Nós, o Rennó, Salla, Faustino, Carvalho e Moraes Sociedade de Advogados (o “Corelaw”), com sede na Cidade e Estado de São Paulo, na Alameda Campinas, nº 1.077, 2º e 3º andares, CEP 01404-001, inscrita no CNPJ/ME sob o nº 29.187.996/0001-78, preparamos esta Política de Privacidade (a “Política”) com o intuito de formalizar nosso compromisso de transparência com vocês, com o objetivo de garantir a segurança do uso e tratamento dos seus dados, preservando sempre a sua privacidade.

Our team works tirelessly to meet all the requirements of Law No. 13.709/2018 – General Data Protection Law (“LGPD”), Law No. 12,965/2014 (the “Internet Civil Rights Framework”) and other applicable legal provisions. Thus, if you have any questions or needs clarification about this Policy, please contact our Data Protection Officer indicated in item 13 below.

Corelaw shall control your personal data within the scope of the relationship established with you, which, under the LGPD, is the one responsible for decisions relating to the processing of personal data.

It is our understanding, and it is very important that you know what your rights are to your personal data processed by Corelaw.

Such rights are provided for in article 18 of the LGPD, and are described below:

In our relationship, whether you are a client, potential client, service provider, lawyer, employee or any third party who, for any reason, has provided us with personal data, know that we may use personal data for the effective performance of our work, which is collected as follows:

1. Through our website::

By accessing corelaw.com.br, we may collect personal data when you sign up for our mailing list, or even for a webinar, or when you download specific content from us, at which time the following personal data may be collected: name, email and telephone number, so that you may receive all our news.

In addition, our website may collect your personal data through Cookies, the details of which will be explained in item 6 below.

2. In the development of our professional activity::

In order to work with our clients, service providers, lawyers and employees, we need to collect and process some personal data from you and third parties, which shall only be requested if necessary to our activity. Such data may be regular and/or sensitive personal data (data that is considered as political or religious view, color, race, health, genetic, biometric data, etc.), it being certain that we shall assess the need more carefully before requesting any sensitive data, and we shall treat it in accordance with the law.

We may use your data as follows:

• Personal Data: We shall use your personal data such as: name, email, contact information, financial data, professional data, property data, marital status, nationality, procedural data, and all other personal data inherent to you, that are not sensitive personal data, only for the execution of our professional activities, as well as to bill our services or pay suppliers and third parties.

• Sensitive Personal Data: We shall use your sensitive personal data such as: data on racial or ethnic origin, religious belief, political view, membership to a union or organization of a religious, philosophical or political nature, data regarding health or sex life, genetic or biometric data, when linked to a natural person, only for the execution of our professional activities, always in full compliance with the law.

We may use Cookies in our website in order to improve your experience with the content provided by us.

In summary, Cookies allow our website to store information upon your access thereto, such as preferred language, location data, as well as other information that we may consider relevant to provide an outstanding experience to you.

Cookies may also be used for statistical purposes, at which time the data shall be anonymized and aggregated to help us understand how our visitors use our contents.

We may also use Cookies to send newsletters by email, send invitations to lectures and/or webinars, as well as to communicate with you if you request our contact by filling out forms in our website.

Please be advised that we may use Cookies in our website, one of which is Session Cookies, which are temporary Cookies that will be stored in your device until you end the session, and the other type is Persistent Cookies, which are cookies that may be stored in your device until they are deleted, or until a deadline established as standard or a deadline determined by you in the browser used.

We emphasize that you can change the Cookies settings or disable them by adjusting your browser settings according to your interests.

In addition, in some special cases, we may use Cookies provided by trusted third parties, in particular Google Analytics and Youtube Cookies, which may be checked by you at https://policies.google.com/technologies/cookies

Your personal data will be shared with third parties only when strictly required to perform a legal duty or conduct our work and activities. We may share your data with the persons listed below:

a) Public authorities (judicial and extrajudicial), governmental entities, regulatory agencies and inspection agencies, when Corelaw is obliged to comply with a legal duty;

b) Specialized service providers for execution of the works contracted by you from Corelaw, such as accounting services, paralegals, motorcycle couriers, among others;

c) Corelaw service providers, in relation to the areas of technology and marketing;

d) Legal audit service providers;

e) Any other subcontractors who are required to deliver the services contracted by you; and

f) Any other party, which may receive an email, notice, letter, among others, containing your personal data.

With the exception of item a) above, shared data shall always be treated with maximum efficiency, privacy and security.

Your personal data is stored on servers with SSL (Secure Socket Layer) technology, ensuring that none of the personal information and data of the subjects is disclosed to third parties not listed in this Policy. Such technology creates an encrypted channel between a web server and a browser to ensure that all transmitted data is confidential and secure.

All personal data processed by Corelaw is stored in a dedicated database, with access being restricted to qualified persons, who are required, by law, agreement or our internal policies, to maintain confidentiality of such data and not use it unduly or for purposes other than the purposes for which such data was collected.

We always exert efforts within our control to ensure that all our suppliers use adequate levels of security, in accordance with the best market practices.

We take reasonable measures to help protect personal data or other information from accidental loss, theft, misuse, unauthorized change, access or disclosure, and accidental or unlawful destruction.

Whenever possible, we try to only process your personal data within Brazil. However, since part of our servers is located in the United States, international transfer of personal data may take place. We always require that appropriate safeguards be in place to protect information upon processing outside Brazil.

The information collected by Corelaw is withheld as long as it is necessary and appropriate to achieve the purposes for which such information was collected, subject to the terms and conditions of the applicable law, and such information may be excluded at the end of its processing or when requested by you.

Corelaw shall inform any partners it has outsourced on the obligation to delete or return any personal data shared with them, where appropriate.

Nevertheless, the information, including personal data, may be withheld by Corelaw or its partners, even after a request for exclusion, in accordance with the circumstances permitted and/or required by law, such as: compliance with legal or regulatory obligation; regular exercise of your rights; transfer to third party, in compliance with data processing requirements; among others.

Personal data shall be deleted from Corelaw's database in the following events:

• as requested by you to our Data Protection Officer; and

• when the subject’s data is no longer necessary for the execution of the work by our team, unless there is any other legal or contractual reason to withhold such data.

Please be advised that we do not conduct automated decision making or automated profiling.

Our Data Protection Officer (DPO), is the person appointed by Corelaw, and who is responsible for complying with the requests made by the subjects of personal data.

Should you have any questions about how Corelaw uses your personal information, or if you intent to exercise any rights described in this Policy, please contact:

Beatriz Zancaner, [email protected], +55 11 2348-5888

Corelaw may, at any time, change the terms and provisions of this Policy.

Changes to this Policy shall be published on this page. Therefore, we recommend you visit this page from time to time to be aware of such changes. However, if your email is registered in our database, you will be informed by email about any changes to this Policy.