PRIVACY POLICY

SPHERE NEGÓCIOS INTERNACIONAIS LTDA, a legal entity governed by private law, registered with the CNPJ under nº 29.137.523/0001-66, located at Avenida Rio Branco, nº 63, room 402, Centro, Garibaldi/RS, in this act represented for the your partner in the form of the Social Contract , is the CONTROLLER company of the personal data collected, being responsible only for the administration and adequate provision of the electronic services of the Site and social networks, in addition, this policy aims to inform the user's rights and clarify when and how you can exercise them.

1. GENERAL PROVISIONS

This Personal Data Privacy Policy has the general objective of adapting the parent company to the requirements of the General Data Protection Law (LGPD), covering the data collected through the platform (website, social networks ... )

2. PERSONAL DATA COLLECTED

a)Personal data is any information that can be directly or indirectly related to an identified or identifiable natural person (the data subject), that is, the natural person can be identified, for example by means of a name, a number of identification, location data;

b) data may be collected from a variety of sources, such as:

- Personal data provided directly;

- Personal data collected automatically, and

- Personal data collected from other sources.

c) The parent company may also associate this data with other information to improve our products, services, content and advertising.

3. DATA AND INFORMATION COLLECTION

The data and information will be obtained when the User:

a) Access the http://spherebrazil.com.br/ platform and the social networks facebook and instagram.

b) Interact with the various features on the platform, providing information voluntarily; or

c) Get in touch through the available communication channels.

4. STORAGE AND PROTECTION OF DATA AND INFORMATION

SPHERE NEGÓCIOS INTERNACIONAIS LTDA, acting as the controlling company, takes special care to protect all the interests of data subjects, thus ensuring that:

a) all personal data collected is treated in accordance with the law;

b) the collection of personal data will always have specific and legal purposes, not allowing further processing that is not adequate for the stated purpose;

c) all personal data are stored in a way that allows the identification of data subjects; It is,

d) no more personal data will be collected than is strictly necessary to achieve the purpose of the treatment;

e) access to personal data is only permitted between our employees and agents on a need-to-know basis and subject to strict contractual obligations of confidentiality and protection when processed by third parties;

f) data is collected directly for specific purposes, for the shortest possible time, after which measures for definitive elimination will be taken. We will actively review stored personal data and securely delete or anonymize it when the legal, commercial or user obligation to store it ceases.

The aforementioned provisions do not apply to physical treatment activities of the parent company. To ensure greater protection for the data subject, the parent company provides the following technical measures to prevent the collection and modification of personal data sent electronically by unauthorized persons:

a) Protection of the dataset against unauthorized access;

b) Account access only after providing an individual login and password.

5. DATA PROCESSING ON THE PLATFORM

The parent company processes personal data for the following purposes:

legitimate interest linked to the core business of the parent company;

compliance with legal obligations, including tax and accounting regulations;

conduct judicial, arbitration, administrative, judicial, enforcement and mediation proceedings;

document contractual relationships for purposes of evidence for the limitation period of claims related thereto;

carry out direct marketing of services or goods offered, including through email correspondence, with the consent of the holders;

handling of claims arising from rights under warranty

The parent company ensures that all third-party companies involved in the data processing process have assignment contracts, delimiting responsibilities regarding privacy and protection of personal data.

The parent company declares that it has implemented the appropriate technical and organizational measures that guarantee an adequate level of security corresponding to the risk related to the processing of the personal data entrusted to it.

The company's DPO undertakes to regularly verify and update the technical and organizational measures used to provide an adequate level of protection to the personal data entrusted.

The parent company declares that it adopts security in the processing of personal data, introducing the Personal Data Protection Policy, as provided for in art. 50, § 2, paragraph I of the LGPD, and must aim to adapt its procedures for the processing of personal data.

The processing of personal data includes, in particular, the collection, storage, visualization, updating, analysis, archiving and deletion.

