Your privacy and the protection and confidentiality of your personal data are very important to us. Therefore, it is our firm’s policy to ensure the security of any and all information and personal data that may be provided to the firm and/or collected on our website www.rimac.com.br.

This Privacy and Personal Data Protection Policy contains information about the collection, use, storage, processing and protection of the personal data of users and visitors to our website, in order to demonstrate absolute transparency on the subject and to clarify to all interested parties the types of data that are collected, the reasons for the collection and how data subjects can manage or delete their personal information.

This website is maintained and operated by RIMAC IMPORTAÇÃO EXPORTAÇÃO E REPRESENTAÇÕES LTDA, a private legal entity enrolled with the CNPJ/ME under number 00.945.362/0001-55, with its registered office at Rua da Paz, nº 1601, suite 416, Chácara Santo Antonio, São Paulo/SP, ZIP Code 04713-002, hereinafter simply referred to as “RIMAC”.

This document has been prepared in accordance with the Brazilian General Personal Data Protection Law (LGPD), Law No. 13.709/2018, and with the Brazilian Civil Rights Framework for the Internet (Marco Civil da Internet), Law No. 12.965/14, and may be updated periodically as a result of any regulatory and/or operational changes to our website. For this reason, we invite all users to periodically consult this Privacy and Personal Data Protection Policy.

We collect and use certain personal data belonging to those who use our website. In doing so, we act as the controller of such data and, as such, we are subject to the provisions of the LGPD.

We take care of the protection of your personal data and, therefore, we make this Privacy and Personal Data Protection Policy available for everyone’s knowledge. This document contains important information, mainly about: (i) who should use our website; (ii) which data we collect and what we do with it; (iii) your rights regarding your personal data; and (iv) how to contact us.

Who should use our website

Our website must be used by individuals over 18 (eighteen) years of age.

Data we collect and reasons for collection

Our website collects and uses certain personal data from our users, in accordance with the provisions of this section.

Based on this data, we can identify the user and visitor, as well as ensure greater security and better meet their needs.

When a user or visitor accesses the pages of our website, their information regarding interaction and access may be collected, where applicable, to ensure a better experience. Such data may refer to the keywords used in a search, the sharing of a specific document, comments, page views, profiles, the URL from which the user and visitor came, the browser they use and their IP addresses, among others, which may eventually be stored.

The personal data of the user and visitor collected and stored by our website are intended, among other purposes, to improve the services we offer; facilitate, expedite and fulfill the commitments established between users/visitors and our firm; improve the browsing experience by understanding how users and visitors use the website; provide relevant content considering the specificities of our field of activity; eventually allow users and visitors to access certain content that is exclusive to registered users; and, in general, provide legal certainty to the parties.

We collect the following personal data that our users may voluntarily provide when using our website: (i) full name; (ii) telephone number; and (iii) e-mail address.

We may also collect, on occasion: (iv) professional data (e.g., name of the company where the user works, job title, corporate e-mail and telephone number), when such data is shared by the user in their message and/or in the subject of the communication in our “contact” section.

The collection of such data occurs exclusively when the user voluntarily fills out the contact form.

Our website does not require the mandatory completion of any document and/or form, nor the mandatory provision of any personal data. The submission of personal data by website users is optional, if they wish to contact us through digital means.

Finally, as mentioned above, for the purpose of optimizing the browsing experience of users and visitors to our website, we may collect data related to access to the pages of our website, keywords used in searches, recommendations, comments, interaction with other profiles and users, followed profiles, IP address, etc.

We do not collect sensitive data from our users, understood as those defined in Articles 11 and subsequent articles of the LGPD. Thus, there will be no collection of data related to racial or ethnic origin, religious beliefs, political opinions, trade union membership or membership of a religious, philosophical or political organization, data concerning health or sex life, genetic or biometric data, among other data considered sensitive.

Cookies are text files sent by the website to the user’s or visitor’s computer and stored there, containing information related to browsing on the website. Such information is related to access data, such as location and time of access, and is stored by the user’s or visitor’s browser so that we can read it later in order to personalize the services of the website, improve navigation and understand how the user interacts with the website.

