This Internal Privacy and Data Protection Policy contains information about the collection, use, storage, processing and protection of personal data of all our employees, third parties, partners and Simple Cloud Data customers, and was prepared in accordance with the General Data Protection Law of the corresponding countries where the website operates.

We understand that all of our employees, third parties, and partners at SIMPLE CLOUD DATA value and care about your privacy and the protection of your personal data. Therefore, we have developed this Internal Privacy Policy, the main objective of which is to inform you about the collection, use, sharing, and general processing of your personal data, whether in digital or physical format, with the aim of providing greater transparency about how and for what purposes the company uses your data.

Our goal is to adopt security and privacy measures, transparently processing and protecting personal data, seeking to comply with the General Data Protection Law and providing our employees and collaborators with information on the processing of their data, protecting it and complying with the principles of current legislation.

Therefore, to ensure the privacy and protection of your personal data, it is very important that you understand and comply with the guidelines of Simple Cloud Data's Internal Privacy and Personal Data Protection Policy.

The guiding principles of this internal policy, aligned with the General Data Protection Law:

• Adequacy: The processing of data must be compatible with the purpose informed to the owner.
• Need: Treatment should be limited to the minimum necessary to achieve the proposed objective.
• Free access: Data subjects have the right to access information about the processing of their data at any time.
• Data quality: Data processing must keep it accurate, clear, relevant, and up-to-date, without discrepancies or distortions.
• Transparency: Data processing must be explained to interested parties in a transparent and accessible manner, respecting the necessary commercial and industrial confidentiality.
• Security: Personal data must be protected by the data controller so that it is not lost, altered, destroyed, or accessed inappropriately.
• Prevention: It is the responsibility of the data controller to take measures to prevent harm that may arise from the processing of personal data.
• Non-discrimination: The processing of personal data must not be carried out for discriminatory, unlawful, or abusive purposes.
• Responsibility and accountability: Demonstration to the data subjects of the measures used to ensure compliance with the General Law on the Protection of Personal Data.

Information relating to individuals should only be collected to the extent necessary to provide the services, and in all applicable cases, consent for data processing must be obtained in accordance with the General Data Protection Act.

To the extent permitted by applicable law, the categories and types of personal data collected by Simple Cloud Data may include, subject to the guiding principles set out above: (1) your contact details, such as name, title, company name, email address, phone number, or postal address, among others, used to communicate with you; (2) account information, such as username, user ID, data about your registration or participation in trainings, webinars, or other events; (3) professional or employment-related information, such as employment history, resume, cover letter.

Simple Cloud Data may also collect personal data directly through interactions and through its products and services, and personal data collected online may also be combined with personal data provided through offline channels, such as during a meeting, interview, employment, events held, and also automatically, related to the use of our websites and response to our emails through the use of various technologies.

Personal data.
Simple Cloud Data will never use the personal data entrusted to it in any other way to obtain it, except with the prior authorization and consent of the owner.

The processing of personal data is based on consent. Consent is the freely given, informed, and unequivocal declaration by which the data subject authorizes Simple Cloud Data to process their data.

Therefore, in accordance with the General Data Protection Law, data will only be collected, processed, and stored with prior and express consent.

Consent is required when requesting data from clients, partners, and employees who are natural persons, where necessary, by accepting it in the corresponding field in the system, or by accepting the response email that completes the service request, during the sales phase. Prior consent is required when requesting the signature of an appropriate term when hiring new employees, interns, and service providers.

Consent will be specific to each purpose described, demonstrating Simple Cloud Data's commitment to transparency and good faith toward its users, customers, employees, partners, and collaborators, and may be revoked at any time.

Responsibility for the proper handling of personal data within the company is shared among all those who act as operators, and their collaboration is essential to ensure that the company always complies with the law, offering security to all holders of personal data under its control.

Simple Cloud Data may disclose personal data to business partners and service providers to support our operations. These business partners and service providers are contractually obligated to maintain the confidentiality and security of the information received on behalf of Simple Cloud Data and not to use it for any purpose other than that for which it was provided.

Simple Cloud Data may disclose personal data to business partners and service providers to support our operations. These business partners and service providers are contractually obligated to maintain the confidentiality and security of the information received on behalf of Simple Cloud Data and not to use it for any purpose other than that for which it was provided.

Simple Cloud Data may also disclose personal data that is required by law or judicial proceedings and that is essential for compliance with judicial and administrative decisions and/or for exercising the right of defense in judicial and administrative proceedings, and such data will be retained, although other data will be excluded.

According to the General Data Protection Law, any personal data operator who violates the data protection regulations of the data controller—in this case, Simple Cloud Data—will be held liable as if they were also the data controller of the data in question, and will be subject to civil, administrative, and criminal liability for improper data processing.

The external sharing of personal data of clients or company members—by any means, whether telephone, digital, or written—is prohibited without their authorization, and the data subject will be duly informed each time the data is shared in a new context not provided for in the consent obtained.

