Privacy and Personal Data Protection Policy

1. Commitment to Privacy and Data Protection
   The MOVE3 | Sequoia Group reaffirms its commitment to protecting the Personal Data of all parties with whom it engages—clients, employees, partners, suppliers, and other stakeholders. Privacy, security, and transparency in the Processing of Personal Data are essential values in our operations and in fostering trusted relationships.
   This Privacy and Personal Data Protection Policy (“Policy”) clearly and accessibly outlines how we collect, use, share, and store Personal Data, in compliance with applicable laws, especially the Brazilian General Data Protection Law – LGPD (Law No. 13.709/18), the Brazilian Civil Rights Framework for the Internet (Law No. 12.965/14), guidance from the National Data Protection Authority – ANPD, and other current regulations.
   All companies within the MOVE3 | Sequoia Group are bound by and subject to the provisions of this Policy.

 

2. Purpose of this Policy
   This Policy aims to establish and formalize the principles adopted by the MOVE3 | Sequoia Group in the Processing of Personal Data, promoting transparency and ensuring the implementation of appropriate administrative and technical measures for data protection.
   This document is widely shared with employees, partners, clients, and suppliers, and is available at any time on the Group’s Intranet.
   This Policy may be reviewed and updated whenever necessary due to regulatory changes or modifications to internal Personal Data Processing procedures.
   For any questions or requests related to the Processing of Personal Data, please contact us at: privacidade@move3.com.br.

 

3. Definitions
   For the purposes of this Policy, the following definitions—based on applicable legislation—are adopted:
   3.1. Personal Data: Any information relating to an identified or identifiable natural person.
   3.2. Sensitive Personal Data: Information about racial or ethnic origin, religious beliefs, political opinions, union membership, or membership in organizations of a religious, philosophical, or political nature; data concerning health or sexual life; and genetic or biometric data linked to a natural person.
   Note: As a rule, MOVE3 | Sequoia Group does not collect Sensitive Personal Data related to sexual orientation, religious beliefs, or political affiliation, except when necessary to comply with legal or regulatory obligations.
   3.3. Processing: Any operation performed with Personal Data, including, but not limited to: collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, evaluation, modification, communication, transfer, or extraction.
   3.4. Data Subject: The natural person to whom the Processed Personal Data refers.
   3.5. Controller: The legal entity responsible for decisions regarding the Processing of Personal Data.
   3.6. Processor: The natural or legal person that processes Personal Data on behalf of the Controller.
   3.7. Data Protection Officer (DPO): The professional appointed by the MOVE3 | Sequoia Group to act as a communication channel between the Group, Data Subjects, and the ANPD. The DPO’s name and contact information are available on the Intranet.
   3.8. Cookies: Files that temporarily store information about user interactions with websites and applications to improve browsing experience. Users can configure their browser settings at any time to manage or delete Cookies.

 

4. Principles Guiding the Processing of Personal Data
   MOVE3 | Sequoia Group strictly follows the following principles:

• Lawfulness, Fairness, and Transparency: Processing conducted lawfully, ethically, and transparently.
• Purpose Limitation: Data is collected and processed for specific, explicit, and legitimate purposes.
• Data Minimization and Necessity: Processing is limited to the minimum necessary to achieve its intended purposes.
• Security and Prevention: Technical and administrative measures are implemented to protect Personal Data against unauthorized access and security incidents.
• Accountability: Demonstration of effective measures taken to ensure legal compliance.

 

5. Processing of Personal Data
   MOVE3 | Sequoia Group may collect and process Personal Data in the following scenarios:
   5.1. Job Applicants:
   To support recruitment and selection, we collect data such as name, contact information, professional background, and, if legally required, Sensitive Personal Data.
   5.2. Employees:
   Throughout the employment relationship, we collect and process data for labor, social security, tax, occupational health, payroll, benefits, and human resources management purposes.
   5.3. Clients and Partners:
   We collect necessary Personal Data to perform services such as logistics, transportation, warehousing, marketing, customer service, call center operations, and financial management, as outlined in the respective contracts.
   5.4. Contract Formalization:
   We collect data such as name, taxpayer ID (CPF), identity card (RG), and signature for contract execution.
   5.5. Billing:
   We collect information such as name and address for issuing invoices and processing payments.
   5.6. Systems and Security:
   We monitor access and authentication data to ensure system security and to trace pickups and deliveries, especially through access logs.
   5.7. RT App:
   We collect geolocation data at the time of delivery exclusively to validate the operation within a predefined radius, using Google Maps mapping.
   5.8. Cookies:
   We use Cookies on our websites to improve user experience, respecting user privacy and ensuring no Personal Data is stored without consent.

 

6. Data Subject Rights
   Data Subjects may request, at any time:

• Confirmation and Access: Confirmation of the existence of Processing and access to their Personal Data.
• Correction: Update or rectification of incomplete, inaccurate, or outdated data.
• Deletion: Deletion of Personal Data processed with consent, except in cases where retention is legally required.
  To exercise your rights, contact us at: privacidade@move3.com.br, providing your full name, your relationship with the company, and the right you wish to exercise.
  Note: When acting as a Processor on behalf of our clients, we recommend that requests be directed to the appropriate Controller, as outlined in the contract.

 

7. Sharing of Personal Data
   MOVE3 | Sequoia Group shares Personal Data only when necessary and in the following cases:

• To comply with legal or regulatory obligations;
• For contract execution;
• With service providers such as accounting firms, legal advisors, healthcare providers, and payroll processors.
  We require all third parties with whom we share data to strictly comply with data protection laws.

 

8. Retention of Personal Data
   Personal Data is retained only for as long as necessary to fulfill the purposes for which it was collected or as required by legal or regulatory obligations.
   When no longer needed, Personal Data is securely deleted or, when applicable, anonymized.
   Requests for deletion will be assessed based on applicable legal and technical criteria.

 

9. Information Security
   We implement technical, administrative, and organizational measures to ensure the security of Personal Data, protecting it from unauthorized access, destruction, loss, alteration, or any improper or unlawful Processing.
   Our security measures are based on ISO/IEC 27002:2013 standards and include conducting Privacy Impact Assessments (PIAs), when applicable.
   In the event of an incident, we follow our internal Incident Management procedures and notify both the Data Subjects and the ANPD, as required by law.

 

10. Commitment and Accountability
    MOVE3 | Sequoia Group is responsible for the Processing of Personal Data within the scope of its business activities and ensures that such Processing is conducted in compliance with applicable laws and this Policy.
    Processing without consent will occur only in legally permitted situations, such as to comply with legal obligations, execute contracts, or fulfill legitimate interests, always respecting the rights and freedoms of Data Subjects.

 

11. Training and Awareness
    We are committed to promoting ongoing training and awareness programs on privacy and data protection so that our employees and partners understand and follow best practices for security and compliance.

 

12. Final Provisions
    This Policy may be amended at any time to improve or adapt it to legislative or organizational changes.
    The most up-to-date version will always be available on the Intranet and other institutional channels.

 

Questions or requests?
Please contact our Data Protection Officer at: privacidade@move3.com.br