Updated on: December 5, 2025

ANBROZA's Data Security Policy establishes principles, controls, practices, and responsibilities related to the processing of personal data of users, clients, and partners, in accordance with legislation such as LGPD, GDPR, and international standards. Data processing is based on legitimate purposes, transparency, minimization, proportionality, and security. The company adopts technical and organizational measures to protect data against unauthorized access, leakage, alteration, destruction, and unauthorized use, including encryption, monitoring, access controls, auditing, and anonymization when applicable.

Data subjects have the right to request access, correction, portability, anonymization, deletion, revocation of permissions, and information about data sharing. ANBROZA may share data with suppliers, partners, and technological platforms for operational purposes, provided that legal norms, contracts, and security standards are respected. Security incidents will be handled with priority, technical evaluation, risk mitigation, and communication, as required by law. Data retention occurs only for the time necessary for the stated purposes or legal obligations.

ANBROZA acknowledges that data protection is a shared responsibility between companies, partners, and users.

 

Legal basis

 

The processing of personal data at ANBROZA may occur based on different legal grounds, such as consent, contract execution, compliance with legal obligations, regular exercise of rights, credit protection, legitimate interest, or protection of life. The ground used depends specifically on the processing and must be clearly and accessibly communicated to the data subject. Processing based on legitimate interest will be evaluated to avoid disclosing the data subject's rights and freedoms.

 

Data retention

 

Personal data is stored only for the time necessary to fulfill the original purposes or legal, regulatory, and operational obligations. After this period, the data will be securely deleted or anonymized. Retention may be interrupted in the event of an investigation, litigation, audit, or legal obligation. The data subject may request deletion, except when there is a legal impediment.

 

Anonymization

 

ANBROZA may anonymize personal data, making it unidentifiable and allowing its use for studies, analyses, market intelligence, and service improvement without compromising individual privacy. Anonymized data is not considered personal and may be used legitimately, provided that irreversibility is guaranteed.

 

Security incidents

 

Security incidents related to data leaks, unauthorized access, loss, or alteration will be specifically assessed and handled in accordance with internal protocols. Measures may include immediate mitigation, access blocking, data recovery, forensic analysis, and communication to authorities and data subjects when required by law. The company strives for transparency and speed in incident handling.

 

DPO (Data Protection Officer)

 

ANBROZA will appoint a Data Protection Officer (DPO) responsible for overseeing compliance programs, guiding internal procedures, interacting with authorities, and responding to data subject requests. Contact information will be made publicly available to facilitate communication.

 

Rights of data subjects

 

Data subjects may exercise rights provided for in legislation, including access, correction, erasure, portability, anonymization, withdrawal of consent, objection to processing, and information about data sharing. Proposals will be processed within reasonable timeframes, observing technical specifications and legal obligations.

 

International Processing and Transfer

 

ANBROZA may transfer data to other countries when operationally necessary, provided there is a guarantee of an adequate level of protection or legal mechanisms, such as contractual clauses, certifications, or adequacy decisions. The data subject will be informed when applicable.

 

Information Security and Cybersecurity Policy — ANBROZA™

 

Institutional protection of data, systems, and digital infrastructure.

 

The Information Security Policy defines the practices, protocols, and measures applied to protect ANBROZA's corporate information, personal data, and technological infrastructure against unauthorized access, cyberattacks, loss, leakage, tampering, and unavailability. Our security system operates with layers of protection that include encryption, firewall, continuous monitoring, restricted access control, multifactor authentication, and recurring audits.

All employees, partners, and authorized third parties are required to follow internal security standards, including confidentiality, proper use of devices, restrictions on copying or transferring, and access based on least privilege. Suspicious activities must be immediately reported to the responsible department for action.

ANBROZA invests in advanced technologies, regular training, and protocol updates to keep its digital environments resilient to emerging threats. Our responsibility includes prevention, rapid response, investigation, mitigation, and transparent communication of security incidents.