LIV LOGÍSTICA ARMAZÉNS GERAIS LTDA, registered under CNPJ No. 21.977.425/0001-25, with MG State Registration No. 002518650.00-54, located at Rod. BR-491 VARGINHA-TRÊS CORAÇÕES, KM 16 – Rezende, in Varginha, state of Minas Gerais, Brazil, hereinafter referred to as CONTROLLER.

In these terms, to regulate, in a simple, clear, and objective manner, which personal data shall be obtained and when and how said data can be used, as well as the electronic records and personal data provided by you, referred to as HOLDER, in the use of various data in CONTROLLER SERVICES according to this this Privacy Policy.

The CONTROLLER values the principles of ethics, transparency, and respect in all its institutional relationships, used, mainly, with social responsibility towards its employees and customers.

The CONTROLLER is committed to the protection of data and personal information shared with us, this Privacy Policy ensures protection and confidentiality of information provided by employees, customers, partners, and other users and encompasses, in a basic way, how this data is processed.

Being an employee or supplier and/or participating in any specific project or activity with the CONTROLLER, you must request the respective privacy policy issued by the same or the person responsible for contracting you at the company, so as to be provided with the applicable terms and informed about consent and rights regarding the sharing of your data.

This Policy applies to services related to the CONTROLLER’s activities, understood as storage and reprocessing of coffee for the domestic and export markets, as well as unloading and loading for this purpose, according to the client’s demand.

All processing and handling of personal data is carried out in accordance with applicable legal bases, principles and all current privacy and data protection laws.

First Clause – Definitions

1.1 First, terms are defined as:

1. Personal Data: information related to an identified or identifiable natural person;

2. Sensitive Personal Data: personal data about racial or ethnic origin, religious conviction, political opinion, union philosophical, political or religious affiliation, data referring to health or sexual life, genetic or biometric data, when linked to a natural person;

3. Anonymized data: data relating to the HOLDER that cannot be identified, considering the use of reasonable and available technical means at the time of processing;

4. Database: structured set of personal data, established in one or several places, in digital or physical form;

5. HOLDER: natural person to whom the personal data that are subject to processing refer;

6. Controller: a person, natural or legal, public or private, responsible for decisions regarding the processing of personal data;

7. Operator: a person, natural or legal, public or private, who processes personal data on behalf of the controller;

8. Person in charge (DPO): person appointed by the controller and operator to act as a communication channel between the controller, the DATA HOLDERS and the National Data Protection Authority (ANPD);

9. Processing Agents: the controller and the operator;

10. Treatment: all operations carried out with personal data, such as those related to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, diffusion or extraction;

11. Anonymization: use of reasonable technical means available at the time of treatment, through which data loses the possibility of association, directly or indirectly, with an individual;

12. Consent: free, informed and unequivocal statement by which the HOLDER agreeing to the processing of his/her personal data for a specific purpose;

13. Impediment: temporary suspension of any processing operation, through safeguarding of personal data or of the database;

14. Elimination: removal of data or a set of data stored in a database, independent of the procedure used;

15. International Data Transfer: transfer of personal data to a foreign country or international organization which the country is a member;

16. Shared Data Use: communication, dissemination, international transfer, interconnection of personal data or shared treatment of personal databases by public organization and entities in compliance with their legal competences, or between these and private entities, reciprocally, with specific authorization, for one or more treatment modalities permitted by these public entities, or between private entities;

17. Personal Data Protection Impact Report: documentation from the controller that contains the description of the processes of using personal data that may pose risks to civil liberties and fundamental rights, as well as measures, safeguards and risk mitigation mechanisms;

18. Research Agency: agency or entity of direct or indirect public administration or non-profit private legal entity legally constituted under Brazilian law, with headquarters and jurisdiction in the country, which includes in its institutional mission or in its social or statutory objective the basic or applied study of a historical, scientific, technological, or statistical nature; and

19. National Authority: public administration agency responsible for ensuring, implementing, and supervising compliance with the LGPD throughout the Brazil (ANPD).

Second Clause – Data Used

2.1 The CONTROLLER may collect the information actively entered by the HOLDER at the time of contact or registration, recruiting, selecting, hiring and/or dismissing employees. Also, information automatically collected when browsing our portal and network, such as, for example, IP with date and time of connection, among others, as well as: data collected for the purpose of operationalizing the activities of the holder company (invoices, bills of lading, etc.).

