PRIVACY AND PERSONAL DATA PROCESSING POLICY

M. DIAS BRANCO S.A. INDÚSTRIA E COMÉRCIO DE ALIMENTOS (“We” or M. Dias)

⦁ Headquarters: Rodovia BR 116 – Km 18, in the city of Eusébio, State of Ceará, 
Zip Code 61760-000, CNPJ: 07.206.816/0001-15

The purpose of this Policy is to demonstrate our commitment to safeguarding your privacy and protecting your Personal Data, establishing the rules on the Processing, as well as explaining your rights and how to exercise them. Please read this Policy carefully and, if you still have questions, feel free to contact us through the Service Channels available here.

 

IMPORTANT


 

This policy applies to all brands and businesses of M. Dias Branco.

 

BASIC CONCEPTS

For a better understanding of this Policy, the following definitions should be considered:


Cookies: small files sent to your browser or devices, which store your preferences and other information about how and when our environments are accessed, as well as the number of people who access them.

Personal Data or Data: means the data relating to any individual, which is able to identify them or make them identifiable.

Sensitive Personal Data: means any data on racial or ethnic origin, religious belief, political opinion, union membership or organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data, when linked to the individual.

Data Protection Officer (DPO): person appointed to act as a communication channel between us, the holders of personal data and the National Data Protection Authority (ANPD).

Applicable Law: all laws addressing privacy and protection of Personal Data, particularly Law No. 13.709/2018 (General Law for the Protection of Personal Data – LGPD).

Brands: means the brands belonging to M. Dias Branco, existing or that will exist, among which we can mention Adria, Basilar, Bonsabor, Delicitos, Estrela, Finna, Fortaleza, Isabela, Adorita, Amorela, Puro Sabor, Medalha de Ouro, Pelaggio, Pilar, Piraquê, Richester, Salsitos, Vitarella and Zabet.

Our environments: means the electronic address https://mdiasbranco.com.br/ and its subdomains.

Policy: means this Privacy and Personal Data Handling Policy 

Data Holder: means you, the individual to whom the Personal Data refer, whether as a consumer, website user, investor, service provider, employee.

Handling: any transaction performed with Personal Data, such as those referring to the collection, production, receiving, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, assessment or control of information, modification, communication, transfer, diffusion or extraction.

 

ABOUT DATA WE COLLECT

Who we collect Data: Data may be collected directly from you, by filling out forms, or when you interact with our environments, including those of our Brands. Personal Data may also be collected when we launch promotions.

 
What do we collect?
Why do we collect?

Registration in Management Portal
Person in Charge and Manager

• Full name
• CPF
• Email
• Contact phone number
• For registering you in Management Portal.
• For identifying and validating you.
• For monitoring compliance with applicable laws, to which the service provider is bound, safeguarding our rights.

Mailing registration
Investor Relations

• Full name
• Email
• Company
• Position/Role
• What screens you have accessed
• Sending new information disclosed in our environments, as well as the latest notices to the market and M. Dias Branco’s corporate events.

Donation and Sponsorship Policy Form
Social Initiatives

Name, Position, CPF, ID Card and Home address of the Legal Representative of the Project/Event
• For analysis, approval and formalization of request or proposal for donation or sponsorship.
• For prevention of fraud related to the Donation and Sponsorship Policy.

Send your Resume
Careers

• Full name
• Email
• Contact phone number
• For identifying and validating you.
• For assessing your enrollment to positions and opportunities at M. Dias Branco.

Contact
CS, Financial, Export and Press

• Full name
• Contact phone number
• Email
• CPF
• Zip Code and District
• For interacting with you, including by answering your interactions and requests in our contact channels

Digital Identification Data

• Full name
• Contact phone number
• Email
• CPF
• Zip Code and District
• For identifying and validating you.
• For compliance with legal requirements for storage of records as established by the Brazilian Civil Rights Framework for the Internet – Law No. 12.965/2014.

