Rights of Data Subjects

​

Data Subject Portal

The DATA subject has, among others, the right to obtain from the controller (the COMPANY), regarding the subject’s data processed by it, at any time and upon request:

I. confirmation of the existence of processing;

II. access to the data;

III. correction of incomplete, inaccurate, or outdated data;

IV. anonymization, blocking, or deletion of unnecessary, excessive, or unlawfully processed data, as provided by this Law;

V. data portability to another service or product provider, upon express request, in accordance with the regulations of the national authority, subject to commercial and industrial secrecy;

VI. deletion of personal data processed with the subject’s consent, except in the cases provided for in Article 16 of the General Data Protection Law;

VII. information about public and private entities with which the controller has shared data;

VIII. information about the possibility of not providing consent and the consequences of refusal;

IX. revocation of consent.

§ 1 The data subject has the right to petition regarding their data against the controller before the national authority.

§ 2 The data subject may object to processing carried out under one of the legal bases for consent exemption, in case of non-compliance with the provisions of the General Data Protection Law.

§ 3 The rights provided herein shall be exercised through an express request by the data subject or a legally appointed representative to the data processing agent.

§ 4 In case of impossibility of immediate adoption of the requested measure, the COMPANY shall send the subject a response that may: I. communicate that it is not the data processing agent and indicate, whenever possible, the agent; or II. indicate the factual or legal reasons preventing immediate adoption of the measure.

§ 5 The request shall be fulfilled free of charge for the subject, within the deadlines and terms provided by regulation.

§ 6 The controller shall immediately inform the data processing agents with whom it has shared data of any correction, deletion, anonymization, or blocking of data, so that they replicate the identical procedure, except in cases where such communication is demonstrably impossible or entails disproportionate effort.

§ 7 Data portability does not include data that has already been anonymized by the controller.

§ 8 The right referred to in §1 of this article may also be exercised before consumer protection agencies.

To ensure compliance with the rights of the data subject, the COMPANY provides on its website (http://ceigroup.com.br/portal-titular) an environment where data subjects can inquire about the manner and duration of storage, as well as request correction or deletion of their data from the COMPANY’s database.

​

Control Method

Compliance with this policy shall be the responsibility of the COMPANY’s LGPD Committee.

​

Updates and Corrections

This policy shall be periodically reviewed and updated so that any identified deficiencies are promptly and fully corrected, ensuring its effectiveness.

​

Final Provisions

All employees and service providers of the COMPANY must fully and strictly respect and comply with this POLICY, under penalty of warning, suspension, immediate termination of contracts, as well as other disciplinary actions as appropriate, without prejudice to the duty to repair damages caused as a result of any non-compliance.