PRIVACY POLICY

Last updated: September 06, 2023.

This Privacy Policy is intended to demonstrate the commitment of ZOOX SMART DATA in relation to the privacy and protection of personal data collected from its USERS (individuals who access ZOOX’s website).

This Policy does not extend to users of any of the Zoox products, whose respective Privacy Policies will be made available to users at the authentication stage for access to the product, with the purpose of regulating and informing holders about the processing of personal data in each solution. In this sense, this Privacy Policy establishes the rules on the personal data processing operations within the scope of the services and features made available through ZOOX’s website, in accordance with the laws in force.

As a condition for accessing and using the exclusive features of ZOOX’s website, the USER declares that USER has read the rules contained in this Privacy Policy thoroughly and carefully, being fully aware of and thus freely and expressly agreeing with the terms stipulated herein. If you do not agree with these directives, you must discontinue your access to ZOOX’s website.

In this document, you will find the following topics:

1. COLLECTION AND USE OF DATA AND REGISTRATION OF ACTIVITIES

This section is very important: in it, we will explain what personal data is collected when you access Zoox’s website and the purposes for using this data.

2. COOKIES

In this topic, you will be clarified that you have control over whether or not to enable cookies and what impact disabling cookies may have on your access and use of Zoox’s website.

3. LEGAL BASIS THAT ALLOW THE COLLECTION AND PROCESSING OF YOUR DATA BY ZOOX

In this section, we will indicate when the law allows the collection, storage and use, among other operations, related to your personal data.

4. STORAGE, INTERNATIONAL TRANSFER, RETENTION AND DELETION OF DATA

Here, you will be informed about where the data collected while accessing Zoox’s website and using its functionalities is stored. You will also find information about international transfers, data retention and its subsequent deletion.

5. DATA SHARING

In this section, we explain in which cases data collected when accessing Zoox’s website may be shared.

6. DISPLAY, CORRECTION, LIMITATION, OPPOSITION AND DELETION OF DATA

In this topic, you will have access to information about how you can exercise these rights guaranteed by law.

7. SECURITY

In this section, you will find general information about how Zoox applies security measures to protect your personal data, as well as partners contracted by Zoox and involved in the personal data processing operations.

8. GENERAL PROVISIONS

This section informs, for example, about the applicable law and the possibility of change and update, at any time, on the provisions of this Privacy Policy and the Terms and Conditions of Use. We strongly recommend that you always read them at each new access to Zoox’s website.

1. COLLECTION AND USE OF DATA AND REGISTRATION OF ACTIVITIES

1.1. The data collected from the USER meets the minimization principle and may include:

1.2. User identification data collected by the User's voluntary insertion into the forms on Zoox’s website may be processed in the Customer Relationship Management (CRM) tool to fulfill the purposes set out above. We strongly recommend that the USER read CRM’s Privacy Policy, available here.

1.3. All personal data may be used as evidence in cases of illegal acts or acts contrary to this Privacy Policy or any other legal document made available by ZOOX, as well as to comply with a court order or administrative request.

1.3.1. It is up to the USER to configure their mobile device if they wish to block the collection of cookies or other data. In this case, some ZOOX features may be limited.

1.4. ZOOX is not responsible for the accuracy, truthfulness or lack of the information provided by the USER or its outdatedness, being the USER’s responsibility to provide them with accuracy and update them whenever necessary.

1.5. It is important to highlight that, once on ZOOX website, the USER may be led, via a link to other portals or platforms, which may collect their information and have their own Privacy Policy.

1.5.1. It is up to the USER to read the Privacy Policy of such platforms outside ZOOX’s environment, if applicable, being the USER's responsibility to accept or reject it. ZOOX is not responsible for the privacy statements or content of any third party’s websites or services.

1.6. The database formed by collecting data on ZOOX’s website is ZOOX’s responsibility, and its use, access and sharing, when necessary, will be made within the limits and purposes of ZOOX's business and described in this Privacy Policy.

1.7. Internally, the USER’s data will only be accessed by professionals duly authorized by ZOOX, respecting the principles of proportionality, necessity and relevance of purposes, in addition to the commitment to confidentiality and preservation of privacy under the terms of this Privacy Policy.

