Privacy Policy

  • 1. Introduction
  • 2. Who is BLOCKBR?
  • 3. What data do we handle?
  • 4. What do we use the collected data for?
  • 5. What are the rights and duties of users?
  • 6. Use of cookies and similar technologies
  • 7. How long are personal data kept?
  • 8. Is collected data shared with third parties?
  • 9. How is collected data handled?
  • 10. What are the security policies adopted?
  • 11. Other information
  • 12. Change in policy
  • 13. DPO contact and details

1. Introduction

1.1. Welcome to BLOCKBR. Your privacy is critical to us. Whether you are a customer, employee, employee, service provider or visitor to our website ( www.blockbr.com.br ) and/or mobile application and/or its own and third-party APIs (hereinafter referred to as “Platform”), be aware that BLOCKBR is attentive to the protection of your personal data.

1.2. If you are interested in one of our products and want to use the Platform, read this Privacy and Personal Data Protection Policy, and know that you will only be able to use our Platform and services if you agree with the respective conditions, so that , by doing so, agrees with the entire content of these documents. Likewise, if you are our employee, collaborator, service provider or have any other type of relationship with BLOCKBR, be aware that you can only start this relationship if you are in accordance with this Privacy and Personal Data Protection Policy, so that, by relating to BLOCKBR, you agree with the entire content of this document.

1.3. Individuals representing legal entities, when they are not themselves legal representatives of the relevant legal entities under the terms of their current constitutive acts, may have their authorization to access the Platform subject to the provision of authorizations by the legal entities to which they are linked.

1.4. BLOCKBR may establish specific rules applicable to a particular product, as the case may be, which will complement and prevail over this Privacy and Personal Data Protection Policy and the Terms of use . In any case, you must accept the applicable terms and conditions.

1.5. This Policy was created in accordance with Laws No. 13.709/2018 (“General Data Protection Law”) and No. 12.965/2014 (“Internet Civil Mark”) to clarify to you (i) what personal data, how and for what purpose they are processed; (ii) what are your rights, under the legislation and rules applicable to the protection of personal data and (iii) what our obligations are, applying to our offline and online interactions and to all activities and services provided. It does not, however, cover the practices of other organizations referenced by links on our Platform and for which we ask you to observe the Privacy Policies and Terms of Use of third parties.

2. Who is BLOCKBR?

2.1. We are BLOCKBR SERVICES DIGITAL LTDA ., a company registered with the CNPJ under No. 43.723.993.0001/32, and headquartered at Av. Brigadeiro Faria Lima, 4055 – Itaim Bibi, São Paulo – SP, 04538-030

3. What data do we handle?

3.1. Personal data means all information related to a natural, identified or identifiable person, such as name, identity document, address, contact information, etc.

3.2. Your data may be collected by BLOCKBR, when you:

The) browse our website, perform your registration and transactions on the Platform;

B) shares fundamental information for the execution of services and improvement of BLOCKBR processes; and

ç) get in touch with our service channels.

  1. 3.3. Other possible ways of obtaining data by BLOCKBR, as the case may be, are through external partners and information providers, which help us to understand demographic data and socioeconomic profiles, complementing the data collected by us; social networks, as long as you are granted permission to access the data on one or more networks, as well as official public sources such as public or private databases.

3.4. All data collection sources guarantee the protection and confidentiality of your data in accordance with the practices described herein, with applicable legislation and regulations.

3.5. The personal data that will be requested for you to have full access to our services, as appropriate, are: in the case of an individual: CPF, date of birth and email. In the case of a legal entity, BLOCKBR will establish the documents that will be requested.

3.6. BLOCKBR will also ask you to send a scanned copy of a valid identity document with a photo, in addition to a selfie, and, in certain situations, a confirmation video, which are characterized as essential sensitive personal data for identification control in the computer systems and, without which, BLOCKBR is unable to provide the services provided herein. These are the minimum information necessary for BLOCKBR to provide its services in a secure manner, that is, identifying you properly, and facial biometrics can be used.

3.7. Without sending these documents and information, the use of our channels, services and functionalities may suffer restrictions and even become unfeasible. BLOCKBR may, as the case may be, request other documents required from you, in order to ensure full access to the Platform's services, such as proof of income and residence, necessary for migration to the Gold segment. In any case, the necessary documents are informed in https://www.blockbr.com.br/taxas-comissoes-e-limites . Please refer to this link when registering to use the Platform.

3.8. When you register, browse our Platform, and use the services of BLOCKBR, the following data and information may be collected, among others:

a) Contact details: telephone numbers, in order to provide greater security for the services and the fidelity of the information you provide;

b) Credentials: we collect cryptographic hash of passwords, strong words, security PIN and necessary security information chosen by you for the authentication process, access to accounts and transactions, for the proper control of access to your account;

c) Demographic data: gender, address, education, income;

d) Financial data: We collect data necessary to make withdrawals in Reais (R$), such as bank, account number and branch, as well as data and history of operations carried out on the Platform for your control. We collect trading API keys and encrypted wallet address;

e) Usage data:in addition to data related to your transactions with Cryptoactives, including your user profile, we keep data related to your interaction with our communication channels, such as duration of visit, navigation paths on the Platform, pageview behavior, characteristics of the access device, browser , Internet Protocol (IP) address with date and time, IP origin, bandwidth and internet service provider (ISP), operating system, device manufacturer, operator, model, Wi-Fi networks, phone number, device data, device identifier (IMEI/MEID), mobile operator and country of registration and configuration;

f) Service data: your interaction in our service channels is also recorded, as well as other details of your contact, which may include chat conversation content;

g) Relationship data: only when unequivocal permission is granted, we can capture data of which are the contacts in your social network;

h) Location data: we may, through our Platform, collect location data originating from GPS (Global Navigation System), GNSS (Global Navigation Satellite System), mobile communications towers, Wi-Fi access points or location data coming from your IP .

