This Privacy and Personal Data Protection Policy ("Policy") describes how WEME LTDA., hereinafter referred to as "WEME", "Company" or simply "We", treats your personal data. The word "You" is used in this Policy as a reference to any natural person who has their personal data processed by WEME, for example: customers, potential customers, users of our website, volunteers in our projects, representatives of the Company's business partners, candidates in recruitment processes, visitors to our company, among others. We ask that you carefully read the information below, as they explain how we handle your personal data from collection to elimination, and also how they will be protected and stored during this period. WEME values transparency and seeks to always act in accordance with applicable legislation, respecting your fundamental rights.

1. DEFINITIONS

1.1 Before we inform you how we handle your personal data, below we define some terms used in this Policy so that, in case of doubts, you can consult their meaning:a) "LGPD": Law nº 13.709/2018 – the General Data Protection Law, as well as the regulations and guidelines of the ANPD;b) "Personal Data", "Personal Data", "Data" or "Data": all and any information related to an identified or identifiable natural person. An identifiable natural person is someone who can be identified, directly or indirectly, mainly, but not limited to, by reference to a unique identifier such as name, identification document number, locational data, electronic identifier or one or more specific factors to the physical, psychological, genetic, mental, economic, ideological, cultural or social identity of the natural person;c) "Processing": all and any operation or set of operations which are performed on a Personal Data or on a set of Personal Data, by automated means or not, such as consultation, collection, recording, cataloging or organization, structuring, adaptation or alteration, production, reproduction, reception, classification, use, access, processing, archiving, storage, evaluation or control of information, modification, communication, transfer, diffusion, transmission, distribution, dissemination or any form that makes available, alignment, combination, restriction, elimination or destruction;d) "Holder" or "Holders": natural person to whom the Personal Data that are the object of Processing refer. e) "ANPD": National Data Protection Authority, a public administration body responsible for overseeing, implementing and monitoring compliance with this Law throughout the national territory; f) "Security Incident": means (i) the use of Personal Data for purposes other than those informed to their Holders; (ii) unauthorized access to Personal Data; (iii) the submission of Personal Data to accidental or illegal situations of destruction, loss, alteration or communication; or (d) any other form of inappropriate or illegal Processing of Personal Data.

- 2. WHAT PERSONAL DATA DO WE COLLECT AND FOR WHAT PURPOSE?

2.1 USE OF THE SITE.

When browsing our website, we may request basic information that identifies you as an individual. This occurs when you voluntarily fill out the available contact forms, such as:

a) WEME NEWS: when you want to receive emails with news and content brought by us, we need you to provide us with your full name and email (preferably the corporate one);

b) TALK TO US: we provide an environment for you to contact us and learn more about our Company or request help with various topics, such as project management, training and capacity building, sending partnership invitations, among other means that can add to your business. To have this chat, we need you to provide us with some of your Personal Data. They are: full name, corporate email, the name of your company and the position you hold, as well as your cell phone number (optional).

c) WEME TALKS: You can register to participate in events promoted by WEME, in which we bring exclusive content that aims to help you achieve tangible results for your organization. To make your registration, we request the following Data: full name, corporate email and the company where You work.

d) CONVERSATIONS: on our website, we also allow you to contact us directly through a chat. Initially, we only ask for your name and email, so that we can contact you later, and details on how we can help you. We do not request any other specific Personal Data, but it may be that, in providing us with more details or sending files, You share some Data. For this reason, we recommend that you provide us only with the Personal Data strictly necessary for us to assist you, and that we will keep all of them protected and access restricted only to the professionals who will assist you.

2.1.2 INFORMATION COLLECTED AUTOMATICALLY

In addition to the information provided by you through contact forms, we also collect some information automatically:

a) usage information: we collect information about usage, such as visit duration and pages visited. The collected information reflects the actions taken during navigation on our website and are important both for improvements and for mapping possible errors;

b) location information: we collect information about your approximate location through your device's IP address. This data is used for analysis of how many people access our website by region;

c) technical information: we collect information like traffic origin, the type of browser you are using and the reference source. We collect this information so that we can analyze problems that are found and correct errors in a more appropriate way.

2.1.3. COOKIES

On our website, we can also collect Personal Data through "Cookies", which are small pieces of text or pieces of code that have as main objectives the control of traffic, identification of users and their usage sessions, in addition to the tracking and recording of activities on the website. These technologies help you connect to our services, remember settings and preferences, as well as maintain the security of information. Although most browsers and devices accept Cookies and other collection technologies as standard, our settings allow you to clear or refuse Cookies. It is valid to point out that, if Cookies are deactivated, some features of our website may not be available or function properly.