Cookies do not allow any file or information to be extracted from the user’s or visitor’s access device, nor do they allow access to information that did not originate from the user or from the way the user uses the website’s resources.

The user and visitor to our website must acknowledge the use of the data collection system through cookies, accepting or rejecting it, according to the cookie banners displayed on the website.

These are small text files automatically downloaded to your device when you access and browse our website. They basically serve to enable us to identify devices, user activities and preferences.

The cookies of our website are sent to the user’s or visitor’s computer or device exclusively by the website itself.

The user may object to the registration of cookies by the website by disabling this option in their own browser. More information on how to do this in some of the main browsers in use today can be found at the following links:

Internet Explorer: https://support.microsoft.com/pt-br/help/17442/windows-internet-explorer-delete-manage-cookies

Safari: https://support.apple.com/pt-br/guide/safari/sfri11471/mac

Google Chrome: https://support.google.com/chrome/answer/95647?hl=pt-BR&hlrm=pt

Mozilla Firefox: https://support.mozilla.org/pt-BR/kb/ative-e-desative-os-cookies-que-os-sites-usam

Disabling cookies, however, may affect the availability of some tools and features of the website, compromising its proper and expected functioning. Another possible consequence is the removal of user preferences that may have been saved, which may harm the user experience.

Thus, RIMAC adopts all measures within its reach to protect the personal data of users and visitors of its website, among which we highlight the use of the Wix platform, protected with SSL/TLS systems, which are types of digital security that allow encrypted communication between a website and a browser. Thus, the company’s website allows its users and visitors to browse and send information securely, including via the HTTPS protocol.

Other types of data not expressly provided for in this Privacy and Personal Data Protection Policy may occasionally be collected, provided that they are supplied with the user’s consent or that the collection is permitted based on another legal ground provided by law.

We do not share your personal data with third parties. Nevertheless, we may do so to comply with a legal or regulatory obligation, or to comply with an order issued by a public authority.

We may also receive personal data indirectly, from third parties who are legitimately entitled to share such data with us, such as our business partners, suppliers, advertising networks, social networks such as Facebook, Instagram, Twitter and LinkedIn, research information providers, third parties that enable social network tagging and integration functionality, or other users and visitors. We may also receive from our clients certain personal data of third parties as part of the provision of our services. Such data will be used solely for the purposes set out in this Privacy and Personal Data Protection Policy and we recommend that the data subjects also review the policies of those third parties to understand how their personal data is processed by them.

The personal data collected by the website is stored and used for a period corresponding to what is necessary to achieve the purposes set out in this document and which takes into account the rights of its holders, the rights of the website controller and the applicable legal or regulatory provisions.

Once the storage periods of personal data have expired, the data is removed from our databases or anonymized, except in cases where storage is possible or necessary due to a legal or regulatory provision.

A legal ground for the processing of personal data is simply the legal basis that justifies it. Thus, each personal data processing operation must have a corresponding legal ground.

We process the personal data of our users and visitors mainly in the following cases: (i) with the consent of the data subject; (ii) for compliance with a legal or regulatory obligation by the controller; (iii) for the regular exercise of rights in judicial, administrative or arbitration proceedings; (iv) when necessary to meet the legitimate interests of the controller or of third parties; and (v) for the performance of a contract between RIMAC and the user and/or visitor, including communications between the company and the user and/or visitor.

Certain personal data processing operations carried out on our website depend on the prior agreement of the user, who must express it in a free, informed and unequivocal manner.

The user may revoke his or her consent at any time. In the absence of a legal grounds that allows or requires the storage of the data, the data provided based on consent will be deleted.

In addition, if they so wish, users may refuse to agree to certain personal data processing operations based on consent. In such cases, however, it is possible that they may not be able to use certain website features that depend on that operation. The consequences of the lack of consent for a specific activity will be informed before processing.

Certain personal data processing operations, especially data storage, will be carried out so that we can comply with obligations set out in law or in other regulatory provisions applicable to our activities.

