(PT) POLÍTICA DE PRIVACIDADE E PROTEÇÃO DE DADOS

Barbosa, Raimundo, Gontijo, Câmara e Zanotta Advogados (“BRZ Advogados,” “Firm,” or “we”) understands the importance of informing users of its website, individual clients and their representatives, partners, or any other individuals related to BRZ Advogados’ corporate clients (“Data Subject,” “You,” or “your”) about the personal data processed by BRZ Advogados.

Committed to respecting privacy and the duty of transparency, BRZ Advogados has created this privacy policy (“Privacy and Data Protection Policy”) to ensure you have a clear understanding and are duly informed about how BRZ Advogados processes your personal data. For more information regarding the processing of personal data, please contact the Firm’s data officer at bernardo.pedrete@brzadvogados.com.br.

Who is the data controller?

BRZ Advogados will be the controller of your personal data within the scope of the attorney-client relationship or potential client relationship. For the purposes of applicable legislation, the controller is the entity responsible for decisions regarding the processing of personal data.

What data is processed?

Within the limits allowed by applicable legislation, BRZ Advogados may process personal data such as the ones described below:

• Identification, qualification, and contact data: Full name, address, date of birth, nationality, identification document data (such as RG, CPF, CNH, OAB, as applicable), email address, and phone number.
• Academic and professional data: Employer, profession, position, and education.
• In providing legal services, considering support to clients in various areas and specialties of law, BRZ Advogados may access and process a wide range of your personal data or even personal data of other individuals involved in a particular case (e.g., the other party in a legal proceeding), depending on the object or reason for the demand.

Some examples of personal data that BRZ Advogados may process in providing its services are:

• Registration information: Name, CPF, RG, address, and phone number.
• Financial information: Compensation, transaction history, credits, sales, assets, debt certificates, loans.
• Family information: Family structure, relationships.
• Information in legal proceedings: Date of birth, nationality, place of birth, age, marital status, country, address, CNH, voter registration, military enlistment, profession, education, languages, professional registration, PIS/PASEP, CTPS, NIS, NIT, CEI.

The above personal data is processed only in certain cases and when necessary to achieve the purposes mentioned in this Privacy and Data Protection Policy, especially for the provision of legal services.

BRZ Advogados may collect this information in various ways. This personal data may be collected directly from the Data Subject, obtained from someone related to the Data Subject (e.g., the company you are part of), or accessed from publicly accessible sources. Regardless of the data origin, the processing will be governed by this Privacy and Data Protection Policy, and you may contact us via email at bernardo.pedrete@brzadvogados.com.br.

What are the purposes considered when processing your data?

Generally, we process your personal data for client service and provision of legal services in advisory or contentious contexts, including, but not limited to:

• Drafting, reviewing, or negotiating contracts;
• Conducting or participating in legal audits to verify a company’s compliance with Brazilian law and risk analysis;
• Managing investigations, inquiries, administrative procedures, legal, administrative, or arbitral proceedings, which includes document analysis and drafting, progress monitoring, among other actions;
• Analyzing new products, structures, cases, or any situations presented by clients to prepare responses to inquiries, memos, legal opinions, or reports;
• Preparing mandatory documents under Brazilian law;
• Mediating client relationships with authorities and government agencies;
• Conducting training sessions;
• Holding meetings, video conferences, or phone conferences to discuss various topics;
• Obtaining necessary licenses, authorizations, and permits;
• Assisting in participating in bids;
• Coordinating mergers and acquisitions, capital markets, financial market operations, and investments in companies in general.

We may also process your personal data to formalize a contract with BRZ Advogados, billing, and collection if you are the individual client or representative of a corporate client. Additionally, we may process your personal data to maintain our relationship with you through:

• Sending institutional communications, memos, or newsletters with topics of interest and event invitations;
• Organizing events, including managing registrations, sending save the dates, reminders, and thank you notes. To ensure easier access and comfort at the event, BRZ Advogados may ask if you have any disabilities or mobility restrictions;
• Conducting satisfaction surveys and feedback on our services and initiatives.

Occasionally, BRZ Advogados may indicate your personal data to national or international legal publications to contact you so that you can evaluate and reference our services to such publications, as well as to companies specializing in legal rankings.

With whom can we share the data?

BRZ Advogados may share your personal data with:

• Software providers, cloud hosting services, and other information technology services for managing your relationship with our office, registration, documentation, and other procedures;
• Correspondents, experts, advisors, partner firms (national and international), auditors, accountants, translators, and financial institutions to assist in providing legal services, depending on the demand;
• National or international legal publications;
• Regulatory bodies and other authorities, such as, but not limited to, the Administrative Council for Economic Defense (CADE), the National Health Surveillance Agency (ANVISA), the Securities and Exchange Commission (CVM), and the National Petroleum, Natural Gas, and Biofuels Agency (ANP).

