1.2. Personal Data (“Data”) is any information related to an identified or identifiable individual. The LGPD provides for the right to easy access to information about the handling of your data, which shall be made available clearly, adequately, and ostensibly, according to the principle of free access to your personal data.
1.3. When we mention in this Policy “you”, “yours” “your”, we are referring to you the Data Subject who may be a: (i) visitor, (ii) customer or potential customer, (iii) supplier or potential supplier, (iv) job or trainee applicant, (v) third parties in general who contact us through our service channels or physical offices, and when we mention “Romi”, “Company”, “we”, “our”, or “us”, we are referring to Romi S.A. and its controlled companies in the Brazilian national territory.
1.4. Please read the entire content before accessing the pages or providing us with information.
2. Why and what data is collected?
2.1. Romi collects identifying information voluntarily provided by the Data owner on our site (customers, suppliers, third parties and society in general). The owner may provide this information to register in certain areas of the site, such as to apply for a job or to request a publication of our newsletter and investor information.
2.2. We do not knowingly share personally identifiable information with third parties unless required by law, court order, or unless we expressly notify you in advance.
2.3. For your information and convenience, please find below some examples of the types of data we may collect:
- Personal information, such as name, gender, age, race, marital status, address, e-mail address, telephone number, education, official document numbers, and other related information;
- Professional information, such as company, position, address, email, phone, work history, and other related information;
2.4. The data collected will be used for the following purposes:
i. To identify to clarify doubts, answer criticisms, complaints, and suggestions in our “Contact Us” portal or by contacting the Investor Relations Department;
ii. To send newsletters and information to investors;
iii. For selection processes;
iv. For commercial activities between Romi, customers and suppliers (third parties and service providers)
2.5. The data mentioned above are provided by the owner through our website, by filling in registration forms or by third parties, e.g. suppliers who render services at Romi and need to provide information of their employees. We use this identification data only for the purposes for which it was provided.
3. How we handle your data
3.1. We recognize the value of your information. The collected Data is used in Romi’s and subsidiaries’ corporate systems according to the provisions of this Policy. We have implemented and maintained processes and controls for protecting the data you have shared with us, so it is treated with security, transparency, and responsibility, ensuring your rights as a data owner.
3.2. Your Data will be stored in a way that allows the identification of subjects related to it and only for the time that is necessary (limited storage).
3.3. The handling of your Data may occur in the situations described below, according to the law:
- Consent – the purposes of the use of your data will be specific and highlighted in your consent, and you may choose to accept or not the use of the data for the informed purposes; If you do not accept, Romi will assess the feasibility of continuing the relationship with you.
- Entering into contracts – in business relations where it is necessary to enter into contracts;
- Regular exercise of rights – legal, administrative or arbitration proceedings;
- Legitimate interest – in promoting Romi’s activities or corporate audits and investigations;
- Compliance with legal or regulatory obligation – procedures determined by a regulatory agency or by the legislation to which Romi is subjected to;
3.4. We may store your data during the entire period of the contractual, business, labor or other relationship that justifies the respective storage. After this period, the data will be deleted, except for the data that, as a result of a legal, regulatory obligation, and other legitimate interests, need to be kept for a longer period , according to the LGPD. After the period and the legal necessity, they will be deleted using secure deletion methods.
4. Your rights
4.1. The LGPD ensures certain rights to the Individual regarding his/her Data. The rights of the Data Owner are as follows:
i. Right to request confirmation of the existence of handling to their Data;
ii. Right of access, requesting access to your Data;
iii. Right to request a copy of their Data in electronic format;
iv. Right to correct incomplete, inaccurate or outdated Data;
v. Right of deletion or blocking – requesting the deletion or blocking of your Data that is being processed in violation of the law;
vi. Right to anonymization;
vii. Right to Data portability upon express request, requesting the transmission of your Data to public and private entities;
viii. Right to information of public and private entities with which the controller has shared Data;
4.2. For any requests regarding your data, you must provide us with your identification information (name, e-mail, among other information that confirms your identity), through the e-mail email@example.com, which will be answered within fifteen (15) days, or may be addressed to: Romi S.A., Rod. SP 304, km 141,5 – Santa Bárbara d’Oeste, SP – Brasil – CEP 13459-057.
5.2. The information collected by the cookies also helps us improve our website by estimating usage numbers and patterns, compatibility of the website for the user’s interests, quick searches, etc.
6. Security of personal data
6.1. Information Security and Confidentiality
6.1.1. Romi maintains information technology mechanisms in line with market technical and regulatory standards, to ensure the integrity and protection of your Data, with policies, security solutions in hardware and software, monitoring reports and internal audits that help identify and mitigate potential risks in the process. Moreover, Romi regularly trains its employees in its internal policies through its Compliance Program, to ensure through administrative measures the security and confidentiality of its data.
6.2.1. You, as the Data owner, have the right to know what procedures Romi has adopted in the handling of your Data, through clear information about the treatment purpose, the data origin and the criteria employed. Romi will notify users if there is any change in the processing procedure of your Data.
6.3. Security Incident Notification
6.3.1. If Romi becomes aware of a security incident, which may lead to any violation to the security of the information systems, including invasions, data leaks or any other, Romi will, within a reasonable time, notify the Brazilian National Data Protection Authority (ANPD), and if applicable, will notify the owner with information about the affected data, technical and security measures used for data protection, according to the provisions of Article 48, § 1, of the LGPD.
7. Contact (channel for communications regarding your Data)
7.1. To exercise your rights as a data owner, to answer questions or make suggestions about this Policy, Romi makes available the contact of the Data Protection Officer of Romi S.A., according to Article 41 of the LGPD:
• Fábio Barbanti Taiar:
• E-mail: firstname.lastname@example.org
• Address: Rod. SP 304, km 141,5 – Santa Bárbara d’Oeste, SP – Brasil – CEP 13459-057
8.1. This Policy was approved by the Company’s Board of Directors at the meeting held on March 16, 2021, and is effective as of the same date for an indefinite period, until there is a resolution to the contrary that can be found on the company’s website: https://www.romi.com
8.2. This Policy may be updated by the Company to reflect the data handling performed on our platforms. Any updates to this Policy will be made according to the Brazilian legislation. Therefore, we recommend that you access this policy periodically.
 Art. 7, X; art. 10 and art. 11, II, “a” of the LGPD
 Cookie: small file placed on your computer to track movements within websites