WHAT DATA DO WE COLLECT ABOUT YOU AND FOR WHAT PURPOSE? 

We collect data from different types of Data Subjects (Individuals), which may include:

• Users of the VOLL Platform.
• Employees of VOLL Mobility. 

For data subjects categorized as VOLL employees, we collect personal data to effectuate their hiring and comply with current labor and tax laws in Brazil.

For data subjects categorized as Users, our platform collects and uses certain personal data to enable service provision and enhance user experience. The first collection method occurs when the personal data of Users is submitted at the time of registration by the Client Company for their employees and staff as users within the VOLL Platform. This registration may be for the use of the Mobility, Travel, or both products. For each product, we may collect different personal data, with more or less information being collected. When registering in our system, depending on the appropriate product, you may be asked to enter your name, email address, phone number, or other details to assist with your experience.

If your product is Travel, we will collect personal identification data such as CPF (Brazilian Identification Number) or Passport to comply with the rules set by the National Regulator ANAC. We may use the information collected when you register, respond to a survey or marketing communication, browse our website, or use certain features of the platform in the following ways:

• To personalize your experience and allow us to deliver the type of content and product offers you're most interested in.
• To improve customer support responses.
• To process your transactions promptly.
• To request ratings and reviews for services or products.
• To follow up after correspondence (live chat, email, or phone call). 

Personal Data Provided by the Data Subject

• Full name.
• Date of birth¹;
• CPF¹;
• Corporate email address. Used in the login process on the platform.
• Phone number. Used to enable mobility features. 

¹ Optional for mobility products and mandatory for travel products by order of the National Regulator ANAC

Personal Data Collected Automatically

• Geographical location (Mobility Product)
• IMEI (International Mobile Equipment Identity) number of the mobile device used to access the site and/or app.
• Information about the date and time of use of the site and/or app by a particular user from a specific IP address.
• Information on the number of clicks and attempts to use the site and/or app, as well as pages accessed by the user.

Purposes

• Execution of the employment contract between VOLL and its employees.
• Execution of the contract between VOLL and the company or organization where you work.
• Legal exercise of VOLL’s rights, including in contracts, processes, or compliance with obligations arising from law.
• Enhancing the user experience on our platform.
• Correct user registration and identification.
• Preventing fraud, illicit activities, misuse, or taking measures to ensure the security of users, partners, or third parties.
• Complying with requests from authorities as per legislation. 

HOW DO WE COLLECT YOUR DATA?

Your personal data is collected in the following ways: we receive your registration securely through the company you work for, and we also collect your information when you register (or are registered) in our system, make a request, fill out a form, or input information on our sites and/or apps.

Consent

When we process your data for purposes not described in the above (section 3), such as for a specific marketing action, we will request your consent. It is from your consent that we process your personal data. Consent is the free, informed, and unequivocal manifestation by which you authorize VOLL to process your data. As per the General Data Protection Law (LGPD), your data will only be collected, processed, and stored with prior and explicit consent.

Your consent will be specifically obtained for each purpose that doesn't fall within those described in section 3, reflecting VOLL’s commitment to transparency and good faith towards users/clients, in compliance with applicable legal regulations. By using VOLL’s services and providing your personal data, you acknowledge and consent to the provisions of this Privacy Policy, as well as being aware of your rights and how to exercise them. At any time, and at no cost, you can revoke your consent. It is important to note that revoking consent for data processing may hinder the proper performance of some platform features that depend on such processing. Such consequences will be communicated in advance. 

WHAT ARE YOUR RIGHTS?

VOLL guarantees users/clients their rights as data subjects, as outlined in Article 18 of the General Data Protection Law (LGPD in Brazil). Therefore, you can, free of charge and at any time: 

• Confirm the existence of data processing in a simplified or clear and complete format.
• Access your data, requesting a readable copy either in printed or electronic form.
• Correct your data, requesting edits, corrections, or updates.
• Limit your data when it is unnecessary, excessive, or processed in non-compliance with the law through anonymization, blocking, or deletion.
• Request data portability through a report of the personal data VOLL processes regarding you.
• Delete your data processed with your consent, except as otherwise stipulated by law.
• Revoke your consent, thus disallowing further processing of your data.
• Be informed about the possibility of not providing your consent and the consequences of denial. 