Ethical Channel (for non-anonymous reporting)

• Name
• Role or relation with the company
• Email
• Phone and Mobile
• Secure and, if desired, anonymous communication channel for conducts considered unethical or that violate the ethical principles and standards of conduct and/or the legislation in force, as well as frauds and/or improprieties related to the accounting system, internal controls and corporate governance

Update and veracity of Data.

You are the sole responsible for the accuracy, veracity or updating of the Data you provide to us. We are not required to handle your Data if there are reasons to believe that such Handling may imply a breach of any applicable law, or if you use our environments for any illegal, unlawful or contrary to morality purposes.

 

Visitation Program.

There is no collection of Personal Data under our visitation program, only data from the Institutions are collected. Even so, if Personal Data of children and adolescents is shared with us, the Public and Private Institutions shall be exclusively responsible for obtaining the appropriate authorizations for such sharing from the legal guardians.

 

Database.

The database built through the collection of Data is our property and is under our responsibility, and its use, access and sharing, when necessary, shall be made within the limits and purposes of the business described in this Policy.

 

Technologies used

We use Cookies in our environments, and you are responsible for setting your internet browser to block them. In this event, some features offered by us may be limited. For more information, visit our Cookies Policy.

 

PERSONAL DATA OF EMPLOYEES

M. Dias Branco processes Personal Data of its employees to comply with legal obligations, as well as for the management of the employment agreement, which includes payroll processing and other procedures required by applicable law.

 
Personal Data of Employees

Registration Data and Contact Information

Full name, home address, personal and corporate e-mail address, telephone, date of birth, gender, number of identification document (RG, CPF, CNH, RNE and/or voter’s registration card) for registration at M. Dias Branco and fulfillment of legal obligation.

Health-related sensitive data

Information contained in medical certificates and prescriptions for absence control and to compensate for absences, as necessary, as well as medical certificates for admission.

Copy of documents

Copy of birth certificate, marriage certificate, proof of military service discharge, proof of education, proof of residence and other professional certificates for registration, as applicable. Copy of employment documents, such as CTPS and PIS, for registration and compliance with legal obligations, in addition to a 3×4 photo of the employee, as well as other documents that may be legally required.

Information included in resume

Professional background, schooling, certificates, languages, among other information, are processed to learn about the professional and academic background, skills, and profile of the Employee.

Information on performance and professional background

Information about your job performance, compensation, and professional background for the purpose of monitoring your performance and managing your employment agreement.

Financial information

Bank account details for managing payments and any refunds.

Information on dependents and related third parties

Spouse and dependent information, such as full name, identification document number (RG and/or CPF) and date of birth, for management of benefits.

Employee image

Endomarketing actions, institutional and corporate use, identification, authentication, security, registering activities, historical files, such as internal events promoted by M. Dias Branco

Biometric Data

Employee’s biometric data to control working hours and access to M. Dias Branco facilities, signature in receipts and documents, such as: Occupational Health Certificate, PPE worksheet, etc.

Conflict of Interest Form

Full name, email, position/role/company. The form also includes questions about holdings in companies and relationships with (i) government agents, (ii) M. Dias’ business partners, and (iii) suppliers Such data is processed for preventing situations of potential conflict of interest, pursuant to the applicable internal policy.

Data from children and adolescents.

For the handling of data from children and adolescents, the Employee represents that he/she is a parent or legal guardian, recognizing the handling of personal data of minors to the extent required by applicable law.

 

PERSONAL DATA OF SERVICE PROVIDERS

M. Dias Branco processes Personal Data of its service providers to comply with legal obligations, as well as to manage the agreement entered into between the parties, which includes management of contractual payments and other procedures required by applicable law.

 
Personal Data of Service Providers

Registration Data and Contact Information

Full name, home address, personal and corporate e-mail address, telephone, date of birth, gender, number of identification document (RG, CPF, CNH, RNE and/or voter’s registration card) for contractual management at M. Dias Branco and fulfillment of legal obligation.