2.2. PARTICIPATION IN RECRUITMENT PROCESS.

When you apply for a recruitment process, we will have access to your Personal Data. As a good practice, we request the filling in of the minimum Personal Data to identify the position you intend to occupy and possibly contact you; being them: name, email, Linkedin URL (optional), jobs or positions of interest, salary expectation, link of a portfolio or website (optional) and telephone number. In addition, we provide the possibility for you to attach a file containing your resume and send us a message to tell us about yourself or what you are looking for professionally. We recommend that only the Personal Data strictly necessary for verification of your professional qualifications and compatibility with the vacancy be inserted in your comment or in the resume to be attached, being that, if additional information is needed, we will ask you the necessary questions at an opportune moment. We emphasize that only the forms or resumes in digital format sent through the address https://share.hsforms.com/12ryr87kvQfWlutKwCOcBhQc1aef will be analyzed. Therefore, resumes sent to WEME by other means will be deleted without their analysis being carried out.

2.2 PARTICIPATION IN OUR PROJECTS. For the development of some projects, we count on the participation of volunteers who help us understand the main aspects of our clients' market. Before your participation in any stage of the project, especially interviews, volunteers are properly advised about the purpose, form and duration of the Processing of their Personal Data through contractual instruments.

3. HOW DO WE TREAT THE PERSONAL DATA OF CHILDREN AND ADOLESCENTS?

3.2. WEME assumes the commitment that the Personal Data of children and adolescents will always be treated according to their best interest. If we carry out the Processing of Personal Data of children, that is, of people up to twelve years old, we will collect the consent of at least one of the parents or legal guardian, as in Article 7th, I, c/c Article 14, §1º of the LGPD.

4. ON WHICH LEGAL BASES DO WE RELY TO CARRY OUT THE PROCESSING OF YOUR PERSONAL DATA?

4.2 USE OF THE SITE. For the Processing of Personal Data collected due to the access that You make to our site we base ourselves on the hypothesis brought by Article 7th, IX, of the LGPD, that is, to meet the legitimate interests of the controller (We), so that we can carry out our activities as close as possible to our clients and other third parties. Similarly, we base ourselves on the legitimate interest to access it when You provide us spontaneously with your Personal Data by filling out one of the forms available on our website, as established in item 2.1. of this Policy.

4.3 PARTICIPATION IN RECRUITMENT PROCESS. For the Processing of your Personal Data for recruitment and selection purposes, we base ourselves on the hypothesis brought by Article 7th, V, of the LGPD, considering that the analysis of the Data present in the resume is a preliminary procedure related to the employment contract of which You, as Holder, have an interest in being part when you send us your resume, as well as on the hypothesis brought by Article 7th, IX c/c Article 10, II, of the LGPD, that is, to meet the legitimate interests of the controller (We) in filling a job vacancy, always in accordance with the expectation of the holder (You) to participate in the selection process.

4.4 VISIT TO OUR FACILITIES. For the Processing of your Personal Data for purposes of access control to our facilities and due to the monitoring of the environment by video surveillance we base ourselves on the hypothesis brought by Article 7th, IX, of the LGPD, that is, in our legitimate interest in promoting the security of our environment and property, and by Article 11, g of the LGPD, that is, for the guarantee of fraud prevention and the security of the holder, in the processes of identification and authentication of registration in electronic systems.

4.5 PARTICIPATION IN OUR PROJECTS. For the Processing of your Data for purposes of participation as a volunteer in our projects, we base ourselves on your consent, hypothesis provided for in art. 11, I, of the LGPD. For this, we provide a term in which You can identify the specific purposes for which we carry out the Processing of your Personal Data and Sensitive Personal Data, as well as all your rights as a holder, including reviewing or revoking your consent at any time.

5. FOR HOW LONG WILL THE PERSONAL DATA BE STORED?

5.2 USE OF THE SITE.

According to our internal rules regarding the protection of Personal Data, the Data captured through cookies due to the access that You make to our website will be stored as stipulated in item 2.1.3. above. For cases where you provide us with your Data by filling out the available forms, your Personal Data will continue to be stored as long as You allow, and you can obtain more information or object at any time to the Processing carried out through the channel https://lp.weme.com.br/requisicao-de-dados-pessoais

5.3 PARTICIPATION IN RECRUITMENT PROCESS. According to our internal rules regarding the protection of Personal Data, resumes sent through our website will be stored for a period of 24 months, counted from the date of sending the information.

5.4 PARTICIPATION IN OUR PROJECTS. The Data collected for your participation as a volunteer in one of our projects will be stored as stipulated in the Consent Form that you sign, subject to your right to revoke consent at any time, which will result in the deletion of this Data.

5.5 HOW DO WE STORE YOUR INFORMATION?

The Personal Data collected will be stored in cloud service providers provided by Google Cloud Platform, which are concerned with privacy and comply with all requirements established in the LGPD for the international transfer of Data. It is important to note that, occasionally, some Data may be kept by WEME for the purpose of complying with legal obligations or for the regular exercise of rights in judicial or extrajudicial proceedings.

