Privacy and Data Security Policy

OBJECTIVE

SB Sustainable Business establishes its Information Security and Privacy Policy, as an integral part of its corporate management system, in line with the best practices of the market, internationally accepted standards and pertinent Brazilian legislation, especially the Lei Geral de Proteção de Dados (LGPD). The goal is to ensure adequate levels of protection for the personal information and data operated by the organization, its customers and employees under its responsibility.

 

DATA SUBJECT RIGHTS

In compliance with the LGPD, we guarantee data subjects the right to access, correct, anonymize, block or delete data that is unnecessary, excessive or processed in violation of the LGPD.

 

PURPOSE

The purpose of this policy is to establish guidelines and standards for Information Security and Privacy that enable employees of SB Sustainable Business to adopt secure standards of behavior. This includes guidance on the adoption of controls and processes to meet the requirements for Information Security and Privacy of Personal Data; to safeguard SB Sustainable Business information, ensuring basic requirements of confidentiality, integrity and availability; to prevent possible causes of incidents and legal liability for the institution and its employees, clients, suppliers and partners; and to minimize the risks of financial loss, market share loss, customer confidence loss, or any other negative impact on SB Sustainable Business' business as a result of security breaches.

 

DATA PROTECTION RESPONSIBILITY

Responsibility for compliance with the LGPD and this policy rests with all SB Sustainable Business employees, suppliers and partners. The Data Protection Officer (DPO), if applicable, will be tasked with overseeing and implementing our data protection strategy and ensuring compliance with privacy regulations.

SANCTIONS AND DUTIES
Violations, even by mere omission or unconsummated attempt, of this policy, as well as of other security standards and procedures, will be subject to penalties that include verbal warning, written warning, unpaid suspension, and dismissal for cause for employees with employment contracts. [...]

In the case of violations that involve illegal activities, or that may cause damage to the Organization, in addition to internal sanctions, the violator may be held legally responsible for the damages, and the pertinent legal measures may be applied.

 

SECURITY MEASURES

SB Sustainable Business will adopt the following security measures to protect personal data:

 

Access Controls: We will implement measures to ensure that only authorized persons have access to personal data and that such access is logged appropriately.

Encryption: We will use encryption techniques to protect personal data during transmission and storage.

Monitoring and auditing: We will perform constant monitoring and audits to identify and correct possible security vulnerabilities.

Training and awareness: We provide regular training for employees to ensure they understand security and data privacy best practices.

Physical Protection: We implement physical measures to protect the places where personal data is stored.

 

INTERNATIONAL DATA TRANSFERS

In compliance with the LGPD, SB Sustainable Business is committed to ensuring that any international transfers of personal data are conducted with an adequate level of protection and in compliance with all applicable laws.

 

DATA BREACH MANAGEMENT

In case of a security breach resulting in the destruction, loss, alteration, unauthorized access or disclosure of personal data, we will immediately notify the National Data Protection Authority (ANPD) and the affected data subjects, as required by the LGPD.

 

POLICY REVIEW

This policy will be reviewed regularly to ensure its effectiveness and compliance with current practices and data protection laws.

 

OMISSIVE CASES

The omitted cases will be evaluated by the Information Security Board for further deliberation. The guidelines established in this policy and in the other security rules and procedures are not exhaustive due to the continuous technological evolution and the constant appearance of new threats. Thus, it is not an enumerative list, and it is the obligation of the user of SB Sustainable Business' information to adopt, whenever possible, other security measures in addition to those foreseen herein, in order to ensure protection to personal information and data.

 

HISTORY OF CHANGES

Review Privacy Preferences.