i) Investor Profile Data: we may collect data relating to the assets in which you normally invest, for what term and how you would behave in the event of an abrupt loss of value;

j) Sporting Preferences: we may collect data regarding your preference for specific teams (eg football).

3.9. The contracting of services provided by BLOCKBR presupposes the sending of electronic messages (such as e-mails, notifications and SMS) of a security and administrative nature, which is essential for the execution and development of our activity. If you do not agree with this procedure, it is necessary to request the cancellation of your BLOCKBR account.

4. What do we use the collected data for?

4.1. The main purpose for which we collect your personal data is to fulfill a contract with you and offer you the best experience, in a safe, efficient and customized way. We also use the collected data to create, develop, analyze, communicate, operate, deliver and improve our products, processes and services to deliver personalized and complete experiences. Without prejudice to the provisions of this item, we may use the data collected to:

The) Allow transactions with Cryptoactives made available and supported by BLOCKBR, create buy and sell orders and generate and allow access to your virtual wallet;

B) Improve our products, processes and services;

ç) Customize content, make changes to our products and channels;

d) Provide new features, products and promotional dynamics;

and) Offer new products and/or services to you, as well as personalized service and monitoring of investment portfolio;

f) Conduct surveys and campaigns in order to continuously improve the user experience of BLOCKBR.

g) Solve problems and doubts, ensuring the quality of our services and assistance.

H) Establish a relevant and assertive dialogue, respecting your interaction preferences, as well as sending important notices, such as communications, recording of software changes, features, conditions and policies, among others;

i) Further sophisticate our security by acting effectively on suspicious activities and violations of terms or policies;

j) Analyze the performance, trends and measure the Platform's audience, check your browsing habits on the Platform, the way in which you arrived on the Platform (for example, through links from other websites, search engines or directly), evaluate statistics related to the number of accesses and use of the Platform, its features and functionalities;

k) Assess and monitor risks to the Platform's security, improving and developing our security tools, including in compliance with our guidelines for preventing Money Laundering and Combating Terrorism Financing; and

l) Compliance with legal and regulatory obligations.

4.2. For the purposes of your qualification, training and for your safety, BLOCKBR may monitor or record telephone conversations with you or with people acting on your behalf. By communicating with BLOCKBR, you understand, agree and authorize that communications may be listened to, monitored and/or recorded without prior notice or notification.

4.3. You agree and authorize BLOCKBR to use, copy, reproduce, make available, transmit, process, share and translate into other languages any and all testimonies, statements, opinions, impressions, comments and suggestions that you decide to make public on our Platform, including networks social media, associated or not with your name and your profile picture on these social networks, without any consideration being owed by BLOCKBR.

4.4. In addition to the above, BLOCKBR, respecting your privacy, sends messages by electronic means as a notification center on the Platform itself, emails, SMS and notifications to confirm the Platform's activities, for advertising purposes and uses technologies such as cookies, pixel tags , local storage or other identifiers, mobile or otherwise, for account authentication, service enhancement, personalization and for mass-interest communications. Frequency of submission may vary depending on your interaction with these communications. At any time, you may request the interruption of these emails, SMS and notifications through our communication channels, which will be attended to by BLOCKBR within 10 (ten) days of your request, by accessing:

The) Notifications on the Platform and SMS, in the "Settings / Preferences / Notifications" menu.

B) Promotional emails, through the respective unsubscribe link.

4.5. The data will be processed by BLOCKBR during the period in which they are necessary or pertinent to the achievement of the purposes provided for in the Terms of use and in this Privacy and Personal Data Protection Policy, except for the conservation hypotheses provided for in the applicable legislation, in particular in the General Data Protection Law, Marco Civil da Internet, Consumer Defense Code and Civil Code.

5. What are the rights and duties of users?

5.1. BLOCKBR guarantees your rights in accordance with the General Data Protection Law, the Marco Civil da Internet and other Brazilian sectorial laws related to data protection, namely:

a) Access to personal data: allows you to access in your own account your personal data provided in your registration and to request additional information, if you wish;

b) Correction of your personal data: allows you to request correction and/or rectification of your personal data, at any time, if you identify that any of them are incomplete, inaccurate or outdated ;

c) Blocking or deleting unnecessary, excessive or processed personal data in violation of the General Data Protection Law:allows you to ask to stop the processing of your personal data, and the measure taken will be evaluated and attended to according to each case, safeguarding the duty of custody for the legal term of the Civil Rights Framework for the Internet, the Consumer Protection Code and the Civil Code, observing the statute of limitations for any legal or administrative claims;

d) Personal data portability right: allows you to require BLOCKBR to provide you, or third parties you have chosen, with your personal data in a structured and interoperable format;

e) Right to delete personal data processed with the consent of the owner of the personal data: allows you to request the deletion of your personal data when the processing of these data is optional and has your consent as a legal basis, except for the maintenance of data necessary for (i) compliance with legal or regulatory obligations; (ii) study by a research body, ensuring, whenever possible, the anonymization of personal data; (iii) by judicial or administrative decision that requires it; or (iv) due to the duty of custody for the legal term of the Marco Civil da Internet, the Consumer Defense Code and the Civil Code, observing the limitation period for any judicial or administrative claims.

