Privacy Policy

1. PURPOSE OF THIS POLICY

This Privacy Policy informs you, as a visitor to the VIXTRA.com website (hereinafter referred to as "Site"), a user of the Client Portal, or as someone who provides data ("You"), about VIXTRA's privacy practices and the choices you can make regarding the collection and use of data relating to you.

By consenting to this Policy, you acknowledge that VIXTRA will act as the Controller when VIXTRA is responsible for decisions regarding the Processing of your Personal Data. You agree that we may process your Personal Data in accordance with the terms set out herein and acknowledge that this Policy may be modified at any time, with all updates published on this page.

Therefore, we recommend that you read this Privacy Policy carefully. If you do not agree with the provisions set out in this Policy, please immediately discontinue access to and use of our Site and/or Client Portal.

DEFINITIONS

For the purposes of this Policy, the following definitions and descriptions should be considered for better understanding, whether referred to in uppercase or lowercase, singular or plural, with or without bold:

• You: any user/visitor of the Site and/or Client Portal.
• Personal Data: any information related to an identified or identifiable natural person;
• Sensitive Personal Data: personal data concerning racial or ethnic origin, religious conviction, political opinion, trade union membership, or membership of a religious, philosophical, or political organization, data concerning health or sex life, genetic or biometric data, when linked to a natural person;
• Anonymized Data: data relating to a data subject who cannot be identified, considering the use of reasonable and available technical means at the time of processing;
• Anonymization: the use of reasonable and available technical means at the time of processing, through which data loses the possibility of association, direct or indirect, with an individual;
• Processing: any operation performed with Personal Data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation or control of information, modification, communication, transfer, dissemination, or extraction;
• LGPD: Brazil's General Data Protection Law (Law No. 13,709, of August 14, 2018);
• Controller: a natural or legal person, public or private, who is responsible for decisions regarding the Processing of Personal Data;
• Data Subject: the natural person to whom the Personal Data being Processed refers;
• Legal Basis: the legal grounds provided by the LGPD that authorize VIXTRA to process Personal Data.

2. THIRD-PARTY APPLICATIONS

This Privacy Policy does not apply to third-party applications, products, services, websites, or social media features that may be accessed through links we provide for your convenience and information. Accessing these links will cause you to leave VIXTRA's virtual environment and may result in the collection or sharing of information about you by third parties.

VIXTRA does not control, endorse, or make any warranties regarding Third-Party Applications or their privacy practices, which may differ from VIXTRA's. We recommend that you carefully read the privacy policies and terms of use of any Third-Party Application you interact with before allowing the collection and use of your Personal Data.

SOCIAL MEDIA

You have the option to click on social media links such as YouTube, Facebook, LinkedIn, and Instagram that appear on our Site. Social media creates a friendlier atmosphere on the Site and helps promote it through sharing.

When you click on these links, we may gain access to the Personal Data you have made public and accessible through your social media profiles. We do not create or use any separate database from these social networks based on the Personal Data you have published there, nor do we use these means to process any data related to your private life.

If you do not want us to access your Personal Data published in public spaces of your profile or social accounts, you should use the procedures provided by the respective social networks to limit access to such data.

Please note that accessing these Social Networks requires acceptance of their privacy policies and terms and conditions for the Processing of Personal Data carried out by them.

3. TYPES OF PERSONAL DATA COLLECTED AND THEIR PURPOSES

VIXTRA may collect and process the following types of Personal Data for the respective purposes:

• Name, email, Internet Protocol (IP) address, and organization name of clients for creating access to the Client Portal and providing status queries on processes, requests, invoices, and due dates related to imports/exports;
• Name and email of suppliers for creating access to the Client Portal and providing payment inquiries and invoice uploads;
• Full name, email, and phone number (optional) so VIXTRA can contact you regarding your message sent through the Site for commercial purposes;
• Name, CPF (tax ID), ID number, email, and address of clients for completing the registration form (an internal document with all conditions formalized in the contract);
• CPF for analysis of negative records at credit bureaus;
• Name, CPF, ID number, address, and marital status for qualifying the parties in the contract;
• Any other Personal Data sent to us by you through our platforms or communication channels to access our services.

If your Personal Data is collected in a different environment or for other purposes (e.g., job application), you will be duly notified and will have the opportunity to exercise your right of choice.

By sharing Personal Data, you warrant that you have a legal basis to promote such sharing, in accordance with applicable legislation.

In the case of sharing Personal Data by a legal entity, you must ensure that the sharing is carried out only by employees, agents, or representatives who have the authority to do so.

Any and all Personal Data shared with VIXTRA will be duly processed in accordance with applicable legislation and may, within legal limits, be shared as mentioned in Section 5 of this Privacy Policy.

