Privacy Policies

METALURGICA RIOSULENSE S.A. (“RIO”), legal entity of private law, with address at Rua Emílio Adami, 700, Barra do Trombudo, in the city of Rio do Sul/SC, enrolled in the CNPJ under the number 85.778.074/0001-06, under the number 85.778.074/0001-06, establishes, below, the Privacy, Cookies and Treatment of Personal Data policies, in order to clarify the rights, obligations and responsibilities of its Users.

This policy complies with Federal Law No. 13,709 of 2018 and meets the principles of purpose, necessity, transparency, security, prevention, non-discrimination, data quality, adequacy, free access and accountability, as well as meeting all the provisions of the General Data Protection Regulation 2016/679 (GDPR), issued by the European Parliament and Council of the European Union.

As a condition for access and use of these services and exclusive RIO features, you declare to be over 18 (eighteen) years old, that you have read this document completely and attentively, being fully aware, thus conferring your free and express consent to the terms stipulated herein.

1. GENERAL INFORMATION ABOUT THE PROVISION OF YOUR DATA TO RIO.
   1.1 RIO makes available to users in general the site https://rio.expert (SITE), to provide corporate, product and market information to the public.
   1.2 For navigation and general use of the SITE, it is not necessary for the User to identify him or herself. However, to enable the provision of some services through the SITE, such as quotation and download services, it is necessary that the User provides some data to RIO.
   1.3 All information collected will be stored in RIO’s database and data center provider companies, as described in this document. All storage is done in servers containing the most modern security systems of national and international standards.
   1.4 For the purposes of this Privacy Statement, the words and capitalized terms that are not determined herein shall have the definitions established in the General Personal Data Protection Law (LGPD) – Law 13.79/2018.
2. REGARDING THE DATA COLLECTED, FORM, TREATMENT AND PURPOSE
   2.1 According to clause 1.2 of this Policy, some features and services of the SITE require the provision of personal data by the USER in order to make them possible, as shown below:
   – Online Quotation: In order to attend your quotation request regarding our products and services, RIO collects your full name, identification document (CPF or CNPJ), telephone number, e-mail, State, City, business segment and the goods requested. This information has the purpose of identifying you, as well as to allow RIO to contact you to attend your request, besides serving to identify the RIO’s unit nearest to you. These data are stored for an indefinite period and without any disposal, having in mind the possibility of new requests. The USER may, at any time, request the unsubscription and the revocation of the authorization of use, simply by using the link available in the e-mails received or by accessing the form in the LINK.
   2.2 Download of contents: RIO, always aiming to inform and contribute to the improvement and professional updating of its customers and partners, makes available on its SITE the download of various informative materials, such as catalogs, articles, folders, comic books, guides, manuals and tables related to its products and services. In order to access and download the contents, we request that USERS provide some data, such as e-mail (for supplying the download link), State, business segment and area of operation. Such data are necessary so that we can identify the preferences of our USERS and thus produce content of their interest and enable communication between RIO and User regarding updates in the content provided. All the data collected are stored for an indefinite period, and the USERS may at any time revoke the authorization, simply by accessing the unsubscribe link in the emails or access this form in the following LINK.
   2.3 Considering RIO’s concern with the privacy and protection of its customers and partners’ data, we take this opportunity to also inform you about the treatment of personal data carried out by the company in activities not necessarily related to the SITE or its Portals, as follows:
   – Sending Notices and Advertising Messages: RIO may send notices and advertising messages to Users registered on its SITE, Portals or customers in general. Such communications and messages may be transmitted using all types of technologies and means of communication available, whether by e-mail, SMS, MMS, direct mailing and others that may be implemented. If in case the user is not interested in receiving the messages mentioned above, he/she may, at any time, revoke the authorization by using the link available in the message itself or by accessing the form in this LINK.
   – Customer Service: To be able to attend the requests related to the Customer Service, RIO may request and treat personal data of the requester, such as name, telephone, e-mail and CPF, depending on the treatment, for communication and sending of material and gifts replacements, among other activities.
   2.4 Personal data is collected when you voluntarily enter or submit when accessing, enjoying and interacting with the features or services made available online and/or in person, by RIO, which includes:

   TYPES OF DATA	PERSONAL DATA	PURPOSE OF DATA USE
   REGISTER DATA	Full Name; E-Mail; CPF; Date of Birth; Gender; Contact Phone; Password; Addresses (Delivery and Billing); Bank Data;	Identification and authentication
   		Comply with the obligations arising from the use of RIO’s services
   		Administer, provide services, credit points, grant discounts, bonuses and other advantages of any relationship programs created and managed by RIO, sell and deliver products acquired through RIO.
   		To inform of news, functionalities, contents and other events relevant to the maintenance of the relationship with the client.
   		To promote the products and services of RIO or of established partnerships.
   		To issue invoices for purchases made at RIO, to make necessary returns.
   		Carry out fraud prevention, credit protection and associated risks, compliance with legal and regulatory obligations.
   		Share with the other COMPANIES of the group.
   DIGITAL IDENTIFICATION DATA	Source IP Address and Logic Port; Records of interactions with RIO; Screens accessed; Device (system version); Geolocation; Apps installed; Session ID; Facebook public data; Purchase profile;	Comply with obligations established by the Marco Civil da Internet and LGPD
   		Identification and authentication
   		Manage, provide the services, assign points, sell and deliver products purchased through RIO
   		Carry out fraud prevention, credit protection and associated risks, compliance with legal and regulatory obligations
   OTHER DATA	Optional surveys and questionnaire responses	Prepare statistical analyses and studies
   	Credit card number and security code	Share with the third-party company responsible for payment processing
   	Data collected in store	Improve your buying experience at RIO. Administer, provide services, assign points, sell, comply with legal and regulatory obligations

   2.5 Many of our services depend on you having a registration with a user account. When you register, we collect your name, e-mail, delivery and billing address, telephone number, CPF, RG, date of birth, gender and other items as listed in the table above. In addition, you can choose not to provide some of the information, but the rest of them will be necessary for the closing and approval stages of the order.
   2.6 The consent you provide for the purposes of data use is collected in an express, individual, clear, specific and legitimate manner.
   2.7 By means of the websitehttp://www.rio.expertyou can change your preferences and consent to the processing of your data, including the cancellation of the subscription for newsletters from RIO, conceding new permissions when applicable and even requesting the exclusion of your data.
   2.8 The data collected and the activities recorded may be shared:
   – With competent judicial, administrative or governmental authorities, whenever there is a legal determination, request, requisition or court order.
   2.9 Besides the data deliberately provided by the user with express consent, RIO can access other visitor data through cookies, which are files stored in the browser that record your session data, by means of the AdOpt tool.
   2.9.1 This system, planned within the concepts of Privacy by Design, informs users clearly and transparently which data is being collected and manages all updated consents, in accordance with LGPD.
   2.9.2 We do not store sensitive user data, only managing the consent. For this purpose, two essential cookie files are used, with a validity of 60 days. These are:
   – AdoptID – generated at the time of access, for new visitors who receive the notice information.
   – AdoptConsent – generated at the time of consent, with the description of the visitor’s choice.
   2.9.3 Regarding the storage, AdOpt uses two types of storage in the visitors’ browser, Cookie and Local Storage, thus reinforcing the record of consents.
   2.9.4 The AdOpt tool records the following information:
   – IP
   – Device (Mobile Phone Model, e.g.).
   – Operating System (Android, IOS, Win)
   2.10 The database formed through the collection of personal data is property and under the responsibility of RIO, and its use, access and sharing, when necessary, will be made within the limits and business purposes described in this Policy.
   2.10.1 You are co-responsible for the confidentiality of your personal data. The sharing of passwords and access data violates this Policy and the Terms of Use of the RIO website.
   2.11 Internally, the personal data collected is only accessed by duly authorized professionals, respecting the principles of proportionality, necessity and relevance to the objectives of our business, in addition to the commitment to confidentiality and preservation of privacy in the terms of this Policy.
   2.12 It is important to highlight that, when using the tools (including WhatsApp) and online platforms of RIO, the USER may be led via link to other portals or platforms that may collect your information and have their own Data Processing Policy.
   2.13 It is the USER’s exclusive responsibility to read the Privacy Policy and Treatment of Personal Data of such digital environments outside of RIO’s environment, being exclusively the user’s responsibility to accept or reject it.
   2.13.1 RIO is not responsible for the Privacy Policy and Treatment of Personal Data nor for the content of any websites, content or services outside the environment of RIO’s systems, even if they are linked to it through digital addresses.

