Gauss Indústria e Comércio Ltda, a legal entity governed by private law, registered under Corporate Tax ID No. 80.777.030/0001-48, headquartered in Curitiba, Paraná, ZIP 81350-240, hereinafter simply “GAUSS” 

One of the foundations of the General Data Protection Act (LGPD) is respect for privacy. The privacy of our OWNERS (“you”, “owner”) is very important to GAUSS and, for this reason, we make every effort to protect the personal data we process. Thus, this statement of GAUSS Privacy Policies (“Policies”) is intended to explain in a simple, clear and objective way what kind of data will be collected, as well as when and how it will be used. It is important to notice that the Policies apply to any brands, products and/or services of GAUSS. 

When we refer to personal data, we mean any data relating to an identified or identifiable natural person, including identifying numbers, location data or electronic identifiers, when these relate to a person. In short, any personal information that can identify its owner. This applies from information such as name and address to issues such as gender, religion or political position. 

BEFORE ACCEPTANCE OF OUR PRIVACY POLICIES, YOU MUST READ ITS CONTENT ENTIRELY. By accepting our Policies, you acknowledge that you have read and understood their content and purpose. 

1. For the purposes of these Policies, it is considered: 

i. Processing agents: the controller and the operator; 

ii. National Data Protection Authority (ANPD): federal public administration body, member of the Presidency of the Republic of Brazil, which is responsible, without limitation, for ensuring the protection of personal data, inspecting and applying sanctions in case of data processing performed in breach of legislation, pursuant to the General Data Protection Law (LGPD); 

iii. Cookies: are small pieces of data stored by your browser on your computer’s hard drive. Cookies are required to the use of the Gauss Website. 

iv. Controller: individual or legal entity, either governed by public or private law, who is responsible for decisions concerning the processing of personal data; 

v. Personal data: (you, Owner or Owners) information related to the identified or identifiable natural person; 

vi. Sensitive Personal Data: personal data on racial or ethnic origin, religious conviction, political opinion, trade union membership or organization of a religious, philosophical or political nature, data on health or sexual life, genetic or biometric data, when linked to an individual; 

vii. General Data Protection Law (LGPD): is the law that provides for the processing of personal data, including in digital media, by a natural person or by a legal entity governed by public or private law, regardless of the means, the country of its headquarters or of the country where the data are located, provided that (i) the processing operation is carried out in the national territory; (ii) the processing activity aimed at offering or supplying goods or services or processing the data of individuals located in the national territory; or (iii) the personal data being processed have been collected in the national territory. 

viii. Operation of personal data: the same as processing. 

ix. Operator: the individual or legal entity, whether public or private, who processes personal data on behalf of the controller; 

x. Information Security and Privacy Policy (PSIP): document in which GAUSS undertakes to protect information owned and/or under its custody, which must be complied with by all its employees and operators and controllers. Its purpose is to establish the guidelines to be followed by GAUSS and the processing agents with regard to the adoption of procedures and mechanisms related to information security. 

xi. Intellectual property: includes the rights relating to industrial property and copyright, this being understood as copyright and related rights; 

xii. End of processing of personal data: when the verification occurs that the purpose has been achieved or that the data is no longer necessary or relevant to the achievement of the desired specific purpose; end of treatment period; communication of the holder, including in the exercise of the right to revoke consent as provided for in § 5 of art. 8 of the LGPD, safeguarding the public interest; or determination of the ANPD, when there is a violation of the provisions of the LGPD. 

xiii. Processing: any operation involving personal data, such as those related to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, destruction, evaluation or control of information, change, communication, transfer, dissemination or extraction; 

xiv. Owner: natural person, also “owner”, “you”, “he” or “Owners” who only accesses the Gauss Website, as well as the person who fills out the registration form and agrees with the Privacy Policies. 

2. Personal data is collected in two ways by GAUSS: 

2.1. The following personal data will be processed by GAUSS: 

2.2. By accepting these Privacy Policies, the Owner declares: (a) that GAUSS will be able to carry out the operation of their personal data that were collected at the time of accessing and/or filling out the form with their data and the way in which GAUSS and the processing agents cooperate during the processing operation of the data; (b) be over 18 (eighteen) years of age and that have read the rules of these policies thoroughly and carefully, being fully aware of their content and giving their free, informed and unambiguous expression by which they agree with the treatment of their personal data to one of the purposes established in item 2.1. In case you do not agree with the content of these policies, you will not be able to access the Gauss Website; (c) if you are a legal representative of a company, and have the necessary and specific powers to accept these Privacy Policies. 

