Privacy Policy

PRIVACY AND PERSONAL DATA PROTECTION POLICY FOR ACTUAL AND POTENTIAL CONSUMERS OF TEREOS

Tereos in Brazil (Tereos Açúcar e Energia Brasil S.A., Tereos Amido e Adoçantes do Brasil S.A., Tereos Internacional S.A., Tereos Commodities do Brasil S.A., Usina Vertente S.A., and its subsidiaries), hereinafter referred to as “Tereos,” is strongly committed to protecting your privacy and personal data. To this end, it has established a Privacy and Personal Data Protection Program based on Federal Law No. 13.709/2018 (“General Data Protection Law” or “LGPD”), adopting various internal policies and procedures that define how personal data should be handled throughout its lifecycle, ensuring the privacy and protection of data subjects’ personal data.

In the course of its activities, if necessary, Tereos will process your personal data, either as a Controller (when responsible for decisions regarding data processing) or as a Processor (when processing data on behalf of a Controller), depending on the type of contract linking You and Tereos, according to the legal basis defined by law.

This Privacy Policy (hereinafter referred to as “Policy”) is intended to inform you of the reasons why Tereos needs to process your personal data, how this is done, your rights, and how to exercise them.

TEREOS’ COMMITMENTS REGARDING PRIVACY AND PERSONAL DATA PROTECTION

In order to ensure the highest level of protection for your personal data, Tereos, as a data processing agent, is committed to observing the principles set forth by the LGPD, through the following basic principles in the processing of personal data:

  • Purpose: The processing of personal data must serve legitimate, specific, and informed purposes to the data subject, and further processing incompatible with these purposes is prohibited;
  • Necessity and Adequacy: The processing of personal data must be appropriate to the purpose communicated to the data subject and limited to the data necessary to fulfill this purpose;
  • Free Access: Data subjects must be guaranteed easy and free access to consult the form and duration of the processing, as well as the completeness of their personal data;
  • Quality: Data subjects must be guaranteed the accuracy, clarity, relevance, and updating of their personal data;
  • Security and Prevention: Personal data must be protected against unauthorized access and accidental or unlawful situations of destruction, loss, alteration, communication, or dissemination throughout its entire lifecycle.

1

  • Transparency: Transparency must be ensured for the data subject regarding the processing of their personal data, with clear, precise, and easily accessible information;
  • Non-Discrimination: The processing of personal data must never be carried out for discriminatory, illegal, or abusive purposes; and
  • Accountability and Responsibility: Tereos must store evidence of compliance with personal data processing operations in accordance with applicable legislation, as well as evidence of adherence to the internal rules of this Program.

Internal procedures have been implemented to comply with the principles mentioned, as well as other important provisions of the LGPD. Our relationships with external service providers (third parties) are protected by contracts or other binding documents, so that, if the sharing of your personal data is necessary, we require these providers to process the data in compliance with applicable legislation and with Tereos’ guidelines and policies, ensuring an effective level of security for your personal data.

Most of our services, suppliers, remote applications, and servers needed to process your personal data are located within national territory. However, it may be necessary to transfer your personal data outside of Brazil, primarily to France, where our headquarters are located, in case collaboration is needed to conduct our business, or to suppliers and business partners located abroad.

In such cases, we will ensure that this transfer, if necessary, occurs only through mechanisms that guarantee compliance with principles and the law, as per the provisions of the LGPD, or when authorized by the National Data Protection Authority (ANPD).

YOUR RIGHTS AND HOW TO EXERCISE THEM

Tereos, as a Controller of personal data of representatives, employees, and other persons related to its clients, as well as users of its website and other electronic platforms, respects and guarantees the following rights, which may and should be exercised by data subjects:

  • Confirmation of the existence of processing;
  • Access to personal data;
  • Correction of incomplete, inaccurate, or outdated personal data;
  • Anonymization, blocking, or deletion of unnecessary, excessive, or unlawfully processed personal data;
  • Data portability to another service or product provider upon the express request of the customer and/or user;
  • Deletion of personal data processed with the consent of the customer and/or user.

2

  • Obtain information about the public or private entities with which Tereos shares your personal data;
  • Information about the possibility for the customer and/or user not to provide consent, as well as being informed about the consequences in the event of refusal;
  • Withdrawal of consent, in cases where the processing activity requires your consent. In this case, you may withdraw it at any time by making an express request; and
  • Review of decisions made solely based on automated processing of personal data that affect your interests.

