Global Policy on
Data Protection

1.INTRODUCTION

CONCREMAT ENGENHARIA E TECNOLOGIA S.The. (“CONCREMAT” or “Company”), a legal entity under private law, registered in CNPJ no. 33.146.648/0001-20, with headquarters at Rua JoaquimPalhares, 40, Torre Sul, 5º andares – Estácio, Rio de Janeiro – RJ, 20260-080 is a company that has almost seven decades of experience in the national market, whose objective is to offer integrated engineering and management solutions to customers, companies and society, always seeking to promote the best contribution to the sustainable development of the country. In search of constant evolution and based on its values, especially the maintenance of relations with ethics, trust and security, CONCREMAT has been adequate, with excellence, to practices related to privacy and protection of Personal Data, thus developing this Global Data Protection Policy.

2.GOAL

This Global Data Protection Policy has the main objective of realizing the concern that CONCREMAT has with the privacy and personal data of all Holders who entrusted the company with such information. Therefore, with the formalization of this Policy, it is committed to ensure that all requirements imposed by data protection legislation are met, as well as to express the respect of the entire CONCREMAT to the right to honor, intimacy, privacy. The rights mentioned guide all the steps that involve the processing of Personal Data during the execution of CONCREMAT’s work. In this regard, this Policy describes what measures should be taken to ensure the protection of your privacy and integrity in the processing of Personal Data and informs all available means of contact to contact us if you wish to exercise any of your rights or ask questions. CONCREMAT guarantees by promoting the formalization of this Policy:

  • What should be the processing given to Personal Data and what guidelines are given
    by CONCREMAT for all those who process Personal Data on their behalf;
  • The protection of CONCREMAT’s reputation, ensuring that the Personal Data that
    have been entrusted to us to be treated in compliance with the laws of protection of
    data, in addition to other important practices for processing Personal Data with
    security;
  • Protection for the risk of incidents relating to the undue treatment of
    Personal Data and other breaches of existing data protection laws,
    ensuring that all the rights of the Holders are preserved.

In addition to mere compliance with legal obligations, CONCREMAT’s main objective is to strengthen its structure with ethics and transparency, nurturing relationships in a safe way with all those who collaborate daily with our growth.

3. REFERENCE LEGISLATION FOR THE COLLECTION AND PROCESSING OF PERSONAL DATA

There is the understanding that privacy and protection of Personal Data are concepts that are employed and standardized in various legal provisions, in addition to the General Data Protection Law (Law No. 13,709/2018) – LGPD. These Policy apply, in particular:

  • Federal Constitution of 1988;
  • Law No. 13,709/2018, the General Law for the Protection of Personal Data (LGPD)
  • Civil Code;
  • Law No. 12,965/2014, the Civil Framework of the Internet;
  • Constantly improved, constantly improved internal standards and procedures
    competent and made available to all employees

 

4.APPLICATION AND SCOPE

This Policy applies to all processing of Personal Data performed by CONCREMAT. Thus, the application of this Policy extends to: trainees, apprentices and trainees, service providers, suppliers, business partners, consultants and third parties, as well as public agencies and entities with which there may be interaction, and also to any other party that maintains relationship with CONCREMAT, whether individuals or legal entities, with or without profit.

This Policy exceeds compliance with the company’s internal procedure, becoming a true standard of behavior based on the ethics, seriousness, commitment and protection of holders who, for any reason, need to provide their Personal Data to CONCREMAT. Thus, failure to comply with the rules set out hereby any employee or person to which it is subject to the application of this Policy, without distinction of position or function, will result in administrative measures such as the warning, without prejudice to other cumulative sanctions

5. PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA

CONCREMAT will conduct its processing of Personal Data in accordance with the applicable laws, internal and external policies of the company, as well as the principles listed:

  • Transparency: Personal Data will be treated lawful, fairly and
    transparent in relation to the subject-in-data subject;
  • Purpose and suitability: Personal Data will be collected for the purposes of
    explicit and legitimate and unprocessed in a manner incompatible with the
    these purposes;
  • Quality: Personal Data will be accurate and, when necessary, updated.
    Furthermore, reasonable steps will be taken to ensure that the Personal Data that
    inaccurate, taking into account the purposes for which they are treated, whether they are
    erased, corrected and sanitized without delay;
  • Need: Minimum Personal Data will be processed and necessary for the
    purposes for which they were collected, only those relevant,
    proportionate and are not excessive in relation to the purposes of the treatment of
    of stipulated data;
  • Safety and prevention: technical and administrative measures will be adopted
    able to protect Personal Data from unauthorized access and situations of
    accidental or unlawful, such as destruction, loss, alteration,
    communication or dissemination. In addition, all these measures will be adopted to
    prevent the occurrence of damages due to the processing of Personal Data; and
  • Accountability and non-discrimination: The Personal Data collected will be
    processed for lawful purposes, and the processing of Personal Data with
    abusive or discriminatory purposes. In addition, CONCREMAT is able to
    prove compliance with and compliance with data protection standards

and the effectiveness of the measures taken.

6. GENERAL GUIDELINES

Both the collection and processing of Personal Data carried out by CONCREMAT, meets transparency and ethics, in addition the information is stored in safe environments and in compatibility with current legislation. CONCREMAT undertakes to adopt appropriate measures to effectively process all Personal Data that it already has or will have access regardless of who is the holder. Acting in such a way that the Personal Data processed is collected in strict compliance with: purpose, adequacy and necessity. In addition to maintaining the absolute confidentiality and confidentiality of all information and Personal Data that you have
access or that it will have.

CONCREMAT acts in such a way that the Personal Data collected is adequate, relevant and not excessive, in accordance with the purposes for which it is collected, not retaining it for longer periods than necessary for the fulfillment of its purposes, applicable laws or regulations or when there is specific consent to do so. In addition, CONCREMAT requires all third parties, business partners and those with whom it relates, the adoption of mechanisms capable of safeguarding the information and Personal Data to which they have access due to the ongoing business partnership. Therefore, it ensures that all your contracts are made with partners who are concerned with the privacy and protection of your Personal Data and that they will always act ethically and transparently towards the business relationship and the holders involved in the operation. All these internal processes constantly make CONCREMAT seek suppliers and partners who have a governance program, according to the privacy and protection of Personal Data (recounting internal policies and regulations related to the subject). Furthermore, in the case of the necessary disclosure of Personal Data of customers, employees or partners, whether due to compliance with law, judicial determination or competent body in review of the activities developed by CONCREMAT and/or third parties, this information should be disclosed only in the strict terms and limits required for its disclosure, the holders of the information disclosed, to the extent that the
possible, will be notified.

7. GUARANTEES OF COMMITMENT TO THE PROTECTION OF PERSONAL DATA

Through this Policy, CONCREMAT’s commitments to the protection of Personal Data are consolidated, these are:

  • Keep Personal Data protected, access and use it when necessary to
    develop its activities;
  • Identify the legal basis for the processing of Personal Data in advance and
    that all processing complies with applicable law;
  • Protect Personal Data from misuse and illegal processing;
  • Keep Personal Data stored only for as long as necessary for the
    achievement of its purpose;
  • Explain clearly and transparently to holders about the treatment of their
    Personal Data, in accordance with this CONCREMAT Policy;
  • Do not share Personal Data with third parties unless we have performed
    due diligence and has appropriate agreements and contracts in place;
  • Respect the rights of holders provided for in privacy laws
    and data protection in force;
  • There are appropriate privacy policies, informing holders of the form of the
    processing of your Personal Data and your rights; and
  • Take other appropriate security measures to ensure that the Data
    personal information is accessed only by those who need and are kept
    transferred with the necessary security.

 

8. OUR CONTACT

If there is a need for contact to resolve any questions about this Policy, or any complaints or requests (such as access, objections or correction requests), please contact us through the following digital or physical channels, if you prefer:Name of the Person In charge: Ana Julia Brandimarti Vaz Pinto

Service channel: encarregado.lgpd@concremat.com.br
Phone: 11 99103 7406
Address: Av. United Nations, 13,771, Block 1, 5th floor, São Paulo/SP