f) Right to information about the sharing of personal data: allows you to request information about third parties with whom BLOCKBR shares your personal data; and

g) Right to withdraw consent at any time and the right not to provide it and the consequences of not providing it:allows you to revoke your consent at any time, except that depending on the nature of the personal data, the revocation may imply the impossibility of using the Platform permanently. Revocation of consent will not be retroactive.

5.2. To exercise your rights, you may preferentially use the contact channels of our Platform, unless your contract with BLOCKBR provides otherwise.

5.3. If you are one of our customers, before fulfilling your request, BLOCKBR will request additional information to confirm your identity, through one of our KYC tools - Know Your Client. In cases where BLOCKBR is not the Controller of the applicant's personal data, BLOCKBR will inform the applicant about its position as Operator of personal data and, if possible, will indicate the Controller, responsible for fulfilling his request.

5.4. In addition to rights, you also have some duties set forth in this Policy, some of which are disciplined in the Terms of use , others in specific contracts with you. If you do not observe them, especially the duties related to the security of your personal data, such as acts of disclosure of your access information (login and password) to third parties, use of public access computers (eg, Internet cafes) or any other form of internet connection that is not private and secure, or even uses jailbroken mobile devices or that have apps from unofficial stores, BLOCKBR will not be responsible for acts or facts arising from non-compliance with these duties and/or which you act with sole or competitor's fault.

5.5. If you need any assistance to exercise your rights, you should contact our Help Center via the email address [email protected]

6. Use of cookies and similar technologies

6.1. Cookies, the Data Management Platform (“DMP”) tool and similar technologies support the customer identification process, communication and other marketing actions, in addition to enabling the protection of collected data. They store information in web browsers, used on computers, phones and other devices, which bring information about their use on our Platform. They are useful in the processes of authentication, advertising, recommendations, audience measurements, channel features and functionalities, security analysis for improvement and development of anti-fraud tools.

6.2. BLOCKBR uses its own essential cookies to control, monitor and track possible vulnerabilities, incident risks and information security incidents, to act preventively and provide a safe environment for our customers. It also uses third-party cookies for statistical analysis of browsing data, in order to evaluate our Platform and constantly improve our services and products, offering a more customized user experience.

6.3. The cookies themselves are essential so that BLOCKBR can guarantee a safe browsing environment and can provide services to you properly, and cannot be disabled.

6.4. By accessing and connecting to BLOCKBR channels, you agree to receive a more personalized browsing experience and authorize the storage, processing and sharing, as provided herein, of the aforementioned information.

7. How long are personal data kept?

7.1. BLOCKBR will store your personal data for as long as the contractual relationship with you lasts, except for legal or regulatory provisions to the contrary and necessary for the maximum prescriptive periods provided for in the Marco Civil da Internet, in the Consumer Protection Code and in the Civil Code. In cases where there is no contractual relationship, BLOCKBR will keep the information you agreed to provide us until further request to dispose of your data and in accordance with applicable law.

8. Is collected data shared with third parties?

8.1. BLOCKBR may share your personal data and other data indicated in item 3.8, above, with companies belonging to the same economic group as BLOCKBR, including Cripto Pagamentos Ltda. for processing the purchase and sale of Cryptoactives, offering specific functionalities (such as viewing and/or accessing your BLOCKBR account through the Cripto Pagamentos application, if you are a Cripto Pagamentos customer), product development and offer , services and registration in these companies. When sharing personal data with third parties is necessary for the development and offer of products and services that best meet your interests, generation of statistical and aggregated data about the use of the Platform, BLOCKBR will adopt, as far as possible, the anonymization of this data .

8.2. BLOCKBR may also share your personal data in auditing processes for corporate transactions or with partners and service providers in cases necessary to execute a contract with you.

8.3. BLOCKBR may collect information about you through identity verification entities and data bureaus to detect possible fraud, as well as credit bureaus, credit profiles and credit risks, for credit analysis, including but not limiting to Accuity, PH3A, Serasa Experian, IRS, Advice, UpMiner and Google.

8.4. BLOCKBR may share your personal data with its partners to provide its services, execute the contract with you, credit analysis and fraud prevention, as well as to implement its Compliance and Know Your Client, Money Laundering Prevention and Funding policies. Terrorism.

8.5. BLOCKBR may share your personal data with public authorities, in case of investigative proceedings or administrative or judicial requests in Brazil or abroad (in this case, taking care to give personal data the same level of protection as offered in Brazil) or by order of a competent authority, such as regulatory agencies, government agencies, in accordance with the provisions of applicable legislation and regulations.

8.6. BLOCKBR may carry out international transfers of personal data, either by virtue of contracts with technological service providers located outside the country, or by virtue of a request from personal data protection authorities or foreign government entities, all in accordance with the General Law of Data Protection.