2. COOKIES

2.1. It is up to the USER to configure their device if they wish to block the collection of cookies. In this case, some website features may be limited.

2.2. ZOOX uses cookies from Google to generate anonymised statistics (analytics) related to the use of the site (such as measurement of audience), and cookies from the CRM according to its Cookies Policy, available here.

2.2.1. Data collected via cookies may be used to re-identify the USER when they come back to ZOOX’s website.

2.2.2. The data collected via CRM cookies may compose the profile of the USER who fills out the form on ZOOX’s website, for the purpose of customizing offers.

3. LEGAL BASIS ALLOWING THE COLLECTION AND PROCESSING OF DATA BY ZOOX

3.1. The collection and processing (any operation with your personal data, such as storage and use) is authorized under 4 (four) hypotheses provided by law: (i) compliance with the obligation imposed by law to register and keep the records of access to the website for at least six months; (ii) enable the preliminary procedures related to the contracting of ZOOX’s product demonstrations by the USER or by an entity that the USER represents, at the request of the USER by filling out a form submitted on ZOOX’s website; (iii) ZOOX's legitimate interest in adding information about the use of the website to the profile of the USER who registered by filling out a form for personalization of offers and which may be of interest to them, and (iv) their consent (authorization) for communications and sending of information and offers by proceeding with the filling out of forms on ZOOX’s website and agreeing to this express purpose with the “Proceed” button, being guaranteed the right to “opt-out” (withdrawal of consent) at any time. The withdrawal of consent for these purposes will not affect the processing of personal data already carried out based on the previous consent, nor the processing of data carried out or to be carried out based on the hypotheses of items (i), (ii) and (iii).

4. STORAGE, INTERNATIONAL TRANSFER, RETENTION AND DELETION OF DATA

4.1. The data collected is stored in Amazon's (also known by the acronym “AWS”) cloud, with servers located in the United States.

4.1.1. It is important to highlight that, if the data is collected from the USER in country other than the US, the international transfer is only carried out by and to agents that apply the best international practices for the protection of personal data and guarantee to provide a level of protection for personal data that is adequate to that provided for in the legislation. In this sense, Amazon publicly undertakes to adopt robust and comprehensive measures to meet the requirements of the European GDPR (General Data Protection Regulation) and go beyond the other safeguards required by the European Data Protection Supervisor (European Data Protection Supervisor - EDPS) for transfers of personal data to countries that are not subject to the application of the Regulation.

4.1.2. This AWS warranty extends to all types of processing operations subject to the GDPR, including on data that is transferred outside the European Economic Area. In an official announcement published on its website    (source:

https://aws.amazon.com/pt/blogs/security/aws-and-eu-data-transfers-st rengthened-commitments-to-protect-customer-data/), Amazon declares that, in addition to the automatic application of protection features to these operations, it also restricts the fulfillment of requests for access to personal data made by authorities or other public authorities in third countries, including the United States, when it does not promptly reject the request, whenever there are no grounds for providing data or when the order placed is extremely vague.

4.2. The data collected is stored in a secure environment (according to item 7 of this Privacy Policy), in accordance with the specific applicable legislation and controlled for a minimum period of 6 (six) months. However, considering that no security system is infallible, ZOOX disclaims any liability for any damages and/or losses arising from failures, viruses or database invasions that ZOOX may suffer, except in cases where the incident was proved to be a result of ZOOX’s intent or fault.

4.2.1. Some data may be deleted before the period of 6 (six) months, if requested by the USER and there is no longer any purpose of use or legal or judicial obligation that justifies its retention.

4.2.1. The data must be kept for the duration of its purpose of use or legal or judicial obligation that justifies its retention. At the end of the purpose of use and the mandatory retention period, the data may be eliminated using safe disposal methods, or used anonymously for statistical purposes.

5. SHARING

5.1. The data collected and the activities recorded may be shared:

1. With competent judicial, administrative or governmental authorities, whenever there is a legal request from the authorities or a court order;
2. With companies and professionals who work with information security (by signing a confidentiality agreement) and with public authorities in detecting and combating fraud or other illegal activities, aiming to protect ZOOX's customers, ZOOX's intellectual property and the systems used;

• Automatically in case of corporate changes, such as mergers, acquisitions or incorporation, and

1. Automatically, with the service providers hired by ZOOX to make viable the website and all functionalities and services made available by ZOOX.

