POLICY OF PERSONNEL SKILLS - DATA PROTECTION OFFICER (DPO)

Download the digitally signed version

By this term, the company GRUV COMUNICAÇÃO E MODA LTDA, hereby represented by its partners, who subscribe, hereby designate the partner and collaborator MIGUEL RIETH MARINHO to exercise the function of Data Protection Officer (DPO), as provided in the General Data Protection Law (LGPD), Law nº 13.709/2018, in our company, which will be attributed competence for the care and protection of data.

Among the attributions of this function are, based on the law:

1. Accept complaints and communications from holders, provide clarifications and adopt measures;

2. Receive communications from the National Data Protection Authority (ANPD) and adopt measures;

3. Guide employees and contractors by the company regarding the practices to be adopted in relation to the protection of personal data;

4. Carry out the other attributions determined by the controller or established in complementary norms, and;

5. Decide on changes in internal and external operational flows related to the processing of personal data, ensuring compliance with personal data protection laws.

For the faithful fulfillment of this term, the policy of powers of the Data Protection Officer (DPO) is established, with the provision of guarantees and powers set out below:

6. Raise awareness and inform all company employees who process personal data;

7. Ensuring compliance with privacy and data protection policies;

8. Control and regulate compliance with the application of the LGPD;

9. Collect information to identify processing activities;

10. Control and monitor the processing of personal data that may pose a risk to the rights of holders, in addition to the measures and mechanisms used to mitigate these risks;

11.Carry out assessments on exposure to the risks of privacy violations and mitigate them with improvement actions;

12. Keep records of data processing activities up to date;

13.Promote training on good practices for data protection;

14. Be the point of contact with data subjects in order to clarify issues related to the processing of personal data;

15. Ensure that the 10 LGPD principles are implemented in own and/or purchased systems (Principle of Adequacy, Principle of Necessity, Principle of Transparency, Principle of Free Access, Principle of Data Quality, Principle of Security, Principle of Prevention, Principle of Responsibility and Accountability, Principle of Non-Discrimination and Purpose Principle);

16. Be the point of contact with control authorities.

We emphasize that the Person in Charge (DPO) thus assumes responsibility for implementing the strategy for data protection and compliance with the General Data Protection Law, and must act with diligence and professionalism in the processing of personal data and in the management of digital security, avoiding act with negligence, imprudence or malpractice because, if you act in violation of your professional duties, you may be personally liable for damages caused to third parties and to the company itself.

In these terms,

It is consigned.

Brasilia, May 08, 2021.

Accordingly,

MIGUEL RIETH MARINHO

IN CHARGE/DPO

CPF n.. 000.129.831-36 

VINICIUS MATTEO SILVA RISSO

MANAGING PARTNER

CPF n.. 002.472.741-51 

GRUV COMUNICAÇÃO E MODA LTDA

CNPJ n. 25.157.020/0001-00