Introduction

These terms set out, in a simple, clear, and objective manner, how the CONTROLLER collects personal data, when and how it may be used, as well as electronic records and personal data left by you, hereinafter referred to as DATA SUBJECT, when using the CONTROLLER's SERVICES.

The CONTROLLER values ethics, transparency, and respect. Committed to data protection, this Policy ensures the confidentiality and protection of information provided by employees, clients, partners, and other users.

If you are an employee, supplier, or participate in projects/activities with the CONTROLLER, request the specific privacy notice provided by the responsible department.

Clause One – Definitions

Personal Data

Information relating to an identified or identifiable natural person.

Sensitive Personal Data

Data about racial or ethnic origin, religious beliefs, political opinions, union membership, health data, sexual life, genetic or biometric data, when linked to a natural person.

Anonymized Data

Data relating to the DATA SUBJECT that cannot be identified, considering reasonable technical means available at the time of processing.

Database

Structured set of personal data, in electronic or physical form.

DATA SUBJECT

Natural person to whom the personal data being processed refers.

Controller

Natural or legal person that decides how personal data is processed.

Processor

Natural or legal person who processes data on behalf of the controller.

Data Protection Officer (DPO)

Person designated to act as a channel between controller, DATA SUBJECT, and the National Data Protection Authority (ANPD).

Data Processing Agents

Controller and processor.

Processing

Any operation performed on personal data (collection, storage, transmission, deletion, etc.).

Anonymization

Technical means that make it impossible to link data to an individual.

Consent

Free, informed, and unequivocal manifestation by the DATA SUBJECT for processing personal data for a specific purpose.

Blocking

Temporary suspension of any processing operation.

Deletion

Removal of data or data sets stored in a database.

International Data Transfer

Transfer of personal data to a foreign country or international organization.

Data Sharing

Communication/interconnection of data by public authorities or between private entities with specific authorization.

Impact Report

Documentation describing processing activities that may generate risks and mitigating measures.

Research Entity

Legally constituted entity whose mission includes historical, scientific, technological, or statistical research.

National Authority

Authority responsible for overseeing compliance with LGPD (ANPD).

Clause Two – Data Used

2.1 The CONTROLLER may collect information actively provided by the DATA SUBJECT in contact forms, registration, recruitment, selection, hiring, and/or termination. It also collects information automatically during navigation (e.g., IP with date and time) and operational data necessary for the activity (e.g., receiving invoices).

2.2 Sensitive data may be collected for the protection and security of the DATA SUBJECT, including images from security cameras.

2.3 Types of data processed:

• Provided Personal Data: full name, email, gender, date of birth, city/state, and other information provided by the DATA SUBJECT. Only data necessary for the stated purposes will be used.
• Automatically Collected Data: device characteristics, browser, IP (with date/time), IP origin, clicks, accessed pages, search terms. Technologies such as cookies, pixel tags, and local shared objects may be used.

2.4 Cookies can be disabled in browser settings; however, some site features may not work properly.

2.5 By accessing/using the site, the user declares to be over 18 and fully capable of accepting this Policy and the Consent Terms.

2.6 The DATA SUBJECT may access, update, or request deletion of their data via email: exclusao@livlogistica.com.br. The CONTROLLER will respond within legal deadlines.

2.7 The CONTROLLER processes sensitive data (image and biometrics) based on legal grounds provided by Law No. 13.709/2018 (LGPD).

Clause Three – Data Collection

3.1 For security, resume submission must be exclusively sent to recrutamento@livlogistica.com.br. Other channels are not accepted.

3.2 Data will be stored in a secure repository and used by HR for vacancy analysis. If the profile is not selected, the resume will remain in the database for future vacancies — deletion can be requested via exclusao@livlogistica.com.br.

3.3 Data collected during site access includes approximate location, IP address, device information, browser type, and accessed pages.

3.4 Some data may be collected due to legal/contractual obligations without consent (according to Art. 11, II, "a" of LGPD).

Clause Four – Data Usage

4.1 Personal data is mainly used for contractual management, administration, service provision and improvement, and the DATA SUBJECT’s security.

4.2 In some cases, processing is necessary to enable logistics services, based on purposes and consent when required.

4.3 The CONTROLLER also processes data to comply with legal, judicial, or administrative obligations, including:

• Providing security and protecting rights;
• Preventing illegal activities and fraud;
• Maintaining technical and operational support;
• Protecting property rights and defending in judicial/administrative proceedings.

Clause Five – Data of Minors

5.1 The CONTROLLER requests consent and permission to process data of minors, who must be represented or assisted by legal guardians, according to the law.

Clause Six – Cookies

6.1 The CONTROLLER uses cookies to facilitate page usage, compile information on site use, and improve the DATA SUBJECT’s experience.

6.2 Cookies allow content and advertising personalization, speed up activities, and remember user preferences.

6.3 Examples of use: remembering users, measuring visits, filling forms, and tracking promotions.

6.4 Cookie categories:

• Strictly necessary: essential for site operation.
• Performance: collect anonymous data about visits and sources.
• Functionality: remember preferences and make the experience more functional.
• Advertising and targeting: for ads and campaigns.

