Privacy Policy

TBR recognizes the importance of personal data privacy and the General Data Protection Law – LGPD.

This document aims to establish guidelines regarding the rights, obligations, and responsibilities related to the protection, use, and privacy of personal data adopted by TBR and other partner or affiliated companies (including those with which it has a relationship), businesses, or brands. Here, you will be able to understand which of your data is collected, whether provided voluntarily by you or automatically, and how it may be used, as well as your rights, in accordance with the General Data Protection Law (Law No. 13.709/2018).

TBR Adesivos e Selantes Ltda, a legal entity registered under CNPJ No. 08.998.026/0001-82, headquartered at Av. Rui Barbosa, No. 6226, Room D, Afonso Pena neighborhood, São José dos Pinhais, PR, ZIP Code: 83.045-350, is the data controller and hereby establishes its Privacy Policy, adopted by all partner or affiliated companies, businesses, or brands of TBR.

What types of data may be collected?

The collected data may include: Name, CPF, RG, address, date of birth, email, phone number, profession and industry, marital status, signature, resume, family data, payment, banking, and credit information, images from security cameras, and personal preferences.

In addition to these data, information regarding purchases made by you and their respective warranties, as well as browsing data on our platforms, may be collected.

How can data be collected?

Data may be collected through:

• Registration on institutional websites and e-commerce platforms;
• Contact with employees or commercial representatives;
• Filling out forms, online or physical;
• Contracts;
• Contact via email, social media, phone, among other means;
• Store, distribution center, or administrative center visit registrations;
• Access to TBR facilities.

Data is also collected when you provide it through other interactions you engage in, such as experiences and interactions with products, businesses, or brands, participation in promotions, and use of platforms.

Data is collected when you actively contact customer service, whether by phone, email, chat, or in person, and automatically via cookies, such as data related to your browsing and the device you use to access the platforms.

For what purposes can your data be used?

Personal data is collected for the following purposes:

I. To provide, improve, and personalize the products and services offered;
II. To ensure the security of products, businesses, and experiences;
III. To comply with legal, regulatory obligations, court orders, or to exercise and defend legal claims;
IV. To properly provide the marketed products;
V. To provide technical assistance services, product exchange or returns, and participation in loyalty programs;
VI. To manage purchases and orders (process and track your order, including the delivery of the product to the address you provided);
VII. To send acquired products or make products available for pickup;
VIII. To prevent fraudulent registrations and ensure your security on platforms and establishments;
IX. To promote the legitimate interests of data subjects, TBR, and partners, including through third parties, provided that legal rights are not exceeded;
X. To enable candidates to participate in selection processes for hiring employees or commercial representatives;
XI. To register representatives, employees, or customers, comply with the obligations of each relationship, and safeguard the rights between parties;
XII. To assess credit and verify the possibility of offering certain products, businesses, or experiences;
XIII. For relationship management, marketing, and sales, including participation in promotions or promotional campaigns;
XIV. To display advertising in the digital environment in a personalized manner;
XV. To show online ads for products that may be of interest to you, based on your browsing data;
XVI. To maintain access records to platforms;
XVII. To analyze transactions to identify potential fraud or unusual activities;
XVIII. To ensure your security, prevent fraud, and protect credit;
XIX. To provide personal and property security through cameras, monitoring systems, and access control through registration.

By providing your personal data, you accept the terms and conditions of this Privacy Policy and may exercise your rights at any time by contacting the Data Protection Officer (DPO). These data will be retained by TBR for five years after the last contact/interaction between the parties. In some cases, data may be retained for a longer period to comply with legal, security, anti-fraud, or contractual enforcement obligations.

With whom can your data be shared?

The personal data provided by you to any partner or affiliated companies, businesses, or brands that maintain a commercial relationship with TBR may be shared between:

I. Business partners and suppliers, when necessary and directly involved in monitoring, managing, planning, or operational activities;
II. Partner or affiliated companies, businesses, or brands related to TBR;
III. Public authorities, when necessary, to comply with judicial or administrative obligations;
IV. Employees who need access to this information to perform their work;
V. Service providers;
VI. Suppliers of technological, financial, or operational solutions.

When your personal data is shared with third parties with whom TBR has a contractual relationship, only the necessary data is shared, and contractual provisions ensure that these data are used only to the extent necessary for providing services on behalf of TBR while adhering to legal requirements.

How are your data stored?

Your data is stored securely using systems, procedures, and technologies that effectively help protect it. If personal data is stored in countries other than Brazil, the measures required by Brazilian law will be adopted to ensure their continued protection.

Best efforts are made to adopt the best practices, technical, administrative, and operational measures to protect personal data against unauthorized access, destruction, loss, alteration, communication, or any form of inappropriate or unlawful processing.

Additionally, TBR is constantly developing and updating protocols, communication, policies, and tool testing to protect your data.

At the same time, individual precautions should also be taken by data subjects, such as:

I. Not sharing login credentials and passwords with third parties;
II. Logging out immediately after using public computers;
III. Not providing personal information without verifying the recipient’s identity.

While every effort is made to ensure security, no platform is completely secure. If you suspect that your data may be at risk, such as if someone accessed your password, please contact seguranca.lgpd@tbr.ind.br immediately.

What are your rights?

Data subjects have the right to request from the controller:

I. Confirmation of the existence of personal data processing;
II. Access to their personal data;
III. Correction of incomplete, inaccurate, or outdated data;
IV. Anonymization, blocking, or deletion of unnecessary or excessive data processed in non-compliance with LGPD;
V. Portability of data to another service or product provider, upon express request and in accordance with ANPD regulations;
VI. Revocation of consent and subsequent deletion of processed personal data, except in cases outlined in Article 16 of LGPD;
VII. Information about public and private entities with which the controller has shared data;
VIII. Information about the possibility of refusing consent and the consequences of such refusal.

How to contact us?

If you have any questions about this policy, how your data is used, or wish to exercise your rights, you may contact our Data Protection Officer (DPO) at seguranca.lgpd@tbr.ind.br.

Changes to the Privacy Policy

TBR constantly improves and adapts its systems, processes, and technologies. Additionally, LGPD may undergo changes. Therefore, this policy may be modified at any time without prior notice.

To stay updated, we recommend visiting this page regularly.

Important Concepts

• Personal Data – Any information that identifies or, when combined with other data, can identify a person, such as name, email, CPF, RG, mobile phone, address, biometric data, etc.
• Sensitive Personal Data – Information involving racial or ethnic origin, religious beliefs, political opinions, union membership, or affiliation with religious, philosophical, or political organizations, data related to health or sexual life, genetic or biometric data when linked to a natural person.
• Processing of Personal Data – Any operation performed with personal data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, evaluation or control of information, modification, communication, transfer, dissemination, or extraction.
• Data Subject – A natural person to whom the personal data refers.
• Controller – A natural or legal person who is responsible for handling and defining the processing of personal data when it is made available to them.
• Processor – A natural or legal person who performs the processing of personal data according to the controller’s instructions.
• Data Protection Officer (DPO) – The person who serves as the communication channel between the controller, the data subject, and the National Data Protection Authority (ANPD).
• Legal Bases – The ten legal grounds set forth in Article 7 of the LGPD, which authorize the processing of personal data.