LGPD PRIVACY POLICY

1. Privacy Policy and Personal Data Protection

1.1. We enforce this Policy, which establishes the guidelines for privacy and protection of personal data of ABA's customers, partners, employees and suppliers, as well as demonstrates our commitment to the confidentiality of your information.

2. Regulation

2.1. General Data Protection Law (LGPD) - Law No. 13,709, of August 14, 2018.

3. Concepts

3.1. Personal data: information related to an identified or identifiable natural person.

3.2. Sensitive personal data: personal data on racial or ethnic origin, religious conviction, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, data relating to health or sex life, genetic or biometric data, when linked to a natural person.

3.3. Holder: natural person to whom the personal data that are the object of processing refer.

3.4. Controller: natural or legal person, governed by public or private law, responsible for decisions regarding the processing of personal data.

3.5. Operator: natural or legal person, governed by public or private law, who processes personal data on behalf of the controller.

3.6. Person in charge: person appointed by the controller and operator to act as a communication channel between the controller, the data subjects and the National Data Protection Authority (ANPD).

3.7. Treatment: any operation carried out with personal data, such as those relating to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication , transfer, diffusion or extraction.

3.8. Consent: free, informed and unequivocal expression by which the holder agrees to the processing of his/her personal data for a specific purpose.

3.9. Shared use of data: communication, dissemination, international transfer, interconnection of personal data or shared treatment of personal data banks by public bodies and entities in the fulfillment of their legal competences, or between these and private entities, reciprocally, with specific authorization, to one or more treatment modalities permitted by these public entities, or between private entities.

3.10. National authority: public administration body responsible for overseeing, implementing and monitoring compliance with this Law throughout the national territory.

3.11. Free Access - Right of the Holder to have access to all information regarding the processing of their Personal Data.

3.12. Security - Means the use of technical and administrative measures capable of protecting personal data from unauthorized access and from accidental or unlawful situations of destruction, loss, alteration, communication or dissemination.

4. Principles

4.1. Good faith, purpose, adequacy, necessity, free access, data quality, transparency, security, prevention, non-discrimination, accountability and accountability.

5. Our Commitments

5.1. We value the confidentiality and privacy of your information and we take the necessary care regarding the protection and proper use of personal data.

5.2. We adopt the best security practices to ensure the integrity and confidentiality of the data collected, adding protection mechanisms against misuse, unauthorized access attempts, fraud, sabotage and theft.

5.3. We are committed to protecting the data we collect and use, ensuring the ethical, transparent and responsible treatment of personal data throughout its life cycle.

5.4. Our policy may be updated at any time, ensuring compliance with new legislation and the needs of our customers. Therefore, it is necessary to follow our dissemination channels.

5.5. We process the data of our employees as a result of compliance with a legal obligation, compliance with our contractual relationship and, in some cases, the employee's consent.

5.6. We use contact information, including email address and telephone details (professional and personal), home and work address, for compliance with legal obligations, personnel and resource management, and company communications.

5.7. We process information to the media, including photographs, videos and testimonials used in internal communication, both digital and physical, and external communication, for dissemination and communication on social networks.

5.8. We guarantee our employees the right to authorize the processing of their personal data and the right to rectify and/or update their personal data, upon request.

5.9. As for the Privacy and Protection of Personal Data, we constantly adapt our processes to ensure that each treatment uses only the necessary information.

5.10. We monitor the use of personal data and analyze suspicions of improper treatment from a legal point of view.

5.11. We repudiate and do not authorize the processing of data for unlawful or abusive discriminatory purposes.