PRIVACY POLICY

Last Updated: January 2021.

Aurinova Desenvolvimento Imobiliário (“Aurinova”) operates in the civil construction market and, in order to market its products and provide its services, it collects data on its digital platform and keeps physical (hard copy) documents under its custody. To this end, Aurinova is committed to maintaining the confidentiality, integrity and security of all information made available by its internal and external users.

Thus, the purpose of this Privacy and Security Policy (“Policy”) is to outline in a clear and accessible way to data subjects (“Users”) how their information and data will be collected, used, shared and stored by Aurinova.

The capitalized words used in this Policy, but not defined herein, shall have the meaning attributed to them in Law No. 13,709/2018 (“General Data Protection Law”) and its subsequent amendments.

This Policy may be modified at any time, from time to time, and the latest version thereof will always be available at the following link: https://Aurinova.com.br/.

Should you have any questions, please contact us at any time through our communication channel available on the website www.aurinova.com.br or by email: dloreto@nexland.com.br. In addition, data subjects will be able to exercise their rights guaranteed by the General Data Protection Law, through Aurinova's Data Protection Officer:

Name: Douglas Loreto

E-mail: dloreto@nexland.com.br

  1. How the data is collected:

Aurinova may collect Users' data, including Personal Data, when Users visit Aurinova's business stands, interact with Aurinova's platforms, applications or websites, as well as when Users register themselves or enter into commercial agreements with Aurinova, its affiliates, subsidiaries, brokers and agents.

Accordingly, data may be collected when it is:

(a)          Provided directly by the Users or their legal representatives: in this case, personal data is entered, provided physically or forwarded by the Users when accessing Aurinova's websites or applications or when consulting, applying for and/or contracting products and/or services provided by Aurinova;     

(b)          Provided by third party contractors: in this case, personal data is received from third parties, who act in partnership with Aurinova, as providers of enrichment services for information collected directly by Aurinova, provided that it is expressly authorized by Aurinova, sales brokers etc.;

(c)          Collected directly by Aurinova with the consent of the data subject: in this case, data is collected during the processes of contracting services and products, commercial processes, marketing campaigns etc.;

(d)          Collected from public databases: in this case, the data is made available by authorities (such as the Brazilian IRS, for example), financial institutions or credit reporting agencies or data made explicitly public by the data subject, for example, in websites or social networks, always protecting the fundamental rights and freedoms of the data subject that require the protection of Personal Data;

(e)          Collected automatically: in this case, information may be collected automatically, associated with personally identifiable information, by using technology tools such as cookies, which will be informed to the data subject.

It should be noted that anonymized data (data related to a person who cannot be identified, considering the use of reasonable and available technical means at the time of processing), will not be considered personal data, as it cannot be associated, either directly or indirectly, to an individual under the General Data Protection Law.

  1. What kind of data is collected:

The data collected in the context of the interactions mentioned in the previous chapter includes:

(a) Registration data: full name, CPF [Taxpayer ID], e-mail, telephone, addresses, marital status, nationality;

(b) Professional data: occupation and professional experience;

(c) Contractual data: full name, RG [ID card], CPF, CNH [driver’s license], e-mail, telephone, addresses, gender, marital status, place of birth, nationality, parents’names, spouse and dependents information, education, income information and bank details;

(d) Data collected automatically: IP Address, Original Logical Port, Device and Version, Geolocation, Records of dates and times of actions, Screens accessed, Session ID and Cookies.

(e) Contractual data of employees and their dependents: full name, CPF, e-mail, telephone, RG, CNH, addresses, place of birth, nationality, parents’ names, marital status, information about spouses and dependents, education, position, income, bank details, signature, PIS and CTPS numbers [Social Security information], military service status certificate, passport, emergency contact, ASO [fitness-to-work certificate], union membership, health data, ethnicity, FGTS [employee’s severance pay fund] and previous professional experiences.

It should be noted that Aurinova only collects the data necessary to carry out its business activity, which is why in the event that the data subject chooses not to provide some of such data, Aurinova may be unable to carry out transactions or provide its services, in whole or in part. We emphasize that the content made available by Aurinova is not aimed at children and adolescents, which is why Aurinova does not make an age assessment or purposely collect such personal data.

Furthermore, Aurinova's database is composed of the data collected in the manner specified in this Policy, and is its proprietary information. The use, access to and sharing of such database will be performed in accordance with the limitations described in this Policy and in the General Data Protection Law.