2.2 Sensitive data may also be collected for HOLDER’s security protection, through image collection by security cameras.

2.3 The processing of personal data is carried out according to their collection:

1. Personal Data Provided by the HOLDER: the CONTROLLER collects all personal data entered or actively forwarded by the HOLDER when contacting or accessing the company’s portals, such as: full name, email, gender, date of birth, city and state when filling out forms regarding the HOLDER’s services. Regardless of which data the HOLDER actively provides to the CONTROLLER, only those that are effectively relevant and necessary to achieve the purposes declared to it, on a case-by-case basis, shall be used.

2. Automatically Collected Data: the CONTROLLER may also collect information automatically, such as: access device characteristics, browser, IP (with date and time), IP origin, information on clicks, pages accessed, search terms typed in our portals, among others. For such collection, some standard technologies will be used, such as: cookies, pixel tags, beacons, and local shared objects, which are used for the purpose of improving the HOLDER’s browsing experience in services, according to habits and preferences.

2.4 It shall be possible to disable, through internet browser settings, the automatic collection of information through some technologies, such as cookies and caches, as well as on our own website. However, the HOLDER must be aware that, if these technologies are disabled, some features offered by the website, which depend on the processing of such data, may not work correctly.

2.5 By accessing and using the website, the user declares to be of legal age, that is, over 18 (eighteen) years old and to have full capacity to accept the terms and conditions of this Privacy Policy and the Consent Term.

2.6 The HOLDER may access, update, and complement his data, as well as request the removal of his data collected by the CONTROLLER, via e-mail: exclusao@livlogistica.com.br. And the CONTROLLER reinforces that it shall respond in the shortest possible time, respecting storage periods established by law.

2.7 The CONTROLLER treats, for specific purposes set forth herein, data considered sensitive by Law No. 13,709/2018, understood as those related to image and biometrics, being certain that it carries out such treatment based on legal foundations previously authorized by current law.

Third Clause – Data Collection

3.1 In order to guarantee the security of your data, sending your curriculum vitae is done exclusively via email to recrutamento@livlogistica.com.br, under no circumstances will any other type of submission channel be accepted.

3.2 The CONTROLLER emphasizes that its data shall be stored in a secure repository and shall only be used by the company’s Human Resources department for analysis and classification in the respective job opportunities. It also informs that after interviews, if your profile is not selected, your CV shall be stored in our database for future opportunities. By registering your CV, you agree to this storage, and you have the right to request its removal at any time, by sending an email to exclusao@livlogistica.com.br, and we shall do so immediately.  

3.3 Data collected from your access to the website includes: your approximate location; your IP address; information from your access device; your internet connection information; your browser, pages and content you access on our services.

3.4 Some data, to comply with the legal and contractual obligation, are collected physically and/or digitally, without need of HOLDER’s consent, in accordance with Art. 11, item II, letter a of the LGPD.

Forth Clause – Data Use

4.1 The personal data processed by CONTROLLER has as their predominant purpose the establishment of a contractual bond or the management, administration, provision, expansion and improvement of HOLDER services and security.

4.2 The CONTROLLER, in some cases, treats personal data that are collected to enable logistics services provision, respecting the purposes set forth herein and/or consent of the HOLDER, whenever required by law.

4.3 The CONTROLLER, in some cases, may also process personal data when necessary for the fulfillment of legal or regulatory obligations, whether judicial or administrative, and letters from competent authorities, such as:

1. To provide security and protect rights;

2. To prevent illegal, fraudulent and suspicious activities and to provide technical and operational support;

3. To provide technical and operational support and ensure service security and functionality;

4. To prevent illegal, fraudulent or suspicious activities that may cause damage to the CONTROLLER or third parties;

5. To prevent technical or security problems;

6. To protect our rights and property, including from intrusion and hacking;

7. To protect proprietary rights of third parties who use our services;

8. To take legal, judicial and administrative measures to defend rights of employees or third parties, including in any judicial or administrative proceeding.

Fifth Clause – Data Processing of Minors

5.1 Focused on protecting minors’ data and privacy, the CONTROLLER requests consent and permission to process and handle such data and must be represented or assisted by legal guardians, as provided by law.

Sixth Clause – Use of Cookies

6.1 The CONTROLLER uses cookies to facilitate use and better adapt its pages to the HOLDER’s interests and needs, as well as to compile information about the use of its sites and services, helping to improve its structures and contents. They may also be used to accelerate your future activities and experiences on our portal.

6.2 Cookies shall be used to control and store information and enable the CONTROLLER to offer more personalized service, in accordance with users’ characteristics and interests, even enabling the offer of specific content and advertising to each person, benefiting user experience on the Internet in order to recognize, monitor and store your browsing as a user.