9. How is collected data handled?

9.1. BLOCKBR has incorporated all the requirements of the General Data Protection Law and other laws and regulations regarding data protection in the treatment of your personal data, adopting the following premises:

a) Data minimization. In all the processing of personal data, whether in physical or digital media, BLOCKBR takes care to collect and process personal data as little as necessary and compatible with purposes, described and informed to the holders (in compliance with the principles of purpose, adequacy and necessity).

b) Transparency. BLOCKBR takes care that any and all processing of personal data, including under the different forms of collection, use and custody, is fully aware of the holders as to the type of data, purpose, as well as its conservation and period of custody.

c) Confidentiality. BLOCKBR adopts organizational and technical measures aimed at the confidentiality of personal data under its responsibility, managing and controlling access only to authorized persons, as well as adopting log tracking measures to anticipate and mitigate risks.

d) Prevention and safety. BLOCKBR promotes periodic risk assessment and, with this, updates the technical information security measures to ensure adequate protection of personal data. In this sense, it also takes care that, as far as possible, there is anonymization or, at least, the pseudonymization of personal data that are the object of scientific research, statistical analysis and evaluation of any nature to meet the legitimate interests of BLOCKBR, especially those that are shared with third parties.

e) Free access and data quality. BLOCKBR guarantees holders easy and free access to their personal data, including to ensure that the data is clear, accurate and up to date.

f) Non-discrimination. BLOCKBR ensures that all processing of personal data is done lawfully, without any type of discrimination of any kind.

g) Relationship with third parties.In all its relationships with third parties that involve the flow of personal data under the responsibility of BLOCKBR, whether with affiliates, partners or service providers, BLOCKBR will ensure that the contracts contain clauses transmitting instructions and disciplining the duties and obligations of third parties regarding protection of personal data of which you are the holder.

h) Accountability and accountability. BLOCKBR will continually seek to adopt effective measures capable of proving compliance and compliance with the rules for the protection of personal data.

9.2. All personal data are kept in a secure environment, in a cloud environment ("cloud") and on physical servers of providers chosen with the premise of respect for data protection legislation, and BLOCKBR not only observes all rules for international transfer of personal data, as it takes care to transmit to its technological service providers the company's guidelines for data protection and guaranteeing the holders the same level of protection required by national legislation.

10. What are the security policies adopted?

10.1. BLOCKBR adopts organizational measures, training and qualifying its internal staff, as well as technical measures aimed at information security, to protect personal data, against unauthorized disclosure, improper access, modification and loss or leakage of data, in an accidental or unlawful manner . BLOCKBR applies the best security practices in the treatment of personal data, such as encryption, periodic monitoring and security tests, firewall, among others. Still, despite all your efforts for information security, unauthorized access or use of restricted customer areas due to failure of the data subject (you), or hardware or software failure and cyber attacks may compromise the security of your personal data.

10.2. BLOCKBR adopts access control mechanisms and log tracking, with different levels of restriction of access to collected data, ensuring in its specific contracts - whether with internal personnel, either with employees or service providers - that failure to comply with this rule implies fines and contract terminations.

10.3. Keep a safe environment; adopt good practices in the creation of access passwords, do not share third-party data, such as logins and passwords, use strong passwords, do not use BLOCKBR's password on other sites or services, changing it periodically; enable 2-step verification. It is also important to always log out of our Platform at the end of its use, avoiding use on computers or public access networks and keeping the operating system and antivirus updated.

10.4. BLOCKBR does not send emails or notifications requesting confirmation or personal data, passwords, credit card numbers, encrypted wallet address, etc.; this could be a phishing, fraudulent practice intended to trick you into sharing personal information, logins and passwords with malicious people. It also does not send electronic messages with attachments that can be executed (extensions: .exe, .com, among others) or links to possible downloads. Never respond to these emails and report on our service channels.

10.5. If you are aware that any third party has had access to your log-in and password, please follow the procedure provided for in our Terms of use . In the event of a security incident that results in destruction, loss, alteration, unauthorized access or leakage of personal data, BLOCKBR will notify you, within a reasonable time, and will adopt the appropriate measures to hold those involved responsible and mitigate damages , such as, for example, communication to investigating authorities, blocking access to the respective account, and all other measures that the specific case recommends.

11. Other information

11.1. This Privacy and Personal Data Protection Policy is governed, interpreted and regulated by Brazilian law and should be read in addition to ours Information Security Policy , as well as our Terms of use and, when appropriate, with the respective contracts.

11.2. The Court of the Judicial District of São Paulo/SP is elected to settle any disputes that may arise in relation to this Privacy and Personal Data Protection Policy.

11.3. The following are integral and inseparable parts of this Privacy and Personal Data Protection Policy, and are considered incorporated therein by reference:

12. Change in policy

12.1. BLOCKBR undertakes to revisit this Privacy and Personal Data Protection Policy periodically to ensure its compliance with the law, as well as to adjust to the guidelines of the National Data Protection Authority (ANPD), and may, for these reasons, modify your terms at any time. Whenever there is a relevant change, such as a new purpose for the personal data already informed, you will be notified through the contact information provided by you or by a notice on the Platform. In the notification, you will have access to the new text of the Privacy and Personal Data Protection Policy.

13. DPO contact and details

13.1. If you have any questions and/or need to address any matter related to this Privacy and Personal Data Protection Policy, please contact us at [email protected] . If you are a customer of ours, always keep your contact channels updated, so that we can contact you preferably by email.

