STRONG CLOUD created this Privacy Notice in order to inform all the procedures necessary to guarantee the security and privacy of the data of our customers, our employees, our business partners and other interested parties that make up the company's operational ecosystem, in compliance with the General Data Protection Law.

By establishing this Privacy Notice, we describe the attitudes that STRONG CLOUD adopts to guarantee the security of your data and respect for your privacy and we also reinforce our commitment to ensuring that you are in control of your personal data.

IMPORTANT DEFINITIONS

Controller: a natural or legal person, under public or private law, responsible for decisions regarding the processing of personal data; the purposes and means of such processing are determined by law, by the data controller or by specific criteria. STRONG CLOUD is the controller of the data provided voluntarily by its customers, suppliers, employees and users of its web platform.

Operator: natural or legal person, under public or private law, that processes personal data on behalf of the controller.

Personal data is defined as: Information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, by information such as a name, an identification number, location data or specific factors such as physical, biological, genetic, mental, economic, cultural or social identity.

Processing means: Any operation carried out with personal data, such as those relating to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or extraction;

Controller or Operator

For situations in which STRONG CLOUD collects data for its own purposes, for the regular exercise of its activities, it is acting as Controller. In this role, the company makes its own or third-party systems, applications or environments available and manages personal data that is necessary for conducting its business.

In situations where the collection occurs as a result of a service contracted and defined by its Customers, STRONG CLOUD acts as an Operator. When acting as an Operator, STRONG CLOUD is responsible for its share of data protection, as agreed with its respective Customer, but it does not have the decision or authority to process data that is not in accordance with the processes and flows agreed with the Customer.

PRINCIPLES

The collection of personal data must respect:

– purpose: processing for legitimate, specific, explicit purposes informed to the data subject, without the possibility of subsequent processing in a manner incompatible with these purposes;

– adequacy: compatibility of the processing with the purposes informed to the data subject, in accordance with the context of the processing;

– necessity: limitation of the processing to the minimum necessary to achieve its purposes, covering relevant, proportionate and non-excessive data in relation to the purposes of the data processing;

– free access: guarantee to data subjects of easy and free consultation on the form and duration of the processing, as well as on the completeness of their personal data;

– data quality: guarantee to data subjects of accuracy, clarity, relevance and updating of the data, in accordance with the need and for fulfilling the purpose of its processing;

– transparency: guarantee to data subjects of clear, precise and easily accessible information on the performance of the processing and the respective processing agents, observing commercial and industrial secrets;

– security: use of technical and administrative measures capable of protecting personal data from unauthorized access and accidental or unlawful destruction, loss, alteration, communication or dissemination;

– prevention: adoption of measures to prevent damage from occurring due to the processing of personal data;

– non-discrimination: impossibility of processing for unlawful or abusive discriminatory purposes;

– accountability and reporting: demonstration, by the agent, of the adoption of effective measures capable of proving compliance with and observance of personal data protection rules, including their effectiveness.

RIGHTS OF THE HOLDER

As defined in the General Data Protection Law, the holder of personal data has the following rights:

Confirmation of the existence of processing: knowing whether or not your data is being processed by STRONG CLOUD , as Controller.

Access to data: if processing is confirmed, the data subject has the right to access the data in a controlled manner, in order to prevent access to their data by others.

Correction of incomplete, inaccurate or outdated data: subject to the limitations required by law for maintaining a history, your data may be corrected. Depending on the processing given to the data, it may be necessary to provide documentation that supports the update, completeness or correction.

Anonymization: Transformation that prevents the identification of the data subject, when this is not necessary.

Limitation of processing: This is the data subject's right to limit the processing of their personal data, which may be obtained when they contest the accuracy of the data, when the processing is unlawful, when STRONG CLOUD no longer needs the data for the proposed purposes and when they have objected to the processing of the data.

Deletion of unnecessary, excessive data or data processed in non-compliance with the LGPD: This is the right to have data deleted, except under the conditions provided for therein.

Data portability: At the time of publication of this policy, it was still pending regulation by the national authority.

Data deletion or right to be forgotten: This represents the right to have your data deleted from STRONG CLOUD systems , except under the conditions provided for therein.

Information about sharing: To be informed about the sharing of your data and with which entity(ies).

Non-consent: When consent is requested for the collection and processing of data, you will be informed of the consequences of not providing it.

Revocation of consent: Revocation may be requested at any time by the express manifestation of the data subject. Revocation does not cancel previously performed processing.

The data subject may exercise his/her rights and also clarify any doubts about this Privacy Notice and obtain the necessary information about the processing of his/her personal data. Our data controller is available through our exclusive communication channels: privacy portal ( www.portaldaprivacidade.com ) or by email [email protected] . All requests will only be met upon proof of your identity.

STRONG CLOUD recognizes all rights granted to the holder by the LGPD.

If STRONG CLOUD is contacted by a data subject seeking to exercise their rights, STRONG CLOUD may, provided it has such information, respond only with information about who is the Controller of such data and processing.

TYPES OF DATA COLLECTED AND PURPOSES

We may collect data necessary to enter into a commercial agreement or partnership, for Contract Execution or preliminary procedures for the execution of contracts, as well as to provide our products, including updating, security and troubleshooting, as well as providing support. This also includes sharing data, when it is necessary, to provide the service or carry out the transactions you request. Exclusively for STRONG CLOUD directors and employees , copies of documents may be requested to comply with Legal or Regulatory Obligations with external entities.

For other purposes involving our Legitimate Interest, Judicial Request, Defense of Rights and Credit Protection, we may process data necessary for the performance of our activities. This data may be processed without your consent. When you are asked for Consent for the collection and processing of data, the information collected and the intended processing will be informed.

If it is necessary to process information for other purposes, we will send you a notification requesting your prior and express consent. If you declare your disapproval, we will not process your data.

As determined by Federal Law 12,965/2014 (Marco Civil da Internet), access records of users of our website will be collected (date, time and IP) and stored for a minimum period of 6 (six) months or 1 (one) year, depending on the type of access performed.

STRONG CLOUD services are intended for users over the age of 18, therefore, we do not knowingly and deliberately collect, use or share information that could reasonably be used to identify individuals under the age of 18. However, if this were to occur, in an extremely exceptional situation, all measures are taken to comply with the provisions of the General Data Protection Law.

STRONG CLOUD collects data from children and adolescents only in Personnel Administration processes, with specific consent from at least one parent or legal guardian.

Collection and processing of personal data without consent

In addition to the hypotheses provided above, we may carry out data processing, eventually, for the Protection of the Life or Physical Safety of the holder or third parties. Eventually, and as the case may be, for the Protection of Health or of the holder or of a third party. The processing may also occur to meet the legitimate interests of STRONG CLOUD , provided that such interest does not violate or harm the fundamental rights and freedoms of the holder.