International data transfer

Depending on the demand, if necessary, BRZ Advogados may transfer your personal data to service providers located abroad, including cloud service providers. Additionally, BRZ Advogados may share your personal data with partner firms abroad.

When your personal data is transferred outside Brazil by BRZ Advogados, the Firm will take appropriate measures to ensure adequate protection of your personal data in compliance with applicable data protection legislation requirements, including through the execution of appropriate data transfer agreements with third parties when necessary.

How long can the data be retained?

Data is maintained or stored:

• For the time required by law;
• Until the end of personal data processing, as mentioned below;
• For the time necessary to preserve BRZ Advogados’ legitimate interest, as the case may be;
• For the time necessary to safeguard the regular exercise of BRZ Advogados’ rights in judicial, administrative, or arbitral proceedings. Thus, we will process your data, for example, during applicable prescription periods or as long as necessary to comply with a legal or regulatory obligation.

The end of personal data processing will occur in the following cases:

• When the purpose for which the Data Subject’s personal data was collected is achieved and/or the personal data collected is no longer necessary or relevant to achieving such purpose;
• When the Data Subject is within their right to request the termination of processing and deletion of their personal data and does so; and/or
• When there is a legal determination to this effect.

In these cases of termination of personal data processing, except for the hypotheses established by applicable legislation or this Privacy and Data Protection Policy, the personal data will be deleted.

Data Subject’s rights

You have the following rights regarding your data:

• Confirmation of processing;
• Access;
• Correction of incomplete, inaccurate, or outdated data;
• Anonymization, blocking, or deletion;
• Portability;
• Deletion;
• Information about sharing;
• Information about the possibility of not providing consent and the consequences of refusal;
• Revocation of your consent, if we have requested it from you;
• Right to file a petition with the National Data Protection Authority (ANPD). There are circumstances that may restrict the exercise of some rights provided by law, such as, for example, when providing information may reveal some trade secret of BRZ Advogados or due to compliance with a legal/regulatory obligation or to allow BRZ Advogados’ defense in a judicial, administrative, or arbitral proceeding.

The Data Subject can exercise such rights by contacting the Firm’s data officer at bernardo.pedrete@brzadvogados.com.br.

Data protection and security
We are committed to the security of your personal data and take reasonable precautions to maintain this protection. BRZ Advogados employs security systems and technical, physical, and managerial procedures commonly adopted by the market to protect your data.

Cookies and emails

On our website, we only use strictly necessary cookies, which are essential to enable you to navigate the site and use its features. These are temporary cookies that last only while your browser is open and are used for technical purposes, mainly to allow better navigation on our site. Without these cookies, your browsing experience on our website may be significantly affected. Upon closing your browser, the cookies disappear automatically.

By using our website, you acknowledge the use of cookies under the conditions described here. You should have seen a pop-up in the lower corner of the page alerting you to the use of this tool on your first visit to our website. Although this notice does not appear on subsequent visits, you can manage the use of cookies through our website. If you do not agree with the use of these cookies, you can disable them at any time by adjusting your browser settings. Browsers are different, so consult your browser’s settings menu for instructions on how to change your cookie preferences. If you choose not to receive cookies, our websites may not function properly, and some features may be unavailable.

We reserve the right to send emails to our clients, partners, and third parties who have somehow engaged with the Firm to present information that we deem to be of interest to you. You may, at any time, request to be unsubscribed from these distribution lists.

We warn all clients that we will never send emails requesting confirmation of personal information via email. Therefore, we are not responsible for any fraudulent electronic communications that collect your personal data (phishing). Regarding received emails, we recommend verifying the content of the entire email before accessing any internet address or clicking on any link. Be wary of emails containing suspicious headers and sender fields, unusual content, messages with Portuguese errors, or even photos and logos with flaws.

After your first visit to our website, we may change the cookies we use. In any case, this policy will always allow you to know what is being collected and for what purposes, ensuring the right to deactivate cookies. Therefore, given the possibility of periodic review of this policy, we recommend that you access it from time to time.

Third-party websites

As a feature of our website, we may provide links to other internet sites. BRZ is not responsible for these websites and their content and does not share, subscribe, monitor, validate, or accept how these websites or content storage tools collect, process, and transfer your personal data.

We recommend that you review the respective privacy policies of such websites to be adequately informed about the processing of your personal data.

Update of the Privacy and Data Protection Policy

We reserve the right to change this Privacy and Data Protection Policy at any time by publishing the updated version on this page. This Privacy and Data Protection Policy is effective as of October 1, 2021.