Data Protection Policy

Weplace is a consulting firm specialized in Human Capital solutions for Corporate Governance, Management, People and Organizational Culture and considers of extreme importance data protection and privacy. Through this Data Protection Policy, the holders may have access to how their information will be used and stored.

Collection of information: To provide its clients with Executive Search and Selection, Market Research, Mapping of Structures and Processes and Executive and Board Member Assessments, Weplace processes information regarding individuals (referred to as “Personal Data”) that usually includes information present in a standard resume (for example, name, address, telephone, e-mail, professional history, title(s) and other qualifications, languages and other skills). They may also include, but are not limited to: age, nationality, details about remuneration, record of the history of contacts made between the parties and comments from third parties. Weplace’s records originate from information obtained directly from executives and/or candidates, from publicly available sources and from third parties.

Use of Data: We will use the personal data of executives and/or candidates to contact them in relation to Executive Search and Selection projects, Board Member Executive Search, Strategic Alignment, Organizational Design, Executive Assessment projects and Strategic Compensation conducted for our clients, which involve the identification, evaluation and/or selection of qualified professionals and data collection for Organizational Structure projects, Remuneration, Governance and Management. In addition, there may also be collection of demographic information of executives and/or candidates to help clients address diversification needs. Depending on the progress of an application, personal data will be checked for academic and professional qualifications, aptitudes and credentials, job performance and analysis or confirmation of references. Weplace understands the sensitive nature of this assignment and will not contact current or former employers without express permission. However, if there is any other person with whom the executive and/or candidate wishes the contact to not be made, they must inform the fact to the Weplace Consultant with whom they are working or the Information Security Executive, through the address below.

Data storage: The data will be kept in Weplace’s database, which is protected and accessible only to Weplace employees. Outside the Weplace network, the information may also be disclosed on a confidential basis to (a) customers who will also have to process the information for the purposes described in this Data Protection Policy; (b) third parties, where required by law; and (c) service providers, but only to the extent necessary to perform the work directed by Weplace (such as security services, internet hosting, background checks and other administrative services). Transfer of Personal Information: The recipients of the Personal Data (and the servers that hold your information) may be located in jurisdictions outside the home jurisdiction of executives and/or candidates who may have data privacy laws that do not provide the same level of protection as that existing in the home jurisdiction, or in the Brazilian Economic Area. Weplace is committed to protecting the information and will take appropriate technical, organizational and judicial measures to protect it. Please be assured that personal information will not be sold to third parties or used for purposes that are incompatible with those set forth herein.

Rights of the holder: The holder has the right to withdraw consent at any time or request that Weplace rectify or delete their registration from its system(s). When asked to delete a record from its system, Weplace will retain only a minimum of Personal Data to prevent future contact, keeping only a record of information already disclosed to customers in the past and to preserve Weplace’s interests in accordance with any pertinent legal requirements. The holder may exercise these rights by contacting the Information Security Officer. Weplace will comply with any request as required by law.

Information Security Officer: The person responsible for Information Security can be found through the e-mail address: [email protected] or at the Weplace office, located at Avenida Pedroso de Morais, 1553 – Conjuntos 82 – Alto de Pinheiros – São Paulo SP, Cep 05419-001 , Tel. +55 11 3030-7030. Declarations: a) complies with all applicable legislation on privacy and data protection, including (whenever and when applicable) the Federal Constitution, the Consumer Defense Code, the Civil Code, the Brazilian Civil Rights Framework for the Internet (Federal Law No. 12,965/2014), its regulatory decree (Decree No. 8,771/2016), the LGPD (Law No. 13,709/2018), and other sectoral or general rules on the subject, including foreign companies and that adopts reasonable measures to ensure that access to personal data collected, received and processed pursuant to this term is strictly limited to those employees, collaborators, partners, advisors and third parties who in fact need to access them, always confidentially and in compliance with the provisions of the LGPD, as well as other legal provisions that deal with the subject; b) adopts reasonable measures to ensure that access to personal data collected, received and processed pursuant to this term is strictly limited to employees, partners, advisors and representatives who in fact need to access them, always confidentially; c) the information processed under this term will be stored in a secure environment, on servers located in Brazil or abroad, observing the state of the art available and, when it comes to the storage of physical documents, will have strict access control, as well as can only be accessed by qualified persons and authorized by it, being responsible for any and all improper access to which it has given cause; d) will cooperate with the participant of the process, in order to ensure the rights guaranteed by the LGPD to the holders whose personal data are accessed due to this term; e) ensures the security of information, being responsible for any misuse of personal data; f) After the maintenance, processing and storage of the data, for as long as it is necessary, Weplace undertakes to delete the Personal Data definitively. Exceptions to the foregoing are those data that maintenance is compulsory or authorized by force of Law or command with the same obligation of attendance, in which case its treatment and its elimination must be carried out in strict observance of the applicable norms.