HOW CAN YOU EXERCISE YOUR DATA SUBJECT RIGHTS?

To exercise your data subject rights, please contact VOLL through the following available means: 

• Email: lgpd@govoll.com
• Portal: https://portal.dpodigital.com.br/govoll

To ensure the proper identification of you as the data subject, we may request documents or other proofs that verify your identity. You will be informed in advance if such documentation is required. 

HOW AND FOR HOW LONG WILL YOUR DATA BE STORED? 

The personal data collected by VOLL will be used and stored for as long as necessary to provide the service or until the purposes listed in this Privacy Policy are achieved, considering the rights of data subjects and controllers. 

In general, your data will be kept as long as the contractual relationship between your company and VOLL lasts, or at your company’s request. After the contract between your company and VOLL ends, your data will be deleted within a maximum of 90 days or anonymized, except for cases explicitly defined in Article 16 of the LGPD, such as: 

• Compliance with a legal or regulatory obligation by the controller.
• Transfer to third parties, subject to the requirements of the data processing provisions in this Law.
• Use exclusively by the controller, prohibited from third-party access, and anonymized data. 

Personal information that is essential to comply with legal, judicial, and administrative requirements and/or for exercising the right of defense in legal and administrative processes will be retained, despite the deletion of other data.

Data subjects may request the deletion of their data at any time. VOLL may retain user data even after a deletion request, due to legal, regulatory, or other reasons stated in this policy. This means that data from different categories may be kept for different periods, depending on the type of data, the data subject category, and the collection purpose.

The storage of the data collected by VOLL reflects our commitment to the security and privacy of your data. We employ technical and organizational protection measures to ensure the confidentiality, integrity, and inviolability of your data. Furthermore, we apply appropriate security measures based on risks, with access control to the stored information. 

WHAT DO WE DO TO KEEP YOUR DATA SECURE? 

To keep your personal information secure, we use physical, electronic, and managerial tools aimed at protecting your privacy. Our system is regularly checked for security vulnerabilities and weaknesses to make your access as secure as possible. We apply these tools considering the nature of the personal data collected, the context and purpose of processing, and the risks that any violations could pose to the rights and freedoms of data subjects.

Among the measures we take, we highlight the following: 

• Only authorized individuals have access to your personal data.
• Access to your personal data is granted only after a confidentiality commitment, and all actions are audited.
• Your personal data is stored in a secure, encrypted, and trustworthy environment.

VOLL commits to adopting best practices to prevent security incidents. However, it’s important to highlight that no technological resource is completely secure and free of risks. It is possible that, despite all our security protocols, issues may arise due to third-party actions, such as cyberattacks, or due to negligence or recklessness on the part of the user/client.

In the event of a security incident that may result in significant risk or damage to you or any of our users/clients, we will notify the affected parties and the National Data Protection Authority about the occurrence, in accordance with the provisions of the LGPD. 

WITH WHOM MAY YOUR DATA BE SHARED? 

In light of preserving your privacy, VOLL will not share your personal data with unauthorized third parties. Only with our business partners, as part of our business strategy, we will not share what they are in this policy. This data can be requested via email from our DPO. These partners will receive your data only to the extent necessary to provide the contracted services, and our contracts are guided by the data protection laws of the Brazilian legal system. However, our partners have their own Privacy Policies, which may differ from ours. We recommend reading those documents on their respective websites.

VOLL adopts a transparent and responsible approach to sharing your personal information. The following points are highlighted: 

Sharing with Business Partners

Your data is shared only with our business partners, aligned with our business strategy. The identity of these partners can be requested from our DPO, along with how they process your data. 

