1. PURPOSE
This Privacy and Personal Data Protection Policy (“Policy”) aims to regulate the processing of personal data of any natural person (“User”) who access the website: https://www.viterra.com.br/pt (“Site”) or use the services offered by any companies of Viterra Group in Brazil. (“Viterra Group”), which are: Viterra Agriculture Brasil S.A. / Viterra Logística e Terminais Portuários S.A. / Viterra Bioenergia S.A. / Correcta Indústria e Comércio Ltda. / Moinhos Cruzeiro do Sul S.A.
By accessing the Site and/or using Viterra Group's services, the User expresses awareness and agreement with this Policy. If the User does not agree with any of the terms and rules set forth hereby the access to the Site and/or the use of Viterra Group's services must NOT be made.
This Policy was prepared in accordance with all legislation in force in the Brazilian national territory with Marco Civil da Internet - Law No. 12.965/2014 and the General Data Protection Regulation - Law No. 13.709/2018 ("LGPD").
ABBREVIATIONS AND DEFINITIONS
VAGRI: VITERRA AGRICULTURE BRASIL S.A
VPORT: VITERRA LOGÍSTICA E TERMINAIS PORTUÁRIOS S.A.
CORRECTA: CORRECTA INDÚSTRIA E COMÉRCIO LTDA.;
MOINHOS: MOINHOS CRUZEIRO DO SUL S.A.;
VBIO: VITERRA BIOENERGIA S.A.
2. POLICY CHANGES
Viterra may review this Policy at any time, and any changes will be informed by notice on this Site. By continuing to access the Site and/or use Viterra Group's services, the User indicates that has read and accepted the changes to this Policy.
It is recommended that the User periodically reads the Policy to ensure that is aware of and agrees to its terms.
3. PERSONAL DATA PROCESSED
While the User browses the Site, the User’s internet protocol ("IP") address data is collected for the purposes of administering or compiling demographic information and monitoring the use and performance of the Site.
Occasionally, other types of data not expressly stated in this Policy may be collected, since they are provided with User's consent, or even if the collection is permitted or imposed by law.
Viterra Group undertakes not to collect the User's sensitive personal data, which are understood as those defined in arts. 11 et seq. of the LGPD.
Regardless the type of personal data, the treatment carried out by Viterra Group will always observe good faith and the principles described in art. 6 of the LGPD.
4. COOKIES
Viterra may use tracking technology ("Cookies") to collect data such as browser type and operating system, metrics, geographic location and to understand how Users use the Site. The logged data will be used anonymously.
For more information about Cookies, the User can check Viterra Group's Cookies Policy at the following address: https://www.viterra.com.br/en/Cookies-policy.
5. PURPOSE OF COLLECTING PERSONAL DATA
Personal data may be used for commercial purposes, to personalize the content offered to the User, as well as to provide information to the site in order to improve the quality and functioning of its services.
The collection of related or needed data to the execution of a purchase and sale, or service contract, occasionally signed with the User, will have the purpose of providing the parties with legal certainty, in addition to facilitating and enabling the conclusion of the business.
The processing of personal data for purposes not specified in this Policy will only occur upon prior notice to the User and, in any case, the rights and obligations set forth herein will remain applicable.
6. SHARING WITH THIRD PARTIES AND INTERNATIONAL DATA TRANSFER
Viterra Group will only disclose the User's personal data to third parties, including international data transfer, in compliance with applicable Brazilian and foreign laws and the clauses stated in this Policy, and provided that there is neither statutory prohibition or contractual confidentiality obligation nor the possibility to put the User's rights at risk.
The international transfer of personal data is only allowed to countries or international entities that provide an adequate level of personal data protection as the one stated in the Brazilian LGPD (Article 33, I of the LGPD), as per assessment to be performed by the National Data Protection Authority ("ANDP”).
If the country or international organization does not provide a level of Personal Data protection adequate to the one stated in the Brazilian LGPD, Viterra Group will only carry out the international transfer of personal data in those cases stated in Article 33, II of LGPD, including:
• For entities of the Viterra Group, in compliance with applicable laws and the statements contained in this Policy;
• When the Data Controller offers and provides guarantees of compliance with the principles, the User's rights, and the Data protection regime stated in the LGPD;
• When the User has given specific and prominent consent to carry out the transfer, with prior information about the international operation type, clearly distinguishing it from other purposes.
7. DATA STORAGE DEADLINE
Viterra Group will retain User's personal data and keep them stored until an occasional request for exclusion, or until it fulfils its purpose.
Viterra Group may keep User's personal data after receiving a User’s request for deletion or after fulfilling its purpose if necessary to comply with legal obligations, resolve disputes, maintain security, prevent fraud, and abuse, and ensure compliance with contracts.
8. USER RIGHTS
The User may obtain, at any time and upon request: (i) confirmation of data processing existence; (ii) access to processed personal data; (iii) access about purpose(s) for personal data processing; (iv) the form and duration of processing; (v) Data Controller identification and contact details; (vi) identification of third parties or categories of third parties to which personal data may be transmitted and whether they are located abroad; (vii) data correction; (viii) anonymization, blocking or deletion of unnecessary and excessive personal data; (ix) portability of data to another service or product provider; (x) deletion of processed personal data with User's consent, except in those cases stated in art. 16 of LGPD; (xi) information on public and private entities which the Controller shared data with; (xii) information about the possibility of not providing consent and about the consequences of denial; (xiii) revocation of consent, pursuant to § 5 of art. 8 of the LGPD.
Any request made by the User must be sent to Viterra's DPO through the e-mail address indicated in item 11 below.
The User also has the right to file complaints with ANPD due to the violation by Viterra Group of legislation or this Policy.
9. DATA SECURITY
Viterra Group undertakes to apply reasonable technical and organizational measures to preserve User's personal data from unauthorized access and from situations of destruction, loss, change, communication, or dissemination of such data.
However, considering that no system is completely and absolutely secure, Viterra Group disclaims liability for the sole fault of third parties, such as in the case of a hacker or cracker attack, or the sole fault of the User, as in the case where the User itself transfers its data to a third party.
Viterra Group undertakes to communicate to ANPD and the User, within a reasonable period, the occurrence of a security incident that may cause relevant risk or damage to the User.
10. DISCLAIMER
The Site does not grant any guarantee regarding the availability, continuity of operation or infallibility of the services and/or contents, nor that they will be useful for carrying out any particular activity. Also, considering the characteristics of the internet, the Site does not guarantee the security and privacy of the content outside the Site's domain, nor that it will be uninterrupted, free from viruses or other problems, errors and attacks and, in particular, does not guarantee that unauthorized third parties cannot access and, occasionally, intercept, delete, alter, modify or otherwise manipulate the current and/or transmitted data to its servers.
11. DATA PROCESSING RESPONSIBLE
The DPO (Data Protection Officer) is the person appointed by the personal data Controller to act as the communication channel between the Controller, the User and ANPD.
The contact details of Viterra Group's DPO, Rafael Molinari, are as follows:
VAGRI: dpo.viterrabrasil@viterra.com
VPORT: dpo.viterrabrasil@viterra.com
Correcta: dpo@correcta.ind.br
Moinhos: dpo@mcs.com.br
VBIO: dpo.vbio@viterra.com
12. APPLICABLE LAW AND JURISDICTION
This Policy is governed by Brazilian law and any disputes or controversies arising from this Policy will be settled by the Central Court of the District of São Paulo/SP, expressly waiving any other, however privileged it may be.
Updated December/2023