LGPD and Privacy Policy

1. Personal Data

Personal data is any information related to an identified or identifiable natural person (art. 5, item I, LGPD). In other words, it is any information that allows identifying, connecting to a natural person, such as name, ID number, CPF, date of birth, bank information, phone number, address proofs, among others.

Sensitive personal data, in turn, is any information related to racial or ethnic origin, religious belief, political opinion, union membership, or membership in a religious, philosophical, or political organization, data related to health or sexual life, genetic or biometric data, when linked to a natural person (art. 5, item II, LGPD).

2. Personal Data Processing

Personal data processing consists of any operation carried out with personal data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, evaluation, control, modification, communication, transfer, dissemination, or extraction of information (art. 5, item X, LGPD).

Processing will only occur when we have a legal basis for it. The legal bases include: consent (for example, when you give your consent); contract (for example, when processing is necessary to enter into or execute a contract with you); compliance with a legal or regulatory obligation by us as controllers, or by the controller when we are operators; exercise of our rights; and our legitimate interests as controllers, or legitimate interests of the controller or third parties when we are operators, as provided by applicable law.

In cases where the processing of your personal data is carried out solely based on your consent, you have the right to revoke your consent at any time, which will not affect the legality of the processing based on your consent before the revocation or the legality of the processing based on other legal hypotheses.

We may process your personal data based on legitimate interests, provided that your fundamental rights and freedoms prevail. If applicable, we will process your personal data based on our legitimate interest to ensure the quality and continuity of our services, to improve them, as well as to support, conduct, and promote our activities.

The processing of sensitive personal data, in turn, can only occur under Article 11 of the LGPD when the data subject or their legal guardian consents, specifically and highlighted, for specific purposes.

The only exceptions where consent is not required from data subjects will be for: (i) Compliance with a legal or regulatory obligation by SCHEFFER LOGÍSTICA; (ii) Shared processing of data necessary for the execution, by public administration, of public policies provided for in laws or regulations; (iii) Conducting studies by a research body, ensuring, whenever possible, the anonymization of sensitive personal data; (iv) Regular exercise of rights, including in contract and judicial, administrative, and arbitration proceedings, the latter under the terms of Law No. 9.307, of September 23, 1996 (Arbitration Law); (v) Protection of the life or physical safety of the data subject or third parties; (vi) Health protection, exclusively in procedures carried out by health professionals, health services, or health authorities; or (vii) Guaranteeing fraud prevention and security of the data subject in identification and registration authentication processes in electronic systems, safeguarding the data subject’s rights and except in cases where the data subject’s fundamental rights and freedoms prevail, which require the protection of personal data.

LGPD also prohibits the communication or shared use between controllers of sensitive personal data related to health for the purpose of obtaining economic advantage.

The only exception to this rule consists of cases related to the provision of health services, pharmaceutical assistance, and health assistance, including auxiliary diagnosis and therapy services, in the interest of data subjects, and to allow: a) data portability when requested by the data subject; or b) financial and administrative transactions resulting from the use and provision of the services referred to in this paragraph.

In other words, we are legally prohibited from sharing your sensitive personal data directly with third parties without your express authorization.

3. Type and Source of Data

We may process personal data about you, relating to: a) Full name/company name; b) Profession; c) Nationality; d) Mobile number; e) Business and/or residential phone number; f) Email address; as well as g) others necessary for contract fulfillment and service provision.

3.1 Personal Data of Employees

Regarding our employees, personal data will be used for the purpose of complying with a legal or regulatory obligation under Article 7, item II, of the General Data Protection Law, and therefore, they follow the specific legislation term.

The data will be stored while the employment contract persists, and, with this term provided for in the specific legislation, for another 5 (five) years, to fulfill legal obligations that may eventually be questioned, under Article 7, item II, of the General Data Protection Law.