Legal and Contractual Guidance

Our partners receive your data as necessary to ensure the performance of the contractual obligations of the services and products we provide. 
International Transfers: Data may be shared with partners located in different countries, as long as the transfer complies with current data protection laws. 

•  Legal determination, request, or court order.
• Corporate movements, such as merger, acquisition, and incorporation.
• Protection of VOLL's rights in conflicts, including legal matters.
• Execution of public policies.
• Conducting studies by research bodies, with guaranteed anonymization of sensitive data.
• Protection of life, physical security, and health care.
• Ensuring security and fraud prevention, respecting the right to information and transparency.
• Credit protection, as per applicable legislation.

International Data Transfer

To fulfill our contractual obligations and offer effective services, it may be necessary to share your data with third parties located in foreign countries. We recognize that, under these conditions, your personal data will be subject to the General Data Protection Law and other Brazilian data protection legislation. We commit to adopting rigorous cybersecurity and data protection standards to ensure the integrity and confidentiality of your information. By agreeing to this Privacy Policy, you are aware of and consent to the international transfer of your data, subject to applicable legal guarantees. This transfer will be carried out according to the purposes described in this instrument, always seeking to maintain the security and privacy of your data.

COOKIES OR BROWSING DATA

VOLL uses Cookies, which are text files sent by the platform to your computer and stored on it, containing information related to website navigation. Cookies are used to enhance the user experience. By accessing our site and consenting to the use of Cookies, you acknowledge and accept the use of a navigation data collection system using Cookies on your device.

You can, at any time and at no cost, change permissions, block or refuse Cookies. However, revoking consent for certain Cookies may prevent the correct functioning of some platform features. To manage your browser's cookies, simply do so directly in the browser settings, in the Cookie management area. You can access tutorials on the subject directly through the links below:

• Internet Explorer / Edge: Microsoft Edge Privacy
• Firefox: Protect your privacy on Firefox
• Safari: Safari User Guide
• Google Chrome: Google Chrome Cookies Policy
• Opera: Opera Privacy and Cookies

CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time, mainly due to the adaptation to any changes made to our site or in the legislative scope. We recommend that you review it frequently. Any changes will take effect from their publication on our site, and we will always notify you about the changes that have occurred. By using our services and providing your personal data after such modifications, you consent to them.

RESPONSIBILITY

VOLL provides for the responsibility of agents who act in data processing processes, in accordance with articles 42 to 45 of the General Data Protection Law. We are committed to keeping this Privacy Policy updated, observing its provisions and ensuring its compliance. Furthermore, we also assume the commitment to seek technical and organizational conditions surely capable of protecting the entire data processing process.

If the National Data Protection Authority requires the adoption of measures regarding the data processing carried out by VOLL, we commit to following them.

Disclaimer

As mentioned previously, although we adopt high security standards to avoid incidents, there is no virtual page entirely free of risks. In this sense, VOLL is not responsible for:

1. Any consequences resulting from negligence, imprudence, or malpractice of users in relation to their individual data. We guarantee and take responsibility only for the security of data processing processes and compliance with the purposes described in this instrument.
2. Malicious actions by third parties, such as hacker attacks, except if proven culpable or deliberate conduct by VOLL. We emphasize that in case of security incidents that may generate relevant risk or damage to you or any of our users/clients, we will communicate to those affected and to the National Data Protection Authority about the occurrence and we will comply with the necessary measures.
3. Untruthfulness of information entered by the user/client in the records necessary for the use of VOLL's services; any consequences resulting from false information or entered in bad faith are entirely the responsibility of the user/client.

DATA PROTECTION OFFICER

VOLL provides the following means for you to contact us to exercise your rights as a data subject:

• Data Protection Officer Contact: Compliance for Business Serviços de Consultoria em GRC LTDA
• Responsible: Lucas K. Froehlich / E-mail: lgpd@govoll.com / Telephone: +55 (51) 2117-1877
• Data Subject Portal: Portal DPO.

REVISION HISTORY

The following table presents the revision history of this Privacy Policy: