C.VALE – AGROINDUSTRIAL COOPERATIVE, registered with CNPJ no. 77.863.223/0001-07, with address at Av. Independência No. 2347, Centro, in the city of Palotina – PR, CEP 85.950-000, and its branches, hereinafter referred to simply as C.Vale, values the privacy and protection of personal data processed in its activities. To this end, based on the principles of personal data processing, the cooperative developed this Privacy Policy to regulate the use of the website of its domain www.cvale.com.br, hereinafter referred to simply as the website, for the relationship with the Data Subject. When using our services, the user (Data Subject) agrees with this Policy, authorizing C.Vale to process their personal data in the manner necessary for the adequate provision of services, in accordance with this Policy and data protection legislation.
This Policy applies to everyone who has any type of relationship with C.Vale, including associates, customers, employees, suppliers, service providers, business partners, social media followers, and anyone else we engage with. From now on, we will refer to all of them collectively as Data Subject. It also applies to any and all personal data processed by C.Vale, considered as follows:
– Personal data refers to any information related to an identified or identifiable natural person, such as their name, CPF (Brazilian individual taxpayer identification number), ID, address, telephone number, and email.
– Sensitive personal data refers to any information about an identified or identifiable natural person concerning their racial or ethnic origin, religious beliefs, political opinions, union membership, or affiliations with religious, philosophical, or political organizations. It also includes data related to health, sexual orientation, genetic information, or biometric data.
Regarding processing, it is governed by the General Personal Data Protection Law (Law 13,709/2018) and encompasses all operations performed with personal data. This includes activities related to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation or control, modification, communication, transfer, dissemination, or extraction of information, among others not explicitly mentioned in the law but that are based on or utilizing personal data for execution.
To establish this Privacy Policy, C.Vale adopted the following principles, which will always be used applied on good faith:
• Purpose: processing personal data for legitimate, specific, and explicit purposes that are communicated to the Data Subject, without the possibility of subsequent processing in a manner that is incompatible with those purposes.
• Adequacy: ensuring that the processing is compatible with the purposes communicated to the Data Subject, in line with the context of the processing.
• Necessity: limiting processing to the minimum required to achieve its purposes, ensuring that the data collected is relevant, proportional, and not excessive in relation to the objectives of data processing.
• Free access: ensuring that the Data Subject has easy and free access to information regarding the nature and duration of the processing, as well as the completeness of their personal data.
• Data quality: ensuring that the Data Subject’s data is accurate, clear, relevant, and up to date, in accordance with the need to fulfill the purpose of its processing.
• Transparency: ensuring that the Data Subject receives clear, precise, and easily accessible information about the processing activities and the respective processing agents, while respecting commercial and industrial secrets.
• Security: implementing technical and administrative measures to protect personal data from unauthorized access, as well as from accidental or unlawful destruction, loss, alteration, communication, or dissemination.
• Prevention: implementing measures to prevent harm that may arise from the processing of personal data.
• Non-discrimination: ensuring that processing does not occur for unlawful or abusive discriminatory purposes.
• Accountability: the obligation of the agent to demonstrate the adoption of effective measures that ensure compliance with personal data protection standards and to provide evidence of the effectiveness of those measures.
To serve the Data Subject, C.Vale will process the personal data necessary to support its business activities. This data will be subject to a corporate governance and information protection system designed to ensure security and transparency in its operations. The Data Subject is guaranteed access to the processing of their personal data, which will be made available upon request.
When using the website, we process the necessary data to maintain a close relationship with the Data Subject, always in line with the principles set forth in the General Personal Data Protection Law (LGPD).
5.1 Data Subjects: For the purposes of the website, we process the personal data of our customers and/or users who are interested in our products or who have any prior relationship with C.Vale Group. To this end, we only collect personal information that the Data Subject is willing to provide or that is necessary for delivering and improving our services. Additionally, we collect data automatically through cookies or similar technologies when accessing our applications.
5.2 Personal data processed: C.Vale’s principle is to minimize the use of personal data in conducting our business. However, in certain circumstances, the processing of personal data is unavoidable. The personal data we process on the C.Vale website are:
a. In the “Contact Us” tab:
• Registration data: personal information (full name, email, telephone, cell phone, address, zip code, country, state, city);
• Request data: information that the Data Subject writes to C.Vale’s Customer Service. This is a space for open expression.
b. In the “Supplier Forms” tab:
• Registration data: name of the legal representative, nationality, marital status and CPF of the legal representative of the indicated supplier;
• Bank details: banking information for making payments via C.Vale (bank name, branch, current account);
• Location Data: city and state in which the Data Subject is headquartered.
c. Data automatically captured by the website.
• Technical Data: information about your browsing on our website, including, but not limited to, your IP address, date and time of connection, accessed information, search queries, operating system used, browser type and/or version, referring URL (previously visited page), and details about your internet connection (internet service provider, connection type): 3G, 4G, 5G, Wi-Fi, xDSL, cable, optical fiber, etc.). Please note that we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behavior patterns on our website. We do this to gather information such as the number of visitors to our website and the popularity of the content we publish. This information is processed in a way that ensures it does not identify any individuals. We use the anonymized IP feature to mask your IP address and limit the amount of identifiable data we collect. We do not and do not allow Google Analytics to make any attempt to discover the identities of people who visit our application.