Violation of trade secrets, which includes personal data under your control, may result in dismissal of employees for just cause or termination of contracts with the service providers involved in the violation, without prejudice to applicable legal measures.

The processing of personal data at Simple Cloud Data must follow the principles defined in this policy and must be strictly focused on the purposes for which the data was collected, respecting the principles of this policy, the security and information sharing criteria, and applicable legislation.

Personal data should only be processed by people who need to process it. This reduces the risk of human error leading to information leaks or misuse. The best way to ensure this is to break down data by sector and specific responsibilities within each sector. This way, we will know, in each situation, who the data operators are and greatly reduce the risks of an information security incident.

To ensure this processing of industry-specific data, each Simple Cloud Data employee or service provider's access to the company's database is individual and protected by a non-transferable password. Therefore, only individuals authorized to process personal identification data of employees and service providers, for example, will be able to access it.

The only permitted processing of personal data contained in e-waste received and managed by Simple Cloud Data is its disposal. To ensure that no data stored on the devices Simple Cloud Data receives for management is misused, all data is destroyed during the processing of the materials, subject to certification to the customers of the source of such data. Access by Simple Cloud Data employees and service providers to the materials and information about them contained in Simple Cloud Data's computer system is restricted to the execution of the Service Order and to the role determined for each employee.

Mere access and/or misuse of any personal data stored in the technological waste processed by the company is strictly prohibited, under penalty of dismissal for just cause (or termination of the service provision contract), without prejudice to civil and criminal liability.

The personal data collected by Simple Cloud Data will be used and stored for the time necessary to provide the service or achieve the purposes listed in this Privacy Policy, taking into account the rights of the data subjects and the data controller. Therefore, the data will be retained for the duration of the contractual relationship between the data subject and Socrates. Once the personal data retention period has elapsed, the data will be deleted from our databases or anonymized, except in the cases provided by law, as follows:

I – compliance with legal or regulatory obligations by the data controller;
II – study by a research body, ensuring, whenever possible, the anonymization of personal data;
III – transfer to a third party, provided that the data processing requirements established in this Law are respected;
IV – exclusive use by the data controller, with access by third parties being prohibited, provided that the data is anonymized.

Therefore, when the purpose of processing personal data is achieved, and it is no longer necessary to retain it to comply with legal requirements, the data must, with the exception of the cases mentioned in the previous paragraph, be duly deleted physically and digitally. Such deletion must be communicated to the data subject in cases where it is carried out in a manner other than that provided for in the applicable consent form.

Therefore, Simple Cloud Data is committed to the security and privacy of the personal data collected, using technical protection measures and solutions capable of guaranteeing the confidentiality, integrity, and inviolability of the data, in addition to security measures appropriate to the risks, with access control to the stored information.

To keep your personal information secure, we use physical, electronic, and management tools designed to protect your privacy. We apply these tools taking into account the nature of the personal data collected, the context and purpose of the processing, as well as the risks that could arise from potential violations of the rights and freedoms of the data subject.

Simple Cloud Data is committed to adopting best practices to prevent security incidents.

Among the measures adopted we highlight the following:

Only authorized individuals have access to personal data; Access to personal data is only granted upon a commitment of confidentiality; Physically stored personal data will be kept in a locked location, out of the reach of individuals not expressly authorized to access it.
When stored digitally, it should be kept in a folder protected by encryption and with access restricted by a personal password.

Copies of personal data should only be made when necessary to fulfill the intended purpose of the processing. All copies must be recorded in a separate spreadsheet, which must be stored digitally with the same security criteria.

This Privacy Policy may be updated. Therefore, we recommend that you periodically review this page for changes. However, Simple Cloud Data will request your consent before using your information for purposes other than those defined in this Privacy Policy.

Simple Cloud Data's personal data operators must provide all information requested by data subjects regarding the processing of their personal data, respecting the company's right to trade secrecy, where necessary. The purpose of the processing must always be clear and transparent.

Whenever a data subject requests the provision of personal data, operators must inform the Personal Data Protection Officer of the request and subsequently provide the data subject with the requested information.

The personal data protection officer will be responsible—under the terms of the LGPD—for communication between data subjects, Simple Cloud Data, and the National Data Protection Authority (NDPA). The controller is responsible for verifying existing risks, indicating corrective measures, and periodically assessing the security of personal data within the company. The controller must also communicate with data subjects or public authorities as necessary.

Any questions that arise in the company's day-to-day operations regarding personal data protection should be referred to the data controller, so that the latter can provide immediate guidance to the operator or obtain appropriate guidance from the ANDP and other specialized entities in the field.

The Personal Data Protection Officer will maintain a risk and impact assessment report related to personal data protection, which will structure, implement, and evaluate the measures necessary to ensure the security of personal data information.

Simple Cloud Data has appointed Socrates Baquedano as its Personal Data Protection Officer, offering the following means of contact for the exercise of ownership rights:

Email: info@simpleclouddata.com