6.3 The use of cookies is to:

1. Provide differentiated services, remembering the user and what their browsing habits are, in addition to accessing their registration information at the CONTROLLER;

2. Monitor the process of promotions organized by the CONTROLLER and indicating the user’s score;

3. Measure certain browsing patterns, mapping which areas of the service portals were visited and visiting habits. This information is used to check users’ browsing routine, and thus offer increasingly personalized content and/or services; and

4. Facilitate and optimize the filling of forms. The information contained in each user’s cookies can be used to pre-fill data collection forms available on the Internet.

6.4 There are several categories of Cookies, their names and their functions are below:

1. Strictly necessary: necessary for website operation. They allow you to browse websites and use services and features (for example, security cookies to authenticate users, prevent fraudulent login credentials use, and protect user data from unauthorized third parties);

2. Performance: collect anonymous information and allow determining information, such as number of visitors to a page, how visitors reach the website and accessed pages;

3. Functionality: allow CONTROLLER to remember information about the user’s behavior and preferences, such as, for example, a chosen city. The loss of information stored in a preference cookie may make the website experience less functional, but does not prevent it from working;

4. Advertising and targeting: used for advertising purposes. This is done to deliver advertisements and create advertising campaigns according to a certain public. Through these, it is possible to deliver ads according to the consumption profile on the site.

6.5 Technology service providers may use their own cookies in the services, with our authorization, to provide services to the CONTROLLER. Such cookies may collect your data at their properties for the purposes set out in this policy.

6.6 Most browsers are set to automatically accept cookies. However, it is permissible to change the settings to block cookies or alert you when a cookie is being sent to your device. There are several ways to manage cookies, being possible to create a general block for cookies, block cookies from a specific site and even block third-party cookies in relation to a site. Blocking all cookies will affect functionality as it will not be possible to identify your preferences and recommend relevant content and advertising.

6.7 After the HOLDER authorizes use, when using the CONTROLLER’s pages, a cookie will be stored on the device to remember it in the next session.

6.8 At any time, the HOLDER may revoke consent regarding cookies, deleting them from the pages of CONTROLLER, using the settings of the preferred browser.

6.9 The CONTROLLER informs that, if the HOLDER does not accept some cookies from its pages, certain services may not work optimally.

Seventh Clause – Data Protection

7.1 The CONTROLLER uses reasonable and legally required market means to preserve the privacy of the personal data it collects.

7.2 The CONTROLLER uses practices and technologies with technical and regulatory business standards, as well as controls that are continually revised and improved. Such as:

1. standard industry methods for encrypting and anonymizing collected data;

2. protection against unauthorized access to its systems;

3. access authorization to data only for qualified persons with a specific purpose;

4. Commitment of persons in contact with personal data – must be committed to maintain absolute secrecy. Breach of secrecy shall entail civil liability, as well as liability under Brazilian law;

5. Inventory maintenance indicating time, duration, identity of the employee or person responsible for access, and the object file, based on connection and application access records.

7.3 In addition to technical efforts, the CONTROLLER also uses institutional measures aimed at personal data protection, such that it maintains a structure and governance program in privacy applied to its activities, continually updated.

7.4 Although it employs the best efforts to preserve privacy and protect the HOLDER’s data, no information transmission is completely secure, and the CONTROLLER does not fully guarantee that all data it receives or sends are not targets of unauthorized access perpetrated through methods designed to improperly obtain information.

7.5 The CONTROLLER encourages the HOLDER to take appropriate measures to protect himself/herself, such as, for example, keeping confidential all HOLDER names and passwords, ensuring that such information is personal, non-transferable and of their exclusive responsibility.

Eighth Clause – Anonymized Data

1. 1. The CONTROLLER also collects and processes data in an anonymous form, that is, in a way that it is not personally identified.

Ninth Clause – Data Sharing

9.1 The CONTROLLER does not sell, under any circumstances, the personal data collected. Personal data contained in the company’s database may be shared with third parties, only in cases that are necessary, in limited situations authorized by the LGPD and other rules related to personal data protection.

9.2 The CONTROLLER works in partnership with several Brazilian companies. In this way, it may share information collected in these following cases:

1. With partner companies and suppliers, in provision of services to the HOLDER;

2. With authorities, government entities or other competent third parties for the protection of the CONTROLLER’s interests in any type of conflict, including lawsuits and administrative process;

3. In case of transactions and corporate changes involving the CONTROLLER, in which case the information transfer will be necessary for continuation of services;

4. By court order or in response to a request by administrative authorities that have legal competence for its requisition.

