1. DEFINITIONS
Affiliates: direct or indirect subsidiaries, or any companies/partners that control its capital, or any related companies that belong to the same business group or have the same controlling partners and/or administrators.

Application: mobile apps owned by DAYCOVAL, through which the User accesses the services and content made available thereby.

Controller: an individual (natural person) or company (legal entity) responsible for decision-making regarding the activities of processing the information collected.

Cookies: small files that can be stored on the Website and/or App, that allow us to recognize browsing data, thus serving as browsing logs, without infecting the USER’s device with viruses or malware. DAYCOVAL may collect these browsing logs after obtaining the USER’s acceptance and consent for this activity, offering more convenience when browsing, since these files are responsible for storing USER preferences, thereby avoiding the need to fill out everything again with each new visit to the Website and/or App.

Personal information: information that identifies or is able to identify a person;

Sensitive personal data: information on racial or ethnic origin, religious beliefs, political opinion, membership in a trade union or any organization of a religious, philosophical, or political nature, data relating to one’s health or sex life, genetic or biometric data, when linked to an individual.

Internet Protocol (IP) Address: the code assigned to a network terminal to allow identification of the USER, defined according to international parameters.

Password: a set of characters that may consist of letters and/or numbers, for the purpose of verifying the USER’s identity to access the App or the Website.

Website: websites (except for “Dayconnect” internet banking) of DAYCOVAL and/or its Affiliates through which the USER accesses the services and content provided by DAYCOVAL and/or its Affiliates.

USER: (or USERS, when considered jointly): all individuals who will use the Website and/or App, either over 18 (eighteen) years of age or emancipated minors fully capable of performing the acts of civil life.

I – PRIVACY POLICY

1. WHO IS THIS POLICY FOR?
1.1. This Policy is intended for all USERS who, while using the Website and/or App, have their personal data collected in any manner.

2. COLLECTION OF PERSONAL DATA AND PURPOSE
2.1. For the USER to create his/her profile on the Website and/or App, by creating a login and password, essential personal data is collected, such as:

1. Full name;
2. CPF [SSN];
3. Address;
4. E-mail;
5. Telephone.

2.2. Login and password can only be used by the registered USER. DAYCOVAL is not responsible for any loss or damage resulting from the USER’s sharing of this information.

2.3. DAYCOVAL shall mainly act as the Controller of the personal data collected from its Website and/or App.

2.4. The data provided by the USER to DAYCOVAL through the Website and/or App when registering must be accurate and truthful.

2.4.1. If the USER notices any information that DAYCOVAL has that is inconsistent with the information as it is in reality, the USER must request the modification thereof through any of the DAYCOVAL customer service channels.

2.5. The USER understands and accepts, through valid and unequivocal consent, that –to prove authorship, authenticity, integrity and confidentiality – DAYCOVAL may use tokens (e-code), with the indication of a numerical code, option of alerts (PUSH), and sending of SMS with verification codes to the mobile number informed by the USER, and security phrases or biometric data from his/her mobile phone may be used as forms of validation and authentication for transactions made.

2.5.1. DAYCOVAL may collect biometric data for the purpose of the data subject’s security and preventing fraud in accessing the Digital Platforms or the acquisition of products or services without the USER’s consent. For any other purposes, biometric data will be processed only with the USER’s consent.

2.6. DAYCOVAL and its Affiliates must preserve the USER’s privacy and must not share his/her data or information with third parties unrelated to DAYCOVAL or its Affiliates, except with the USER’s prior consent or by force of law or court order.

2.6.1. Furthermore, DAYCOVAL may share USERS’ personal data, including biometrics, with partners, service providers and suppliers, for the specific purpose of protecting a USER’s credit, security and authentication, or preventing and combating fraud.

2.7. The USER’s personal information shall be collected and stored according to strict confidentiality and security standards, respecting the laws and regulations pertaining to this subject matter.

2.8. USERS’ personal data may be collected and processed by DAYCOVAL in the cases and/or for the purposes indicated below, and other acts related thereto:

1. When the data subject authorizes it;
2. Identification and qualification of the data subject;
3. Verification of the suitability of products and services to the data subject’s profile and offering him/her products and services;
4. Submitting proposals, contracting third parties, and fulfilling contracts;
5. Assessment and monitoring of economic and financial situation;
6. Compliance with legal, regulatory and self-regulatory obligations;
7. Regular exercise of rights;
8. Fraud prevention and identification as well as identification, prevention and management security risks;
9. When necessary to meet the legitimate interests of the Controller or third parties, except in cases where the data subject’s fundamental rights and freedoms that require the protection of personal data prevail.