6.5 Service providers may use their own cookies with the CONTROLLER’s authorization.

6.6 Most browsers accept cookies by default; blocking cookies may affect functionalities.

6.7 After authorization, a cookie will be stored to remember the DATA SUBJECT in future sessions.

6.8 The DATA SUBJECT can revoke consent for cookies by deleting them via browser settings.

6.9 If the DATA SUBJECT does not accept some cookies, certain services may not function ideally.

Clause Seven – Data Protection

7.1 The CONTROLLER uses reasonable market measures to preserve personal data privacy.

7.2 Adopts practices and technologies aligned with technical and regulatory standards, such as:

• Data encryption and anonymization;
• Protection against unauthorized access;
• Restricted access by qualified personnel;
• Commitment to confidentiality by those who access data;
• Maintaining access inventory and connection logs.

7.3 The CONTROLLER maintains a continuously reviewed privacy governance program.

7.4 Despite efforts, no transmission is completely secure; the CONTROLLER does not guarantee absolute inviolability.

7.5 The DATA SUBJECT is encouraged to keep passwords and access data confidential.

Clause Eight – Anonymized Data

The CONTROLLER also collects and processes data in an anonymized way, so that it is not possible to identify the individual.

Clause Nine – Data Sharing

9.1 The CONTROLLER does not sell personal data. Sharing with third parties will only occur when necessary and authorized by the LGPD.

9.2 Sharing may occur with:

• Partner companies and suppliers;
• Authorities or competent third parties for protection of interests;
• In corporate transactions (e.g., mergers, acquisitions);
• By court order or administrative authority request.

9.3 Disclosure situations: legal compliance, court order, prevention of illegal activities, cooperation with public authorities, contractual execution, and defense of rights.

9.4 Sharing follows security and confidentiality standards and may generate civil/criminal liability in case of misuse.

9.5 Data will be shared according to this policy, terms of use, and applicable legislation.

Clause Ten – Third Parties and Partners

10.1 Sharing with third parties occurs as long as they follow security and confidentiality standards.

10.2 For commercial actions or promotions, sharing depends on the DATA SUBJECT’s consent.

10.3 The CONTROLLER may conduct surveys and polls with partners to improve services.

10.4 Sharing with related companies to identify products/services of interest and personalize experiences.

10.5 Sharing with cloud providers, hosting, and technical support; these third parties may be in Brazil or abroad.

10.6 Sharing with technical support providers for processing and assistance.

10.7 Sharing with marketing providers (email, SMS, push, WhatsApp) for communication and promotion.

10.8 Sharing with financial institutions and payment methods when the DATA SUBJECT contracts paid services.

10.9 Sharing with data and credit analysis partners to complete/verify information.

10.10 Sharing with government authorities to comply with legal and administrative determinations.

10.11 Sharing with security and fraud prevention entities to fulfill contractual obligations and prevent illegal activities.

10.12 Data may be collected on CONTROLLER or third-party properties, following each company’s policies.

10.13 Partners using tags/pixels may track the DATA SUBJECT’s activities for measurement and personalization.

Clause Eleven – Data Security

11.1 The CONTROLLER implements security controls aligned with market standards.

11.2 Measures include physical and logical asset protection, encrypted communications, access management, secure development, and internal compliance policies.

11.3 The CONTROLLER continuously monitors and reviews threat contexts and has teams ready for incident response.

11.4 Despite measures, full invulnerability cannot be guaranteed; the CONTROLLER has detection and response procedures.

Clause Twelve – Data Retention

12.1 Data will be stored until deletion request or for the period necessary to provide the service, respecting prescription rules (consumer, commercial, and labor relationships).

12.2 Data will be automatically deleted when no longer useful, unless legal authorization exists for maintenance.

12.3 Information may be retained to comply with legal obligations, transfer to third parties, or exclusive use by the CONTROLLER for exercising rights in judicial/administrative proceedings.

12.4 Data may be maintained after deletion request if necessary to comply with legal requirements, defend in legal proceedings, combat fraud, and guarantee contracts.

Clause Thirteen – Data Subject Rights

13.1 In compliance with the law, the CONTROLLER guarantees the DATA SUBJECT the ability to submit requests regarding their rights.

13.2 DATA SUBJECT rights include:

• Access and correct incomplete, inaccurate, or outdated data;
• Request deletion of data (subject to legal exceptions);
• Receive data in a simplified format (download option).

13.3 To exercise rights, the DATA SUBJECT may submit a request to the Data Protection Officer via email: erica@livlogistica.com.br.

13.4 The CONTROLLER will make efforts to respond as quickly as possible; complexity may delay response.

13.5 Requests may be rejected for formal or legal reasons.

Clause Fourteen – Transfer, Storage, and Processing

14.1 Data may be transferred, stored, and processed in Brazil and abroad, following security and confidentiality measures.

14.2 The DATA SUBJECT consents that data may be processed in Brazil or abroad by the CONTROLLER or partners.

14.3 The CONTROLLER will adopt technical and organizational measures to ensure an adequate level of protection in transfer or storage.

Clause Fifteen – Changes to the Privacy Policy

15.1 The DATA SUBJECT will be notified of changes via website, email, SMS, push notifications, WhatsApp, or other available means.

15.2 When changes are published, the CONTROLLER will update the date of the last modification.

Clause Sixteen – Jurisdiction

16.1 This Policy is governed by the laws of the Federative Republic of Brazil, especially Law No. 13.709/2018 (LGPD). The jurisdiction of Varginha/MG is elected for resolving disputes arising from this document.

16.2 This Policy may be updated at any time with notice on the website.