What are Cookies?

Cookies are small encrypted files used by internet pages to record information about users' browsing history, whenever they are set on the websites of CAÁ Group companies. In addition to recording this behavioral information, the Cookie can transmit the stored browsing information between the user's device and the accessed sites. They are stored in internet browser directories.

What are they used for?

Cookies aim to enhance the user experience during the browsing process, whether by saving preferences, enabling authentication functions, or allowing the resumption of an activity from where it was interrupted. It's also possible to use the user's choices to determine which advertisements might be more interesting, thereby reducing the reception of unwanted ads.

What Cookies do we, at Alphasquad, use?

To offer the best browsing experience, we use cookies categorized as NECESSARY, FUNCTIONAL, and ADVERTISING:

• - NECESSARY COOKIES are essential for navigation on our pages, without which we cannot provide services to our customers. They are also crucial for the performance of our platforms.
• - FUNCTIONAL COOKIES enable the storage of navigation data, allowing our platform to remember your choices and preferences. The only information stored is derived from CAÁ Group websites.
• - ADVERTISING COOKIES are used to target ads based on customer behavior on our pages. Through the use of this type of cookie, we can deliver only relevant ads that respect the interests of our customers and the legislation regulating our business.

Cookie Management

All browsers allow the use of cookies and enable users to disable them through the "options" or "preferences" menu. Our customers can revoke consent for the use of cookies at any time through their browser settings. Blocking cookies may interfere with the browsing experience, potentially preventing the use of certain features on our pages, such as saving sessions.

Last Updated: January 18, 2021

The following Privacy Policy is intended for users of the websites and customer service channels of Grupo CAA. Grupo CAA, registered under CNPJ/ME number 03.673.463/0001-02, headquartered at Avenida Paulista, 925, 11th Floor, ZIP code, São Paulo – SP, Brazil, is committed to respecting your privacy and explaining how we treat your personal data when you use the websites available at our various group addresses or when you interact with us through our customer service channels. This Privacy Policy applies to all individuals who in any way interact, access, or use the Website, or who communicate with us through one of Grupo CAA's customer service channels ("Users"), even if Users do not have a registered account with us. "Customer Service Channels" refer to all Grupo CAA channels that offer consumer support services (SAC), including phone support, email, online forms, chat, or other channels that may be offered by Grupo CAA from time to time.

This Privacy Policy does not apply to activities you conduct on platforms other than the Website, even if these platforms or programs are offered by Grupo CAA or on behalf of Grupo CAA. If you use other platforms, please refer to the privacy policy of those programs or platforms. ALTHOUGH SHARING PERSONAL DATA WITH GRUPO CAA IS A USER'S CHOICE, IT IS A CONDITION FOR USING THE WEBSITE AND FOR US TO PROVIDE SERVICE THROUGH CUSTOMER SERVICE CHANNELS. THEREFORE, WE RECOMMEND THAT THIS PRIVACY POLICY BE READ CAREFULLY. For the purposes of this Privacy Policy, Grupo CAA acts as the controller of Users' personal data.

What personal data do we collect

For the purposes of this Privacy Policy, "Personal Data" refers to information related to an identified or identifiable natural person.

When you use one of the Websites or Customer Service Channels, Grupo CAÁ may collect Personal Data in various ways, including through "cookies" and "IP addresses" from the registration that the User may perform or from the information that the User provides through our Customer Service Channels. The Personal Data we may collect includes:

• - Registration Information: These are the details provided by the User when registering on the Website, such as full name, email address, phone number, address, professional information in documents (resumes).
• - Browsing Information: These are the details collected from Users who browse the Website and electronic Customer Service Channels, including IP address, device information, operating system, date and time of access, network connection type, browser version, preferred language, and behavioral information on the Website. This may also include actions such as clicking on advertisements or third-party links, and reactions to our email messages, such as which email messages were opened and if an email message prompted any action.
• - Other Information Provided by Users: These are additional details voluntarily provided by Users, such as current company name, attachments in emails, inquiries, questions, requests, and complaints submitted through Customer Service Channels. These details may include sensitive data if Users provide them through Customer Service Channels.