3. DO YOU ACCEPT COOKIES?
3.1. Cookies are small files sent by the Website and/or App while they are being used, which allow us to recognize information, thus acting as browsing logs, without infecting your device with a virus or malware. DAYCOVAL may collect these browsing logs after obtaining the USER’s acceptance and consent for this activity.

3.2. DAYCOVAL may collect, store, treat, process, and use the following information regarding the USER’s access to the Website and/or App, to develop and enhance its features, analyze the performance of the Website and/or App, ascertain the USER’s browsing habits and experiences, and perform security analysis:

1. Geographical location;
2. The operating system used by the USER;
3. The browser used, and its respective versions;
4. Screen resolution;
5. Java (programming language);
6. Flash player installed;
7. IP address;
8. ID code (IMEI) of the mobile device, where applicable;
9. Information regarding the date and time of use of the Website and/or App by the USER, from a particular IP Address;
10. Information regarding the number of clicks and attempts to use the Website and/or App, as well as the pages accessed by the USER.

3.3. During access to the Website and/or App, three (3) types of cookies may be used:

1. Authentication Cookies: these serve to recognize USERS, and enable them to access and use the Website and/or App;
2. Security Cookies: these are used to activate security features of the Website and/or App, to help monitor and/or detect malicious activities or activities prohibited by this Policy, as well as protect information entered on the Website and/or App by the USER;
3. Search, Analysis and Performance Cookies: the purpose of this type of cookie is to verify the performance of the Website and/or App, the frequency of accesses made by USERS, and the purpose of these accesses.

3.4. DAYCOVAL, always concerned with ensuring the best customer experience, offers several financial and non-financial products, jointly with its Affiliates and with its partners.

3.5. Thus, when using the services available on the DAYCOVAL Website and/or App, the USER agrees that DAYCOVAL may process – as determined by Law 13709/2018, Brazilian General Data Protection Act (LGPD) – all information that DAYCOVAL has about the USER, and share this information with its Affiliates, for the following purposes and related acts (for example):

1. Identifying and qualifying the USER;
2. checking the suitability of products and services to the USER’s profile and offering these products and services;
3. submitting proposals, contracting third parties, and fulfilling contracts;
4. monitoring the USER’s economic-financial situation;
5. compliance with legal, regulatory and self-regulatory obligations;
6. regular exercise of rights;
7. preventing and identifying fraud; as well as identifying, preventing and managing security risks.

4. HOW WE ENSURE THE SECURITY OF THE DATA WE COLLECT
4.1. DAYCOVAL must maintain provisions in its contracts in line with the specific laws and regulations applicable to its business, and shall constantly monitor its information security areas.

4.2. DAYCOVAL must prepare its communication channels, Website and App to manage USERS’ consent.

4.3. Lastly, DAYCOVAL must constantly map the path taken by all data collected from USERS.

4.4. DAYCOVAL shall adopt – as a logical access control applied to customers – two-factor or multi-factor authentication (electronic password, security code, dayface, token, etc.), encryption algorithm no less than 256-bit applied to the traffic of information on Dayconnect, storage encryption of electronic passwords, processes for blocking and unblocking users upon confirmation of identity, behavioral analysis tools, etc. All of these are logical access controls aimed at protecting information from unauthorized access attempts, whether by people or by systems.

4.5. DAYCOVAL shall adopt methods to protect the confidentiality of the registration data, operations, and custody position of its customers, through control of encrypted data traffic, segregation of duties, and control of access to this and other information, whether via a system, database, or reports.

5. WHAT ARE THE USER’s RIGHTS?
5.1. The USER, as the personal data subject, retains the right to:

1. Request confirmation whether his/her data is processed;
2. Request access to his/her data;
3. Correct any incomplete, inaccurate or outdated data;
4. Request anonymization, blocking, or deletion of unnecessary or excessive data or any data processed in violation of legal provisions;
5. Request data portability to another service/product provider, upon express request from the data subject;
6. Request the deletion of personal data processed with his/her consent;
7. Request DAYCOVAL to inform with whom it has shared the USER’s data;
8. Request information about the possibility of not providing consent and about the consequences of such refusal;
9. Revoke any consent previously provided.