  1. Introduction

1.1. Welcome to BLOCKBR. Your privacy is critical to us. Whether you are a customer, employee, employee, service provider or visitor to our website ( www.blockbr.com.br ) and/or mobile application and/or its own and third-party APIs (hereinafter referred to as “Platform”), be aware that BLOCKBR is attentive to the protection of your personal data.

1.2. If you are interested in one of our products and want to use the Platform, read this Privacy and Personal Data Protection Policy, and know that you will only be able to use our Platform and services if you agree with the respective conditions, so that , by doing so, agrees with the entire content of these documents. Likewise, if you are our employee, collaborator, service provider or have any other type of relationship with BLOCKBR, be aware that you can only start this relationship if you are in accordance with this Privacy and Personal Data Protection Policy, so that, by relating to BLOCKBR, you agree with the entire content of this document.

1.3. Individuals representing legal entities, when they are not themselves legal representatives of the relevant legal entities under the terms of their current constitutive acts, may have their authorization to access the Platform subject to the provision of authorizations by the legal entities to which they are linked.

1.4. BLOCKBR may establish specific rules applicable to a particular product, as the case may be, which will complement and prevail over this Privacy and Personal Data Protection Policy and the Terms of use . In any case, you must accept the applicable terms and conditions.

1.5. This Policy was created in accordance with Laws No. 13.709/2018 (“General Data Protection Law”) and No. 12.965/2014 (“Internet Civil Mark”) to clarify to you (i) what personal data, how and for what purpose they are processed; (ii) what are your rights, under the legislation and rules applicable to the protection of personal data and (iii) what our obligations are, applying to our offline and online interactions and to all activities and services provided. It does not, however, cover the practices of other organizations referenced by links on our Platform and for which we ask you to observe the Privacy Policies and Terms of Use of third parties.

1.6. We divide this Policy by subjects, all referenced by their own links. Read them all, but for your best convenience, whenever you want to revisit a topic, you can click on the topic of interest, and you will then be directed to the respective page:

  1. Who is BLOCKBR?

2.1. We are BLOCKBR SERVICES DIGITAL LTDA ., a company registered with the CNPJ under No. 43.723.993.0001/32, and headquartered at Av. Brigadeiro Faria Lima, 4055 – Itaim Bibi, São Paulo – SP, 04538-030

  1. What data do we handle?

3.1. Personal data means all information related to a natural, identified or identifiable person, such as name, identity document, address, contact information, etc.

3.2. Your data may be collected by BLOCKBR, when you:

The) browse our website, perform your registration and transactions on the Platform;

B) shares fundamental information for the execution of services and improvement of BLOCKBR processes; and

ç) get in touch with our service channels.

  1. 3.3. Other possible ways of obtaining data by BLOCKBR, as the case may be, are through external partners and information providers, which help us to understand demographic data and socioeconomic profiles, complementing the data collected by us; social networks, as long as you are granted permission to access the data on one or more networks, as well as official public sources such as public or private databases.

3.4. All data collection sources guarantee the protection and confidentiality of your data in accordance with the practices described herein, with applicable legislation and regulations.

3.5. The personal data that will be requested for you to have full access to our services, as appropriate, are: in the case of an individual: CPF, date of birth and email. In the case of a legal entity, BLOCKBR will establish the documents that will be requested.

3.6. BLOCKBR will also ask you to send a scanned copy of a valid identity document with a photo, in addition to a selfie, and, in certain situations, a confirmation video, which are characterized as essential sensitive personal data for identification control in the computer systems and, without which, BLOCKBR is unable to provide the services provided herein. These are the minimum information necessary for BLOCKBR to provide its services in a secure manner, that is, identifying you properly, and facial biometrics can be used.

3.7. Without sending these documents and information, the use of our channels, services and functionalities may suffer restrictions and even become unfeasible. BLOCKBR may, as the case may be, request other documents required from you, in order to ensure full access to the Platform’s services, such as proof of income and residence, necessary for migration to the Gold segment. In any case, the necessary documents are informed in https://www.blockbr.com.br/taxas-comissoes-e-limites . Please refer to this link when registering to use the Platform.

3.8. When you register, browse our Platform, and use the services of BLOCKBR, the following data and information may be collected, among others:

a) Contact details: telephone numbers, in order to provide greater security for the services and the fidelity of the information you provide;

b) Credentials: we collect cryptographic hash of passwords, strong words, security PIN and necessary security information chosen by you for the authentication process, access to accounts and transactions, for the proper control of access to your account;

c) Demographic data: gender, address, education, income;

d) Financial data: We collect data necessary to make withdrawals in Reais (R$), such as bank, account number and branch, as well as data and history of operations carried out on the Platform for your control. We collect trading API keys and encrypted wallet address;

e) Usage data:in addition to data related to your transactions with Cryptoactives, including your user profile, we keep data related to your interaction with our communication channels, such as duration of visit, navigation paths on the Platform, pageview behavior, characteristics of the access device, browser , Internet Protocol (IP) address with date and time, IP origin, bandwidth and internet service provider (ISP), operating system, device manufacturer, operator, model, Wi-Fi networks, phone number, device data, device identifier (IMEI/MEID), mobile operator and country of registration and configuration;

f) Service data: your interaction in our service channels is also recorded, as well as other details of your contact, which may include chat conversation content;

g) Relationship data: only when unequivocal permission is granted, we can capture data of which are the contacts in your social network;

h) Location data: we may, through our Platform, collect location data originating from GPS (Global Navigation System), GNSS (Global Navigation Satellite System), mobile communications towers, Wi-Fi access points or location data coming from your IP .

i) Investor Profile Data: we may collect data relating to the assets in which you normally invest, for what term and how you would behave in the event of an abrupt loss of value;

j) Sporting Preferences: we may collect data regarding your preference for specific teams (eg football).