5.2. All third parties contracted for the purpose of item "iv" above undertake to process the data with confidentiality and only for the contracted purpose, ensuring legal compliance in matters of privacy and data protection and applying, at all times, the information security best practices.

6. DISPLAY, CORRECTION, LIMITATION, OPPOSITION AND DELETION OF DATA

6.1. The USER may request the display or correction of their personal data by email to dpo@zooxsmart.com.

6.2. The USER may also request: (i) the limitation of the use of their personal data; (ii) express their opposition to the use of your personal data or (iii) request the deletion of their personal data collected by ZOOX, provided that there is no purpose of use that legitimates the processing and that the minimum legal retention period has already expired.

6.3. For purposes of auditing, security, fraud control and preservation of rights, ZOOX may keep the USER’s data for a period longer than 6 (six) months after the purpose of the data processing is accomplished, in cases where the law or regulatory rule so establishes or for the preservation of rights.

7. SECURITY

7.1. ZOOX applies technical (in the systems and tools it uses) and administrative measures (such as internal policies, standards and procedures, training and awareness of employees, among others) to ensure confidentiality (that the data is accessible only to authorized persons), integrity (veracity, accuracy and completeness of information, without unauthorized changes) and availability (that your data is accessible and usable on demand) and protect personal data from unauthorized access and from accidental or unlawful situations of destruction, loss, alteration, communication or broadcast. These measures take into account the nature of the processed data (which are not data considered sensitive by the law), the specific characteristics of the processing (the operations carried out and their purposes) and the current state of technology.

7.2. As additional means of applying a high standard of security in the storage and processing of your data, ZOOX uses Amazon's cloud (AWS) as it applies the most advanced techniques of data protection and follow international best information security practices , being certified and recertified in meeting all the security requirements determined by ISO 27017 (international best practices code for cloud information security) and ISO 27018 (international best practices code for personal data protection in the cloud). More information about these certifications as well as a copy of the certificate are available at: https://aws.amazon.com/en/compliance/iso-27017-faqs/ and https://aws.amazon.com/compliance/ iso-27018-faqs/.

7.3. CRM’s tool for managing communication with USERS who voluntarily filled out any form on ZOOX’s website also has a high standard of information security, as can be seen here.

8. GENERAL PROVISIONS

8.1. ZOOX does not use any automated decision that impacts the USER.

8.2. ZOOX reserves to itself the right to change the content of this Privacy Policy at any time, according to the purpose or need, like for adequacy and legal compliance of provision of law or regulation which has equal legal force, leaving to our USER verifiable it whenever you access ZOOX.

8.2.1. In the event of updates to this document and which necessarily require a new collection of consent, ZOOX will notify the USER through the means of contact provided by him.

8.3. In case of any doubt regarding the provisions contained in this Privacy Policy or need to contact the Data Protection Officer (ZOOX’s DPO), Pedro Nunes, Legal & Privacy Director, the USER may contact them by e-mail on dpo@zooxsmart.com, and the answers to the contact will always be sent from Monday to Friday from 9 am to 6 pm (Sao Paulo time), except on national holidays.

8.4. If outsourced companies process any data collected by ZOOX, they must comply with the conditions stipulated herein and the best information security practices, obligatorily.

8.5. If any provision of this Privacy Policy is considered illegal or illegitimate by the authority of the location where the USER resides, the other conditions will remain in full force and effect.

8.6. The USER acknowledges that all communication carried out by email, SMS, instant communication applications or any other electronic form are also valid as documentary evidence, being effective and sufficient for the disclosure of any matter that refers to the services provided by ZOOX, as well as the conditions of its provision or any other matter addressed therein, with the exception of the expressly different provisions set forth in this Privacy Policy.

8.7. This document will be governed by and interpreted in accordance with the applicable legislation, and the USER's domicile is elected to settle any dispute or controversy involving this document, except for specific reservations of personal, territorial or functional jurisdiction by applicable legislation.

Thanks for your attention, and welcome to ZOOX!