When browsing the Website or using any of its features or tools, including electronic Customer Service Channels, a cookie may be sent to the User's device. A cookie is a data fragment that identifies you as a unique User, recognizing, tracking, and storing your browsing information. The Website may place cookies on your device containing a unique identifier used to better understand the use of the Website, enabling Grupo CAÁ to identify which features are preferred by Users (for example, based on the number of visits to these features).

If the User registers and logs into our access areas but has modified their browser or Website settings to not accept cookies, they will need to restart the browser to accept the cookies sent. Otherwise, the User may not have access to certain areas of the Website. To learn more about cookies and how to specify your cookie preferences, please search for "cookie" in the "Help" section of your browser.

In addition to cookies, we may use or authorize the use of other data collection and identification technologies, such as "beacons" (also known as "pixel tags" or "clear gifs"). Beacons are used to help manage and improve our services, systems, advertising, online ads, and other tools. They are small blocks of code inserted into the Website that can collect information about your device, including, for example, device model, operating system, browser version, access time, IP address, and similar information.

We may also include pixel tags in HTML-formatted email messages that we send (or that are sent on our behalf) to determine which email messages were opened and indicate if an email message prompted any action. Users can render these options (if enabled) unusable by rejecting the associated cookies. Third-party websites, content, and websites, as well as affiliates, subcontractors, or commercial partners of Grupo CAÁ, may use their own cookies or beacons, which may not operate under the same terms as this Privacy Policy. Therefore, Grupo CAÁ is not responsible for these websites and contents, nor does it endorse, monitor, validate, or accept how these websites or content storage tools collect, process, and transfer your personal and private information. We recommend that Users consult the respective privacy policies of such sites to adequately inform themselves about the use of their personal information by other websites or tools.

We also collect the Internet Protocol (IP) address, which is a number automatically assigned to your device by your internet service provider whenever you connect to the internet. Grupo CAÁ may use IP addresses to gather anonymous and aggregated information about the number of visitors and usage of the Website.

"Clickstream" or "clickstream data" refers to specific internet pages visited by a User, as well as the way or pattern of traffic through which the User navigates from one page to another.

Clickstream data does not contain or reveal any personally identifiable information about the User, and we do not correlate this data with the personal data you provide to us.

Use of Personal Data

Information actively provided by Users through the Service Channels – including any sensitive data that the User may provide – will be used exclusively for: Addressing demands, inquiries, complaints, or requests from the User; Reporting adverse events or issues related to the safety and quality of our services in accordance with the law and complying with other legal and regulatory obligations that Grupo CAÁ may be subject to; Monitoring and ensuring the quality of our Service Channels; or Ensuring the regular exercise of Grupo CAÁ's rights under contract or in judicial, administrative, or arbitration proceedings, which may include internal audit processes, investigation procedures, and instructions in any judicial, administrative, or arbitration proceedings and protecting the rights and interests of Grupo CAÁ, our affiliates, or third parties.

REGISTRATION AND BROWSING INFORMATION ON THE WEBSITE AND ELECTRONIC SERVICE CHANNELS ARE USED TO:

Diagnose and solve any technical issues with the Website and Service Channels; Characterize users' personal preferences to enhance and develop a better user experience on the Website and Service Channels; Identify and provide informative materials of interest to users; Contact users directly or through Grupo CAÁ's commercial partners and affiliates to communicate changes in the Terms of Use and this Privacy Policy, changes in the Website's or Service Channels' tools and functionalities, as well as the launch of new tools, functionalities, or products, and respond to requests, inquiries, and complaints;

Classify and group user information, consolidate statistical data about users, including defining the composition of the Website and Service Channels user base and server traffic volume, as well as to improve and develop new products and services;

Fulfill legal and regulatory obligations, including reporting adverse events or issues related to the safety and quality of our products to competent authorities, which may include internal audit processes, investigation procedures, and instructions in any judicial, administrative, or arbitration proceedings, and protect the rights and interests of Grupo CAÁ, our affiliates, or third parties. In addition to the above-mentioned Personal Data processing, Grupo CAÁ may use anonymous data to conduct research on users' demographic aspects, interests, and behaviors. User information may be associated with data collected from other individuals to produce anonymous aggregated statistics. Statistical and aggregated data do not include Personal Data.

Sharing of Personal Data

Except as provided in this Privacy Policy, the Personal Data collected will not be provided to third parties, nor will it be exposed to the public, sold, or marketed.