6. WHEN, HOW AND WHY DO WE SHARE YOUR PERSONAL DATA WITH THIRD PARTIES?

6.2. The sharing of information will occur only in the circumstances outlined below:

a) employees and contractors: information about You may be shared with our employees and our contractors who need this access to assist in the development of contracted projects. We ensure good information security practices, such as awareness and controls so that our employees and contractors follow this Policy and our internal policies;

b) third parties: we may share information about You with third parties so that they can assist us in the development of WEME projects or provide us with contracted services. Example: cloud providers, platform for user behavior analysis, volunteer recruitment companies for projects, among others;

c) legal obligations/judicial or extrajudicial processes: we may share information about You to comply with a legal obligation or to exercise regular rights in a judicial or extrajudicial process;

d) anonymized data: we may share information that has been anonymized, that is, information that, by reasonable means, cannot be used to identify You as an individual. Example: we may use statistical data in the final reports of the projects in which You have participated as a volunteer. In this sense, we emphasize that, under the terms of article 12 of the LGDP, anonymized data do not constitute personal data, since they lose the ability to identify and/or associate, directly or indirectly, with a natural person.

6.3. WEME requires all third parties with whom it shares Personal Data to adopt security measures, technical and administrative measures capable of protecting your Personal Data from the occurrence of security incidents, as well as maintaining the confidentiality of the information and Personal Data shared, committing that these Data are used exclusively for the purposes expressly permitted by WEME and/or applicable legislation.

6.4. It is worth noting that WEME is committed to protecting Personal Data, always acting in accordance with applicable legislation and its interests, in a clear and transparent manner. We do not sell or trade your personal information under any circumstances.

7. END OF TREATMENT

7.2 The Personal Data processed by WEME will remain under its care for the period necessary to carry out the proposed Treatment and compliance with the purpose informed to the holders, as well as during the retention periods required by applicable legislation, as indicated in this Policy.

7.3 The Personal Data that is no longer necessary for the activities carried out by WEME, either due to the fulfillment of the purpose or legislation, will be deleted from the databases of WEME or will be anonymized, at the discretion of the Company.

7.4 If the Personal Data is treated by the manifestation of consent by the holder, the holder may, by express manifestation to be sent through the email address LGPD@WEME.NU, revoke the consent provided, which will result in the interruption of treatment within 15 (fifteen) days, counted from the receipt of the request by WEME in this sense.

8. WHAT ARE YOUR RIGHTS AS A HOLDER OF PERSONAL DATA?

We guarantee your fundamental rights to freedom, intimacy, and privacy. Therefore, through the email address LGPD@WEME.NU, you can make requests about: - confirmation of the existence of Personal Data Treatment; - access to information regarding the Personal Data we have; - correction of incomplete, inaccurate, or outdated Data; - anonymization, blocking, or elimination of unnecessary or excessive Data; - portability of Data, within legal limits and after the ANPD's manifestation about the portability of Personal Data to third parties; - elimination of Personal Data; - information from public and private entities with which we share your Personal Data; - information about the possibility of not providing consent for the Treatment of your Data and about the consequences of this option; - revocation of consent, as per item 7.3. above.

9. DATA PROTECTION OFFICER (DPO)

9.2 WEME has appointed Mayara Pagnan Sartor to act as a communication channel between the Company, Personal Data Holders, and the ANPD, who can be reached at any time through the email address LGPD@WEME.NU.

10. RESPONSIBILITIES

10.2 WEME guarantees that it adopts the best and most current information security measures and good digital compliance practices to provide an adequate level of privacy and security for your Personal Data. However, we highlight that WEME, despite all its efforts, cannot absolutely and totally ensure the inviolability of the Treatment, therefore it is not responsible for any damages caused by third parties due to non-compliance with this Policy and/or contractual obligations assumed with WEME.

10.3 WEME also will not be responsible for the criminal actions of hackers, crackers, or the like, as well as actions or omissions that can be attributed exclusively to you or third parties, except for proven negligence by WEME in keeping its systems updated.

11. POLICY UPDATE

11.2. This Policy may be changed or replaced at any time, at the sole discretion of WEME, without prior notice, with WEME committing to always keep the entire content of this document up to date and available for access through our website (https://www.weme.com.br/privacy-policy).

11.3. We recommend that You periodically review this Policy, as the rules and information about the Treatment of your Personal Data will always be linked to its most recent version.

12. GENERAL PROVISIONS

12.2 If one or more provisions contained in this Policy are considered invalid, illegal, or unenforceable in any way, the validity, legality or enforceability of the other provisions contained in this Policy will not be affected and/or impaired by this fact in any way. In this case, WEME will provide the replacement of the invalid, illegal, or unenforceable provisions, by valid provisions.

13. LEGISLATION AND JURISDICTION

13.2. This Policy will be governed by the legislation of the Federative Republic of Brazil.

13.3 For the resolution of any issues or conflicts arising from this Term, the Court of the District of Campinas, State of São Paulo, is elected, with the waiver of any other, no matter how privileged it may be.