The INDÚSTRIA E COMÉRCIO DE MOLDURAS SANTA LUZIA, its branches, subsidiaries, group companies, controlled companies, or any of its authorized business partners, hereinafter referred to as ‘SANTA LUZIA,’ knows that your privacy is important. Therefore, it has established its Privacy Policy in accordance with the parameters of the General Data Protection Law (LGPD), observing the principles of respecting privacy, informative self-determination, freedom of expression, information, communication, and opinion, inviolability of privacy, honor, and image, economic and technological development, innovation, free enterprise, free competition, and consumer protection, human rights, free personality development, dignity, and exercise of citizenship by natural persons, to which it is aligned in the development of its economic activity, so that you know what data is collected, how it is processed, and for what purpose. By using SANTA LUZIA’s services, you consent to the collection, use, and disclosure of data, as described in this Privacy Policy. In some cases, a separate notification will be provided, and specific consent will be requested through a digital statement of ‘I have read and agree to the terms of the Privacy Policy.’ You may refuse to provide certain information you do not wish to share. In this case, the system will notify you of the consequences, and you may not have access to the advantages of the various services offered by SANTA LUZIA.

1. DEFINITIONS

1.1. For the purposes of this Privacy Policy, it is important to understand the following concepts:

1.1.1. System: The digital environment used by SANTA LUZIA, or any of its authorized business partners, to provide the Customer with information about their Account, such as a shopping cart, order data, order tracking, product features, manuals, and warranties of selected products, billing information such as delivery and billing address, among other information necessary for the provision of products.

1.1.2. Controller: A natural or legal person, public or private, responsible for decisions regarding the processing of personal data.

1.1.3. Processor: A natural or legal person, public or private, that processes personal data on behalf of the controller.

1.1.4. Data Protection Officer: A person appointed by the controller and processor to act as a communication channel between the controller, data subjects, and the National Data Protection Authority (ANPD).

1.1.5. Customer: A natural or legal person who has a commercial relationship with SANTA LUZIA, or who has created an Account, including through legal representation, whose access is exclusive by entering a personal and non-transferable password on one of its platforms, whether direct or controlled by third parties, and who is the holder of personal data.

1.1.6. Data Subject: A natural or legal person to whom personal data refers, whether or not a Customer, as long as it is related to SANTA LUZIA products.

1.1.7. Business Partner: A legal entity with which Santa Luzia has a cooperation relationship through contracts, commercial partnership agreements, or other instruments that reference the Privacy Policy.

1.1.8. Account: The virtual registration made by the Customer in the SANTA LUZIA system, or its business partners, in which a ‘username’ and ‘password’ are registered, with exclusive access by entering a personal and non-transferable password.

1.1.9. Password: The keyword (or password) created by the Customer in the access environment to SANTA LUZIA’s System.

1.1.10. Personal Data: Information related to an identified natural or legal person.

1.1.11. Database: A structured set of personal data, established in one or more places, in electronic or physical media.

1.1.12. Processing: Any operation performed with personal data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation, or control of information, modification, communication, transfer, dissemination, or extraction.

1.1.13. Declaration of Consent: A free, informed, and unequivocal expression by which the Customer agrees to the processing of their personal data for a specific purpose.

1.1.14. Shared Use of Data: Communication, dissemination, transfer, national or international, interconnection of personal data or shared processing of personal data between SANTA LUZIA and any of its business partners.

1.1.15. Block: Temporary suspension of any processing operation, by keeping personal data or the database, at the request of SANTA LUZIA or the Customer.

1.1.16. Deletion: The exclusion of data or a set of data stored in a database, regardless of the procedure used, at the request of SANTA LUZIA or the Customer.

2.GUIDING PRINCIPLES IN CUSTOMER DATA PROCESSING

2.1. SANTA LUZIA will observe the following principles in the processing of Customer data:

2.1.1. Purpose: Processing shall be carried out for legitimate, specific, explicit, and informed purposes for the data subject, with no possibility of subsequent processing that is incompatible with these purposes.

2.1.2. Adequacy: The processing shall be compatible with the purposes informed to the data subject, in accordance with the context of the processing.

