3. WHAT PERSONAL DATA MAY BE COLLECTED?

3.1 As the data controller, IV Tech may collect the following personal data:

a) Data provided directly and voluntarily by the user: at the time of registration on the platform, during contracting and use of services, while browsing the IV Tech website or blog, when subscribing to IV Tech newsletters, or participating in surveys or promotions conducted by IV Tech, as well as through email, instant messages, and/or telephone contact:

• Registration details: name, gender, parental information, date of birth, identity documents, address, photograph, and business name and registration number for legal entities;
• Contact details: phone numbers and email;
• Banking and financial details.

b) Data obtained and/or collected from third-party databases:

• Financial status information, including negative remarks and credit restrictions;
• Public records on civil, criminal, and labor legal actions;
• Credit history and credit protection scores;
• User-authorized records from Credit Information Systems.

c) Navigation and device data collected during the use of IV Tech systems:

• IP addresses of devices;
• User interactions and usage profile of the Site and Blog;
• Device's network connection type;
• Cookies;
• Device features such as model, operating system, and DRM ID;
• Geolocation information;
• User's email when logged in;
• User's interactions within the app.

d) Data collected from the use of IV Tech systems:

• Service and product usage data;
• Transaction and account activity;
• User service history.

e) Public data:

• Publicly available information about the user;
• Information on mentions or interactions with IV Tech;
• User testimonials related to IV Tech published on social networks, accompanied by the user's name and image.

3.2 By using the IV Tech system, the User is responsible for the personal data and data of third parties published or shared, confirming they have the consent of the third party and/or other legal basis for processing to provide them to the company.

IV Tech operates internationally and adheres to global data protection and consumer rights laws. No data is shared with other companies without the explicit authorization of the users.

4. PURPOSES AND LEGAL BASES FOR PROCESSING PERSONAL DATA

4.1 The processing of personal data collected by IV Tech is carried out in compliance with consistent standards of security and confidentiality.

4.2 In line with the principle of purpose limitation, where personal data processing should serve legitimate, specific, explicit purposes informed to the User, and not be further processed in a manner incompatible with those purposes, IV Tech may process personal data for the following objectives:

- Provision and delivery of contracted services and/or products;

- User identification, authentication, and eligibility verification for contracting services offered by IV Tech;

- Updating user registration or complying with legal and regulatory obligations, including but not limited to anti-money laundering and counter-terrorism financing measures;

- Responding to inquiries and requests;

- Communication via telephone, email, SMS, WhatsApp, or other means, including for sending notifications or usage prompts of IV Tech's services;

- Authentication of financial transactions;

- Marketing and promotion of our products and services, including sending information, updates, features, content, news, and other events relevant to maintaining the relationship with the User;

- Enhancement of provided services, including the introduction of new products and services;

- Prevention and resolution of technical or security issues;

- Cooperation or compliance with judicial orders from competent authorities or regulatory bodies;

- Generation of statistics, studies, research, and surveys related to the activities and behavior of the User in the use of products and/or services;

- Implementation of measures to prevent and combat illicit acts, financial fraud, crimes, and ensuring the safety of Users, IV Tech, and third parties.

4.3 IV Tech may process personal data for the purposes described above, respecting the requirements and conditions established by applicable legislation, under the following conditions:

- To comply with legal and regulatory obligations;

- When necessary for the execution of services and/or delivery of products contracted by the User or preliminary procedures related to contracting;

- Based on legitimate interests of IV Tech, in accordance with legal requirements and limits for this type of processing;

- For the protection of rights of IV Tech, including in legal, administrative, or arbitral proceedings;

- For credit analysis and protection;

- Through the collection of User consent.

5. WHEN MAY DATA BE SHARED?

5.1 User personal data may only be shared by IV Tech with third parties in scenarios such as:

- Business transitions, such as mergers, acquisitions, and incorporations;

- Contracting data processing services from third parties, such as data hosting, cloud computing services, IT consulting, telecommunications services, delivery services, advertising and marketing services, event organization, financial billing services;

- Compliance with anti-money laundering, counter-terrorism financing, and other legal requirements, as well as ensuring the security of IV Tech users and the financial system;

- Legal and regulatory compliance to which IV Tech is subject;

- Working with commercial partners, service providers, suppliers, and subcontractors for the execution of contracted services;

- Responding to court orders or requests from competent authorities;

- Upon the User's request.

5.2 IV Tech commits to require a confidentiality commitment and compliance with third parties that will have access to user data, including direct and indirect data processors that may be located outside the country, which will be formalized through contractual agreement or a binding declaration.

5.3 IV Tech informs the User that it is legally obligated to share personal data when demanded by judicial, police, or administrative authorities. The provision of this data will only occur after validation of the order by the competent bodies.

5.4 Should data sharing occur, it will be carried out as necessary to fulfill the intended purpose and following security and confidentiality standards, as well as privacy protection regulations.

5.5 User personal data may also be shared with the Financial Activities Control Council, as established by applicable laws on the prevention of fraud and crimes against the financial system.