  1. Purpose of data collection:

When collecting data from Users, including personal data, Aurinova will act as Controller of Personal Data, as provided in the General Data Protection Law. Therefore, when the processing of personal data is carried out, the principles of the General Data Protection Law will be observed, namely: purpose limitation, adequacy, necessity, free access, accuracy, transparency, security, damage prevention, non-discrimination, responsibility and accountability.

The collected data may be processed for the following purposes:

(a) Compliance with Aurinova's legal or regulatory obligations;

(b) Fulfillment of Aurinova's legitimate interests or the interests of third party contractors hired by it, safeguarding the data subjects’ fundamental rights and freedoms that require the protection of their personal data;

(c) Responding to users requests, to enrich the experience and promote Aurinova products or services;

(d) Performance of contracts or necessary preliminary procedures to which the data subject is a party;

(e) Proper exercise of rights in judicial, administrative or arbitration proceedings;

(f) Preparation of studies and campaigns aimed at facilitating the offer of products and/or provision of services other than those originally contracted, evaluating the Users’ interest in contracting new services or purchasing products from new ventures;

(g) Fraud prevention;

(h) Provision of services to Users, inherent to the activities of Aurinova, its affiliates and subsidiaries;

(i) Customer relationship and supply of information on the contracted products and services.

  1. Sharing Data with third parties:

Aurinova reserves the right to share the data in the following cases:

(a) with the relevant judicial, administrative or governmental authorities, whenever there is a legal determination, request, requisition or court order;

(b) with the condominium management company that will provide the management and administration services of the project to which the data subject is a party;

(c) with real estate agents, when the purchase of the property is intermediated;

(d) with institutions responsible for collecting the debt resulting from the acquisition of the property;

(e) with real estate financing institutions;

(f) corporate transactions, such as mergers, acquisitions and consolidations;

(g) securitization of receivables.

If Aurinova uses data carriers, these companies will only be able to treat such data in accordance with the purposes set out in this Policy.

  1. User Rights:

Without prejudice to other rights provided for in this Policy, in compliance with the General Data Protection Law, in particular Article 18 of the aforementioned legal document, we inform that Users shall have the right to, at any time and upon request:

  1. a) confirm that their data is being processed;
  2. b) access their data, as well as to rectify any incomplete, inaccurate or outdated data;
  3. c) the anonymization, blocking or elimination of unnecessary, excessive data or data that is processed other than as provided in the General Data Protection Law;
  4. d) the portability of data to another service or product supplier, upon express request, in accordance with the regulations of the national authority, subject to trade and industrial secrets;
  5. e) eliminate personal data processed with their consent, except in the cases provided for in article 16 of the General Data Protection Law;
  6. f) obtain information from public and private entities with which Aurinova has shared data;
  7. g) obtain information about the possibility of not giving consent and about the consequences of the refusal;
  8. h) revoke their consent, at any time.

Users may exercise their rights listed above by sending an email to Aurinova's Data Protection Officer:

Name: Douglas Loreto

E-mail: dloreto@nexland.com.br

  1. Storage period

Aurinova will store Personal Data in its database for as long as its purposes last or for as long as it is necessary to fulfill its legal obligations or until Users ask it to delete their data from Aurinova's database, except when keeping such data is expressly authorized by law.

In addition, Aurinova reserves the right to keep the data registration history in order to comply with obligations related to auditing, security, fraud control, credit protection and preservation of rights to the extent determined or authorized by law or regulatory standards.

  1. Storage location

The collected data will be stored on Aurinova's servers located in Brazil, as well as in a remote environment or cloud servers (cloud computing).

  1. Communication with the Users

All communication between Aurinova and the Users, whether by email, SMS or any other electronic/digital form, will also be valid, effective and sufficient for the disclosure of any matter referring to the services provided by Aurinova, its affiliates and subsidiaries.

In case of any problems, Users may visit the Contact Us page available on Aurinova website or send an email to the Aurinova Data Protection Officer.

  1. Information Security

Aurinova is committed to adopting all appropriate security measures normally used by the market, aiming to avoid security incidents, such as alteration, disclosure or unauthorized destruction of information and data.

However, Users will be solely and exclusively responsible for the creation and storage of any password that may be required in Aurinova's digital environment, this password being personal and non-transferable. Users must use appropriate and safe means to access Aurinova's digital environment, and also adopt security measures related to internet browsing, including, but not limited to, the use of firewall and antivirus.

  1. Governing Law and Venue

This Policy is to be governed by and construed in accordance with Brazilian law, with the Courts of the Judicial District of São Paulo, State of São Paulo, being elected as the courts having competent jurisdiction to settle any disputes possibly arising from this Policy, to the exclusion of any other courts, however privileged they may be.