We can share Personal Data under the following circumstances:

With other companies of the CAÁ Group, in Brazil or abroad, for the purposes identified in this Privacy Policy.

With service providers, in Brazil or abroad, who process Personal Data on behalf of the CAÁ Group and in accordance with the CAÁ Group's instructions, for the provision of services such as maintenance and management of customer service channels and provision of infrastructure, among others;

With judicial, police, or administrative authorities, in Brazil or abroad, in compliance with a court order or legal or regulatory obligation.

With third parties in connection with any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or part of our business, assets, or shares (including in bankruptcy or similar proceedings).

Statistical reports created from aggregated data that do not reveal the identity of individuals may also be shared with third parties, such as affiliates, subcontractors, and/or commercial partners of the CAÁ Group.

Consent to Use Data for Exclusive Use by Grupo CAÁ

The General Data Protection Law (LGPD) establishes various situations in which the processing of personal data is allowed regardless of consent. These are known as legal bases for data processing. This means that if you choose to use the Website or the Customer Service Channels, we may collect and process your Personal Data without your consent if there is a legal basis that allows us to do so.

Data Transfer

The personal data we collect may be stored and processed in any country where companies of the CAÁ Group operate or where our service providers are located. The CAÁ Group will take appropriate measures to ensure that international transfers are carried out in accordance with applicable legislation.

Security

We are committed to the security of Personal Data and take precautions to maintain this protection. The CAÁ Group employs security systems commonly adopted by the market to protect your information against unauthorized access, but we do not guarantee that any personal information will not be accessed by unauthorized third parties.

Third-Party Links

As a resource for our users, we may provide links to other websites on the internet. The CAÁ Group is not responsible for these websites and their contents, and we do not endorse, subscribe to, monitor, validate, or accept how these websites or content storage tools collect, process, and transfer your personal and private information. We recommend that you consult the respective privacy policies of such websites to adequately inform yourself about the use of your personal information by other websites or tools.

Retention Period of Data

The CAÁ Group securely stores Personal Data in data centers located in Brazil and abroad, in compliance with applicable legislation and for the period necessary or permitted for the purposes for which the Personal Data was collected, as outlined in this Privacy Policy. The criteria used to determine our retention periods include, but are not limited to: (i) duration of the relationship between the data subject and the CAÁ Group; (ii) any legal or regulatory obligations requiring maintenance; and (iii) applicable statutory limitation periods as provided by law.

Rights of Personal Data Owners

With the enactment of the General Data Protection Law (LGPD), individuals whose Personal Data is processed have the following rights:

• - Confirmation that Personal Data is being processed.
• - Access to Personal Data.
• - Correction of incomplete, inaccurate, or outdated Personal Data.
• - Anonymization, blocking, or deletion of Personal Data considered unnecessary, excessive, or processed in non-compliance with the law.
• - Portability of Personal Data to a third party, provided that this does not affect our industrial and trade secrets.
• - Deletion of Personal Data processed based on consent, to the extent permitted by law.
• - Information about the entities with which Personal Data has been shared.
• - Information about the possibility of refusing consent and the consequences of such refusal.

Revocation of consent

To exercise any of the rights mentioned above, clickhere.

Data of Minors

If the User is under 12 (twelve) years of age, the processing of Personal Data will be carried out with specific and prominent consent given by at least one parent or legal guardian. If a User provides us with Personal Data of individuals under 12 (twelve) years of age, they declare that they have the appropriate authority to do so and can demonstrate this authority to Grupo CAÁ upon request.

Changes to this Privacy Policy

This Privacy Policy may be amended at any time by Grupo CAÁ, at the exclusive discretion of Grupo CAÁ. We recommend that it be reviewed periodically. All changes will be communicated through a prominent notice on the home screen of the Website or any other form of communication with Users.

Incidents

Grupo CAÁ promptly assesses and responds to any incidents that may compromise your Personal Data. If Grupo CAÁ becomes aware of any incident involving the Personal Data of users of the Services, we will notify you and the relevant authorities.

Privacy Committee

Você pode contatar nosso Comitê de Privacidade pelo e-mail [email protected] para esclarecimentos e questionamento sobre a presente Política de Privacidade.