OBJECTIVE

This policy applies to the processing of Personal Data (any information that identifies or may identify a natural person) collected by AMAZON FOREST BANK LTDA (“AMAZON FOREST BANK”), directly or indirectly, from all individuals, including, but not limited to, current, future or potential job applicants, employees, professionals, customers, suppliers, business partners, associates, subcontractors or any third parties.

Personal Data is any information that identifies or may identify a natural person, such as: names, identity document numbers, identification codes, addresses, among others.

This document defines the rules, principles and values ​​that should guide the attitudes, behaviors and decision-making of all Employees, members of the Board of Directors, the Executive Board, as well as those holding management positions, employees and interns, customers, suppliers, business partners, partners, subcontractors or any third parties, respecting the legislation on the protection of Personal Data, including, but not limited to, Law No. 13,709/2018 and Law 13,853/2019 or the General Data Protection Law, in addition to the best practices adopted in international standards, such as the General Data Protection Regulation (GDPR) in force in the European Union.

TREATMENT

Any and all operations with data carried out by a natural person or legal entity under public or private law, such as those relating to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or extraction.

PURPOSE

Personal Data shall be used only for the legitimate and specific purposes for which it was collected and duly informed to the data subjects. Any type of processing incompatible with the specific purpose is prohibited, as well as for discriminatory purposes not provided for by law or abusive.

Examples of purposes for which Personal Data is Processed by AMAZON FOREST BANK include: recruitment management, human resources management, accounting and financial management, finance, treasury and tax management, risk management, provision of IT tools or internal websites and any other digital solutions or collaborative platforms, IT support management, occupational health and safety management, information security management, customer/partner relationship management, sales and marketing management, supply management, internal and external communication, event management, compliance with obligations against corrupt practices or any other legal requirements, data analysis operations, legal corporate management, implementation of compliance processes, among others.

ADEQUACY

The Processing of Personal Data may only be carried out if it is in accordance with the specific purpose and in accordance with one of the legal bases provided for in Law No. 13,709/2018, namely:

1. upon the provision of consent by the holder;

2. for compliance with a legal or regulatory obligation by the controller;

3. for the implementation of public policies;

4. for the performance of studies by research bodies;

5. for the execution of a contract or preliminary procedures related to a contract to which the holder is a party;

6. for the regular exercise of rights in judicial, administrative or legal proceedings;

7. for the protection of the life or physical safety of the holder or third parties;

8. for the protection of health;

9. to meet the legitimate interests of the controller or third parties;

10. for the protection of credit, including as provided for in the relevant legislation.

MINIMIZATION

Only the minimum Personal Data necessary to achieve the specific purpose defined by Law should be collected.

ACCURACY

Personal Data will be kept by AMAZON FOREST BANK accurately and, when necessary, will be updated as needed and to fulfill the purpose of its processing.

MINIMUM RETENTION

Personal Data must be deleted, as far as possible, from AMAZON FOREST BANK's database after the specific purpose has been achieved.

SECURITY

AMAZON FOREST BANK implements appropriate technical and administrative measures to protect Personal Data against accidental or unlawful alteration or loss, as well as against unauthorized use, disclosure or access.

Employees will receive passwords to access various work tools, such as: access to e-mail, intranet, payment control systems, systems with information on Employee positions, salaries and benefits, among many others, depending on the activity performed.

All passwords received are personal and non-transferable. Access passwords are granted to the person, as a demonstration of trust, and may not under any circumstances be transferred or assigned for others to use and have access to Personal Data, among other information of a confidential nature.

It is also strictly forbidden to:

copy Personal Data to personal devices, send or forward Personal Data or emails containing any type of Personal Data to any person who has not been previously and expressly authorized by AMAZON FOREST BANK to receive such Personal Data;

disclose or publish any Personal Data of Employees or Third Parties through Computing and Communication Resources;

search, view or save in computing resources, such as computers, telephone, email, video conference, systems and any type of document containing Personal Data, voice or text messages or emails containing Personal Data, without a legitimate purpose in accordance with their scope of work;

provide or use personal passwords of third parties or another Employee.