2.1.3. Necessity: Limitation of processing to the minimum necessary for the achievement of its purposes, with coverage of relevant, proportionate, and non-excessive data in relation to the purposes of data processing.

2.1.4. Free Access: Assurance to data subjects of facilitated and free consultation regarding the form and duration of processing, as well as the completeness of their personal data.

2.1.5. Data Quality: Assurance to data subjects of accuracy, clarity, relevance, and updating of data, as needed and to fulfill the purpose of their processing.

2.1.6. Transparency: Assurance to data subjects of clear, accurate, and easily accessible information about the conduct of processing and the respective data processing agents, subject to commercial and industrial secrets.

2.1.7. Security: Use of technical and administrative measures to protect personal data from unauthorized access and from accidental or unlawful situations of destruction, loss, alteration, communication, or dissemination.

2.1.8. Prevention: Adoption of measures to prevent damage arising from personal data processing.

2.1.9. Non-Discrimination: Prohibition of processing for illegal or abusive discriminatory purposes.

2.1.10. Accountability and Accountability: Demonstration by the data controller of the adoption of effective measures capable of proving compliance with personal data protection rules, including the effectiveness of these measures.

3. WHAT INFORMATION WILL BE COLLECTED

3.1. SANTA LUZIA collects Customer’s personal data for the provision and improvement of its products, collecting data in accordance with the following sources:

3.1.1. Information Provided by the Customer: We collect and store any information that the Customer provides related to the products.

3.1.2. Automated Information: We collect and store information automatically about how you use the digital environment, including data about your interaction with products and content, most visited and desired items, time spent browsing, comments, clicks, using cookies, obtaining information when the Customer navigates the website or accesses their Account.

3.1.3. Information from Other Sources: We may receive information from the Customer from other processing sources, such as tracking and confirmation of delivery by transport companies, whether owned or outsourced, as well as from financial institutions and credit protection systems, for the purpose of correcting and improving services and products, preventing fraud, and non-payment.

4. PURPOSE OF COLLECTED PERSONAL DATA

4.1. We use your personal data to operate, provide, develop, and improve the products we offer to consumers, and for this, we apply processing for the following purposes:

4.1.1. Purchase and delivery of products: Personal data will be used to receive and carry out orders made by the Customer, process payments, communicate stages and conditions.

4.1.2. Technical assistance and improvements: We use the Customer’s personal data to provide technical support, after-sales service, and for product improvement, receiving and storing the Customer’s experiences related to purchasing, delivery, and product use.

4.1.3. Recommendations and customizations: Customer’s personal data is used to make recommendations for specific products, as well as to personalize navigation and product and offer suggestions, with the sending of advertisements.

4.1.4. Compliance with legal obligations: The Customer’s personal data may be used to comply with legal obligations or judicial decisions, within the limits imposed by the law or competent judicial authorities.

4.1.5. Communication: The Customer’s personal data is used to make contact through different forms of communication (system messages, telephone, email, instant messaging apps, among others), related to products.

4.1.6. Advertisements: We use your information to suggest specific products based on your preferences extracted from the information sources used in data collection. We do not disclose your personal or identifiable data in advertising materials.

4.1.7. Fraud Prevention and Credit Analysis: We use your personal data to prevent third-party fraud attempts using personal data, and we also use it for credit analysis to provide security to consumers, SANTA LUZIA, and third parties. We may use scoring to analyze and manage default risks.

5. USE OF COOKIES AND OTHER IDENTIFIERS

5.1. To allow our system to identify your browser and/or device and provide products, cookies or other identifiers will be used in the collection of automated data, providing further information about interests and customization, including:

5.1.1. Recognizing when you access the system. This allows you to receive personalized product recommendations, view products of interest, use simpler shopping tools, and other advantages.

5.1.2. Knowing your preferences. This allows, for example, to determine if you want to receive personalized advertising, ads, and more.