3.2 Personal Data of Service Providers and Suppliers

Regarding service providers and suppliers, personal data will be used to ensure compliance with a legal or regulatory obligation under Article 7, item II, of the General Data Protection Law.

The data will be stored for up to 5 (five) years after the service provision is completed.

3.3 Personal Data of Clients

Regarding our clients, personal data will be used to fulfill the established service provision contract under Article 7, item VI, of the General Data Protection Law.

The data will be stored while the contract with a determined term between the parties persists and for another 5 (five) years after the procedures and contractual obligations are completed, with a view to fulfilling a legal obligation, under Article 7, item II, of the General Data Protection Law.

As a rule, we will collect such personal data when you provide it to us or authorize us to obtain it from third parties. We may also obtain them independently when the information is publicly available.

Your personal data will be processed and stored for as long as necessary to achieve the purposes for which the personal data was collected, in accordance with the storage periods required by applicable law, or until you revoke the consent given for processing/storing your personal data, as applicable.

4. Processing and Security of Personal Data

We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your personal data against loss, misuse, unauthorized access, disclosure, and alteration.

All personal data is securely stored in SCHEFFER LOGÍSTICA’s software and cloud systems. For this, we use security measures such as firewalls, data encryption, physical access controls to our data centers, and access authorization controls to information.

Your data will be stored for a maximum period of 1 (one) year, after which it will be anonymized and deleted from our systems. That is, we will use reasonable and available technical means at the time of processing, through which the data will lose the possibility of being associated, directly or indirectly, with an individual and subsequently be deleted from our database (art. 5, items XI and XIV, LGPD).

5. Use of Applications for Customer Service

Aiming to better serve you, SCHEFFER LOGÍSTICA offers customer service through the WhatsApp application.

As it is a third-party application, we do not guarantee the security of the information sent through this communication channel. Thus, when you contact us through WhatsApp, you will receive the following message:

“Hello! We have received your request. We would like to inform you that under Law No. 13.709/2018, we are not responsible for the security of personal information sent through the WhatsApp application. If you wish to continue the service with data submission through this channel, send us ‘I am aware and wish to continue’. Otherwise, we recommend using our establishment’s official channel to make requests, through the email solicitacaolgpd@schefferlogistica.com.br.”

Our company also uses corporate email, which is configured as our most secure access channel. You may notice that each of our emails contains the following notice:

“The use of the information contained in this email is subject to professional confidentiality. The information is confidential, for exclusive and specific use of the recipient, and the content does not necessarily reflect the opinion of Scheffer Logística. If you are not the intended recipient, you are notified that you are not authorized to use, disclose, or forward this message. If you have received it by mistake, please contact the sender and discard the information contained herein. We reiterate that Scheffer Logística is committed to observing the provisions of the General Data Protection Law and the Marco Civil da Internet, as well as ensuring all rights guaranteed by law to data subjects.”

SCHEFFER LOGÍSTICA takes care of the confidentiality and secrecy of business and personal relationships, the ethical principles that govern our company, and, above all, ensuring the protection of data subjects’ personal data.

6. Rights of Personal Data Subjects

Personal data subjects will have the following rights: (a) to information, to be provided through a report, to confirm the existence of data processing, (b) to access their personal data, (c) to correct incomplete, inaccurate, or outdated data, (d) to anonymization, blocking, or deletion of unnecessary, excessive data or data processed in non-compliance with the LGPD, (e) to data portability to another service or product provider, upon express request, according to the regulation of the national authority, observing commercial and industrial secrets, (f) to the deletion of personal data processed with their consent, except in cases provided for in this Policy and in Article 16 of the LGPD, (g) to information to be provided by public authorities and companies/individuals with whom the office has shared the data, (h) to information about the possibility of not providing consent and about the consequences of the refusal, and (i) to revoke their consent, under the terms of § 5 of Article 8 of the LGPD.

Exercising any of these rights will not affect the legality of any data processing carried out before exercising such a right.

