Appendix C

Privacy Policy Under Brazilian Privacy Protection Laws

This additional Privacy Policy Under Brazilian Privacy Protection Laws (“LGPD Policy”) supplements our general privacy policy available here: www.tailorbrands.com/pp and applies if the Brazilian General Data Privacy Law (Lei Geral de Proteção de Dados Pessoais; the “LGPD“) applies to our processing of personal data related to you.

Our general privacy policy describes what categories of personal data we collect, the sources from which we obtain it, the purposes of processing it, the situations where we will share it, and with whom. 

This LGPD Policy supersedes any contradicting provisions under our general privacy policy.

1. Our Position under the LGPD. We assume the position of a “controller”, as defined under Section 5 of the LGPD. We have the competence to make decisions about the processing of personal data related to you.

2. DPO Contact Details. We have appointed a data protection officer in accordance with Article 41 of the LGPD (our “DPO”). Our DPO’s email address is [email protected]. The activities of our DPO consist of the following:

2.1. To accept complaints and communications from data subjects, provide clarifications and take measures related to the same.

2.2. To instruct the employees and contractors of the entity on the practices to be adopted in relation to personal data protection.

2.3. To carry out any other duties established by the controller or in supplementary rules.

2.4. To comply with the Brazilian data protection authority (‘ANPD’)’s supplementary rules, where applicable.

3. Types of Processing. We process personal data related to you for the following lawful grounds –

3.1. Based on your consent.

3.2. For compliance with our statutory or regulatory obligation.

3.3. When necessary for the performance of agreements or preliminary procedures relating to agreements to which you are a party to, following your request.

3.4. For our regular exercise of rights in lawsuits, administrative or arbitration proceedings.

3.5. For protection of the life or of the physical safety of you or third parties.

3.6. When necessary to serve our relevant third parties’ legitimate interests or our own legitimate interests, in accordance with the LGPD, except for cases in which your fundamental rights and liberties prevail.

4. Our Main Responsibilities under the LGPD

4.1. It’s our responsibility to engage with all its processors (service providers who have access to personal data related to you) to protect personal data related to you in a suitable and secure manner and to indicate where personal data related to you is stored or processed.

4.2. In addition, we are responsible to provide you, where applicable, with the following privacy rights –

4.2.1. You have the right to request confirmation of the existence of processing of personal data related to you.

4.2.2. You have the right to request access to personal data related to you.

4.2.3. You have the right to request the correction of incomplete, inaccurate, or outdated personal data related to you.

4.3. You have the right to request confirmation that anonymization, blocking, or elimination of unnecessary or excessive personal data related to you or personal data processed in noncompliance with the provisions of the LGPD have been implemented by us.

4.3.1. You have the right to be notified if a relevant personal data breach occurs. The notification will include: (a) a description of the nature of the affected personal data; (b) information on the data subjects involved, without violating their privacy; (c) indication of the technical and security measures used for data protection, with due regard for trade and industrial secrets; (d) the risks relating to the data breach; (e) the reasons for the delay, in case the notice is not immediate; and, (f) the measures that were or will be adopted to reverse or mitigate the effects of the loss related to the data breach.

4.3.2. You have the right to request the portability of personal data related to you to other service providers or suppliers of product, at the express request, and observing the business and industrial secrets, in accordance with the regulation of the controlling body.

4.3.3. You have the right to request the elimination of personal data related to you, processed with your consent, except for the cases set forth in Article 16 of the LGPD (for example, where the processing is needed to comply with legal obligations).

4.3.4. You have the right to request that we provide you with information about the public and private entities with which we have shared personal data related to you.

4.3.5. You are not obligated to provide us with your consent for the processing of personal data related to you. Without your consent, we will still provide you with any service that is not based on the processing of personal data. Please bear in mind that most of our Services require a membership that is based on the processing of personal data related to you, and we cannot provide such Services otherwise.

4.3.6. You have the right to withdraw your consent, pursuant to the provisions of paragraph 5 of Article 8 of the LGPD – by contacting our DPO at [email protected].

4.3.7. You have the right to petition with the Brazilian regulatory authority and consumer protection entities regarding the processing of personal data related to you.

5. Should you wish to exercise any of your LGPD’s rights, please contact our DPO at [email protected].

We do not charge a fee to process or respond to your request unless otherwise provided or permitted under the LGPD, in which case we will provide you with the relevant notice in advance.

Last Updated: November 21, 2023.