DATA PRIVACY POLICY
FGZ Fogazza -CNPJ: 24.924.574/0001-14, a private legal entity registered under CNPJ No. 24.924.574/0001-14, establishes this policy considering that:
- One of FGZ's core values is the preservation of user privacy, as well as the security and protection of their personal data;
- Personal data includes all information that identifies or can somehow identify a person;
- With the advent of the LGPD – General Data Protection Law, which, among other regulations, requires absolute transparency regarding the processing of natural persons' data;
- There is a need to make explicit to the user how FGZ handles the data of natural persons;
Thus, the rules of this policy are expressly established as follows.
## I – PERSONAL DATA AND THE FORM OF ITS COLLECTION
The types of personal data and the manner in which they are collected depend on the user's interaction with the FGZ virtual store and/or, eventually, the application. Therefore, it is established that:
a. The user is fully responsible for the accuracy of the personal data provided to FGZ.
b. Any damage or eventual loss resulting from the inclusion/registration of false, incorrect, or outdated information will be the sole and exclusive responsibility of the user.
c. Some data is collected through registration done by the user in stores that integrate ShopCouture.
d. Other data is collected automatically through cookies, as elucidated in item III below.
## II – TYPES OF PERSONAL DATA COLLECTED
The personal data collected on the FGZ platform through user registration includes: full name, email address, gender (male/female), date of birth, phone number, complete address, and password.
In addition to the data described above, the following are also collected: IP (with date and time), IP origin, access device characteristics, information on clicks, pages accessed on FGZ, and searches conducted after leaving the virtual store.
Sole Paragraph: In honor of the Principles of Purpose and Adequacy, raised by the LGPD – General Data Protection Law, the personal data collected via registration performed by the user are the minimum necessary for FGZ's activity development, without which the virtual store's operations would become operationally unfeasible.
## III – SHARING PERSONAL DATA WITH THIRD PARTIES
Due to the nature of its business activity, FGZ may share users' personal data with third parties, including our suppliers, partners, social networks, and public authorities.
These third parties must comply with the principles of proportionality, necessity, and purpose and meet the security standards established by FGZ, within the state-of-the-art possible at the time, concerning secrecy and confidentiality protection, using encryption methods, secure connection, and other available information technology practices, including anonymization of the user if applicable.
Sole Paragraph: FGZ uses cookies to recognize a constant visitor and improve their browsing and shopping experience. Cookies are small data files transferred from a website to the computer's hard drive and do not store other personal data. Throughout this process, FGZ treats the information with the secrecy described in this policy, emphasizing that these data/cookies are collected automatically.
## IV – TRANSFER OF PERSONAL DATA TO OTHER COUNTRIES
FGZ is headquartered in Brazil, at the address described in the preamble of this policy, and primarily serves individuals residing and/or domiciled in Brazil, thus applying Brazilian data protection legislation.
However, users' personal data may be stored outside the national territory through cloud computing services.
These transfers are made only to companies compliant with applicable laws and maintaining a level of compliance similar to or stricter than that provided by Brazilian legislation.
## V – STORAGE AND DELETION OF PERSONAL DATA
The personal data collected by FGZ are stored only for the time necessary to execute the purposes for which they were collected, observing the limits established in this policy and/or in the service contract.
The user may, at any time and without any need for justification, request the total or partial deletion, updating, correction, confirmation of existence, or anonymization of their personal data provided to FGZ, under the terms of item VI - Rights of Personal Data Holders, in this draft and policy.
However, FGZ may retain personal data if necessary to fulfill a legal, regulatory, or contractual obligation.
## VI – RIGHTS OF PERSONAL DATA HOLDERS
The user may request, at any time, regardless of any justification or motivation: a) the display of their data registered with FGZ; b) the correction or updating of such data; c) the confirmation of the existence of the data; d) anonymization, when possible; e) limitation of use; f) total or partial deletion of the data; g) revocation of any consent granted.
Any of the user's rights mentioned above can be effectuated by a simple request addressed to FGZ's email, available in this policy.
Finally, the user must be aware that, depending on their request, certain functionalities of the virtual store or even its use may no longer be available to them.