4. AUTOMATICALLY COLLECTED PERSONAL DATA

When you visit our Site, the Client Portal, and our Visibility Platform, we automatically collect some information through "Cookie" technology. Cookies allow us, for example, to adapt our Site to meet your interests. For more information about which Cookies we use and the purpose of each, please refer to our Cookie Policy.

5. SHARING OF PERSONAL DATA

We restrict access to your Personal Data only to our duly authorized professionals who need to know such data to process your requests or provide the requested service(s).

We may share your Personal Data with authorized service providers with whom we work (for example: law firms, banks, document storage, technology, and IT companies) to whom we may turn for the purpose of providing our services.

We may also share your Personal Data with financial institutions and/or other institutions authorized by the Central Bank of Brazil, with whom you already maintain or may come to maintain a contractual relationship.

We do not authorize our service providers to use and/or disclose your data, except to the extent necessary to provide services on our behalf or to comply with legal obligations.

We do not share Personal Data with third parties unless you have previously agreed to it or there is a permission or obligation under law.

In addition, we may also share your Personal Data when we believe in good faith that we have an obligation to: (i) comply with a law, regulation, or court order; (ii) respond to information requests from regulatory bodies; (iii) enforce and/or protect VIXTRA's property or rights; or (iv) protect the legitimate interests of third parties.

If we must disclose your Personal Data, we are committed to revealing only the strictly necessary information.

LEGAL BASIS FOR PERSONAL DATA PROCESSING

VIXTRA only processes your Personal Data in accordance with one of the legal grounds established by the LGPD that authorizes VIXTRA to process Personal Data.

Processing operations of Personal Data by VIXTRA may be carried out under the following grounds: (i) as part of contractual performance and management; (ii) to meet VIXTRA's or third parties' legitimate interests; (iii) to comply with legal or regulatory obligations; (iv) when necessary for the regular exercise of rights; (v) for credit research and protection purposes; (vi) upon your prior consent.

6. PROCESSING OF CHILDREN'S AND ADOLESCENTS' PERSONAL DATA

Considering the importance of protecting the privacy of children and adolescents, VIXTRA does not deliberately process Personal Data of children and adolescents on its Site and/or Client Portal.

PROCESSING OF SENSITIVE PERSONAL DATA

VIXTRA does not process Sensitive Personal Data on the Site, Client Portal, and/or Visibility Platform. If it is strictly necessary to collect such data to achieve the purpose for which Processing is carried out, we will request your prior, specific, and highlighted consent.

7. PERSONAL DATA SECURITY AND RETENTION PERIOD

VIXTRA adopts standard physical, electronic, and managerial security procedures and standards to protect your Personal Data from unauthorized access and from accidental or unlawful situations of destruction, loss, alteration, communication, or dissemination.

Access to the Client Portal is through a confidential, personal username and password. You are responsible for keeping your password safe and confidential.

The Personal Data we collect may be retained for as long as necessary to meet VIXTRA's legitimate business purposes, including those described in this Privacy Policy.

Upon expiration of the retention period and legal necessity, Personal Data will be deleted using secure disposal methods or used in anonymized form for statistical purposes.

8. EXERCISING YOUR RIGHTS

VIXTRA respects your rights as a Personal Data Subject and enables their exercise in accordance with applicable legislation.

You have the right to confirm whether VIXTRA processes Personal Data relating to you and to access the Personal Data you have provided or that we maintain about you.

VIXTRA strives to ensure that Personal Data Processing complies with the law and respects the rights and interests of data subjects.

If you have previously granted your consent, you have the right to revoke it and request the deletion of Personal Data whose Processing was authorized by such consent.

You also have the right to request a review of decisions made solely based on automated Processing of Personal Data that affect your interests.

The exercise of the rights described above should be done by contacting atendimento.vixtra@vixtra.com.

9. CONSENT REVOCATION

Consent may be revoked by you at any time through an express request, with all Processing of Personal Data carried out under previously declared consent remaining ratified.

Revoking consent may mean that certain services will no longer be available to you or may be subject to restrictions or limitations.

10. INTERNATIONAL CLIENTS

The server is hosted in the Federative Republic of Brazil. If you access the site from any other country or region with laws governing the collection, use, and disclosure of Personal Data that differ from the laws in force in Brazil, by registering, you expressly agree that Brazilian legislation will apply to the security of your Personal Data.

11. CHANGES TO OUR PRIVACY POLICY

As technology and our services evolve, we will also update our Privacy Policy. Whenever this happens, we will publish the new version, which will indicate the revision date at the beginning.

All modifications will take effect immediately upon publication of the revised Privacy Policy on our Site.

12. CONTACT US

If you have any questions or concerns about this Privacy Policy, or about our Personal Data collection and use practices, you may contact our Data Protection Officer at the following email address:

adamo.morone@vixtra.com