(i) Data processing Officer: OERTON FERNANDES
(ii) Mailing address: Rodovia BR 116, Km 18, s/n, Jabuti, Eusébio/CE, Zip Code: 61.760-00
(iii) E-mail: firstname.lastname@example.org
Applicable law and venue. This Policy will be read in compliance with Brazilian law, in the Portuguese, and the venue of your domicile is hereby elected to settle any dispute involving this document, except in the event of specific proviso of personal, territorial or functional jurisdiction by the applicable legislation.