This Privacy Policy contains information about the processing and protection of personal data of users and visitors to the Aprix website – INTELPRICE SOLUÇÕES DE PRECIFICAÇÃO LTDA. – in order to clarify to all interested parties what types of data are collected, the purposes of the collection, the rights of the data subjects, and the communication channel to exercise their rights.

Through this Privacy Policy, users are informed about:
a) Which personal data are processed by Aprix;
b) For which purposes and for how long personal data are processed by Aprix;
c) With whom personal data may be shared;
d) The rights of users regarding the processing of their personal data; and
e) The channel to be used by users to exercise their rights as data subjects.

In general, Aprix is the data controller and makes the decisions regarding the processing of personal data according to this Privacy Policy.

1. Collection and Storage of Data: Aprix may collect the following personal data from its users:
   • Full name;
   • Date of birth;
   • Nationality;
   • Landline and mobile phone numbers;
   • Marital status;
   • Full address;
   • Email address;
   • Organization or company to which the user belongs or is related and related information;
   • Geolocation data during the use of the website;
   • Technical information, such as your IP address;
   • Device identification, location data (based on your IP), cookie information when the user accesses the site.
   Note that in certain situations, such as in prospecting for relationships with users or in compliance with good practices and anti-corruption regulations, Aprix may also obtain your personal data from other sources, such as public websites or background verification providers, in strict compliance with applicable data protection laws and regulations.

2. Purpose and Duration of Processing: Aprix performs user data processing activities transparently and for lawful, specific purposes, as outlined below:
   • To offer the product developed by Aprix, carry out registration, enable transactions, and allow the execution of contracts;
   • To handle requests and contacts, receive complaints, respond to user requests and other involved parties;
   • To establish contact between Aprix and users, including ensuring the fulfillment of obligations;
   • For marketing and advertising of Aprix’s services, including targeted advertising based on behavior, consumption profile, and/or location;
   • To provide assistance and related services, possibly linked to contracts with users;
   • To manage user relationships, including communication through available channels, direct marketing, advertising, and promotional activities;
   • To verify the user’s identity;
   • To exercise Aprix’s legal rights, including in contracts and legal, administrative, or arbitration proceedings, as well as fulfilling legal obligations;
   • To prepare responses to authorities in the context of legal or administrative processes, in compliance with legal, regulatory duties, or other legitimate requirements to Aprix, or in defense of its legitimate rights and interests;
   • To engage in fraud prevention activities and illicit activities, including measures to protect Aprix, users, and/or third parties.
   Aprix commits to retaining personal data only as necessary for the purposes outlined above, and to discard personal data whenever possible and reasonably required in accordance with the General Data Protection Law.

If the user has any questions about Aprix’s data retention and disposal practices, they can contact the personal data subject communication channel via email: contato@aprix.com.br.

3. Sharing Personal Data: Aprix may share your personal data with third parties only to the extent necessary to fulfill the purposes outlined in this Privacy Policy and in the following cases:
   • If the third party is a public authority, regulatory body, law enforcement, or governmental entity legitimately requesting information in the context of audits, investigations, legal proceedings, or procedures that constitute binding legal obligations to Aprix, or when necessary to protect Aprix’s rights, users’, and/or third parties’ rights;
   • Regular exercise of Aprix’s rights, including submitting documents in judicial and administrative proceedings, if necessary;
   • When Aprix has obtained the free, explicit, and informed consent of the user for the sharing of their data.

4. Security and Location of Data Processing: Aprix is responsible for adopting and maintaining reasonable technical and administrative security measures to prevent the irregular or unlawful processing of users’ personal data, including unauthorized access, destruction, loss, alteration, or communication of data.

All Aprix employees, including staff, partners, and contractors, are subject to confidentiality obligations. Additionally, Aprix updates and tests its security systems according to best practices to protect your personal data.

The processing of users’ personal data may take place outside the national territory. While these countries may have different levels of data protection than Brazil, Aprix will adopt safeguards to maintain the users’ rights, confidentiality, integrity, and security of information.

5. Rights of Personal Data Subjects: The following rights of personal data subjects may be exercised at any time, in accordance with applicable laws, by users upon request:
   • Confirmation of the existence of personal data processing;
   • Access to personal data;
   • Correction of incomplete, inaccurate, or outdated personal data;
   • Anonymization, blocking, or deletion of unnecessary, excessive data, or data processed in non-compliance with the provisions of the LGPD;
   • Portability of personal data to another service or product provider, subject to regulation by the national authority;
   • Deletion or anonymization of personal data processed based on the user’s consent, except when the law authorizes the retention of such data for another legal basis;
   • Information about public and private entities with whom Aprix has shared personal data;
   • Information about the possibility of not consenting to the processing of personal data and the consequences of such action; and
   • Withdrawal of consent, when the processing is based on the user’s consent.

6. Exercising Data Subject Rights: Aprix will facilitate the exercise of rights by data subjects whenever possible and in accordance with the law.

Aprix has a specific communication channel to manage communications with data subjects and enable the exercise of their rights.

Users may file any complaints, requests, or information regarding the processing of their personal data, including exercising their data subject rights outlined in this Privacy Policy and guaranteed by national law, via email: contato@aprix.com.br.

When a user contacts Aprix to exercise their rights, Aprix may collect information for the purpose of verifying the identity of the data subject, as needed for their security and interests.

7. Updates to the Privacy Policy: Aprix may change this Privacy Policy at any time. Any significant changes to this Privacy Policy will be valid, effective, and binding after the new version is published on our website or sent to users by email.

Aprix values transparency. Thus, whenever a relevant change is made, Aprix will send a notice indicating the new active version. If changes result in alterations to personal data processing practices that require user consent, Aprix will request the user’s consent for the new terms of the Privacy Policy related to data processing and specified purposes.

We remain available to clarify any doubts and ensure you remain in control of your personal data.