Copy of documentation

Copy of proof of address, professional certificates, as applicable. 3×4 photo of the service provider for identification, as well as other documents that may be legally required.

Professional information

Professional background, schooling, certificates, languages, among other information, are processed to learn about the professional and academic background, skills, and profile of the Service Provider.

Information on performance and professional background

Information about the performance in the provision of services, compensation, and professional background for the purpose of monitoring performance and managing the agreement for provision of services.

Financial information

Bank account details for managing payments and any refunds.

Information on dependents and related third parties

Spouse and dependent information, such as full name, identification document number (RG and/or CPF) and date of birth, for management of benefits.

Information on dependents and related third parties

Spouse and dependent information, such as full name, identification document number (RG and/or CPF) and date of birth, for management of benefits.

Biometric Data

Biometric data of the Service provider may be collected for controlling access to M. Dias Branco’s facilities.

Conflict of Interest Form

Full name, email, position/role/company. The form also includes questions about holdings in companies and relationships with (i) government agents, (ii) M. Dias’ business partners, and (iii) suppliers. Such data is processed for preventing situations of potential conflict of interest, pursuant to the applicable internal policy.

In case of doubts, Employees or Service providers may contact the Human Resources area of M. Dias Branco or the Data Protection Officer.

HOW WE SHARE DATA AND INFORMATION

Data sharing events. Data collected and activities recorded may be shared:

(i) With the relevant judicial, administrative or governmental authorities, whenever there is a legal decision, request, requisition or court order;

(ii) With the companies and business areas of M. Dias Branco, which are in compliance with this Policy; 

(iii) With service providers or partner companies, to facilitate, provide or perform activities related to Our Environments;

(iv) To meet the legitimate and business interests of M. Dias Branco when applicable; and (iii) Automatically, in case of corporate events, such as mergers, acquisitions and consolidations. If you have any questions about with whom we share your Data with, please contact us through the Service Channels available in this Policy.

Sharing of Employee and Service Provider Data.

M. Dias Branco will share Employee and Service Provider Personal Data with the relevant judicial, administrative, or governmental authorities, whenever there is a legal mandate, request, requisition, or court order; with third parties that are relevant for corporate purposes, use of information technology, to meet the legitimate interests of M. Dias Branco when applicable, management of the employment and/or service provision agreement, management of benefits, as well as to achieve the purposes described in this Policy. For information on the identity of these third parties, Employees may contact the Human Resources area of M. Dias Branco or the Data Protection Officer.


Data Anonymization.

For the purposes of market intelligence research, disclosure of data to the press and advertising, the data provided by you shall be shared anonymously, so that this shall not allow your identification.

 

HOW WE PROTECT YOUR DATA AND HOW YOU CAN PROTECT IT TOO

 

Security and Governance Practices

To safeguard your privacy and protect your Personal Data, we have a governance program that contains rules of good practices, policies and internal procedures, which provides for organizational conditions, training, educational actions and mechanisms for supervising and mitigating risks related to the handling of Personal Data.

Access to Personal Data, proportionality and relevance.

Internally, Personal Data collected are accessed only by duly authorized professionals, subject to the principles of proportionality, necessity and relevance to our business objectives, in addition to the commitment to confidentiality and preservation of your privacy under the terms of this Policy.

Adoption of good practices

You are also responsible for the confidentiality of your Personal Data and you should always be aware that the sharing of passwords and access data violates this Policy and may jeopardize the security of your Data and our environments. If you identify or become aware of any risk to the security of your Data, please contact our Data Protection Officer through the Service Channels provided in this Policy.

External links

By using our environments, you may be forwarded, via link, to other portals or platforms, which may collect your Data and have their own Privacy Policy. You are responsible for reading these Policies, and it is your responsibility to accept or reject them. We are not responsible for privacy policies of third parties or for the content of any websites or services linked to environments other than ours.

Handling by third parties under our guideline.

We seek to carefully assess those who provide services to us and we establish contractual provisions on information security and Personal Data protection for them in order to protect you.