For certain personal data processing operations, we rely solely on our legitimate interest, particularly when the data subject’s consent is very difficult to obtain, when the data subject’s consent may be considered unnecessary, and when there is minimal impact on the data subject and a justification for the use of the data.

To assess the feasibility of using the legitimate interest legal ground, we always perform a proportionality test, whose purpose is to balance, on the one hand, the interests of our company and, on the other, the rights of the personal data subject.

By way of example, Rimac relies on this legal ground to send communications necessary due to our contract with clients and/or relevant information for maintaining our relationship with the user and visitor or to update their personal data and information in our records.

To help us answer your questions and manage your requests; enable the maintenance and updating of user and visitor records, as well as the execution, access and use of our website and your interaction with us; and to make it possible to provide service to the user and visitor.

Website users and visitors have the following rights, granted by the LGPD: (i) confirmation of the existence of processing; (ii) access to data; (iii) correction of incomplete, inaccurate or outdated data; (iv) anonymization, blocking or deletion of unnecessary, excessive or unlawfully processed data; (v) portability of data to another service or product provider, upon express request, in accordance with the regulation of the national authority, subject to trade and industrial secrets; (vi) deletion of personal data processed with the consent of the data subject, except in the cases provided for by law; (vii) information on public and private entities with which the controller has shared data; (viii) information on the possibility of not providing consent and on the consequences of refusal; and (ix) revocation of consent.

It is important to highlight that, under the LGPD, there is no right to delete data processed based on legal grounds other than consent, unless the data is unnecessary, excessive or processed in non-compliance with the provisions of the law.

Data subjects whose personal data is processed by us may exercise their rights by submitting a request to this effect via e-mail, with delivery and reading confirmation, addressed to the person responsible indicated in Section 7 of this Privacy and Personal Data Protection Policy.

To ensure that the user who wishes to exercise their rights is indeed the data subject whose personal data is the object of the request, we may request documents or other information that can assist in their proper identification, so as to safeguard our rights and the rights of third parties. This will only be done when absolutely necessary, and the requester will receive all related information.

We employ technical and internal organizational measures suitable to protect the personal data collected on our website, including from alteration and destruction. Such measures always take into account the nature of the data, the context of collection, the purpose of processing and the damage that a possible breach could cause the data subject, always adopting the highest standards available in the market.

Thus, RIMAC adopts all measures within its reach to protect the personal data of users and visitors to its website, among which we highlight the use of the Wix platform, protected with SSL/TLS systems, which are types of digital security that enable encrypted communication between a website and a browser. Thus, the company’s website allows its users and visitors to browse and send information securely, including via the HTTPS protocol.

However, even though we adopt everything within our reach to avoid security incidents, it is possible that problems may occur caused exclusively by third parties – such as hacker or cracker attacks – or by the exclusive fault of the user, as in cases where the user transfers their data to a third party. Thus, although we are generally responsible for the personal data that we process, we disclaim responsibility if an exceptional situation such as these occurs, over which we have no control. In any case, if any type of security incident occurs that may cause risk or relevant damage to any of our users, we will inform the affected parties and the Brazilian National Data Protection Authority (ANPD) of the incident, in accordance with the LGPD.

Considering that we do not control internet security, we will not be responsible for the security of information that you choose to communicate online while you are browsing and transmitting data, including any loss of data during transmission. Therefore, as it is not possible to guarantee the complete security of data transmitted to us or through our website, we recommend and request that you exercise care and attention in the way you transmit data and in the choice of the personal data you share with us or with any third parties.

We reserve the right to change, at any time, the provisions contained herein, especially to adapt them to any changes made to our website, whether by providing new features or by removing or modifying those already existing, as well as to comply with legislation.

Whenever a change is made, this Privacy and Personal Data Protection Policy will be updated on our website, enabling full awareness of it by all users and visitors, without prejudice to possible notifications being sent to them by e-mail or other appropriate means.

To clarify any doubts about this Privacy and Personal Data Protection Policy or, in general, about the personal data we process, please contact us at the e-mail address rimac@rimac.com.br.

This Privacy and Personal Data Protection Policy was last updated in May 2021.