GENERAL PRIVACY AND DATA PROTECTION NOTICE – CBMM

Companhia Brasileira de Metalurgia e Mineração - (CBMM) - a private legal entity registered under the CNJP No 33.131.541/0001-08, headquartered in Córrego da Mata, s/No, Caixa Postal no 08, CEP 38.183-903, in Araxá, in the Estado de Minas Gerais, understands as extremely relevant the electronic records and other personal data left by you Data Subject when using the several websites and services of CBMM, serving this Private Policy in order to regulate in a simple, transparent and objective manner, which personal data are obtained, as well as when and in which way they can be used.

This Policy applies to Services related to any of CBMM’s brands and activities, understanding as such all those listed on CBMM’s official websites, including all its products.

The current Policy is aimed at CBMM’s clients and the general public and covers how we process these people’s personal data. If you are a CBMM employee, collaborator or supplier, or if you are participating in any project or specific activity with CBMM, you may consult the respective privacy notice made available by CBMM.

In case of additional questions or requests, please reach out to our Data Protection Officer through this link

This Policy may be updated by CBMM at any time upon notice on the website and/or by email, if the Data Subject has chosen to receive communications from CBMM.

1.DEFINITIONS

In case of doubts about the terms used in this policy, we suggest consulting the table below:

Personal Data

Sensitive Personal Data

Holder

Processing

Anonymization

Any data that indirectly identifies or allows the identification of individuals.

A special category of Personal Data referring to racial or ethnic origin, religious belief, political opinion, trade union membership or participation in religious, philosophical or political organizations, data relating to health, or to gender identity or sexual orientation, genetic or biometric data relating to individuals.

Individual to whom the Personal Data processed by CBMM refers, such as former, present or potential customers, employees, contractors, business partners and third parties.

Any operation performed with the Personal Data, such as those referring to: collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, evaluation or control of information, modification, communication, transfer, diffusion or extraction.

Process through which the Personal Data loses the possibility of direct or indirect association with an individual considering the reasonable and available technical means at the time of processing.

2. WHAT PERSONAL DATA WE USE
CBMM may collect the information actively inserted by the Data Subject at the time of contact or registration as well as information collected automatically when using the Services and the network, such as identification of the commercial establishment used, IP with date and time of connection, among others.

There is, therefore, the processing of two types of Personal Data: (i) those provided by the Data Subject themselves; (ii) those collected automatically by CBMM.

i. Personal Data provided by the Data Subject: CBMM collects all Personal Data actively entered or forwarded by the Data Subject when getting in contact or accessing CBMM’s portals, such as full name, email, date of birth, city, state, when filling out forms in the Services by the Data Subject, in addition to other Personal Data actively provided by the Data Subject when contacting CBMM. Regardless of which Personal Data the Data Subject actively provides to CBMM, we will only use those effectively relevant and necessary for achieving the purposes declared to them on a case-by-case basis.

ii. Personal Data collected automatically by CBMM: CBMM also collects a series of information automatically, such as: characteristics of the access device, browser, IP (with date and time), IP origin, information about clicks, accessed pages, searching terms entered in our portals, among others. For such collection, CBMM will use some standard technologies, such as cookies, pixel tags, beacons and local shared objects, which are used with the purpose of improving the Data Subject browsing experience on the Services, according to their habits and preferences.

The automatic collection of Personal Data can be disabled through Holders’ internet browser settings on our website. Holders must be aware that, if these technologies are disabled, some features offered by the website, which depend on the processing of such data, may not work properly.

Holders may access, update and supplement their Personal Data, as well as request the deletion of their Personal Data collected by CBMM, by contacting our Officer through this link. We shall make every effort to reply in the shortest possible time, respecting the deadlines established by law.

3. HOW WE USE DATA

CBMM processes Personal Data in order to enter into contractual relationships or to manage, provide, expand and improve Services to Holders, adapting them to their preferences and tastes, as well as to create new services and products to be offered to Holders.
CBMM may centralize the Personal Data collected, which may be used in other Services related to all CBMM’s brands, respecting the purposes set forth herein and Holders’ consent, whenever required by law.

In some cases, CBMM may also process Personal Data whenever necessary to comply with legal or regulatory obligations.

Besides, CBMM may also process Personal Data based on its legitimate interest (or the legitimate interest of another company in the group), always according to Holders’ expectations, and never at the expense of their interests, rights and fundamental freedoms.

Additionally, the information collected may be, upon the Data Subject consent, used for advertising purposes, such as sending information about CBMM’s brands, products, promotions and discounts, as well as disseminating events or conducting surveys related to its activities.

If Holders no longer wish to receive CBMM’s advertising newsletter, they can contact CBMM at any time, through this link.

4. HOW WE USE COOKIES
Cookies are files or information that may be stored on your devices when you visit CBMM’s websites or use its online services. Generally, a cookie contains the name of the website that originated it, its lifetime and a value, which is randomly generated.

CBMM uses cookies to facilitate use and to better adapt its pages to the interest and needs of Holders, as well as to compile information about the use of its websites and services, helping to improve its structures and contents. Cookies may also be used to speed up your future activities and experiences on our portal. The cookie policy established by CBMM is available on the website (legal information).

Necessary

These cookies are essential for CBMM pages to load correctly and allow you to browse our sites and use all functionalities.

Preferences

These cookies allow CBMM pages to remember your choices to provide a more personalized experience. They also allow Data Subject to watch videos and use social tools, comment fields, forums, among others.