3.9. The contracting of services provided by BLOCKBR presupposes the sending of electronic messages (such as e-mails, notifications and SMS) of a security and administrative nature, which is essential for the execution and development of our activity. If you do not agree with this procedure, it is necessary to request the cancellation of your BLOCKBR account.

  1. What do we use the collected data for?

4.1. The main purpose for which we collect your personal data is to fulfill a contract with you and offer you the best experience, in a safe, efficient and customized way. We also use the collected data to create, develop, analyze, communicate, operate, deliver and improve our products, processes and services to deliver personalized and complete experiences. Without prejudice to the provisions of this item, we may use the data collected to:

The) Allow transactions with Cryptoactives made available and supported by BLOCKBR, create buy and sell orders and generate and allow access to your virtual wallet;

B) Improve our products, processes and services;

ç) Customize content, make changes to our products and channels;

d) Provide new features, products and promotional dynamics;

and) Offer new products and/or services to you, as well as personalized service and monitoring of investment portfolio;

f) Conduct surveys and campaigns in order to continuously improve the user experience of BLOCKBR.

g) Solve problems and doubts, ensuring the quality of our services and assistance.

H) Establish a relevant and assertive dialogue, respecting your interaction preferences, as well as sending important notices, such as communications, recording of software changes, features, conditions and policies, among others;

i) Further sophisticate our security by acting effectively on suspicious activities and violations of terms or policies;

j) Analyze the performance, trends and measure the Platform’s audience, check your browsing habits on the Platform, the way in which you arrived on the Platform (for example, through links from other websites, search engines or directly), evaluate statistics related to the number of accesses and use of the Platform, its features and functionalities;

k) Assess and monitor risks to the Platform’s security, improving and developing our security tools, including in compliance with our guidelines for preventing Money Laundering and Combating Terrorism Financing; and

l) Compliance with legal and regulatory obligations.

4.2. For the purposes of your qualification, training and for your safety, BLOCKBR may monitor or record telephone conversations with you or with people acting on your behalf. By communicating with BLOCKBR, you understand, agree and authorize that communications may be listened to, monitored and/or recorded without prior notice or notification.

4.3. You agree and authorize BLOCKBR to use, copy, reproduce, make available, transmit, process, share and translate into other languages any and all testimonies, statements, opinions, impressions, comments and suggestions that you decide to make public on our Platform, including networks social media, associated or not with your name and your profile picture on these social networks, without any consideration being owed by BLOCKBR.

4.4. In addition to the above, BLOCKBR, respecting your privacy, sends messages by electronic means as a notification center on the Platform itself, emails, SMS and notifications to confirm the Platform’s activities, for advertising purposes and uses technologies such as cookies, pixel tags , local storage or other identifiers, mobile or otherwise, for account authentication, service enhancement, personalization and for mass-interest communications. Frequency of submission may vary depending on your interaction with these communications. At any time, you may request the interruption of these emails, SMS and notifications through our communication channels, which will be attended to by BLOCKBR within 10 (ten) days of your request, by accessing:

The) Notifications on the Platform and SMS, in the “Settings / Preferences / Notifications” menu.

B) Promotional emails, through the respective unsubscribe link.

4.5. The data will be processed by BLOCKBR during the period in which they are necessary or pertinent to the achievement of the purposes provided for in the Terms of use and in this Privacy and Personal Data Protection Policy, except for the conservation hypotheses provided for in the applicable legislation, in particular in the General Data Protection Law, Marco Civil da Internet, Consumer Defense Code and Civil Code.

  1. What are the rights and duties of users?

5.1. BLOCKBR guarantees your rights in accordance with the General Data Protection Law, the Marco Civil da Internet and other Brazilian sectorial laws related to data protection, namely:

a) Access to personal data: allows you to access in your own account your personal data provided in your registration and to request additional information, if you wish;

b) Correction of your personal data: allows you to request correction and/or rectification of your personal data, at any time, if you identify that any of them are incomplete, inaccurate or outdated ;

c) Blocking or deleting unnecessary, excessive or processed personal data in violation of the General Data Protection Law:allows you to ask to stop the processing of your personal data, and the measure taken will be evaluated and attended to according to each case, safeguarding the duty of custody for the legal term of the Civil Rights Framework for the Internet, the Consumer Protection Code and the Civil Code, observing the statute of limitations for any legal or administrative claims;

d) Personal data portability right: allows you to require BLOCKBR to provide you, or third parties you have chosen, with your personal data in a structured and interoperable format;

e) Right to delete personal data processed with the consent of the owner of the personal data: allows you to request the deletion of your personal data when the processing of these data is optional and has your consent as a legal basis, except for the maintenance of data necessary for (i) compliance with legal or regulatory obligations; (ii) study by a research body, ensuring, whenever possible, the anonymization of personal data; (iii) by judicial or administrative decision that requires it; or (iv) due to the duty of custody for the legal term of the Marco Civil da Internet, the Consumer Defense Code and the Civil Code, observing the limitation period for any judicial or administrative claims.

f) Right to information about the sharing of personal data: allows you to request information about third parties with whom BLOCKBR shares your personal data; and

g) Right to withdraw consent at any time and the right not to provide it and the consequences of not providing it:allows you to revoke your consent at any time, except that depending on the nature of the personal data, the revocation may imply the impossibility of using the Platform permanently. Revocation of consent will not be retroactive.