5.2.1 Sensitive personal data: according to the General Data Protection Law (Law 13,709/2018), sensitive personal data refers to information related to a person’s racial or ethnic origin, religious beliefs, political opinions, membership in a union or organization of a religious, philosophical, or political nature, as well as data pertaining to health or sexual orientation, genetic information, or biometric data when linked to an individual. On the C.Vale website, we do not process sensitive data, as it is unnecessary for our operation.
5.2.2 Data from children and adolescents: our activities are not designed for children (up to 12 years old) or adolescents (from 12 to 18 years old). Therefore, we do not process (request or collect) personal data from this audience for the purposes of the C.Vale website. If we discover that we have unintentionally collected personal data from children (under 12 years old) or teenagers (between 12 and 18 years old), we will delete that personal data from our records.
5.3 Data processing purposes: we process the data listed in item 5.2, paragraph a., for the following purpose:
• Customer and associate service: this registration is designed to address various requests that may come from C.Vale’s associates, customers, employees, suppliers, and others who have a relationship with us. Such demands are directed to the various areas of C.Vale, which will provide the necessary treatment and return of C.Vale to the Data Subject.
The data listed in item 5.2, paragraph b., are processed for the following purpose:
• Supplier payment guidance: the data provided here is used to prepare a document outlining how payment will be made to a C.Vale supplier. We do not archive these data; it only serves to generate the PDF file that must be signed and sent via email to C.Vale.
The data listed in item 5.2, paragraph c., are processed for the following purpose:
• Analysis of published content: some of the technical data collected provides feedback on the popularity of our website and the impact of the content we publish, allowing us to enhance our publications and better reach our target audience;
• Improved browsing performance: technical data is also used to analyze our website’s performance, including content layout, the number of clicks to access a page, and server response speed.
5.4 Legal framework for processing: to ensure compliance with the LGPD, every operation involving personal data is backed by a valid processing hypothesis. In the case of our website, such processing is based on the following grounds:
a) For the legitimate interest of C.Vale (Art. 7, IX of Law 13.709/2018): the content published on our website is intended solely to inform about the cooperative’s operations, products, performance results, news, and other relevant information. Only the treatments described in item 5.2, paragraphs a. and b., refer to the collection of personal data. In this regard, with the exception of the processing outlined in item 5.2, paragraph b, all other processing activities are conducted in the legitimate interests of the company, as they promote transparency and efficiency in serving our associates and customers;
b) For contract fulfillment (Art. 7, V of Law 13.709/2018): the form completed as described in item 5.2, paragraph a., is intended to make payments to suppliers contracted by C.Vale. Therefore, it is possible for the contractual object established between the parties to be fulfilled;
c) Other legal bases: we may also process the personal data described in item 5.2 to comply with a legal or regulatory obligation (Art. 7, II of Law 13,709/2018), or for the regular exercise of our rights (Art. 7, VI of Law 13,709/2018), options that will only be used in case of need, when we are required by law or for our defense.
5.5 Sharing of personal data: C.Vale does not sell the data on Data Subjects collected by it, nor does it sell the personal data generated as a result of transactions conducted between the parties. It also has structured policies so that such data is not used by third parties, thus maintaining the privacy of Data Subjects who have a relationship with the cooperative. However, sharing data is necessary to ensure the proper functioning of the website. To do this, it shares the information with the following recipients:
a) Service providers: Understood as companies contracted for the maintenance and development of tools, such as information storage providers, software maintenance, software and information security, information technology, among others.
b) Companies of the C.Vale Group: C.Vale – Cooperativa Agroindustrial has a group of companies, of which it controls, namely: C.Vale – Commerce and Transport Ltda., C.Vale S/A., in Paraguay, C.Vale Luxembourg S.à.r.l., Marasca Commerce and Cereals Ltda. and Plusval Agroavícola Ltda. (Frango Levo). Therefore, if necessary, personal information processed on the C.Vale website may be shared with any of its subsidiaries, provided that such sharing is duly supported by the LGPD.
c) Commercial partners: Those who, directly or indirectly, assist C.Vale in marketing its products and providing its services. This sharing will only occur if necessary and will be supported by a legal basis for processing as outlined in the LGPD.
d) Public Bodies: This sharing occurs as part of the legal obligation to provide information to public authorities and will only be done when necessary.
5.6 International transfer: The C.Vale website processes the data contained therein only in Brazil. We do not transfer or share this information with other countries. However, if there is a future need for international data transfer, we will implement all necessary security measures and comply with all legal requirements to ensure that the rights of the Data Subjects are protected, and no harm is caused.