Statistic

These cookies help us to understand how visitors interact with CBMM pages, providing information about the areas visited, the time spent on the website and any problems encountered, such as error messages.

Marketing

These cookies are used to provide more content that is relevant and of interest to Holders. They can be used to present more targeted advertising or limit the times ads are shown on CBMM pages. They also allow measuring the effectiveness of a CBMM advertising campaign.

These cookies may also be used to indicate to CBMM pages the sites that Holders have visited and, as a result, CBMM may share this information with third parties, such as contracted advertising agencies.

Social networks

These cookies are set by a number of social networking services that we have added to the website to allow you to share our content with your friends and acquaintances.

They can track your browsing on other websites and create a profile of your interests. This can affect the content and messages you see on other websites you visit. If you do not allow these cookies, you may not be able to use or see these sharing tools.

After Holders consent to the use of cookies, when using CBMM pages, the website temporarily stores a cookie on their device to remember this in the next session.

Holders may revoke their consent to the cookies stored anytime, by clearing the browsing data on their internet browser (browser).

Finally, please notice that if Holders do not accept some cookies on CBMM pages, certain services may not operate optimally.

5. WHO WE WILL SHARE DATA WITH
CBMM is an economic group that works in partnership with various companies in Brazil and worldwide, whose listing is available here. This way, CBMM may share information collected through its pages or by contacting the Data Subject, in the following cases:

i. With other companies of the CBMM group, incorporated or operating in any country, which undertake to use the information for the same purposes indicated in this Policy.

ii. ii. With partner companies and suppliers, to develop Services offered to Holders.

iii. With authorities, government entities or other third parties, for the protection of CBMM’s interests in any type of conflict, including lawsuits and administrative proceedings.

iv. In case of transactions or corporate changes involving CBMM, in which case the transfer of information will be necessary for the continuity of the Services; or,

v. Upon court orders or requests from government authorities.

Additionally, some of the transfers indicated above may take place outside Brazil, notably to countries where the business group operates. CBMM undertakes to do so only to countries which provide a level of Data Protection compatible with the applicable law provisions or upon the use of guarantees and safeguards, such as specific provisions, standard clauses, global corporate standards, among others; as well as upon the specific consent of Holders or under the other circumstances authorized by law and regulated by the National Personal Data Authority.

6. HOW WE KEEP DATA SECURE

CBMM uses reasonable market and legally required means to preserve the privacy of the Personal Data collected. This way, it adopts various technical and administrative security measures capable of protecting Personal Data from unauthorized access and from accidental or unlawful situations of destruction, loss, alteration, communication or any other form of inappropriate or unlawful processing.

In addition to the technical efforts, CBMM also adopts institutional measures aimed at Personal Data protection, so that it maintains an information security and privacy governance program applied to all its activities and governance structure, which is constantly updated.

Although CBMM makes its greatest efforts to preserve privacy and protect Personal Data of Data Subject, no information transfer is totally secure. Therefore, CBMM cannot fully guarantee that all information it receives and sends will not be subject to unauthorized access perpetrated through methods developed to improperly obtain information.

For this reason, we encourage Holders to take appropriate measures to protect themselves, such as, keeping all access credentials (usernames and passwords) confidential, as such information is personal, non-transferable and of Holders’ sole responsibility.

7. RETENTION OF INFORMATION COLLECTED

In order to protect Holders’ privacy, Personal Data processed by CBMM shall be deleted (i) at the end of the retention period established for the processing of those Personal Data; (ii) when data are no longer useful for the purposes for which they were collected; or (iii) when Holders request their deletion, unless their maintenance is expressly authorized by applicable law or regulation, or when their retention for other purposes is legally required, or to comply with a legal or regulatory obligation, transfer to a third party - provided that Personal Data Processing requirements are met - and for CBMM’s exclusive use, including for the exercise of its rights in lawsuits and administrative proceedings.

8. HOLDERS’RIGHTS

In compliance with the applicable regulations, regarding Personal Data Processing, CBMM respects and guarantees Holders the possibility of submitting requests to:

i. i. confirm that their Personal Data were processed;

ii. access to the Personal Data;

iii. editing of incomplete, inaccurate or outdated Personal Data;

iv. anonymize, block or delete Personal Data which are unnecessary, excessive or processed in violation of the law;

v. take their Personal Data to another service or product supplier, upon Holders’ express request;

i. delete any Personal Data processed based on Holders’ consent;

ii. obtain information about the public and private entities with whom CBMM shared their Personal Data;

iii. obtain information about the possibility of denying consent, as well as of the consequences of such denial;

iv. revoke consent;

v. oppose any Processing carried out in the event of waiver of consent, if not in compliance with the law.

These rights may be exercised by sending a request to our Officer through this link, for further evaluation and adoption of other measures by CBMM.

Holders are aware that the exclusion of essential information for the management of their account with CBMM shall imply the termination of their registration, with the consequent cancellation of the Services provided.

CBMM will make every effort to fulfil such requests in the shortest possible time and according to the complexity of each case.

Finally, Holders must be aware that their request may be legally rejected, either for formal reasons (such as the inability to prove their identity) or legal (such as the request to delete Personal Data whose retention by CBMM is authorized by law).

9. APPLICABLE LAW AND VENUE

This Policy shall be governed, interpreted and implemented in accordance with the laws of the República Federativa do Brasil, especially the General Personal Data Protection Law - LGPD (Law no 13.709/2018), notwithstanding any other Laws from other states and countries. Any conflict arising from this document shall be submitted to the courts in Araxá, State of Minas Gerais.

Updated on november 2022.