Data subjects also have the right to file a complaint regarding their personal data with the National Data Protection Authority (ANPD). For more information, visit the website: https://www.gov.br/anpd/pt-br

Any request, whether related to exercising your rights or related to this Notice, should be sent by email or registered letter with acknowledgment of receipt, addressed to our Data Protection Officer, who will analyze your request and respond as soon as possible. You can contact them at the following addresses:

  • By email: contatolgpd@tereos.com
  • By mail: Tereos Açúcar e Energia Brasil – Legal and Compliance Department – Data Protection Officer – Rodovia Assis Chateaubriand, KM 155, Zona Rural, CEP 15400-000 – Olimpia, São Paulo.

To process your request, you must:

  • Provide your full name(s);
  • If it is a right of access request, specify the category of data you wish to receive information about;
  • If it is related to another right, specify the reason for your request (which right you want to exercise and the reason);
  • Include a document that proves your identity.

If the request is made by a representative, in addition to the above requirements, you must:

  • Provide a document that proves the representation and the identity of the representative; and
  • Provide a document that proves the identity of the person being represented.

PROCESSING OF PERSONAL DATA CARRIED OUT BY TEREOS’ COMMERCIAL DEPARTMENT

3

Identification and contact information of the data processing agent

Tereos Açúcar e Energia Brasil S.A, Rodovia Assis Chateaubriand, S/N, KM 155, Zona Rural, CEP 15400-000 – Olimpia, São Paulo.

Purpose of processing personal data

We process your data for the following purposes:

  • To send communications, email marketing, and newsletters;
  • To organize contests, sweepstakes, or any promotional operation;
  • To collect and manage people’s opinions about products, services, or content;
  • To manage the customer service (SAC);
  • To generate dashboards for management tracking;
  • To perform navigation statistics using cookies and other trackers;
  • To conduct commercial prospecting activities for customers.

Additionally, personal data may also be used to:

  • Comply with legal or regulatory obligations and Tereos’ internal procedures;
  • Manage the exercise of data subjects’ rights; and
  • Ensure the exercise of our rights, including in judicial, administrative, and arbitration proceedings.

Categories of personal data

For each identified purpose, the categories of personal data processed by Tereos are as follows:

  • To send communications, email marketing, and newsletters: email address and phone number;
  • To organize contests, sweepstakes, or any promotional operation: identification data, CPF, phone number, email address, social media information, scores, participation data, coupon code and photos, establishment where products were purchased, postal address for prize delivery;
  • To collect and manage opinions about products, services, or content: email address, phone number, product in question, product format, message;
  • To manage customer service (SAC): phone number;
  • To perform navigation statistics using cookies and other trackers: IP address, browsing history, website interactions, sociodemographic category;
  • To conduct customer prospecting activities: identification data, customer contact information;
  • To manage the exercise of individuals’ rights: identification data, email address. You may be asked for a copy of your ID to process your request;
  • To declare, exercise, or defend Tereos’ rights: identification data, data necessary for declaration, exercise, or defense of Tereos’ rights.
  1. Categories of Individuals
  • Effective consumers;
  • Potential B2B and B2C consumers;
  • Visitors to the website.
  1. Recipients
  • Partners/Suppliers;
  • Subcontractors of any entity of Tereos;
  • Authorized services responsible for managing consumers’ personal data (e.g., institutional websites, IT services, marketing, communication, advertising agencies, social networks, etc.);
  • Authorized representatives acting on behalf of third parties (e.g., regulatory authorities, auditors, etc.).

PERSONAL DATA PROCESSING CARRIED OUT BY TEREOS’ LOGISTICS AND TRANSPORT AREAS

  1. Purpose of Personal Data Processing

We process your data for the following purposes:

  • Storing finished products in the distribution center;
  • Controlling fleets;
  • Dispatching products to customers;
  • Generating transport requests;
  • Managing contracts and deliveries, collections of finished products or raw materials on demand;
  • Managing CTEs for payment;
  • Handling notification of fines;
  • Sending communications, email marketing, and newsletters.

Additionally, personal data may also be used to:

  • Comply with legal or regulatory obligations and Tereos’ internal procedures;
  • Manage the exercise of rights of personal data subjects; and
  • Ensure the exercise of our rights, including in judicial, administrative, and arbitration proceedings.

