• Website registration data: Name, email, organization, position, and areas of interest.
• Identification, qualification, and contact data: Full name, address, date of birth, nationality, identification document details (as applicable), email, and phone number.
• Academic and professional data: Employer, profession, position, educational background, or affiliations.
• Data provided in resumes and updates: Name, address, phone, email, professional identification, academic and professional history, skills, certifications, and any other data you voluntarily provide.
• Interaction data with DBPA’s informational content.
• Image and voice of the data subject in events, publications, and DBPA’s social media.
• Security camera images and biometrics for access to our premises, systems, and networks.
• Service provider registration data: Name, address, phone, email, document data, social security registration, etc.
• Personal data necessary to provide specialized services to our clients.
• Personal data necessary to comply with legal and regulatory obligations.

DBPA processes personal data only when necessary to achieve pre-defined purposes, always in compliance with legal and regulatory requirements.

We collect this personal information in various ways, either directly from the data subject, through an intermediary (e.g., the company you are affiliated with), or from publicly available sources, always respecting the intended purposes and privacy legislation principles.

Where necessary, we will request your consent for processing your personal data and manage your authorization in compliance with LGPD requirements.

According to LGPD, data processing includes any action performed by the controller or operator, such as collecting, storing, transferring, and deleting data from systems.

DBPA processes personal data primarily to carry out internal office activities and provide legal and administrative services, mainly related to intellectual property. Specific purposes include:

• Maintaining relationships with clients and stakeholders.
• Identifying and/or sending relevant content based on prior interest, including institutional communications, newsletters, e-books, legal materials, event invitations, posts, and digital platform messages.
• Responding to inquiries, compliments, complaints, and suggestions.
• Publicizing events on our official channels (website, social media) and media publications.
• Conducting satisfaction surveys and gathering feedback on our services.
• Creating databases of suppliers and service providers for contract execution.
• Conducting or participating in legal diligence/audits, mergers, acquisitions, and risk assessments.
• Creating databases of job applicants, employees, associates, and collaborators.
• Defending and managing DBPA’s rights and complying with legal and regulatory requirements.
• Exercising DBPA’s legitimate interests.
• Ensuring security for our physical and digital facilities, employees, and visitors.
• Fulfilling governmental or data subject requests directed to DBPA.

With DBPA Propriedade Industrial – PI.

With partners, service providers, and suppliers who may have access to personal data to carry out DBPA’s activities.

With software providers, cloud hosting services, and IT service providers for data management and documentation purposes.

With national and international correspondents, experts, auditors, accountants, translators, and financial institutions to assist in legal or administrative services.

In compliance with court orders or requests from competent government and regulatory authorities. To allow legal publications (national or international) to contact you for potential references to DBPA’s services.

DBPA may occasionally provide your personal data to national or international legal publications so that you can evaluate and reference our services to such publications.

DBPA seeks to verify the compliance of all third parties and operators with whom it may share personal data, using contractual measures and procedures that ensure recommended security standards for data protection, to the extent that they are technically and operationally feasible.

DBPA may carry out international transfers of personal data to service providers located abroad, including cloud service providers, international correspondents and partner firms.

DBPA will adopt appropriate measures to ensure adequate protection of personal data in accordance with the requirements of applicable data protection legislation, including the execution of appropriate contracts and clauses for the adequate international transfer of data, or in accordance with regulatory measures issued by the National Data Protection Authority.

DBPA guarantees the exercise of the rights of data subjects with regard to the processing of their personal data, as follows:

(i) confirmation of processing; (ii) access; (iii) correction of incomplete, inaccurate or outdated data; (iv) anonymization, blocking or deletion; (v) portability; (vi) deletion; (vii) information on sharing; (viii) information on the possibility of not providing consent and on the consequences of refusal; (ix) revocation of your consent, under legal terms; and (ix) Filing a complaint with the National Data Protection Authority (ANPD).

In this way, for example, the data subject has the right to confirm whether or not their personal data is being processed; to know which personal data is under our responsibility; to request information about the processing carried out with their data, etc.

The data subject may exercise any of their rights by sending a written request to the Data Protection Officer – DPO’s email address:

Name of the person in charge: Ricardo de Barros Saracuza

E-Mail: ricardo.saracuza@diblasi.com.br

Address: Av. Presidente Wilson, 231 – 13th floor, downtown – CEP 20030–905 – Rio de Janeiro, RJ.