5.1.3. Conducting surveys to improve SANTA LUZIA’s products or our customer interaction.

5.1.4. Preventing fraudulent activities and improving site security.

5.1.5. Interacting with other systems and databases.

6. DATA SHARING

6.1. Information about our consumers is a valuable asset of our business, and as such, we handle it with the highest levels of confidentiality and security. We DO NOT sell any personal data. We share data with business partners only for the following purposes:

6.1.1. Transactions involving third parties: Data sharing will be used only within the limits and in the interest of providing SANTA LUZIA products, such as delivery address for carriers, credit, resellers, technical support.

6.1.2. Among group or controlled companies: We may share information and personal data with other companies within the group or controlled by SANTA LUZIA, exclusively for the provision or improvement of products.

6.1.3. Protection of SANTA LUZIA or third parties: We may share information and data to protect SANTA LUZIA itself or others, especially in cases of fraud or suspected fraud, as well as credit risk analysis.

6.1.4. Availability in credit protection databases: We may share some Customer information with credit protection system databases in cases of late payment or default, in accordance with specific regulations and legislation.

7. DATA SECURITY AND STORAGE

7.1. Your security and privacy are of utmost importance to us, and we rigorously consider them in the development of our system. Therefore, we have adopted security measures, technical and administrative, to protect personal data from unauthorized access and accidental or unlawful situations, including destruction, loss, alteration, communication, or any form of inappropriate or illegal treatment, including:

7.1.1. Security of your personal information during transmission, using encryption protocols and software.

7.1.2. Payment card industry data security standards when handling credit card data.

7.1.3. Physical, electronic, and procedural copies related to the collection, storage, and disclosure of Customer’s personal information.

7.1.4. Verification of identity before disclosing your personal information.

7.2. It is important to protect yourself against unauthorized access to your password and your computers, devices, and applications. Make sure to log out when you finish using a shared computer.

7.3. All personal information provided to SANTA LUZIA is stored in dedicated and reserved databases, used in accordance with this Privacy Policy, providing greater security for the information collected.

8. CUSTOMER’S RIGHTS

8.1. By consenting to SANTA LUZIA collecting, storing, and processing your personal data, you should be aware that ownership and fundamental rights of freedom, confidentiality, intimacy, and privacy are guaranteed. At any time upon request, you can obtain:

8.1.1. Confirmation of the existence of processing;

8.1.2. Access to the collected and processed data;

8.1.3. Correction of incomplete, inaccurate, or outdated data;

8.1.4. Anonymization, blocking, or deletion of unnecessary, excessive, or data processed in non-compliance with LGPD;

8.1.5. Portability of data to another service or product provider, upon express request, in accordance with the regulations of the national authority, subject to commercial and industrial secrets;

8.1.6. Deletion of personal data processed with the consent of the data subject;

8.1.7. Information about public and private entities with which the controller has shared data;

8.1.8. Information on the possibility of not giving consent and the consequences of refusal;

8.1.9. Revocation of consent.

8.2. The Customer may object to processing carried out based on one of the hypotheses of consent exemption.

8.3. The rights provided above will be exercised by express request of the Customer or a legally constituted representative.

8.4. In case it is not possible to take immediate action, SANTA LUZIA will send the data subject a response in which it may:

8.4.1. State that it is not a data processing agent and indicate, whenever possible, the agent; or

8.4.2. Indicate the factual or legal reasons preventing the immediate adoption of the measure.

8.5. Confirmation of the existence or access to personal data shall be provided, upon the data subject’s request:

8.5.1. In a simplified format, immediately; or

8.5.2. Through a clear and complete statement that indicates the data’s source, the absence of a record, the criteria used, and the purpose of processing, subject to commercial and industrial secrets, provided within 15 (fifteen) days from the date of the data subject’s request.

8.5.3. Information and data may be provided:

8.5.4. Electronically, securely and suitable for this purpose; or

8.5.5. In printed form.

8.6. The provision of confidential information will only be made to the data subject, upon submission of the request with a copy of a current photo identification document, or to a representative who has been legally appointed by a duly authenticated power of attorney.

9. COMPLIANCE WITH LEGISLATION AND INFORMATION TECHNOLOGY PRACTICES

9.1. SANTA LUZIA is constantly improving its internal processes and products, and is compliant with Law No. 13,709/2018 (LGPD) since its entry into force, adhering to the principles and data processing mechanisms to achieve the goal and protection that the law confers to data subjects and controllers.

