Noronha Group understands that the personal data and electronic records left by you, the user ("Owner"), when you interact with Noronha Group's systems and websites, in person, by telephone, or when you use the websites, systems and pages of the companies that make up Noronha Group ("Pages"), are sensitive and relevant.

This Privacy Policy ("Policy") describes in a simple, transparent and objective manner what data and information will be obtained from the Data Subject ("Data"), as well as how this Data is used and protected.

The Policy applies to all Pages and covers all products offered.

The principles of adequacy, purpose, free access, non-discrimination, necessity, prevention, data quality, security, transparency, consent and all other principles defined in applicable legislation apply to the Policy.

1. Acceptance by the Holder and changes to the Policy

Acceptance of this Policy will take place when the Owner accesses the Pages or the physical or telephone service.

Noronha Group reserves the right to change this Privacy Policy at any time, without prior notice to the Owner. It is up to the Owner to reread this Policy in the event of any modification, according to the update date indicated at the end of this document.

2. Data collected

The information that may be provided by the Holder includes, but is not limited to, (i) name; (ii) e-mail addresses; (iii) mailing address; (iv) telephone number; (v) bank and/or credit card information; (vi) National Driver's License information; (vii) social media account information; (viii) public profile information; (ix) personal documents provided; and (x) information about third parties, such as relatives, main/additional drivers, partners, legal representatives.

Noronha Group also obtains Data automatically from the Data Subject, through the use of "cookies" and other similar technologies, in order to guarantee the best user experience, as well as for statistical analysis of trends, administration of web pages and media, tracking of user behavior in the environment of Noronha Group portals, Managed Platforms and similar.

More specifically, technologies with potential use by Noronha Group include, but are not limited to: (i) browser cookies; (ii) web beacons; (iii) tracking pixels; (iv) Internet Protocol (IP); (v) browser type; (vi) Internet Service Provider (ISP); (vii) referring/exit page; (viii) files accessed on the Noronha Group Portal/applications (HTML and graphics, for example); (ix) operating systems; (x) date/time stamp; and (xi) clickstream data to analyze trends on the Noronha Group Portal and Managed Platforms.

The Owner is guaranteed control over the use of cookies through the configuration of the Browser, being aware that, in the event of deactivation, the use of certain features and functions of the Pages may be limited.

3. Use and Treatment of Data

The Data will be used for the exact purpose for which it was collected, i.e. the establishment of a contractual relationship or the management, administration and improvement of the Pages, in order to better serve the Data Subject.

By means of this Privacy Policy, Noronha Group is authorized to send marketing e-mails, advertising material through websites, applications, social media for business, messaging services, surveys, as well as any direct or indirect marketing to Data Subjects. The information sent to Data Subjects may be of interest to them, such as product offers and/or the latest news relating to Noronha Group's core business .

In the event of opposition to receipt, the Data Subject may request, at any time and free of charge, the cancellation of his/her registration and/or the forgetting of the data stored in the Noronha Group environment.

4. Data Sharing

Noronha Group may share the Owner's information with the following recipients: (i) service providers for Noronha Group, responsible for assisting in the provision of services and making Noronha Group products available; (ii) partners involved in commercial relations with Noronha Group, for the development of activities, as well as for advertising purposes; and (iii) public administration, in the event of a legal or judicial obligation, for the protection of rights, fulfillment of duties, guarantee of customer security, investigation of fraud and/or responses to public inquiries.

In the event of an international transfer of Data, Noronha Group undertakes to comply with one of the following hypotheses: (i) that the recipient is in a country that ensures a level of Data protection at least comparable to Brazilian legislation; (ii) when the transfer is necessary for international judicial cooperation between public intelligence and investigation bodies, in accordance with the instruments of international law; (iii) when the transfer is necessary for the protection of the life or physical safety of the Data Subject or third parties; (iv) when the competent body authorizes the transfer; and (v) when the Data Subject has provided his/her consent to the transfer, under the terms of this Privacy Policy.

5. Data Security

Noronha Group processes and stores the Data Subject's Data provided or collected in a secure manner, through the adoption of technical, administrative and organizational security practices and measures, all of which are suitable for its full protection, according to criteria defined by the best market standards and applicable legislation.

Data security aims to protect data against accidental or unlawful destruction, loss, alteration, communication or any form of inappropriate or unlawful processing, as well as discriminatory processing of information.

Our commitment to the proper treatment of internal information, clients and the general public is based on the following principles:

• Confidentiality: so that access to information is obtained only by authorized persons and when it is really necessary;
• Availability: so that authorized persons have access to the information whenever necessary;
• Integrity: with the accuracy and completeness of the information and its respective processing methods, as well as transparency in dealing with those involved.

Noronha Group undertakes to inform the Data Subject and the data protection bodies of any security incident that may cause significant risk or damage to the Data Subject.

6. Data Transparency and Data Subject Rights

Data will be retained for as long as it is necessary to fulfill the purpose for which it was collected, or for the periods provided for by law or specific regulations.

The Data Subject may, at any time, (i) access the Data; (ii) rectify incomplete, inaccurate or outdated Data; (iii) request the anonymization, blocking or deletion of unnecessary, excessive Data or Data processed in breach of this Privacy Policy; (iv) request the transmission of Data to another service or product provider; (v) request the deletion of Data; and (vi) request the application of consumer protection rules to protect their Data, where applicable.

7. Third-party websites and services

The Noronha Group portals and the Platforms managed by Noronha Group may contain links to third party websites and applications. If the Data Subject uses these, information may be collected, processed and shared by third parties not linked to Noronha Group, and Noronha Group is not responsible for the content or privacy practices of third parties.

Last updated on December 5, 2020.