6. CAN DATA BE TRANSFERRED TO OTHER COUNTRIES?

6.1 User personal data may be transferred and processed outside the country of origin, such as when IV Tech stores it with cloud computing providers located in other countries, observing the best practices in security and privacy to ensure the integrity of personal data, in compliance with current legislation and applicable regulatory standards.

7. HOW IS DATA PROTECTED?

7.1 Aiming to protect stored user and third-party data, IV Tech will use physical and digital security measures, such as access controls, encryption, firewalls, audit trails, among other mechanisms like multi-factor authentication and access control, adopting a series of technical and preventive measures and best practices in security.

7.2 Personal data obtained by IV Tech will have restricted access, with an information security framework applied to limit each personal data access to the professional or department that needs it for the declared data processing purposes, with security procedures and data access being periodically reviewed.

7.3 IV Tech conducts training for staff on information security and the objectives outlined in this Policy, and all staff and third parties with data access commit to following privacy, data protection, and confidentiality rules to ensure information security and proper data use.

7.4 While IV Tech is committed to the best information security practices, it cannot guarantee that harmful events resulting from hacker intrusions or security incidents through access to suspicious sites, installation of malicious software, or other failures that cause unauthorized disclosure or access to information will not occur. In such situations, IV Tech will not be liable for any compensation.

7.5 Although IV Tech uses various measures for data protection and security, the User is also responsible for the security of their IV Tech account. The User must keep their credentials and cryptographic keys secure and only access their IV Tech account from secure and trustworthy environments and devices.

8. HOW LONG CAN DATA BE STORED?

8.1 As long as the User is a customer or prospective customer of IV Tech, to fulfill the purposes described in this Privacy Policy, their personal data may be securely stored and maintained.

8.2 When applicable, even after the termination of the User's IV Tech account, certain User data may be stored for an additional period for audit purposes, legal and/or regulatory compliance, or regular exercise of rights under the applicable legislation.

8.3 As a Payment Institution, IV Tech is subject to regulatory obligations imposed by financial authorities. Due to certain regulations, IV Tech may retain certain information about users after account closure, independent of any deletion request or consent, as provided by data protection laws, especially in cases of compliance with legal or regulatory obligations.

9. HOW DO COOKIES WORK?

9.1 IV Tech uses cookies to enhance the user experience on its platforms and internet pages. Cookies are used to remember user preferences, store information related to site activities, or collect information for personalized content delivery.

9.2 The collection and use of cookies occur during navigation on our Platforms, based on user preferences.

9.3 IV Tech utilizes cookies for:

• Authentication and security;
• Offering ads and content related to user activities;
• Product and service offers;
• Performance measurement and statistics.

9.4 IV Tech ensures that in the execution of both own and third-party cookies, the best security practices are adopted to protect collected personal data.

9.5 The use of cookies by IV Tech can be authorized in advance by the User when accessing the platforms and websites. Authorizations can be reviewed and modified at any time by the user. IV Tech clarifies that blocking cookies may interfere with the full use of the features available, including possibly hindering access to certain functions and tools of the channels and platforms.

10. WHAT ARE THE RIGHTS OF THE DATA SUBJECT?

10.1 When acting as the Controller of user personal data, IV Tech will make all efforts to ensure the exercise of user rights, as listed below:

• Information and access: The User may request confirmation of personal data processing and access them if present;
• Correction: The User may request the correction of incomplete, inaccurate, or outdated personal data;
• Anonymization, blocking, or deletion: The User may request their data processed by IV Tech to be anonymized, blocked, or deleted when unnecessary, excessive, or in non-compliance with the regulations;
• Portability: The User may request the transfer of their personal data to another service provider;
• Deletion: The User has the right to request the deletion of their personal data processed based on consent, except when data retention is necessary for compliance with legal obligations, or for the exercise of rights in judicial or administrative proceedings;
• Information about shared use: The User may request information about the sharing or receipt of their personal data;
• Opposition: The User should be informed about the possibility of not providing consent and the consequences of such refusal;
• Revocation: If data processing is based on consent, the User may revoke this authorization by express request;
• Petition: The User may petition the National Data Protection Authority regarding their personal data;
• Review of automated decisions: The User may request a review of decisions made solely based on automated personal data processing that affect them.

10.2 User requests will be considered in view of the objectives and legal bases presented, respecting individual rights and freedoms regarding personal data protection, therefore responses to requests will be duly justified as applicable.

11. CAN THE PRIVACY POLICY BE CHANGED?

13. HOW TO CONTACT IV TECH?

13.1 For clarifications, questions, and requests of any nature related to the processing of personal data and the terms of this Privacy Policy, IV Tech is available for contact through its data protection officer, Cristiane Ronchi, at the email support@ivtecnologiasweb.com, or through the contact channel available on the homepage, named “Data Protection”.

Recife, March 2, 2024.

Support via WhatsApp: +55 81 99840-3982