## VII – DATA PROTECTION MECHANISMS ESTABLISHED BY FGZ
Aiming primarily at the security, privacy, confidentiality, and protection of users' personal data, FGZ uses the following data protection mechanisms:
a. Server with recognized security standards in the information technology market;
b. Information security tools;
c. Confidentiality commitment and training of our employees.
## VIII – REDIRECTION TO THIRD-PARTY PLATFORMS
While browsing the FGZ virtual store, the user may be redirected, via link, to our social networks, blogs, or third-party platforms, which may also collect their personal data and have their own data privacy policy.
It is the user's responsibility to read and understand the privacy policy of such social networks, blogs, or platforms unrelated to FGZ, being their entire responsibility and convenience to accept or reject it.
## IX – BASIC SECURITY RECOMMENDATIONS FOR USERS
Basic security recommendations include and therefore the user must:
a. Keep their "username" and "password" secure and confidential, which are personal and non-transferable, never sharing their access data with strangers, being solely responsible for such control.
b. Prohibit unauthorized access to their access account and device (computer, mobile phone, tablet).
c. Change their passwords periodically, at least every 60 days, choosing passwords with at least 8 characters, alternating uppercase and lowercase letters, numbers, and other characters.
d. Only disclose their personal data on known and market-referenced sites with transparent personal data management policies.
e. Ensure they are in a secure environment, identified by the "https" acronym, as is the case on the FGZ website.
f. Always click the "logout" button when they are no longer browsing the site.
First Paragraph: FGZ is not responsible for security failures on the user's personal device. Likewise, FGZ is not responsible for failures arising from internet service unavailability, viruses, spyware, etc.
Second Paragraph: Credit card numbers should not be shared. In the FGZ virtual store, the user will always be directed to the environment related to the chosen payment method, which will manage the data regarding the payment, so FGZ will never store or manage such data.
Third Paragraph: FGZ does not request the user's password by phone, email, or any other means, nor does it request the installation of any programs/software.
## X – SENDING COMMUNICATIONS AND MESSAGES TO USERS
FGZ may send communications and advertising messages to registered users, at periodicity as convenient, using all available means, such as email, WhatsApp, SMS, direct mail, among others.
Sole Paragraph: Communications, offer notices, and advertising messages will necessarily include an option for the user to cancel receiving that type of message from FGZ, thus allowing the user to cease such communications.
## XI – USER CONSENT
Under the LGPD – General Data Protection Law, user consent may be required for the processing of their personal data, which may be revoked at any time by the user, if they so wish.
Sole Paragraph: Such consent may, if applicable, be collected through a physical or digital form, at FGZ's discretion, as long as it contains all the necessary information required by law in clear and understandable language for the user.
## XII – POSSIBLE DATA BREACH AND/OR DATABASE INVASION
As highlighted in item VII of this policy, FGZ uses recognized technological resources and devices aiming at users' data security and protection. However, in the event of any data breach and/or unauthorized capture of data by third parties, FGZ will:
a. Notify all users whose data has potentially been leaked or improperly captured by third parties, informing them of the types of data involved, as soon as it becomes aware and by all available registration means (email, messages, SMS, etc.).
b. Notify, if applicable, the regulatory agency responsible for data processing in the country.
c. Take all possible legal measures to cease and/or mitigate the consequences of such an episode.
d. Take all possible technological and computational measures to cease and/or mitigate the eventual damages of such an episode.
Sole Paragraph: It is the user's responsibility to immediately inform FGZ of any fact, indication, or suspicion of any such episode, so that its veracity can be verified and the harmful event potentially avoided.
## XIII – FGZ ACCESS CHANNEL
FGZ users can contact and express themselves (doubt, complaint, suggestion, request, etc.) through the email address patricia@couturetradingco.com.
This same channel and email address are established for the user to exercise any of their rights related to the management and processing of their personal data, as expressed in this privacy policy.
## XIV – GENERAL PROVISIONS
The general provisions of this privacy policy are:
a. FGZ reserves the right to change this policy at any time and without any notice, and it is the user's responsibility to check it whenever accessing the site or application.
b. If the