1. PURPOSE
This Privacy and Personal Data Protection Policy (“Policy”) aims to regulate the processing of personal data of any natural person (“User”) who access the website: https://www.viterra.com.br/pt (“Site”) or use the services offered by Viterra Brasil S.A. (“Viterra”).
By accessing the Site and/or using Viterra's services, the User expresses his awareness and agreement with this Policy. If the User does not agree with any of the terms and rules set forth herein, he must NOT access the Site and/or use Viterra's services.
This Policy was prepared in accordance with all legislation in force in the Brazilian national territory, in particular, with Marco Civil da Internet - Law No. 12.965/2014 and the General Data Protection Regulation - Law No. 13.709/2018 ("LGPD").
2. POLICY CHANGES
Viterra may review this Policy at any time, and any changes will be informed by notice on this Site. By continuing to access the Site and/or use Viterra's services, the User indicates that he has read and accepted the changes to this Policy.
It is recommended that the User periodically reads the Policy to ensure that he is aware of and agrees to its terms.
3. PERSONAL DATA PROCESSED
While the User browses the Site, his internet protocol ("IP") address data is collected for the purposes of administering or compiling demographic information and monitoring the use and performance of the Site.
Occasionally, other types of data not expressly stated in this Policy may be collected, since they are provided with User's consent, or even if the collection is permitted or imposed by law.
Viterra undertakes not to collect the User's sensitive personal data, which are understood as those defined in arts. 11 et seq. of the LGPD.
Regardless of the type of personal data, the treatment carried out by Viterra will always observe good faith and the principles described in art. 6 of the LGPD.
4. COOKIES
Viterra may use tracking technology ("Cookies") to collect data such as browser type and operating system, metrics, geographic location and to understand how Users use the Site. The logged data will be used anonymously.
For more information about Cookes, User can check Viterra's Cookies Policy at the following address https://www.viterra.com.br/en/Cookies-policy.
5. PURPOSE OF COLLECTING PERSONAL DATA
Personal data may be used for commercial purposes, to personalize the content offered to the User, as well as to provide information to the site in order to improve the quality and functioning of its services.
The collection of related or needed data to the execution of a purchase and sale or service contract occasionally signed with the User will have the purpose of providing the parties with legal certainty, in addition to facilitating and enabling the conclusion of the business.
The processing of personal data for purposes not specified in this Policy will only occur upon prior notice to the User and, in any case, the rights and obligations set forth herein will remain applicable.
6. SHARING WITH THIRD PARTIES AND INTERNATIONAL DATA TRANSFER
Viterra will only disclose the User's personal data to third parties, including international data transfer, in compliance with applicable Brazilian and foreign laws and the clauses stated in this Policy, and provided that there is neither statutory prohibition or contractual confidentiality obligation nor the possibility to put the User's rights at risk.
The international transfer of personal data is only allowed to countries or international entities that provide an adequate level of personal data protection as the one stated in the Brazilian LGPD (Article 33, I of the LGPD), as per assessment to be performed by the National Data Protection Authority (" ANDP”).
If the country or international organization does not provide a level of Personal Data protection adequate to the one stated in Brazilian LGPD, Viterra will only carry out the international transfer of personal data in those cases stated in Article 33, II of LGPD, including:
• For entities of the Viterra Group, in compliance with applicable laws and the statements contained in this Policy;
• When the Data Controller offers and proves guarantees of compliance with the principles, the User's rights and the Data protection regime stated in LGPD;
• When the User has given his specific and prominent consent to carry out the transfer, with prior information about the international operation type, clearly distinguishing it from other purposes.
7. DATA STORAGE DEADLINE
Viterra will retain User's personal data and keep them stored until an occasional request for exclusion, or until it fulfils its purpose.
Viterra may keep User's personal data after receiving his request for deletion or after fulfilling its purpose if necessary to comply with legal obligations, resolve disputes, maintain security, prevent fraud and abuse, and ensure compliance with contracts.
8. USER RIGHTS
The User may obtain, at any time and upon request: (i) confirmation of data processing existence; (ii) access to processed personal data; (iii) access about purpose(s) for personal data processing; (iv) the form and duration of processing; (v) Data Controller identification and contact details; (vi) identification of third parties or categories of third parties to which personal data may be transmitted and whether they are located abroad; (vii) data correction; (viii) anonymization, blocking or deletion of unnecessary and excessive personal data; (ix) portability of data to another service or product provider; (x) deletion of processed personal data with User's consent, except in those cases stated in art. 16 of LGPD; (xi) information on public and private entities which the Controller shared data with; (xii) information about the possibility of not providing consent and about the consequences of denial; (xiii) revocation of consent, pursuant to § 5 of art. 8 of LGPD.
Any request made by the User must be sent to Viterra's DPO at the e-mail address indicated in item 11 below.
The User also has the right to file complaints with ANPD due to the violation by Viterra of legislation or of this Policy.
9. DATA SECURITY
Viterra undertakes to apply reasonable technical and organizational measures to preserve User's personal data from unauthorized access and from situations of destruction, loss, change, communication or dissemination of such data.
However, considering that no system is completely and absolutely secure, Viterra disclaims liability for the sole fault of third parties, such as in the case of a hacker or cracker attack, or the sole fault of the User, as in the case where he himself transfers his data to a third party.
Viterra undertakes to communicate to ANPD and the User, within a reasonable period, the occurrence of a security incident that may cause relevant risk or damage to the User.
10. DISCLAIMER
The Site does not grant any guarantee regarding the availability, continuity of operation or infallibility of the services and/or contents, nor that they will be useful for carrying out any particular activity. Also, considering the characteristics of the internet, the Site does not guarantee the security and privacy of the content outside the Site's domain, nor that it will be uninterrupted, free from viruses or other problems, errors and attacks and, in particular, does not guarantee that unauthorized third parties cannot access and, occasionally, intercept, delete, alter, modify or otherwise manipulate the current and/or transmitted data to its servers.
11. DATA PROCESSING RESPONSIBLE
The DPO (Data Protection Officer) is the person appointed by the personal data Controller to act as the communication channel between the Controller, the User and ANPD.
The contact details of Viterra's DPO are as follows:
FERNANDA SANTOS
E-mail: dpo.viterrabrasil@viterra.com
12. APPLICABLE LAW AND JURISDICTION
This Policy is governed by Brazilian law and any disputes or controversies arising from this Policy will be settled by the Central Court of the District of São Paulo/SP, expressly waiving any other, however privileged it may be.
Updated December/2021