6. WHO CAN THE USER CONTACT?
6.1. To exercise their rights, the USER may contact DAYCOVAL’S Data Protection Officer using the form available at the link https://www.daycoval.com.br/institucional/sobre-nos/governanca-corporativa.

6.2. If the USER, through the customer Service channels, requests confirmation (yes/no) of the processing of their personal data by Banco Daycoval, as well as information on exactly what personal data of the USER is held by Daycoval (name, CPF [SSN], ID etc.), this information will be provided immediately.

6.3. If the USER requests the origin of the data, the non-existence of registration, the criteria used, and the purpose of the data processing, this information shall be provided to the data subject within a period not exceeding fifteen (15) calendar days (from the receipt of such request from the data subject) through a Statement issued by Banco Daycoval, which will be sent to the data subject via email.

6.4. If there is any change in legislation or specific regulations related to the aforementioned time limits, it must be adapted immediately. This Policy shall be modified only when it expires.

7. TERM FOR STORAGE OF DATA COLLECTED
7.1. The data collected by DAYCOVAL shall be deleted as soon as the purpose for which such data was collected is achieved; after the end of its processing, respecting the technical and regulatory limitations of such activity; when the data subject revokes his/her consent; or by determination of Brazil’s National Data Protection Authority (ANPD) or court order.

7.2. DAYCOVAL shall comply with the specific Regulations of financial activity, and reserves the right to keep the personal data collected from its USERS for the period required by the regulations of its specific activity.

1. OBJECT
1.1. DAYCOVAL herein establishes the terms and conditions of use of the Website and/or App, on a non-exclusive basis, through which the USER can access the services and content made available by DAYCOVAL and/or its Affiliates.

2. USE OF THE WEBSITE AND/OR APP
2.1. When registering on the App or in exclusive areas of the Website, the USER may use all the features made available by DAYCOVAL on the respective App and/or Website, declaring – to that end – that he/she has read, understood and accepted these terms and conditions.

2.2. The USER will register by creating a USER profile, with login and password, by providing the essential registration data: full name, CPF [SSN], street address, telephone and email address (“Registration Data”). Other Registration Data may be requested to identify the USER and/or for access to the Website and/or App, if necessary for the identification of the USER and/or for the USER’s access to the content of the App and/or restricted services.

2.3. The registered USER can only use the login and password; sharing one’s login and/or password with any third parties is expressly prohibited.

2.4. The USER is fully responsible for the accuracy and veracity of the information registered on the Website and/or App, as well as for any personal or material losses or damages that DAYCOVAL or third parties may sustain from the inconsistency or falsehoods in the information registered.

2.5. The USER agrees that transactions that may be carried out in an electronic environment are accepted and valid, as an effective means of proving authorship, authenticity, integrity and confidentiality and, if made over the telephone, may be recorded.

3. RESPONSIBILITY OF THE PARTIES
3.1. DAYCOVAL does not guarantee access and continual or uninterrupted use of the Website and/or App, as it may occasionally become unavailability due to internet outage, interruption or downtime of the Website and/or App, or by any other circumstance unrelated to DAYCOVAL.

3.2. Under no circumstances shall DAYCOVAL be held liable for any damage, whether material or moral, direct or indirect, or loss of profit, arising from any of the following:

1. connection to, misuse of, or inability to use Website and/or App, for any reason, performance failure, error, omission, interruption, defect, delay in operation or transmission, Trojan viruses, malware, worms, bots, backdoor, spyware, rootkit, or any other devices that may be created, as a result of internet browsing or failure of the line, the hardware or system, or any program/application/product/service, even if DAYCOVAL is aware the actual or potential occurrence of such problems;
2. interception by an unauthorized third party of any information, technical materials, or other content available on the Website and/or App, or submitted by USERS to the Website and/or App;
3. misuse of the Website and/or App by any USER and/or third parties.

3.3. For a better experience of accessing the Website and/or App, the USER must:

1. have internet access;
2. have equipment required for the service with the minimum necessary requirements, holding DAYCOVAL harmless from liability arising from any damages or problems stemming from delay or blockage in data transmission.
3. comply, when using the Website and/or App, with all pertinent legislation and the conditions of use set forth herein;
4. not share one’s login and password with third parties; login and password are personal and non-transferable, as established herein;
5. not enter any false or untrue information on the Website and/or App, nor change or delete correct data improperly to obtain any undue advantage for themselves or others or in such a way as to harm DAYCOVAL;
6. not falsify, omit or simulate IP, network or email addresses, to hide identity or authorship, or to hold innocent third parties liable for improper use of the Website and/or App;
7. not perform any acts that directly or indirectly, in whole or in part, may harm Daycoval Conglomerate.

