BIBLIOTECA DAS ROCHAS PRIVACY POLICY

1. INTRODUCTION TO OUR PRIVACY POLICY

BIBLIOTECA DAS ROCHAS, a private legal entity, registered under CNPJ: 61.562.995/0001-79, with address at Av. Mato Grosso, 1361, room II.A, CEP 79965-000, Centro, Itaquiraí/MS, is a specialized digital platform that revolutionizes the work of architecture, interior design, and ornamental rock sector professionals. Our technological solution offers a complete ecosystem with a specialized library of natural rocks, advanced 3D resources, project gallery, and detailed technical specifications, providing professionals with centralized access to high-quality information for optimizing their projects and specification processes.

This Privacy Policy ("Policy") demonstrates Biblioteca das Rochas' commitment to transparency, security, and respect for user privacy, ensuring that all data processing complies with the principles of good faith, purpose, adequacy, necessity, free access, data quality, transparency, security, prevention, non-discrimination, and accountability, in compliance with the General Data Protection Law (LGPD).

2. OBJECTIVE

This Privacy Policy aims to clarify, in a transparent and accessible manner, how Biblioteca das Rochas collects, processes, stores, uses, protects, and shares users' personal data, in full compliance with the General Data Protection Law (LGPD) and other applicable regulations.

Our fundamental commitment is to conduct all data processing activities with the highest standards of ethics, transparency, and security, ensuring the protection of data subjects' rights in all our relationships, whether with users, business partners, suppliers, or public agencies.

This Policy is a dynamic document that may be updated periodically to reflect improvements in our internal procedures, changes in current legislation, or evolution of our privacy practices. We recommend regular consultation of this section, with the most recent version always available on our platform.

3. DEFINITIONS

By valuing transparency and communication, we provide below a glossary with technical terms and concepts that may be addressed in this Policy, related to privacy and data protection:

  • Data Subject/User: natural person to whom the personal data subject to processing refers;
  • Personal Data: information related to an identified or identifiable natural person;
  • Sensitive Personal Data: data referring to racial/ethnic origin, religious conviction, political opinion, union affiliation, health-related data, sexual life, genetic or biometric data, when linked to a natural person;
  • Processing: any operation performed with personal data, such as those referring to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, elimination, evaluation or control of information, modification, communication, transfer, diffusion or extraction;
  • Anonymization: use of reasonable technical means available at the time of Processing, through which data loses the possibility of direct or indirect association with an individual.
  • Purpose: reason why personal data will be processed. The purpose must be legitimate, specific, explicit, and informed to the data subject;
  • Controller: natural or legal person, under public or private law, who is responsible for decisions regarding the processing of personal data;
  • Processor: natural or legal person, under public or private law, who performs the processing of personal data on behalf of the controller;
  • Data Protection Officer: person appointed by the controller and processor to act as a communication channel between the controller, data subjects, and the National Data Protection Authority (ANPD);
  • Cookies: small files sent by websites, saved on your devices, that store preferences and a few other information, with the purpose of personalizing your browsing according to your profile.
  • Database: structured set of personal data, established in one or several places, in electronic or physical support;
  • General Data Protection Law (LGPD): Law No. 13.709 of August 14, 2018, also known as the General Personal Data Protection Law, or LGPD, legally provides for the processing of personal data in Brazil, both by digital and physical means, by natural person or by legal entity under public or private law, with the objective of protecting the fundamental rights of freedom and privacy and the free development of the natural person's personality.

4. PERSONAL DATA PROVIDED

All personal data provided to Biblioteca das Rochas is processed with high security standards and only for the purposes described in this Policy.

4.1 User Registration on the Platform

Data collected:

  • Full name
  • Nationality
  • Email
  • State
  • Phone
  • Profession
  • How they learned about the platform

Purpose:

  • User registration and identification on the Platform
  • Internal user control and management
  • Sending promotional emails, newsletters, communications of interest
  • Identification of audience patterns and experience improvement
  • Statistical purposes (field: how they learned about the platform)
  • Fraud prevention and security guarantee

4.2. Publish Rocks

Data collected:

  • Full name
  • Email
  • Company
  • Phone

Purpose: Contact for clarification of strategic partnership programs aimed at displaying materials and their technical content on the platform.