5.2. To exercise your rights, you may preferentially use the contact channels of our Platform, unless your contract with BLOCKBR provides otherwise.

5.3. If you are one of our customers, before fulfilling your request, BLOCKBR will request additional information to confirm your identity, through one of our KYC tools – Know Your Client. In cases where BLOCKBR is not the Controller of the applicant’s personal data, BLOCKBR will inform the applicant about its position as Operator of personal data and, if possible, will indicate the Controller, responsible for fulfilling his request.

5.4. In addition to rights, you also have some duties set forth in this Policy, some of which are disciplined in the Terms of use , others in specific contracts with you. If you do not observe them, especially the duties related to the security of your personal data, such as acts of disclosure of your access information (login and password) to third parties, use of public access computers (eg, Internet cafes) or any other form of internet connection that is not private and secure, or even uses jailbroken mobile devices or that have apps from unofficial stores, BLOCKBR will not be responsible for acts or facts arising from non-compliance with these duties and/or which you act with sole or competitor’s fault.

5.5. If you need any assistance to exercise your rights, you should contact our Help Center via the email address [email protected]

  1. Use of cookies and similar technologies

6.1. Cookies, the Data Management Platform (“DMP”) tool and similar technologies support the customer identification process, communication and other marketing actions, in addition to enabling the protection of collected data. They store information in web browsers, used on computers, phones and other devices, which bring information about their use on our Platform. They are useful in the processes of authentication, advertising, recommendations, audience measurements, channel features and functionalities, security analysis for improvement and development of anti-fraud tools.

6.2. BLOCKBR uses its own essential cookies to control, monitor and track possible vulnerabilities, incident risks and information security incidents, to act preventively and provide a safe environment for our customers. It also uses third-party cookies for statistical analysis of browsing data, in order to evaluate our Platform and constantly improve our services and products, offering a more customized user experience.

6.3. The cookies themselves are essential so that BLOCKBR can guarantee a safe browsing environment and can provide services to you properly, and cannot be disabled.

6.4. By accessing and connecting to BLOCKBR channels, you agree to receive a more personalized browsing experience and authorize the storage, processing and sharing, as provided herein, of the aforementioned information.

  1. How long is personal data kept?

7.1. BLOCKBR will store your personal data for as long as the contractual relationship with you lasts, except for legal or regulatory provisions to the contrary and necessary for the maximum prescriptive periods provided for in the Marco Civil da Internet, in the Consumer Protection Code and in the Civil Code. In cases where there is no contractual relationship, BLOCKBR will keep the information you agreed to provide us until further request to dispose of your data and in accordance with applicable law.

  1. Is collected data shared with third parties?

8.1. BLOCKBR may share your personal data and other data indicated in item 3.8, above, with companies belonging to the same economic group as BLOCKBR, including Cripto Pagamentos Ltda. for processing the purchase and sale of Cryptoactives, offering specific functionalities (such as viewing and/or accessing your BLOCKBR account through the Cripto Pagamentos application, if you are a Cripto Pagamentos customer), product development and offer , services and registration in these companies. When sharing personal data with third parties is necessary for the development and offer of products and services that best meet your interests, generation of statistical and aggregated data about the use of the Platform, BLOCKBR will adopt, as far as possible, the anonymization of this data .

8.2. BLOCKBR may also share your personal data in auditing processes for corporate transactions or with partners and service providers in cases necessary to execute a contract with you.

8.3. BLOCKBR may collect information about you through identity verification entities and data bureaus to detect possible fraud, as well as credit bureaus, credit profiles and credit risks, for credit analysis, including but not limiting to Accuity, PH3A, Serasa Experian, IRS, Advice, UpMiner and Google.

8.4. BLOCKBR may share your personal data with its partners to provide its services, execute the contract with you, credit analysis and fraud prevention, as well as to implement its Compliance and Know Your Client, Money Laundering Prevention and Funding policies. Terrorism.

8.5. BLOCKBR may share your personal data with public authorities, in case of investigative proceedings or administrative or judicial requests in Brazil or abroad (in this case, taking care to give personal data the same level of protection as offered in Brazil) or by order of a competent authority, such as regulatory agencies, government agencies, in accordance with the provisions of applicable legislation and regulations.

8.6. BLOCKBR may carry out international transfers of personal data, either by virtue of contracts with technological service providers located outside the country, or by virtue of a request from personal data protection authorities or foreign government entities, all in accordance with the General Law of Data Protection.