2.3. The Owner is solely responsible for the accuracy and veracity of the data provided when filling out the registration form. 2.3.1. In case misrepresentation of recorded information is identified, GAUSS will ask the Owner for clarification, and may suspend or block the access if it deems it inadequate, if necessary. 

2.4. In case GAUSS identifies the misuse of the Gauss Website or the violation of intellectual property rights owned by it or by third parties, the Owner will be asked for clarification, and it may block or terminate the access and take appropriate legal and administrative measures. 

2.5. In the event of changes in the purpose for the processing of personal data that are not compatible with the original consent, GAUSS will previously inform the Owner of the changes in purpose through an informing email at the time of registration. In case the data processing is carried out based on the legal basis “with consent”, the owner may revoke it if the owner disagrees with the changes. In the same act, GAUSS will inform the consequences if the Owner does not agree with the new purpose of the processing the personal data. 

2.7. The Owner declares to be aware that the database formed through the collection of data in the Gauss Website is the property and responsibility of GAUSS. 

2.8. GAUSS will not sell, rent, assign or lend the Owners’ personal data. 

2.9. GAUSS and the companies of the economic group of which it integrates guarantee that only duly authorized employees will have access to the personal data collected and always respecting the principles of proportionality, necessity and relevance for the purposes of the Gauss Website, in addition to the commitment to confidentiality and preservation of the privacy under these Privacy Policies. 

3. The collected data and activity records will be stored in a safe and controlled environment for the minimum period indicated below, without prejudice to other deadlines provided for in specific legislation: 

3.1. The Gauss Website can be accessed in any country and, for this reason, GAUSS may transfer the owner’s data to operators located in other countries or jurisdictions around the world that provide a level of protection of personal data adequate to that provided for in the LGPD. 

3.2. The collected data will be stored in a datacenter located in Europe, Asia, North America, through a technology called cloud computing. In this case, the Owner declares to be aware that the personal data will be transferred to a foreign country for the purpose of processing the owner’s data, especially for storage. 

3.3. In order to protect the Owner’s privacy, GAUSS may use cryptographic resources in the operation with personal data carried out with hosting providers. GAUSS declares that only hosting providers that have passed its security and reliability verification will process the Owner’s personal data. 

4. The Owner is entitled to obtain from GAUSS, in relation to the personal data processed by us, at any time and upon free request: (a) confirmation of the existence of processing; (b) access to data; (c) correction of incomplete, inaccurate or outdated data; (d) anonymization, blocking or deletion of unnecessary, excessive or processed data in violation of the provisions of the LGPD; (e) data portability to another service or product provider, upon express request, observing commercial and industrial secrets; (f) deletion of personal data processed with the owner’s consent, except in the cases provided for in item 5; (g) information on the public and private entities with which GAUSS shared the use of the data; (h) information about the possibility of not providing consent and the consequences of denial; (j) revocation of consent, pursuant to art. 8, § 5, of the LGPD. 

4.1. In case the legal basis of treatment used by GAUSS is that of with “consent”, the revocation by the Owner may affect the performance of the Gauss Website and make some of the services and functionalities unavailable. 4.1.1. In case the Owner does not grant consent for optional purposes, related to the sending of information, innovations, content, news and other events relevant to the maintenance of the relationship, the services and functionalities of the Gauss Website will continue to be made available on a regular basis. 

4.2. The Owner acknowledges that in the communication of the acts, disclosure and/or provision of services, transmission of documents or to keep the owner always informed about any matter, electronic means will preferably be used, except in cases the use of this means is impossible. 4.2.1. The deadlines for complying or failing to comply with a certain act, contained in the electronic message sent by GAUSS will be counted from the confirmation of receipt. 

4.2.2. The electronic message is considered received when the Owner receives notification, forwarded by the GAUSS system, that the message has been delivered. 

4.2.3. The Owner must enable the function for the automatic forwarding of the confirmation of receipt of an electronic message. 

4.3. The Owner must include the email address for GAUSS in the list of safe senders. 

4.4. For purposes of auditing, security, fraud control and preservation of rights, GAUSS may keep the data registration history of the Owner for a longer period in cases that the law or regulatory rule so establishes or for the preservation of rights, pursuant to item 3.2. 

5. Personal data will be deleted after the end of its processing, within the scope and technical limits of the activities, authorized to be preserved for the following purposes: (i) in compliance with legal or regulatory obligation, (ii) for the study by a research body provided for in its social or statutory purpose, ensuring, whenever possible, the anonymity of personal data; (iii) for transfer to a third party, provided that the data processing requirements set out in the LGPD are respected; (iv) for use of personal data for fraud prevention (art. 11, II, “a”, of the LGPD); (v) for use of personal data for credit protection (art. 7, X, LGPD) and (vi) to serve other legitimate interests, in accordance with article 10 of the LGPD. 5.1. Upon expiration of the term and legal requirement, GAUSS may delete, by means of a safe disposal method, the data described in item 2.1 or will keep them for its exclusive use, its access by a third party prohibited, and provided that the data is anonymized. 