4.3. Contact via Platform

Data collected:

  • Full name
  • Email
  • Message
  • Phone/WhatsApp

Purpose: Contact for clarification of doubts, suggestions, complaints, or other related matters.

5. DATA COLLECTED AUTOMATICALLY AND OTHER PURPOSES

The data listed in the previous table refers to those provided directly by the Personal Data Subject to Biblioteca das Rochas. However, some other personal data may be collected by the Company:

  • Device data (type/model, operating system, browser used, navigation language)
  • Navigation and analytics data (e.g., session duration, pages visited, access origin, Google Analytics or equivalent solution)
  • IP address
  • Log data
  • Cookies (see item 6)
  • Information provided via messaging systems (chat, WhatsApp, email)

Additional purposes:

  • Ensure performance, product/service improvement, security, and fraud prevention
  • Compliance with legal, regulatory, or contractual obligations
  • Respond to administrative/judicial authority requests
  • Billing process, invoice issuance, and financial monitoring
  • Development of institutional and advertising actions (never with sensitive data without express consent from the Data Subject)
  • Use of anonymized information for market research, statistics, and platform improvements.

6. USE OF COOKIES ON THE BIBLIOTECA DAS ROCHAS WEBSITE

Cookies are small text files sent by websites and stored on your device (computer, tablet, or smartphone) that contain information about your browsing and preferences, allowing the site to recognize your device on future visits. By accepting Cookies or using Biblioteca das Rochas website functions, you allow the Company to use cookies to monitor your use of the website or online platform. The Company uses cookies on its website for different purposes, as described below:

6.1. Necessary Cookies

Necessary cookies are essential for the functioning of the website or online platform, where you can navigate and access basic features of our site.

6.2. Functionality Cookies

These are cookies that allow the Company to personalize your features and preferences on the website. For example, we can store information about your geographic location in a cookie to always show a site localized for your specific area. We can also remember preferences such as text size, fonts, and other customizable elements of the site.

6.3. Advertising Cookies

Advertising cookies are capable of tracking the User's browsing history and mapping a profile based on their interests, and may also affect the content and messages that appear on other websites the User visits.

6.4. Third-Party Cookies

We use third-party service cookies for traffic analysis and user behavior, as well as digital marketing tools. These cookies are governed by the respective providers' privacy policies.

6.5 Control Your Cookie Options

The User is not required to accept cookie installation on their device and can block them, review previously granted permissions, or activate notifications when Cookies are sent to their device. The Data Subject can change cookie settings and management directly from their browsers, such as Firefox, Chrome, Safari, and Internet Explorer.

7. SHARING OF PERSONAL DATA

Your data is processed for the purposes described in this document. In this sense, we never commercialize or share your personal data for profit or economic purposes.

Data will be shared only when indispensable for the legitimate and specific purposes below:

  • Service operationalization: With business partners, service providers, or suppliers, all obligated to confidentiality and observance of LGPD;
  • Advertising partners: May forward communications about launches, institutional materials, promotions, events, or surveys, never with sensitive or financial data without consent;
  • Social networks: The user's name may, eventually, be disclosed only for legitimate advertising purposes, and never sensitive data, which will require consent. The User may request removal at any time;
  • Legal authorities: To comply with court orders, administrative requirements, tax/accounting obligations, or regular exercise of rights in administrative/judicial processes;
  • Professional consulting: Auditors, lawyers, banking and accounting services, always under confidentiality clauses.

International transfers: If there is a need for storage on foreign servers, we will ensure protection safeguards compatible with national legislation.

It should be noted that Biblioteca das Rochas may share Data Subjects' Personal Data to provide and operationalize services and achieve a legitimate and specific purpose, such as disclosure to the platform's advertising partners, who, in turn, may forward emails, launch communications, institutional material, promotions, event invitations, interest surveys, among others to the User, as Biblioteca das Rochas has no responsibility regarding the eventual disclosure of such information by third parties.