To obtain this information, simply fill out a simple form containing the request for the information report, its justification, and the identification of the data subject. The form will be made available physically and/or through a request sent by email to solicitacaolgpd@schefferlogistica.com.br

After filling out the form, the report will be sent to the data subject via email or delivered in print through the scheduling of a legal consultation at our headquarters.

7. Children and Adolescents

As a rule, we do not process personal data of children (under 12 years old) or adolescents (people between 12 and 18 years old), except when there is a medical request in this regard and the consent of at least one parent or guardian.

Occasionally, we may process this information within the scope of our labor relations (for example, for e-social purposes) and recruiting new talents for our team (in the case of young apprentices or interns).

8. Cookies and Other Tracking Technologies

Cookies are text files placed on your computer or device to collect standard Internet log information and visitor usage of our site and to compile statistical reports on site activity.

When you visit our site, we and our business partners and suppliers may use cookies and other tracking technologies to recognize you as a user and personalize your online experience, the services you use, and other online content, as well as to measure the effectiveness of our publications, conduct analyses, mitigate risks, prevent potential fraud, and promote trust and security on our site.

We may use cookies to differentiate you from other users of our site and services. This helps us provide you with a good experience when browsing our site or using our services, and also allows us to improve them.

As a rule, we will use GOOGLE ANALYTICS, a free tool for websites that collects and aggregates anonymized visitor data, offering access reports such as traffic source, pages visited, time spent, among others.

You can configure your browser or device not to accept cookies. However, in some cases, some sites and/or features of our site may not function as a result. Some browsers provide settings that allow you to control or reject cookies or include alerts when a cookie is placed on your computer.

The procedure for managing cookies is different for each web browser, and you can check the specific steps in the help menu of the browser you are using. You can also reset device identifiers by enabling the appropriate setting on your mobile device.

The procedure for managing identifiers is also different for each device, and you can check the specific steps in the help or settings menu of the device you are using.

9. Third-Party Sites

Our site may occasionally contain links to third-party sites that are not controlled by us. If you visit these sites or use the services provided there, remember that this Policy does not apply to third-party data processing, and we recommend that you carefully review how these third parties process personal data before using their sites, applications, or services.

10. Transfer of Personal Data

The sharing of personal data with third parties is restricted to companies that help us maintain the functioning of our structures. This means that no data is shared deliberately, but merely occasionally due to being contained in third-party systems and software.

To enable the exercise of our regulatory activity, we share our information with the following companies:

• Diego Audrey de Lima Lamezon – Accounting.
• Gibbs Transportes Ltda.
• PLSS Soluções.
• TFM Advocacia e Consultoria Especializada.
• Salamacha, Batista, Abagge e Calixto Advocacia.
• Agreements with supermarket chains for product and service redistribution.
• Health, medical, pharmaceutical, and laboratory agreements for the benefit of our employees.

Whenever possible, in these cases, we will enter into a data processing agreement (data processing agreement) with third-party suppliers and/or service providers who have access to your personal data, so that these third parties ensure a level of data protection compatible with what is provided in this Policy.

Additionally, your personal data may occasionally be transferred abroad within the scope of the processing purposes described in this Policy, in accordance with applicable legislation, with the adoption of all appropriate safeguards and security measures to ensure an adequate level of data security and protection.

We will only transfer your personal data internationally to countries that provide a level of personal data protection adequate to that provided by applicable law, or based on your consent, a contract signed with you, or compliance with a legal obligation. Among other cases of international data transfer, the software and applications (all with a high level of security) used by us may also, occasionally, store data outside Brazil.

11. Changes to this Policy

SCHEFFER LOGÍSTICA is committed to constantly seeking to improve and develop its services and its site, so we may change this Policy periodically.

We will not reduce your rights provided in this Policy or in applicable laws. If significant changes occur, we will notify you through the provided contacts if required by applicable law.

In any case, we recommend periodic review of this Policy to stay updated on any changes.