5.2. The Owner’s request may be refused by GAUSS if, for example, it is impossible to verify the identity. 

5.3. In some situations, the deletion of personal data will be technically unfeasible, as some systems do not allow the complete deletion of data or, in the case of physical support, it would end up damaging the data recording unit. Thus, based on art. 113, § 2 of the Civil Code, for the purposes of this Term “Deletion will be considered the act of deleting the data of the owner from the organization’s database. If the operation is not performed due to technical limitations, GAUSS will disable or hide the data of the owner in the database; if it is not possible to carry out these actions, GAUSS will keep the data only due to the technical impossibility of the exclusion. In the case of data registered on physical support, the registration unit will be (i) eliminated if it contains only the data of the owner or (ii) it will be archived if it involves data from other owners. Regardless of the procedure adopted by GAUSS, the use of the data will no longer be allowed.” 

6. GAUSS will use “Cookies” in the Gauss Website in order to facilitate the use of the application by the Owner. 6.1. Cookies are required to provide basic functionality while the Owner browses the Gauss Website. In addition, Cookies are intended to display specific advertising for some of the products and services offered by GAUSS. 

6.2. Cookies can be blocked, refused or eliminated by the Owner at any time through the resources provided by the owner’s browser. 

6.3. The Owner acknowledges that, by blocking the use of Cookies, some web services may be partially or totally affected and may compromise the navigation on the website. 

6.4. GAUSS may use the following types of Cookies: 6.4.1. Session cookies: these are temporary cookies, which will remain on the Owner’s device until the Owner exits the Gauss Website. 

6.4.2. Persistent Cookies: they remain on the device for much longer or until they are manually deleted by the Owner (the length of time for these types of Cookies stays on devices will depend on the duration or “life” of the specific cookie). 

6.5. GAUSS may use the following types of Cookies: 6.5.1. Preference Cookies: they collect information about the owner’s choices and preferences, allowing us to remember the language or other local settings, and customize the Site accordingly, such as: (i) Location cookies: store the Owner’s approximate address (city, state, country, postal code), as determined by the IP address. It is stored to allow the user to automatically select the country, thus showing which establishments are closest to the Owner. Means that GAUSS may use: (a) Website: the Owner may decide whether to share location information and, if accepted, the website may present specific content; (b) Check-in: the check-in of the Owner on the social network through the provision of free Wi-Fi by the company or the creation of a well-structured fan-page; (c) Geofencing: the content is presented in real time according to the internet user’s movement detected by the GPS; (d) Geotargeting: the segmentation of audience, through the IP address, by location; or, (ii) Language Cookies: used to store the language that the Owner has selected and to show the correct options. 

6.5.2. Social Plug-in Cookies: used to detect the Owner – or not – of social media networks for analysis of market research and product development. 

6.5.3. Pixel Tags: it is a type of technology used on a website or in the body of an email for the purpose of tracking certain activities, such as views of a website or when an email is opened. Pixel tags are often used in conjunction with cookies and website and/or Gauss Website usage information by the Owners, and may be shared with an operator and/or controller such as an advertising agency so that it can target ads on banners on the website. 

6.5.4. Google Analytics: A web analytics service provided by Google, Inc. (“Google”). Google Analytics collects first-party cookies, data related to the device/browser, IP address and website/application activities to evaluate and report statistics on the Owners’ interactions on websites and/or applications that use Google Analytics. The information generated by the Cookie about the use of the website will be transmitted and stored on a Google server in the USA. GAUSS has enabled the “analytics.js” or “gtag.js” collection method to control the use of cookies to store a pseudonymous or random customer identifier. The information stored in the local first-party cookie is reduced to a random identifier (e.g. 12345.67890). 