    

3. COOKIES AND OTHER TECHNOLOGIES
   3.1 RIO’s main WEBSITE: rio.expert, the online services made available therein, the e-mail messages and the advertising material may use “cookies” and other technologies, such as pixel tags and web beacons. These technologies help us better understand User behavior, tell us which parts of our site people have visited, facilitate and measure the effectiveness of advertising and web searches. We treat information obtained through cookies and other technologies as non-personal information. However, to the extent that Internet Protocol (IP) addresses or similar identifiers are considered personal information by local law, we will also treat these identifiers as personal information. Similarly, to the extent that non-personal information is combined with personal information, we treat the combined information as personal information for the purposes of this Privacy Statement.
   3.2 The cookies used on our website, to ensure a better experience, are:
   3.2.1 Necessary cookies: These cookies are necessary for the platform to work properly, allow access and navigation. These cookies are essential to access the platform and use its features.
   3.2.2 Performance cookies: These cookies are used to collect statistical information about the use of our website, platform, also called analytical cookies. We use this data for the optimization of the performance of our platforms. The information that may be collected is aggregated and analyzed anonymously.
   3.2.3 Functional cookies: These cookies enable more functionality for visitors to our platforms. These cookies can be set by our external service providers or by our own platform.
   3.2.4 Advertising / tracking cookies: These cookies are set by external advertising partners and are used to create profiles and track data on various websites. If you accept these cookies, we may show our ads on other websites based on your user profile and preferences. These cookies also store data about how many visitors saw or clicked on our ads in order to optimize advertising campaigns.
   3.3 RIO also uses cookies and other technologies for personal information when you use the SITE and remember our online services. Our purpose in such cases is to make your experience more convenient and personalized.
   3.4 As with most websites, we gather some information automatically and store it in log files. This information includes IP addresses, browser type and language, Internet Service Provider (ISP), referring and exit pages, operating system, date and time information and clickstream data. We use all this information to understand and analyze trends, administer the site, learn about the USER behavior on the site and obtain demographic information about our user base in a general way. RIO may also use this information in our marketing and advertising services.
   3.5 Technology service providers may use their own cookies on the services, with our authorization, to provide services to RIO. Such cookies will collect the data of the USER in our properties, for the purposes set out in this Policy.
   3.6 In some of our email messages, we use clickable links such as a “click-through URL” linked to content on the SITE. When users click on one of these URL’s, they are sent to a RD Station web server before they reach the destination page on the site. We keep track of this click-through data to better understand the interest in particular topics and evaluate the effectiveness of the communication with our customers. If you would prefer not to be monitored in this way, do not click on text or image links in the email messages.
   3.7 “Pixel-tags” allow us to send email messages in formats that customers can read and tell us whether or not the email has been opened. We may use this information to reduce or eliminate messages sent to users.
   3.8 At any time, if you no longer wish to receive future contacts via e-mail, simply click on the unsubscribe link (LINK) in the message.
   3.9 In the same way, the user may restrict the use of cookies stored in his/her browser. Note that most browsers accept cookies by default, but on our platforms, you can save the cookie settings according to your permission to use your data. Or if you rather, it is possible to remove or reject cookies through the settings of your browser or device. Here’s how to disable cookies in the main browsers:
   – Internet Explorer
   – Mozilla Firefox
   – Google Chrome
   – Safari
   – Safari iOS
   3.10 IMPORTANT: If you disable cookies or do not consent to the processing of personal data, you may not be able to fully benefit from the features available on the site.
4. REGARDING DATA PROCESSING AGENTS AND SHARING OF PERSONAL DATA
   4.1 The personal data collected, stored or treated, in any way, by reason of the use of the SITE are Controlled by RIO. Thus, RIO shall be consulted by the Holder of the personal data for eventual exercise of the rights provided for in the General Personal Data Protection Law – LGPD.
   4.2 The personal data will not be commercialized, assigned or shared without prior authorization, being used, when not for the fulfillment of the legal and regulatory obligations of RIO, in the same ways described in item 2 of this Declaration.
   4.3 For the purposes set out in paragraph 2 of this Statement, your personal data may be shared with (1) employees of RIO, independent contractors, subsidiaries, affiliates, consultants, service providers and suppliers, when such disclosure enables the entity to perform a business function of professional or technical support for RIO; (2) employees, independent contractors, service providers and suppliers of RIO, with the intention of fulfilling an order for a service or products. In these cases, third parties who have access to personal data, whenever possible, will be considered operators in the processing of personal data, being subject to specific contractual clauses regarding the processing of data, as well as RIO’s internal policies and practices regarding privacy and data protection.
   4.4 Occasionally, personal data may be shared with third party Controllers in addition to those herein indicated, which will only happen after authorization from the User.
5. DATA HOSTED OUTSIDE THE DOMAIN
   5.1 RIO has data stored outside its domain according to contractual provision, for site hosting, security and work purposes, as follows:
   5.2 SAN INTERNET BRASIL LTDA., registered in the CNPJ No. 02.390.594./0001-10, company that hosts the sites Clube Riosulense, RIO and Blog.
   5.3 SERCOMPE COMPUTADORES LTDA., registered in the CNPJ No. 80.348.618/0001-86, a company that provides advisory and consulting services for network, server and backup security.
   5.4 QI NETWORK SOLUÇÕES TECNOLÓGICAS LTDA., registered in the CNPJ No. 08.314.044/0001-06, Google Workspace service provider and all its resources, with a Workspace Enterprise Standard contract.
6. REGARDING THE STORAGE OF PERSONAL DATA AND ACTIVITY LOGS
   6.1The personal data collected and the activity logs are stored in a secure and controlled environment, for the minimum period stipulated according to the table below:

   Personal Data	Storage Period	Legal Basis
   Registration data	5 (five) years after the end of the relation	Art. 12 and 34 of the CDC
   Digital identification data	6 (six) months	Art. 15, Marco Civil da Internet
   Other Data	As long as the relation lasts and there is no request for exclusion or revocation of consent	Art. 9, clause II of the LGPD

   6.2 The data can be deleted before this period if requested by the USER. The data may be kept for a period longer than that provided for in this term, for reasons provided for by law or court decisions, for the purposes of accountability to regulatory bodies, or for other legitimate interests of the COMPANY, duly specified and informed to the data subject. Upon expiry of the term and legal necessity, the data shall be deleted using secure disposal methods or used in an anonymized form for statistical purposes.
   6.3 Due to the ease of access through multiple electronic equipment, RIO may collect specific information from mobile devices that access the RIO website.
   6.4 In addition, we may store some information that we receive automatically every time the client interacts with our site and publications: internet protocol (IP), browser type and pages viewed on our site are some examples of this collection, which is done through cookies that are used to provide a better browsing experience on our site and enable personalized features, such as product recommendations, advertisements and additional information on items of interest to the client, for example. You can disable the saving of cookies in your browser, delete them and manage their use through the browser configuration.
   6.5 The data collected will be stored in our servers located in Brazil, as well as in an environment of use of resources or cloud-based servers (cloud computing), which entails, in the latter case, data transfer or processing outside Brazil, the suppliers are operators the suppliers are operators that have a contract with RIO for the specific purpose and in compliance with the provisions of this Policy.

    