9.3 Seeking to follow principle of good faith, personal data will be shared/disclosed in the following situations:

1. compliance with legislation or regulatory standards;

2. court order;

3. measures related to illegal or suspicious activities;

4. cooperation with public entities;

5. execution of contracts;

6. defense against third-party claims;

7. protection of service security/integrity;

8. CONTROLLER’s rights;

9. protection of employees, service providers, customers, and user rights.

9.4 The CONTROLLER may share data with third parties, who follow our security and confidentiality standards, provided their certainty as to responsibility and applicable civil and criminal actions should said data be handled in an erroneous manner and/or distribution and sharing thereof.

9.5 The HOLDER’s data shall be shared with the categories of third parties and/or partners always in accordance with this policy, with the terms of use of respective service (if any) and applicable legislation, for purposes established below.

Tenth Clause – Third Parties and Partners

10.1 The CONTROLLER may share the HOLDER’s data with third parties, provided they follow our security and confidentiality standards.

10.2 They may be shared, in the case of commercial actions, promotions or contests sponsored by other companies or through partnerships with the CONTROLLER, if it has the consent of the HOLDER.

10.3 Satisfaction testing services can be carried out via the CONTROLLER or research partners, and surveys can be carried out to solve problems or evaluate the most appropriate services for the profile to be studied.

10.4 The CONTROLLER may also share with related companies, which are or will be controlled, controlling, affiliated or under common control of the Organization and/or S.A of the CONTROLLER, to:

1. identify products and services from related companies that may be of interest to the HOLDER;

2. create a more personalized profile about the HOLDER with the purpose of helping to personalize the experience in services of related companies;

3. offer advertising based on the interests of the HOLDER;

4. carry out research and analyses to help improve services of related companies, such as recommending programs that may be of interest to the HOLDER; and

5. communicate commercial actions, promotions or contests carried out by related companies and/or the CONTROLLER in partnership with related companies.

10.5 The CONTROLLER may also share with IT technical support companies or service providers in the field, to:

1. provide cloud services for our platform;

2. host services and content; and

3. provide technical and operational support for services. In these circumstances, your data will be stored and processed on third-party platforms, which may be located in Brazil or abroad.

10.6 The CONTROLLER may share data with third parties that provide us with technical support services to provide assistance to users or subscribers. In these circumstances, the data will be processed by such third parties.

10.7 The CONTROLLER may share data with marketing service providers that may offer advertisements relevant to this profile, email marketing, telemarketing, SMS, instant push notification and/or WhatsApp.

10.8 The CONTROLLER may share data with financial institutions, payment providers, payment integrators and credit card companies, in case the HOLDER hires a paid service, credit card number, bank details, data of billing and contact information.

10.9 The CONTROLLER may share data with data and credit analysis partners to confirm and complete the HOLDER’s data, where the data provided to us will be crossed with those that you have shared with data analysis companies, including credit.

10.10 The CONTROLLER may share data with government authorities, which may be police authorities, public entities and/or other government organizations, to:

1. comply with legal, judicial, and administrative determinations and comply with the official orders of competent authorities; and

2. take legal, judicial and administrative measures to defend our rights provided for in this Policy and in the Terms of Use, including in any judicial or administrative proceeding.

10.11 The CONTROLLER may share data with security and fraud prevention entities to:

1. comply with contractual obligations;

2. exercise the terms and conditions of this Policy and/or the Terms of Use and/or subscription agreements which the HOLDER accepts;

3. prevent illegal, fraudulent or suspicious activities;

4. prevent technical or security problems; and

5. report violations and/or protect our rights and property.

10.12 The CONTROLLER may share data with business partners to:

1. improve the CONTROLLER’s services;

2. expand the CONTROLLER’s business;

3. develop new businesses, including businesses involving provision of data complementing services to third parties, in order to facilitate the registration of the HOLDER and improve its experience in products and services of partners.

10.13 The HOLDER’s data may be collected at our or third-party properties and services provided, provided that the Data Policy of each company involved be respected.

10.14 Partners that include tags, pixels, cookies, and other monitoring tools on our properties will be able to monitor activities of the HOLDER on the CONTROLLER’s properties, such as, for example, measuring activities and trends in the use of services, to offer the best user experience services or targeted advertising with adequate exposure frequency.

Eleventh Clause – Data Holder Security

11.1 The CONTROLLER implements security controls to protect HOLDER’s data with practices in line with the market technical and regulatory standards for data security and privacy, with comprehensive actions in technology and organizational processes.