9.2. SANTA LUZIA has its own and outsourced Information Technology department, both of which have extensive knowledge of the legislation and their legal obligations as data controllers or data processors in the treatment of Customers’ personal information.

10. LIMITATION OF LIABILITY

10.1. SANTA LUZIA is not responsible for malicious practices or the misuse of content from other websites, as well as data security failures or illegal activities committed by third parties, whether they are business partners or not. SANTA LUZIA is committed to offering the best in terms of security for the services that each Customer accesses, acquiring modern and effective assets, applying methodologies designated as best practices, and adopting state-of-the-art measures for information security.

10.2. SANTA LUZIA is not responsible for the stability or security of internet service providers and the hardware connected to them.

10.3. Data from your internet package may be used when accessing or using System-related services, which are the responsibility of the Customer.

10.4. By consenting to this, you also agree to grant SANTA LUZIA an unrestricted, irrevocable, and royalty-free license, without receiving royalties or compensation, mentions, descriptions, or thanks, in case you provide feedback and ideas for the development of improvements or new products. The copyrights for these ideas will be the total and exclusive property of SANTA LUZIA, which may make use of them in the way that it deems best, including derivatives, regardless of any contrary reservations made by the Customer through any means of communication (verbal, physical, or electronic), without being required to pay compensation, reimbursement, or refunds.

10.5. At its sole discretion, SANTA LUZIA may provide bonuses, vouchers, mentions, thanks to Customers who provide information that results in product improvement or the creation of a new product. This decision will be made by the controller and communicated to the Customer.

10.6. Business partners may have their own privacy policies, and it is up to the Customer to consent to them or not. SANTA LUZIA is not responsible for any loss, deterioration, misuse, fraud, or any other form of harm or misconduct caused to the Customer due to business partners.

11. TERMINATION OF DATA PROCESSING

11.1. There is no specific term for the processing of personal data collected and stored by SANTA LUZIA, reserving the right to communicate the termination at any time, without prior notice. However, the termination may occur in the following situations:

11.1.1. Verification that the purpose has been achieved or that the data is no longer necessary or relevant to the achievement of the specific purpose intended;

11.1.2. End of the processing period;

11.1.3. Communication by the data subject, including the exercise of their right to revoke consent;

11.1.4. Determination by the national authority.

11.2. Personal data will be deleted after the end of their processing, within the technical scope and limits of activities, with authorization for conservation for the following purposes:

11.2.1. Compliance with legal or regulatory obligations by the controller;

11.2.2. Study by a research body, provided that, whenever possible, the personal data is anonymized;

11.2.3. Transfer to a third party, provided that the data processing requirements set out in this Law are met; or

11.2.4. Exclusive use by the controller, with no access by a third party, provided that the data is anonymized.

12. AMENDMENT OF THE PRIVACY POLICY TERMS

12.1. SANTA LUZIA reserves the right to change, in whole or in part, any of the terms of its Privacy Policy, without prior notice to the Customer.

12.2. In this case, SANTA LUZIA will communicate any changes made through its various customer service channels, as well as highlighting them on its website.

13. CONTROL, PROCESSORS, AND DATA PROTECTION OFFICERS

13.1. Control will be exercised by any of the directors of SANTA LUZIA, who are responsible for the final, irrevocable decision regarding data processing.

13.2. The Information Technology department will serve as the data processor for SANTA LUZIA in the processing of personal data and may request support from subcontractors.

13.3. Data Protection Officers will be the managers of the sales, marketing, after-sales, business partners, logistics, new product development engineering, and customer service departments, each having access in accordance with and within the limits of their functional activities.

13.4. SANTA LUZIA’s Customer Service (SAC) will also be responsible for the Customer/Data Subject contact channel for complaints, requests, reports, and compliments regarding this Privacy Policy. It can be reached at sac@industriasantaluzia.com.br, Cell: +55 (48) 99134-4142, Phone: +55 (48) 3651-1358, +55 (48) 3651-1300.