DBPA will make the necessary efforts to meet the data subject’s requests in accordance with legal requirements. The Data Subject must also be aware that his/her request may be rejected, whether for formal reasons (such as lack of proof of ownership) or legal reasons (such as a request for deletion of data, the maintenance of which is a legal obligation of DBPA or the free exercise of a right).

A cookie is a small text file that is stored by your browser when you visit a website. Cookies can store certain information about you or the content you share with us. Cookies also help us learn more about the interests of data subjects, particularly in relation to the content published on our website.

Below, we provide information about the types of cookies and tracking technologies we use on our website, the types of information we collect through these technologies and your specific rights in relation to such processing. Therefore, we use the following cookies on our website:

Necessary Cookies: These are cookies used for the website or application to perform basic functions and operate correctly. Therefore, collecting information through cookies is essential to ensure the functioning of the website or for the adequate provision of the service.

Therefore, the activities considered necessary include those related to the specific functionality of the service, i.e., without them the user would not be able to perform the main activities of the website or application. This category of cookie is limited to what is essential to provide the service requested by the owner, and does not cover non-essential purposes.

When you access the website, the necessary cookies will always be activated for the DBPA. If the owner deactivates the necessary cookies, the website’s functionalities may be compromised, so that they do not meet the owner’s intended use expectations.

Third-Party Cookies: These are cookies created by a domain other than the one the owner is visiting, with the purpose of collecting anonymous information, such as the number of visitors to the website and the most popular pages. Keeping these third-party cookies enabled also helps us to improve our website.

DBPA highlights that on its website or social networks there may be some third-party links, plug-ins and applications and informs that by clicking on these links, the user may be allowing third parties to collect or share their personal data, since these links will direct the user to third-party websites that have their own privacy policies and specific cookies.

It is important to highlight that DBPA does not exercise any type of control in external environments, which is why it has no responsibility in relation to third-party websites or social networks. Therefore, it is recommended that before accessing any link, the user checks, as a precaution, that it is not a malicious link, and when accessing a third-party website, read its privacy policy, terms of use and cookie notice of said website, application or social network.

DBPA is committed to employing technical and administrative security measures in the processing of all personal data. In this sense, we adopt preventive measures and procedures to protect personal data throughout its life cycle, against unauthorized access, loss, destruction, unauthorized sharing, cyberattacks or any other incident that may eventually occur, in accordance with the guidelines established in DBPA’s Internal Information Security Policy.

Technical measures are those adopted in the field of Information Technology with the use of IT resources equipped with functionalities aimed at guaranteeing Information Security in the digital environment. Thus, DBPA adopts several preventive measures in compliance with current legislation, to mitigate information security risks, with a focus on the integrity, confidentiality and availability of Data.

In addition, administrative measures are those carried out within the administrative-managerial scope of the processing agents, including those of a legal nature. Additionally, DBPA will implement corporate guidelines for the protection of personal data and training for all its employees aimed at observing and complying with the requirements of the applicable legislation.

Despite all the measures adopted to prevent and mitigate cyber risks, it is not possible to fully guarantee that the Data will not be subject to unauthorized access, perpetrated through methods developed to obtain information illegally, in which case, if this occurs, DBPA will take all measures to remedy incidents in accordance with the law, as well as make efforts to interrupt the continuation of such acts by adopting rapid and efficient responses to any security incidents that may occur.

DBPA stores Personal Data only for the period necessary to achieve the previously defined purpose, or to comply with a legal or regulatory obligation, in accordance with specific guidelines defined in DBPA’s internal Personal Data Retention and Disposal Policy and in accordance with applicable legislation.

Data processed by DBPA will be automatically deleted when it is no longer necessary for the purposes for which it was collected, or when the Data Subject requests its deletion, unless its maintenance is expressly authorized or required by law, in compliance with the respective prescriptive terms.

In the event of deletion of personal data, DBPA reserves the right to choose the disposal procedure to be used, and undertakes to inform, whenever expressly requested by the data subject, about the means that was used for the effective disposal. DBPA guarantees to use a secure procedure that prevents the recovery of discarded Personal Data.