Personal data will be stored by the parent company for the following periods:

a) in situations where the legal basis for the processing of personal data is the fulfillment of a contractual obligation, the period specified in the contract will prevail or in situations where there are still obligations to be fulfilled arising from the contract. In this situation, the data may be stored in accordance with the term of the contract;

b) in situations where the legal basis for processing personal data is the legitimate interest of the parent company, personal data will be stored for a period stipulated in the Personal Data Protection Policy and in the Personal Data Retention and Disposal Policy. The parent company guarantees that it will check periodically, at least quarterly, whether the data contained in the storage must be kept in accordance with its legitimate interest or must be deleted/deleted/eliminated.

c) in situations where the legal basis for processing personal data is compliance with a legal obligation, personal data must be maintained as long as the agreed purpose is maintained.

The personal data processed by the provider of electronic services are included in the hypothesis of the need for the execution and fulfillment of the contract of use of the account, since it is a mere provider of the electronic services of the Site. Therefore, it may process the following personal data of customers of the parent company:

> name

> surname

> e-mail

> CPF

> date of birth

> address

> workplace

The company providing the electronic services also processes anonymous data related to the use of the Site (for example, the number of Customers) to generate statistics on the use of the platform. This data is aggregated and anonymous, meaning it does not contain features that identify any data subject.

6. ABOUT COOKIES AND PERFORMANCE DATA

The Service Provider does not process data contained in Cookies when using the Site.

7. ABOUT YOUR RIGHTS AS A DATA HOLDER

The parent company will provide via communication channel, whenever requested, to the data subjects, the following information:

data protection impact report, when requested by the National Data Protection Agency or in situations where there are breaches of information security;

the purposes of processing personal data and the respective legal basis;

the personal data collected or categories of personal data;

about the transfer of data to third parties, especially in situations involving international organizations;

the maximum period of storage of personal data or the criteria that will determine this period; It is,

the consequences in situations where consent is denied by the data subject.

The parent company will always inform the holder of situations in which the personal data is used for a different purpose than the one informed, respecting the requirements of the LGPD.

In situations of revocation of consent, these can be done at any time, as long as they do not affect the treatments already carried out by the parent company.

When asked for information regarding the personal data collected by the holder, the parent company will provide all the information required by the holder, as well as the necessary evidence.

In addition to providing the aforementioned information, the parent company will maintain the communication channel for data subjects to submit suggestions, complaints and denouncements regarding the data processing activity, through the email comercial@spherebrazil.com

If the data subject or the controlling company identifies that the personal data collected is incomplete, they can immediately rectify or complement them on the platform, social networks or through the aforementioned email.

Also, in situations where the holder identifies the need for treatment, he may ask the company controlling the personal data to limit the processing activities, ensuring that only treatments that have the purpose of protecting and maintaining the rights of the holders are carried out.

The parent company will eliminate or delete personal data without request from the holder in situations where:

are no longer needed for the purposes for which they were collected;

no longer have consent, if based on the respective legal basis;

come from improper collection or violations of the protection and privacy of personal data; and, the law, rules or regulations require exclusion.

It should be noted that the obligation for immediate deletion, elimination, restriction and correction of personal data by the parent company will not be valid in situations where the procedure is impossible or requires a disproportionate and significant effort.

Personal data processed by the parent company for direct marketing purposes, the data subject may object at any time to the processing of his personal data for marketing purposes.

The parent company guarantees that in direct marketing activities or any other activity where automatic processing of personal data is carried out, no algorithmic decision will be taken in relation to personal data and their respective holders. All this to ensure the protection of the rights, freedoms and legitimate interests of data subjects.

8. FINAL DISPOSITIONS

n situations where the parent company inserts links to third-party domains and websites, the responsibility for data processing, including the Cookies Policy, will be the third-party owner of the domain or website.

In situations of doubt related to this Policy or not listed here, they must be resolved by the parent company through the following contact: comercial@spherebrazil.com or by the address Avenida Rio Branco, nº 63, sala 402, Centro, Garibaldi/RS.