7. VERACITY OF THE INFORMATION
   7.1 The USER guarantees the veracity and exactness of the information and data that he/she provides to RIO, assuming the corresponding responsibility in case of their inaccuracy, as well as committing to keep them updated. RIO assumes no responsibility in case of inaccuracy of the data informed.
   7.2 RIO may, at its sole discretion, suspend and/or cancel the User’s registration, at any time, if it detects any inaccuracy in the information provided by the User, until the inaccuracy is corrected. Such procedure aims to protect the User and optimize the purchase process.
8. RIGHTS OF DATA SUBJECTS
   8.1 You may contact the Data Protection Officer, João Aleixo Cipriani, by e-mail at joao.cipriani@rio.expert.
   8.2 You may request the Data Protection Officer, João, via e-mail at joao.cipriani@rio.expert, to provide the following information:
   – Confirmation of the existence of processing;
   – Access to personal data;
   – Correction of incomplete, inaccurate or outdated data;
   – Anonymization, blocking or elimination of unnecessary, excessive data or data treated in violation of the provisions of this Law;
   – Data portability to another service or product provider, upon express request, in accordance with the ANPD regulations;
   – Revocation of consent and consequent elimination of the personal data processed, except in the cases provided for in art. 16 of the LGPD;
   – Information on public and private entities with which the controller has shared data.
   – Information about the possibility of not providing consent and the consequences of the refusal;
   – Right to object.
   8.3 In addition to this channel, we provide the form at the address (LINK) where the data subject may request the same rights as in the previous item.
   8.4 Through the same channels above, you may also express your opposition and/or revoke consent for the use of your personal data, and
   8.4.1 You can manage what information you wish to provide to RIO when using RIO’s online platforms, however, some data is essential for the processing of orders. When registering or filling in your e-mail address directly at the bottom of the site, you can choose to receive regular promotions by e-mail.
   8.4.2 The sending of electronic messages will occur if you have made purchases at RIO or by your consent and may be deactivated at any time by requesting the unsubscription of your e-mail. You may cancel your registration in the following ways:
   8.5 in order to bring relevance to all our customers, when we send an e-mail with our communication, we receive a notification when they are opened, as long as it is available on the customer’s computer. We emphasize that the e-mails are sent by the domains: contato@rio.expert and marketing@rio.expert.
   8.6 RIO reserves the right to maintain the treatment of data if it has a legal basis for treatment applicable to the specific case, such as, but not limited to, compliance with legal obligation, contract enforcement, legitimate interest, etc.
   8.7 For the purposes of auditing, security, fraud control and preservation of rights, RIO may remain with the registration history and the data of the USERS for a longer period in the hypotheses that the law or regulatory standard so establishes, to perform accountability to the control bodies, or to preserve the rights of RIO or the data subject.
9. EXTERNAL LINKS
   9.1 The SITE may contain links to other sites with their own content and Privacy Policy. Whenever this occurs, the user will be informed.
10. DATA OF THE PERSONAL DATA PROCESSING OFFICER – DPO
    10.1 The Data Protection Officer (DPO), responsible for the protection of personal data, nominated by METALURGICA RIOSULENSE S.A., João Aleixo Cipriani, can be contacted at Rua Emílio Adami, 700, Barra do Trombudo, in the city of Rio do Sul/SC, CEP 89.164-910, or via e-mail joao.cipriani@rio.expert.
    If you have any questions or concerns about this Privacy Policy or the treatment of data, feel free to contact us. Please be advised that we have a dedicated team to respond to your request or query.
11. CLAIM BEFORE THE NATIONAL PERSONAL DATA PROTECTION AUTHORITY – ANPD
    11.1 The National Data Protection Authority – ANPD can be contacted at the following address: https://www.gov.br/anpd/pt-br/canais_atendimento.
12. MODIFICATIONS TO THE PRIVACY POLICY
    12.1 Aiming for continuous improvement, RIO may change this Statement at any time, and the changes will be posted on the SITE for consultation at any time.
    12.2 By using the services of the SITE, the User becomes aware of the terms of this Statement in force on the date of use, and it is up to the User to verify it before each visit to the SITE.
13. APPLICABLE LAW AND JURISDICTION
    13.1 This Privacy Policy and Treatment of Personal Data shall be regulated and interpreted according to the Brazilian legislation, in the Portuguese language, and the Forum of Rio do Sul/SC is elected to settle any dispute involving this document, unless specific personal, territorial or functional competence is provided by the applicable legislation.
    13.2 In the event that any provision of this Privacy Policy and Treatment of Personal Data is deemed illegal or unlawful by a data protection authority, the remaining provisions shall remain in full force and effect.
    13.3 The USER agrees that all communication made by e-mail (to the addresses informed in his/her registration), SMS, instant communication applications or any other physical, virtual and digital form are also valid as documentary evidence, being effective and sufficient for the disclosure of any subject that refers to the services provided by RIO, as well as the conditions of its provision or any other subject addressed therein, except for the expressly diverse provisions provided for in this Policy of Privacy and Treatment of Personal Data.
14. GLOSSARY
    14.1 For the purposes of this document, the following definitions and descriptions shall be considered for its better understanding:
    – Personal Data: information relating to an identified or identifiable natural person;
    – Sensitive Personal Data: personal data concerning racial or ethnic origin, religious conviction, political opinion, membership of a trade union or religious, philosophical or political organization, data concerning health or sex life, genetic or biometric data, when related to a natural person;
    – Officer (Data Protection Officer – DPO): Person designated by RIO to act as a communication channel between the controller, the data subjects and the National Data Protection Authority (ANPD);
    – Cloud Computing: is a service virtualization technology built from the interconnection of more than one server through a common information network (e.g. the Internet), with the purpose of reducing costs and increasing the availability of sustained services.
    – Access Account: Credential needed by a USER in order to use or access the exclusive functionalities of the RIO WEBSITE.
    – Cookies: Small files sent by the systems of RIO website, saved on your devices, which store preferences and little other information, with the purpose of personalizing the navigation of USERS on the SITE, according to their profile.
    – IP: Abbreviation for Internet Protocol. It is an alphanumeric set that identifies the USERS’ devices on the Internet.
    – Logs: Records of the USERS’ activities on the RIO website.
    – Session ID: Identification of the USER session when accessing the RIO WEBSITE.
    – USER: Person who accesses and uses the features offered on the RIO WEBSITE.
    – Only automated decisions: Automated decisions only: These are decisions that have been programmed to work automatically, which affect the USER, without the need for a human operation, based on automated processing of personal data.

Update: 07/16/2021.