  1. How is collected data handled?

9.1. BLOCKBR has incorporated all the requirements of the General Data Protection Law and other laws and regulations regarding data protection in the treatment of your personal data, adopting the following premises:

a) Data minimization. In all the processing of personal data, whether in physical or digital media, BLOCKBR takes care to collect and process personal data as little as necessary and compatible with purposes, described and informed to the holders (in compliance with the principles of purpose, adequacy and necessity).

b) Transparency. BLOCKBR takes care that any and all processing of personal data, including under the different forms of collection, use and custody, is fully aware of the holders as to the type of data, purpose, as well as its conservation and period of custody.

c) Confidentiality. BLOCKBR adopts organizational and technical measures aimed at the confidentiality of personal data under its responsibility, managing and controlling access only to authorized persons, as well as adopting log tracking measures to anticipate and mitigate risks.

d) Prevention and safety. BLOCKBR promotes periodic risk assessment and, with this, updates the technical information security measures to ensure adequate protection of personal data. In this sense, it also takes care that, as far as possible, there is anonymization or, at least, the pseudonymization of personal data that are the object of scientific research, statistical analysis and evaluation of any nature to meet the legitimate interests of BLOCKBR, especially those that are shared with third parties.

e) Free access and data quality. BLOCKBR guarantees holders easy and free access to their personal data, including to ensure that the data is clear, accurate and up to date.

f) Non-discrimination. BLOCKBR ensures that all processing of personal data is done lawfully, without any type of discrimination of any kind.

g) Relationship with third parties.In all its relationships with third parties that involve the flow of personal data under the responsibility of BLOCKBR, whether with affiliates, partners or service providers, BLOCKBR will ensure that the contracts contain clauses transmitting instructions and disciplining the duties and obligations of third parties regarding protection of personal data of which you are the holder.

h) Accountability and accountability. BLOCKBR will continually seek to adopt effective measures capable of proving compliance and compliance with the rules for the protection of personal data.

9.2. All personal data are kept in a secure environment, in a cloud environment (“cloud”) and on physical servers of providers chosen with the premise of respect for data protection legislation, and BLOCKBR not only observes all rules for international transfer of personal data, as it takes care to transmit to its technological service providers the company’s guidelines for data protection and guaranteeing the holders the same level of protection required by national legislation.

  1. What are the security policies adopted?

10.1. BLOCKBR adopts organizational measures, training and qualifying its internal staff, as well as technical measures aimed at information security, to protect personal data, against unauthorized disclosure, improper access, modification and loss or leakage of data, in an accidental or unlawful manner . BLOCKBR applies the best security practices in the treatment of personal data, such as encryption, periodic monitoring and security tests, firewall, among others. Still, despite all your efforts for information security, unauthorized access or use of restricted customer areas due to failure of the data subject (you), or hardware or software failure and cyber attacks may compromise the security of your personal data.

10.2. BLOCKBR adopts access control mechanisms and log tracking, with different levels of restriction of access to collected data, ensuring in its specific contracts – whether with internal personnel, either with employees or service providers – that failure to comply with this rule implies fines and contract terminations.

10.3. Keep a safe environment; adopt good practices in the creation of access passwords, do not share third-party data, such as logins and passwords, use strong passwords, do not use BLOCKBR’s password on other sites or services, changing it periodically; enable 2-step verification. It is also important to always log out of our Platform at the end of its use, avoiding use on computers or public access networks and keeping the operating system and antivirus updated.

10.4. BLOCKBR does not send emails or notifications requesting confirmation or personal data, passwords, credit card numbers, encrypted wallet address, etc.; this could be a phishing, fraudulent practice intended to trick you into sharing personal information, logins and passwords with malicious people. It also does not send electronic messages with attachments that can be executed (extensions: .exe, .com, among others) or links to possible downloads. Never respond to these emails and report on our service channels.

10.5. If you are aware that any third party has had access to your log-in and password, please follow the procedure provided for in our Terms of use . In the event of a security incident that results in destruction, loss, alteration, unauthorized access or leakage of personal data, BLOCKBR will notify you, within a reasonable time, and will adopt the appropriate measures to hold those involved responsible and mitigate damages , such as, for example, communication to investigating authorities, blocking access to the respective account, and all other measures that the specific case recommends.

  1. Other information

11.1. This Privacy and Personal Data Protection Policy is governed, interpreted and regulated by Brazilian law and should be read in addition to ours Information Security Policy , as well as our Terms of use and, when appropriate, with the respective contracts.

11.2. The Court of the Judicial District of São Paulo/SP is elected to settle any disputes that may arise in relation to this Privacy and Personal Data Protection Policy.

11.3. The following are integral and inseparable parts of this Privacy and Personal Data Protection Policy, and are considered incorporated therein by reference:

  1. Change in policy

12.1. BLOCKBR undertakes to revisit this Privacy and Personal Data Protection Policy periodically to ensure its compliance with the law, as well as to adjust to the guidelines of the National Data Protection Authority (ANPD), and may, for these reasons, modify your terms at any time. Whenever there is a relevant change, such as a new purpose for the personal data already informed, you will be notified through the contact information provided by you or by a notice on the Platform. In the notification, you will have access to the new text of the Privacy and Personal Data Protection Policy.

  1. DPO contact and details

13.1. If you have any questions and/or need to address any matter related to this Privacy and Personal Data Protection Policy, please contact us at [email protected] . If you are a customer of ours, always keep your contact channels updated, so that we can contact you preferably by email.

Do you have any questions? See our FAQ