Categories of Personal Data

For each identified purpose, the categories of personal data processed by Tereos are as follows:

  • Storing finished products in the distribution center: badge number;
  • Controlling fleets: full name, registration number, unit, department, period, and purpose of use;
  • Dispatching products to customers: customer name, ID, driver’s license, CPF (Brazilian individual taxpayer registry), address, and phone number; loader badge number; customer name and address;
  • Managing contracts and deliveries, collections of finished products or raw materials on demand: name, email, CPF, ID, work permit, phone number;
  • Managing CTEs for payment: name, phone number, email, banking information;
  • Selecting carriers for new routes: customer name and address;
  • Handling notifications of fines: full name, registration number, unit, department, vehicle license plate, vehicle purpose of use, work period; name, access code, signature;
  • Sending communications, email marketing, and newsletters: email address and phone number.

Categories of Persons

  • Drivers (employees or third parties);
  • Employees in the logistics area;
  • Third parties contracted by the logistics area;
  • Visitors to the website.

Recipients

  • Partners/Suppliers;
  • Subcontractors of any Tereos entity;

Authorized Persons on Behalf of Third Parties (e.g., regulatory authorities, auditors, etc.)

Legal Bases

The authorizing hypotheses, or simply legal bases, are the legal justifications for processing personal data. The LGPD (General Data Protection Law) expressly lists these hypotheses, which are basically separated by the classification of personal data as sensitive or non-sensitive.

For better understanding, sensitive personal data refers to data related to:

  • Racial or ethnic origin;
  • Religious belief;
  • Political opinion;
  • Union membership;
  • Organization of a religious, philosophical, or political nature;
  • Health or sexual life; and
  • Genetic or biometric data.

All data processing activities carried out by Tereos are based on one of these hypotheses. Below are the main authorizing bases for the processing of personal data by Tereos:

  • Compliance with Legal or Regulatory Obligation: Existence of a law, regulation, judicial decision, or current regulation, making the processing mandatory (and not optional);
  • Execution of Contract or Preliminary Procedures: When processing is necessary for the execution of a contract or preliminary procedures related to a contract in which the data subject is a party;
  • Regular Exercise of Rights: For the regular exercise of rights in a judicial, administrative, or arbitration process, whether pending or future, and, in the case of sensitive data, also regarding a contract;
  • Protection of Life or Physical Safety: To ensure the protection of life or physical safety of the data subject or third parties when in imminent danger;
  • Credit Protection: To ensure credit protection, in accordance with applicable legislation (such as the Positive Registration Law and the Consumer Protection Code);
  • Legitimate Interest: To ensure the continuity of economic activity/operation of the data processors, provided that the data subject has expectations regarding the activity itself; and
  • Consent: May be used to justify any processing activity, provided it is free, informed, and unequivocal. However, processing based solely on consent is limited to the will of the data subject, who may revoke it at any time.

Storage Period

Your personal data will be stored for as long as necessary to fulfill the purposes described in this Notice. The information processed by Tereos will be deleted when it is no longer necessary for the purposes for which it was collected, as determined by the group itself, except in cases where there is a need to comply with a legal or regulatory obligation, transfer to a third party for exclusive use, or for the exercise of rights in judicial or administrative processes.

Security

The security of personal data is a priority for Tereos. We will make our best efforts to implement technical and organizational measures to protect personal data, considering the issues and risks associated with its processing. We provide training to our employees on personal data protection, and they are subject to confidentiality obligations. Our websites are subject to technical protection, and communication with your computer is encrypted through an HTTPS (TLS) flow.

Personal data will be stored according to strict security standards, including measures such as: (i) protection against unauthorized access to your systems; (ii) restricted access of specific individuals to the location where personal information is stored; (iii) ensuring that agents, employees, internal service providers, and external partners who process personal data commit to maintaining absolute confidentiality of the information, adopting best practices for handling this data, as determined by corporate policies and procedures; (iv) training employees on the importance of information security and personal data protection; and (v) encrypting communication with your computer via HTTPS (TLS) flow and technical protection of our websites.

Contact

In addition to exercising your rights as a data subject, you can also direct any questions to our Data Protection Officer via email at contatolgpd@tereos.com.

Update

The information provided here may be updated or changed to reflect the reality of our operations. Therefore, we advise you to periodically consult this Policy. Our website will always maintain the most up-to-date version.