3.4. The USER shall be fully responsible for reparations for any damage caused, directly or indirectly, to DAYCOVAL and/or companies of the Daycoval Conglomerate, including damage arising from the violation of any rights of other USERS, such as intellectual property rights, non-disclosure rights and personality rights, even by virtue of non-compliance with this instrument or any act committed based on his/her access to the Website and/or App.

3.5. In the event of non-compliance with the provisions of this instrument by the USER, DAYCOVAL may cancel – at its sole discretion and at any time – the USER’s access to the Website and/or App, after proper notice.

3.5.1. In cases of confirmed fraud, DAYCOVAL may cancel the USER’s access to the Website and/or App, as well as the bank account linked to the USER, without prior notice, at its sole discretion.

4. INTELLECTUAL PROPERTY
4.1. The copyrights referring to the pages and content that comprise the Website and App are the exclusive property of the DAYCOVAL Conglomerate, including all its feature/functionalities, visual identity, graphic images, trademarks and business name included on the Website and/or App, as well as any and all content created and produced by DAYCOVAL, for itself or for third parties related thereto, which may not be used by USERS in any way or form whatsoever.

4.2. The use of the Website and/or App and their respective technology by any USER not expressly authorized to do so shall be considered a violation of copyright and intellectual property, as the case may be.

4.3. To access the Website and/or App, the USER declares that he/she will respect all intellectual and industrial property rights as well as all rights arising from the protection of its trademarks and any rights relating to third parties that happen to be or have ever been available in such services in any way. Simple access to the Website and/or App does not give the USER any right to use the names, titles, words, phrases, trademarks, or patents (among others) that are or have been available on the Website and/or App.

4.4. The USER is expressly prohibited from:

1. modifying, expanding, reducing, or adapting the Website and/or App, or performing reverse engineering;
2. developing, creating or sponsoring any programs that may alter or copy the Website and/or App, even if this is done to introduce any kind of improvements thereto; and
3. creating digital copies or hard copies of the Website and/or App on any media.

4.5. The USER assumes all civil and/or criminal liability for the misuse of information, texts, graphics, images, trademarks, works, in short, all intellectual property rights, image rights or industrial rights present on the Website and/or App, and for any violation referred to above.

4.6. DAYCOVAL Websites and/or Apps may contain links to third party website(s). The USER is aware and agrees that the existence of these links does not constitute an endorsement or sponsorship of third-party website(s), and acknowledges that he/she is subject to the terms of use and privacy policies of the respective website(s).

5. GENERAL PROVISIONS
5.1. DAYCOVAL’s tolerance of any non-compliance with any of the provisions set forth herein by the USER shall constitute neither a waiver of the right to demand compliance with the obligation, nor forgiveness, nor modification of the provisions contained herein.

5.2. All notifications to the USER shall be made in writing, through the email address indicated in the USER’s registration, or through messages included on the Website and/or App, or by any other means that DAYCOVAL deems suitable.

5.3. DAYCOVAL reserves the right to remove any part of the content of the Website and/or App that may allegedly infringe third-party copyrights.

5.4. DAYCOVAL may opt to file this Instrument with a registry office to ensure greater efficiency and security in complying with the provisions established herein.

5.5. DAYCOVAL is entitled – at any time, at its sole discretion, and with no need for any prior notice – to suspend, cancel, or interrupt access to the Website and/or App; and remove, alter and/or update, in whole or in part, content on the Website and/or App.

5.1.1. Certain pages on the Website and/or App may contain their own additional terms and conditions, which shall be integrated into the present terms and conditions. In the event of any conflict, such additional terms and conditions shall prevail with respect to those specific sections or pages.

5.6. The jurisdiction of São Paulo/SP is hereby chosen to resolve any doubts and disputes, including those involving non-compliance with this Instrument, intellectual property rights, non-disclosure rights, and personality rights by the USER.

5.7. Data Protection Policy supplements this instrument (available at the link https://ri.daycoval.com.br/en/corporate-governance/institutional-policies), as well as the Terms and Conditions of Use specific to the Products contracted by the USER, which must also be read, understood and accepted by the USER, prior to any usage thereof.