5.7 Storage of processed personal data: We retain processed personal data for as long as necessary to facilitate and enhance the commercial relationship or services provided by the cooperative, as well as to comply with legally mandated processing requirements. Processed personal data will be deleted once the purpose for which it was collected has been achieved and the data is no longer necessary to fulfill any processing requirements outlined in the LGPD.
The Data Subjects whose information we process have rights clearly established by law, particularly those outlined in the Federal Constitution (Art. 5, X), the Civil Rights Framework for the Internet (Art. 7 of Law 12,965/2014), and the General Data Protection Law (Art. 17, Art. 18, and subsequent articles of Law 13,709/2018), as well as various other applicable legal provisions (laws, regulations, normative instructions, etc.). They include the right to:
• confirm the existence of data processing;
• access the data;
• correct incomplete, inaccurate, or outdated data;
• request the anonymization, blocking, or deletion of unnecessary, excessive, or unlawfully processed data;
• transfer data to another service or product provider, upon request, in accordance with national authority regulations, while respecting commercial and industrial confidentiality;
• request the deletion of personal data processed with the Data Subject’s consent, except in cases provided for in Art. 16 of Law 13,709/2018;
• receive information about public and private entities with whom the data controller has shared their data;
• be informed about the option to withhold consent and the consequences of doing so;
• revoke consent;
• file a petition with the data controller regarding their data with the national authority;
• object to processing conducted under a waiver of consent in cases of non-compliance with Law 13,709/2018;
• request a review of decisions made solely through automated data processing that affect their interests, including decisions defining personal, professional, consumer, or credit profiles, or other aspects of their personality.
Therefore, C.Vale ensures the protection and rights of Data Subjects and is available to assist them using the contacts described in item 10 of this Policy.
C.Vale follows the best market practices to ensure the security of your information, including the personal data we process. However, security incidents involving personal data can still occur, as no system or network is entirely infallible. For this reason, no company, including C.Vale, can fully eliminate the risks associated with personal data security. Therefore, in the event of a security incident involving your personal data, C.Vale will take all possible measures to minimize the impact, including notifying you about the incident. If the Data Subject becomes aware of a security incident involving their personal data through C.Vale or its representatives, we ask that they contact us via our communication channels so that appropriate measures can be taken. The Data Subject can also help protect their privacy and personal data by following good security practices, such as not sharing their password with third parties. If they notice or become aware of anything that compromises the security of their data, they should contact us through the channels provided in item 10 of this Policy.
When clicking on links on the C.Vale website, they may direct you to the website of another provider, the content of which will be the responsibility of the respective provider. C.Vale is not responsible for the privacy practices of external websites and recommends reading their privacy policies.
Cookies are text files containing small amounts of information that are downloaded to the customer’s computer or mobile device when the customer visits a website and are stored in the browser. Cookies are then sent back to the originating website on each subsequent visit to that website or another website that recognizes these cookies. Some cookies on the C.Vale website collect IP and MAC addresses, which may be considered personal data in some jurisdictions. Cookies are useful because they allow a website to recognize a user’s device. The customer can find more information about cookies at http://www.allaboutcookies.org. Cookies used on the C.Vale website can be categorized as follows:
Category 1: Strictly Necessary Cookies – These cookies are essential in order to enable the customer to use the services provided on the website and its features.
Category 2: Performance Cookies – These cookies collect information about how the customer uses the services (such as which pages they access most frequently and whether they receive error messages). In general, these cookies do not collect information that directly identifies the user. However, some of these cookies may collect GeoIP or other identifiers that may be considered personal data in some jurisdictions.
Category 3: Functionality Cookies – These cookies allow the services to remember choices you make (such as the language or region you are in) and provide enhanced features (such as describing functionality, if applicable). These cookies may also be used to remember changes you have made to personalize the services.
Category 4: Target Cookies – These cookies collect various information about the customer’s browsing habits. These are usually done by advertising networks, not website operators. They collect information about customer’s interactions with the services over time, as well as with third-party websites and online services.
Category 5: Social Media Cookies – These cookies are usually generated by content embeds. They allow social network users to share content and use other features, such as posting comments.
Finally, C.Vale reinforces its commitment to providing service and protecting your personal data. Thus, the Data Subject will be able to exercise their rights provided for in item “6. From the exercise of the Data Subject’s right” of this Privacy Policy through the communication channel listed below, where it will be addressed within the legal term established in Law 13.709/2018 and its regulations. Through this same communication channel, the Data Subject may ask questions about this Privacy Policy, make suggestions or file complaints. Contact us through the following channels:
• Personal Data Officer: José Benedito Montagnini de Barros
• E-mail: privacidade@cvale.com.br
• Contact telephone number: (44) 3649-8181
• Correspondence address: Av. Independência, 2347, Centro, CEP 85950-000, Palotina, Paraná.
• Site: https://www.cvale.com.br/contato/fale-conosco
This Privacy Policy may be modified at any time, and any changes will be duly published on C.Vale’s communication channels. To stay up to date, it is recommended that you periodically check the current version through official communication channels.
Eng
Esp
Por