Biblioteca das Rochas may also disclose, on its social networks, the User's name for advertising purposes. However, Users' sensitive data will be kept confidential and will not be disclosed on any platform without the express consent of the data subject.

We will take all available market measures and within our reach to ensure that all information security standards are observed and that processing is carried out with strict observance of the purposes described here.

8. THIRD-PARTY LINKS

The platform may contain links, integrations, or connections with websites, applications, content, or services offered by third parties, whose privacy practices are the exclusive responsibility of these third parties.

We recommend that the User carefully read the respective policies before providing any personal data in external environments. Biblioteca das Rochas is not responsible for the policies, practices, or content of these sites, which follow their own and independent rules.

9. STORAGE AND SECURITY OF PERSONAL DATA

Personal information and other collected data will remain under our custody exclusively for the time necessary to meet the specific purposes of processing or as established by applicable legal and contractual obligations. After this period, we will proceed with the secure and definitive elimination of the data, following appropriate technical protocols.

Legal Exceptions for Retention: As provided for in the General Data Protection Law (LGPD), Biblioteca das Rochas may maintain certain personal information beyond the standard retention period or even after a deletion request, exclusively in the following cases: a) Compliance with Legal Obligations: When there is a legal, regulatory, or normative determination that requires maintaining data for a specific period, ensuring compliance with competent authorities; b) Internal Use with Anonymized Data: For specific internal purposes, provided that the data is previously anonymized, making identification of the data subject impossible, and with absolute prohibition of access by external third parties to the organization.

All personal data and information provided to Biblioteca das Rochas are processed following rigorous security protocols, ensuring protection against destruction, loss, unauthorized modification, or improper disclosure.

To ensure the integrity and confidentiality of information, the Company implements multiple security measures in compliance with current legislation and industry best practices:

  • Internal Access Control: Biblioteca das Rochas restricts access to information exclusively to authorized employees, following the principle of need-to-know for the performance of their functions. We maintain robust protection systems against unauthorized access to our digital systems, corporate directories, and IT infrastructure.
  • Physical Environment Security: We implement physical security controls to protect facilities where personal data is stored, including monitoring systems, access control, and protection against unauthorized intrusions.
  • Partner and Supplier Management: We require all business partners and service providers, including data storage and processing providers, to demonstrate full compliance with the General Data Protection Law (LGPD) and maintain absolute confidentiality about personal information they may have access to during service provision.

10. USER RIGHTS (DATA SUBJECT)

The User may, at any time, by contacting the Data Protection Officer, exercise their rights provided for in the LGPD:

  • Confirmation of the existence of processing;
  • Access to personal data;
  • Correction of incomplete, inaccurate, or outdated data;
  • Anonymization, blocking, or elimination of unnecessary or non-compliant data;
  • Data portability (respecting commercial/industrial secrecy and ANPD regulation);
  • Elimination of data processed by consent (except legal maintenance);
  • Information about data sharing;
  • Information about the possibility of denying consent and the consequences of refusal;
  • Revocation of consent;
  • Right to petition the National Data Protection Authority in case of non-resolution of the administrative demand.

11. USE BY MINORS

The Biblioteca das Rochas platform is intended for users over 18 years of age. If inadvertent processing of personal data of minors without parental consent is identified, we will take the necessary measures for immediate elimination of this information.

12. PRIVACY POLICY UPDATES

This Policy may be changed or updated at any time to reflect our practices, improvements, or legislative changes.

Whenever there are relevant changes, users will be notified through official channels (e.g., registered email or site alert). We recommend periodic reading of this Policy, the most recent version of which will always be available on the platform.

Continued use of the platform after changes will be interpreted as full agreement to the new version of the Policy.

13. CONTACT OUR DATA PROTECTION OFFICER

In case of doubts, requests, complaints, or exercise of rights provided for in this Policy and the LGPD, contact our Data Protection Officer (DPO):

Isabelle Mariane Kopper

Email: suporte@bibliotecadasrochas.com.br