11.2 The CONTROLLER has measures to preserve HOLDER’s data against unauthorized access, use, alteration, disclosure, or destruction, including physical and logical protection of assets, encrypted communications, access management, adherence to secure software development and internal compliance policies that build security into the lifecycle of our services.

11.3 The CONTROLLER continually reviews to monitor and respond to the context of threats on the Internet. Even so, it is not possible to guarantee that the CONTROLLER’s services are completely inviolable, and it has teams prepared to detect and respond promptly, in case an incident occurs that compromises the security of your data or our services.

Twelfth Clause – Collected Information Retention

12.1 Data will be stored until request for removal or in accordance with necessary periods to provide service offered. In the case of a consumption relationship, processed data will be kept in accordance with prescribed rules, as well as for employee data.

12.2 In order to protect HOLDER privacy, personal data processed by the CONTROLLER will be automatically deleted when it is no longer useful for purposes for which they were collected, or when the HOLDER requests removal, except if its maintenance is expressly authorized by law or applicable regulation.

12.3 Information may be kept by the CONTROLLER for the fulfillment of legal or regulatory obligations, transferred to a third party – provided that data processing requirements be respected – and exclusive use of CONTROLLER itself, including for exercise of its rights in judicial or administrative processes.

12.4 The CONTROLLER may also keep HOLDER’s personal data, even after receiving a request for removal, if storage is necessary for compliance with legal obligations, defense in judicial or administrative process, dispute resolution, security maintenance, combating fraud and abuse and guaranteeing compliance with contracts. Data will be deleted according to periods necessary for service provision, documentation, and contracted service proof. In the case of consumer, commercial and labor relations, data processed will be kept in accordance with the prescribed rules provided for in the legislation.

Thirteenth Clause – Holder’s Rights

13.1 In compliance with applicable regulations regarding personal data processing, the CONTROLLER respects and guarantees HOLDER the possibility of submitting requests based on their rights.

13.2 Such HOLDER rights are granted in the following ways:

1. To access data and rectify it when it is incomplete, inaccurate, or out of date. Therefore, the CONTROLLER provides tools and settings so that HOLDER can access, and correct data associated with such records;

2. The HOLDER may request removal of data through cancellation of contract or relationship with the CONTROLLER. After removal, the CONTROLLER may keep data only for a necessary period for purposes of judicial, administrative and arbitration process, for compliance with legal and/or regulatory obligations, for the regular exercise of rights or in anonymized format;

3. The HOLDER has the right to receive his data in a simplified format. For this purpose, the CONTROLLER provides the option to download data linked to him/her.

13.3 Part of these rights may be exercised directly by the HOLDER by sending a request to the Data Protection Officer via e-mail: erica@livlogistica.com.br, for further evaluation and adoption of other measures by CONTROLLER.

13.4 The CONTROLLER shall make every effort to respond to requests in the shortest possible time, however, justifiable factors, such as the complexity of requested action, may delay or prevent its prompt response.

13.5 The CONTROLLER may legally reject, whether for formal and/or legal reasons, the HOLDER’s request.

Fourteenth Clause – Data Storage, Processing and Transfer

14.1 Data can be transferred, stored, and processed in Brazil and abroad, respecting security and confidentiality procedures.

14.2 The HOLDER consents that the data may be transferred, stored, and processed in Brazil or in foreign territory by CONTROLLER or by partners, in accordance with this Policy.

14.3 The CONTROLLER guarantees that it will take technical and organizational security and confidentiality measures to guarantee an adequate level of data protection when transferred, stored, or processed by us or our partners.

Fifteenth Clause – Privacy Policy Changes

15.1 The CONTROLLER guarantees that the HOLDER will always be notified of any changes, through a notice on its own portal, in the services, e-mail, SMS, instant push notification and/or WhatsApp or through other available means.

15.2 When the CONTROLLER publishes changes to the Policy, it will update the date on which the last change was published.

Sixteenth Clause – Jurisdiction

16.1 This Policy shall be governed, interpreted and enforced in accordance by the laws of the Federative Republic of Brazil, especially Law No. 13.709/2018, regardless of the laws of other states or countries. Any disputes arising from this document shall be resolved within the jurisdiction of Varginha/MG.

16.2 This Policy may be updated, at any time, by the CONTROLLER upon notice on the website.

In case of additional questions or requests, please contact our Data Protection Manager via:

e-mail: erica@livlogistica.com.br

phone: +55 (35) 3219-7514