HOW WE STORE YOUR PERSONAL DATA AND ACTIVITY RECORD

Storage location

Personal Data collected and activity records are stored in a secure and controlled environment, which can be on our servers located in Brazil, as well as in an environment of use of resources or servers in the cloud (cloud computing), which may require transfer and/or processing your Data abroad. Such transfers involve only companies that evidence compliance with applicable laws, maintaining a level of compliance similar or more stringent than that provided for in Brazilian law.

Storage period

We store Personal Data only for as long as is necessary to fulfill the purposes for which it was collected or to comply with any legal, regulatory or rights preservation requirements. For this purpose, we have a safe Information Retention and Disposal Policy.

Personal Data Disposal

Once the maintenance period and the legal need expires, Personal Data shall be deleted using safe disposal methods or used anonymously for statistical purposes.


WHAT YOUR RIGHTS ARE AND HOW TO EXERCISE THEM.


Your basic rights.

Personal Data is your property and the applicable legislation establishes a series of rights related to it, which may be exercised by you by requesting our Data Protection Officer through the Service Channel provided in this Policy.

(i) Confirmation and access: you may request confirmation of the existence of Handling and access to your Personal Data, including by requesting copies of records held by us about you.

(ii) Correction: you may request the correction of your Personal Data that are incomplete, inaccurate or out of date.

(iii) Anonymization, blocking or deletion: you may request the anonymization of your Personal Data, so that they can no longer be related to you, the blocking of your Personal Data, temporarily suspending the possibility of Handling for certain purposes, or the deletion of your Personal Data.

(iv) Portability: you may request that we provide your Personal Data in a structured and interoperable format in order to transfer it to a third party, subject to our intellectual property or business secret.

(v) Information about sharing: you may request information about third parties with whom we share your Personal Data, being such disclosure limited to information that does not violate our intellectual property or business secret.

(vi) Revocation of consent: you may decide to withdraw consent for any purpose that you have consented to. Such revocation shall not affect the legality of any handling carried out previously. If you withdraw your consent for fundamental purposes for the regular operation of our environments and services, these may be unavailable to you. (vii) Opposition: you may oppose the Handling of your Personal Data, if you do not agree on any purpose. Request. For security reasons, whenever you make a request for the exercise of your rights, we may request additional information to prove your identity, in order to prevent fraud.


Failure of meeting requests.

We may fail to meet any request to exercise rights, if the meeting violates our intellectual property or business secret, as well as when there is a legal or regulatory obligation to retain Personal Data. In addition, we may fail to meet your request if we need to retain the Data to enable our defense or that of third parties in disputes of any nature.

Answers to requests.

We undertake to answer all requests within a reasonable term and in compliance with applicable law.


INFORMATION ABOUT THIS POLICY


Amendment to content and updated

You acknowledge our right to amend the content of this Policy at any time, according to the purpose or need, such as for the adequacy and legal compliance with any provision set by law or rule that has equivalent legal effect, and you should check it whenever you access our environments. In the event of updates to this document that require a new collection of consent, you shall be notified through the contact channels informed by you.

Unenforceability.

In the event any point of this Policy is deemed unenforceable by a Data Authority or court, the remainder of the conditions shall remain in full force and effect.

Service Channels

If you have any questions about the provisions of this Policy, including for the exercise of your rights, you may contact our Data Protection Officer at the following addresses:

(i) Data processing Officer: Peck Advogados

(ii) Mailing address: Rodovia BR 116, Km 18, s/n, Jabuti, Eusébio/CE, Zip Code: 61.760-00

(iii) Email for contact:

encarregado.lgpd@mdiasbranco.com.br

Applicable law and venue.

This Policy will be read in compliance with Brazilian law, in the Portuguese, and the venue of your domicile is hereby elected to settle any dispute involving this document, except in the event of specific proviso of personal, territorial or functional jurisdiction by the applicable legislation.

If you want more information about your data, please fill in the form below: