PERSONAL DATA PROTECTION AND PRIVACY POLICY – SACCARO

Interdesign Móveis Ltda. (“SACCARO”) (CNPJ No. 88.614.938/0001-42) is committed to protecting the personal data privacy of its clients and partners. Through this Personal Data Protection and Privacy Policy, Saccaro outlines the measures taken to ensure data security and its main actions to comply with applicable legislation. 1. WHAT IS THE PERSONAL DATA PROTECTION AND PRIVACY POLICY 1.1. Through this Personal Data Protection and Privacy Policy (the “Policy”), we explain how we process your personal data, for what purposes, for how long, what security measures are taken, and your rights as a data subject, as well as how to exercise them, all in accordance with applicable personal data protection laws, especially Law No. 13.709/18 (General Data Protection Law | LGPD). 2. DEFINITIONS 2.1. Some definitions are essential for understanding this Policy: • GENERAL DATA PROTECTION LAW (LGPD): Law No. 13.709 of August 14, 2018, which regulates the processing of personal data, including in digital media, by natural or legal persons, with the aim of protecting fundamental rights of freedom, privacy, and the free development of personality. • CONTROLLER: A natural or legal person, responsible for decisions regarding personal data processing. • PROCESSOR: A natural or legal person who processes personal data on behalf of the controller. • PERSONAL DATA: Any information related to an identified (e.g., name, CPF, address, phone) or identifiable natural person. • PROCESSING: Any operation performed with personal data, including but not limited to collection, storage, access, use, sharing, transmission, classification, reproduction, deletion, and evaluation. • DATA SUBJECT: The natural person to whom the personal data refers. • SOFTWARE(S): Online applications owned by SACCARO. • USER(S): Any natural or legal person who accesses the Software(s) using a login and password. • COOKIES: Small files stored by websites on a computer via the browser, used to identify visitors and personalize pages according to preferences. 3. HOW WE PROCESS PERSONAL DATA 3.1. SACCARO processes personal data to provide access to its software. It processes registration and access data strictly for legitimate and proportional purposes. 3.2. Access data may include information such as the user's device IP address, browser type and version, visited pages, date and time of access, time spent, and diagnostic data. When accessed via mobile, SACCARO may automatically collect device type, mobile device ID, IP address, OS, mobile browser type, unique identifiers, and diagnostic data. 3.3. To enable specific functionalities like the Wishlist, SACCARO will process registration data and consumer intent data. 3.4. Collected data will be used exclusively for managing the Relazione program and will be available for consultation by the Data Subject and Saccaro store salespeople. 3.5. For software provision, SACCARO will act as the sole Controller of users’ personal data, as per the LGPD and the guidelines of the National Data Protection Authority (ANPD). 4. USE OF COOKIES AND PLUG-INS 4.1. The Software(s) do not use cookies. 5. DATA SHARING AND LIFECYCLE 5.1. SACCARO does not sell personal data to third parties. Sharing will occur only when strictly necessary for the purposes indicated, complying with contractual and legal obligations and legitimate interests. 5.2. Data provided through the website may be shared with nearby franchise stores to fulfill the purposes outlined on our site. 5.3. Personal data will be processed only for the time necessary to fulfill its purpose or legal, regulatory, or contractual obligations. 6. INTERNATIONAL DATA TRANSFERS 6.1. SACCARO may transfer personal data internationally if it uses third-party cloud service providers located outside Brazil or processing applications abroad. These providers will be chosen based on their ability to ensure data protection and compliance with applicable data protection laws. 7. DATA SUBJECT RIGHTS 7.1. You have always been the owner of your personal data and always had rights over it. The LGPD expanded these rights under Article 18: a. confirmation of processing; b. access to data; c. correction of incomplete, inaccurate, or outdated data; d. anonymization, blocking, or deletion of unnecessary or non-compliant data; e. data portability upon express request; f. deletion of data processed with consent (except as otherwise provided by law); g. information on data sharing with public or private entities; h. information on the option to deny consent and consequences thereof; i. withdrawal of consent. 7.2. To exercise these rights or clarify doubts, contact us at: marketing@saccaro.com.br. 8. PERSONAL DATA SECURITY 8.1. SACCARO ensures the security of your data with appropriate technologies and procedures, including backups, authentication factors, user authorization, and "need-to-know" access control. 8.2. Despite SACCARO’s best efforts, no system is infallible. In case of a data incident that may pose risks to your rights, you will be informed immediately. 9. CONTACT For questions or requests related to this Policy, contact SACCARO: Email: marketing@saccaro.com.br Phone: +55 (54) 99187-9770 Address: Rua Padre Gerônimo Rossi, 1956 - Ana Rech - 95060-570 - Caxias do Sul/RS, Brazil Caxias do Sul/RS January 31, 2025