6.5.5. Google Ads: Google Ads (formerly known as Google AdWords and Google AdWords Express) is an online advertising solution that GAUSS may use to promote its products and services on Google Search, YouTube and other sites across the web. The tool also allows GAUSS to choose specific goals for the ads, such as generating more phone calls or website visits. GAUSS may stop showing advertisements at any time. The information obtained through Conversion Cookies is intended to create statistics for Customer Ads that use conversion tracking. Through the statistics generated by Google Ads, it will be possible for GAUSS to find out the number of Owners who clicked on the ad displayed by Google and who accessed the page marked by the conversion tracking tag. GAUSS may use the Google Ads remarketing function. Remarketing is nothing more than a Google Ads tool that marks and identifies Owners who have already visited the GAUSS website. It starts to display their ads more often when the Owner visits websites that accept ads on the Google display network. That is, through the remarketing function, GAUSS will be able to serve ads to Owners who have visited the website by adding the website’s global tag for remarketing and event fragments. Once the site’s global tag is installed, it will capture information about the pages viewed by the GAUSS website Owners. This information includes the URL and title of the page and is used to build remarketing lists. The event fragment can be used to transmit specific data to Google Ads about the GAUSS website visitors and actions they perform on the website, such as viewing a product, making purchases, filling in online forms and the registration setup. The data passed into the event fragment can also be used to create remarketing lists. 

6.6. By using the Gauss Website, the Owner allows the introduction of the tools listed above and, consequently, the collection, storage and use of their usage data in the manner described above and for the purposes specified. Furthermore, the Owner accepts that the data will be stored in Cookies even after logging out of the browser and that it will be possible, for example, to access them again on the next visit to the website. The Owner may revoke this consent at any time. 

7. The security of your personal information is important to GAUSS. GAUSS adopts the standards and best practices of the market for the protection of personal data from the moment of collection until its disposal, but not limited to these operations. 7.1. GAUSS employs reasonable and appropriate measures to protect personal data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in processing and the nature of the personal data. GAUSS has implemented appropriate technical and organizational measures designed to ensure data protection. Wherever possible and/or necessary, personal data may be encrypted with suitable and strong encryption algorithms. 

7.2. The Owner acknowledges that no method of transmission over the Internet or method of electronic storage is 100% secure. GAUSS undertakes to use its best efforts to protect the Owner’s personal data; however, GAUSS cannot guarantee absolute security. In case your personal information is compromised in a breach of security, GAUSS will notify, within a reasonable time, the affected Owner(s) and the ANPD, as determined by the LGPD. 

7.3. If the Owner has any questions about the security of personal data or the tool used by GAUSS, the Owner must get in touch through the channels indicated in item 4.1. 

8. GAUSS will work together with the National Data Protection Authority to ensure the protection of personal data within the limits of current legislation. 8.1. The Owner declares to be aware that GAUSS will review its guidelines and procedures whenever the ANPD requires it. 

8.2. All ANPD requests and/or questions will be promptly answered by the Supervisor. 

8.3. Whenever ANPD requests the establishment to open an investigation of any situation involving personal data, such as, but not limited to, non-compliance with the LGPD, the Supervisor will have the support of the Information Security and Incident Response Committee and will be responsible for the coordination of this group. 

8.4. The Supervisor will be responsible to maintain contact with the ANPD. 

9. No technology used by GAUSS infringes any current legislation and these Privacy Policies, in addition to having the objective of protecting personal data and guaranteeing the privacy of the Owner. 9.1. GAUSS will not use an automated method for processing personal data that affects the interests of the Owner, including decisions aimed at defining the personal, professional, consumer and credit profile or aspects of the Owner’s personality. 

9.2. The Owner declares to be aware that GAUSS has the right to change the content of these Privacy Policies at any time, according to the purpose or need, such as for adequacy and compliance with the provision of law or regulation that has equivalent legal force. The Owner is responsible to verify the content of these Policies whenever accessing the GAUSS website. GAUSS will send a notice to the email address indicated by the Owner when registering to inform that these Policies have been modified. 9.2.1. In the event of updates to this document that require a new collection of consent, in case GAUSS uses this legal basis for the processing, the Owner will be notified through the contacts provided in the registration. 

9.3. GAUSS requires the operators and/or controllers with which it shares the personal data of its Owners, that is, outsourced companies that carry out operations with the data it collects, to implement a Security and Privacy Policy (PSIP) which shall contain the guidelines that specify, such as the technological means to ensure data protection. If the data is classified by GAUSS as “critical”, the operator(s) and/or controller(s) will be audited to verify compliance with the guidelines established in the Information Security and Privacy Policy. In the case it is not possible to audit the operator(s) and/or controller(s), GAUSS will require the issuance of a certificate stating that they have complied with the requirements set out in the PSIP. 

9.4. In the case the National Data Protection Authority or a court decision finds that any of the provisions of these Policies are inadequate, inappropriate or contrary to current legislation, the other conditions will remain in full force and effect. 

10. These Privacy Policies shall be governed by and interpreted in accordance with Brazilian law, in the Portuguese language, and the Court of the District of Curitiba will be elected to settle any litigation or controversy involving this document, except in the specific exception of personal, territorial or functional jurisdiction by applicable law. 

Update: July 12, 2021.