Stablecoin BRL | Privacy Policy

Privacy Policy

This Privacy Policy ("Policy") applies to all services provided by BEETELLER REAL TOKEN LTDA., a limited company, registered in the CNPJ/MF under No. 38.163.054/0001-40, with main offices at Jose Bernardino Street, No. 97, Room No. 811, Vila Cabral, Zip Code 58.408- 027, Campina Grande / PB, Brazil, also called BRT, because of the use of the BRT’s System by the USER.

This Policy aims to inform, clearly and completely, on how the USER's Personal Data will be handled as a result of the use of the Services provided by BRT under the BRT’s System.

BRT discloses its Policy to protect the privacy of the USER, ensuring that the Treatment of Personal Data will serve only to enable the provision of the Services or for other purposes provided for in this Policy.

By using BRT's Services in accordance with the conditions set forth in the Contract, the USER declares that he/she agrees with this Policy and with the way BRT will handle his/her Personal Data. If the USER does not agree with the Treatment of his/her Personal Data as provided in this Policy, he/she shall refrain from registering in BRT's System and from using BRT's System.

If the USER does not want to disclose his/her Personal Data or demands its exclusion, the registration in BRT's system may be denied and/or the provision of the Services may be limited, since the use of Personal Data is necessary for these purposes.

For more information and rules for using the services provided by BRT, the USER must consult the Contract.

BRT may change the conditions of this Policy periodically, and the updated version may be consulted at any time by the USER, by accessing the link: https://www.beeteller.com/politicas-de-privacidade, or other means available by BRT.

The USER is aware that any changes in the conditions of this Policy, and the continued use of BRT's services, he/she automatically agrees with the Treatment of his/her Personal Data, as provided in this Policy. And if he/she does not agree with the Treatment of his/her Personal Data, he/she shall request the cancellation of the registration in BRT's system.

1. Definitions

1.1. Without prejudice to other definitions contained in this Policy and in the Agreement, the words and expressions below, whenever used by the first capital letter, shall have the following definitions:

"Treatment agents": the controller and the operator.

"Anonymization": the use of reasonable and available technical means at the time of processing whereby a data loses the possibility of association, directly or indirectly, with an individual.

"National Authority": the public administration body responsible for watching over, implementing and enforcing compliance with this Law throughout the national territory.

"Database": a structured collection of personal data, established in one or several locations, in electronic or physical media.

"Consent": free, informed and unambiguous manifestation by which the data subject agrees to the processing of his or her personal data for a specific purpose.

"Controller": a natural or legal person, whether governed by public or private law, who is responsible for decisions concerning the processing of personal data.

"Registration": personal data and other information requested by BRT, necessary for the registration and maintenance of the USER in the System.

"Contract": contract that regulates the rules, conditions and limits of the services to be provided by BRT to the USER due to the use of the BRT’s System, including the opening of a Payment Account, the movement of funds, the initiation of a payment transaction, or a payment service or international transfer that, by means of an exchange operation or by means of an international transfer in reais carried out as provided by the regulations in force, enables purchases, transfers or withdrawals

"Technical Use Data": information that BRT processes due to the use of a cellular device, computer or other device that the USER uses to access BRT's System. The Technical Use Data show how the USER uses the service provided by BRT, including the IP (Internet Protocol) address, statistics on how the pages are loaded or viewed, the sites that the USER visited and navigation information collected by means of cookies or similar technology.

"Anonymized Data": Personal data that, alone or together with Technical Use Data, Device Information and/or Geographic Location, do not allow the identification of the USER, considering the use of technical means available at the time of its Treatment.

“Sensitive Personal Data": personal data about racial or ethnic origin, religious conviction, political opinion, membership of a trade union or religious, philosophical or political organization, data concerning health or sex life, genetic or biometric data, when linked to a natural person.

"Officer": person appointed by the controller and operator to act as a communication channel between the controller, the data subjects and the National Data Protection Authority (ANPD)

"Applicable Legislation": all legislation in force, applicable on information security, privacy and data protection, including, but not limited to, Law No. 13,709/2018 - General Law on Personal Data Protection, Law No. 12,965/2014 - Marco Civil da Internet, Law No. 8.078/1990 - Consumer Defense Code, Complementary Law No. 166/2019 - Positive Registration Law, Law No. 12.527/2011 - Access to Information Law, Decree No. 7.962/2013 - Electronic Commerce Decree and other laws and rules applicable to the Payment System.

"Device Information": data that may be automatically collected from any device used to access the BRT’s System. This information may include, but is not limited to, the device type, device network connections, device name, device IP address, information about the device browser and internet connection used to access the BRT’s System, Geographic Location Information, and information about applications downloaded to the device.

"Personal Data": personal information associated with the USER as an identified or identifiable natural person. It may include the name of an individual, the company name or corporate name of a legal entity to which it is related, self-portrait, address, telephone number, e-mail, name and number of the banking institution, branch number, checking or savings account number ("Bank Account"), date of birth, full name of the mother, number or copy of official documents (for example, RG, CNH, CPF, among others). The Technical Use Data and the Device Information will be considered Personal Data when used to individualize the USER or whenever it is possible to identify him/her

"Geographic Location": information that identifies the location of the USER by means of, for example, latitude and longitude coordinates obtained by GPS, Wi-Fi, or cellular location triangulation. BRT’s System may request permission to share the USER's current location. If the USER does not agree to this collection of the Geographic Location information, the BRT’s System may not function properly.

"Operator": a natural or legal person, whether governed by public or private law, who performs the processing of personal data on behalf of the controller.

"Research Organ": organ or entity of direct or indirect public administration, or private nonprofit legal entity legally constituted under Brazilian laws, with headquarters and jurisdiction in the country, which includes in its institutional mission or social or statutory objective basic or applied research of historical, scientific, technological, or statistical nature.

"Service Providers": service providers, whose system is integrated with BRT's System to enable the execution of certain Services.

"Services": services provided by BRT to the USER, according to the conditions provided in the Agreement.

"BRT's System": technology made available by BRT, and which is integrated with the system of the Service Providers, to enable the provision of the Services to the USER, namely:

operation of the activity of payment arrangement institutor, creating rules and procedures that discipline the provision of payment service;
operation of a payment institution: providing a service of depositing or withdrawing funds held in a payment account; executing or facilitating a payment instruction related to a payment service, including a transfer to or from a payment account; managing a payment account; issuing a payment instrument; remitting funds; and converting physical or scriptural money into electronic money, or vice versa accrediting the acceptance or managing the use of electronic money.
services in the area of electronic means of payment;
payment transaction initiator, enabling payment transaction initiation, without managing a payment account and without at any time holding the funds transferred in the provision of the service;
international payment or transfer service which, by means of an exchange transaction or international transfer in reais, carried out in the manner prescribed by the regulations in effect, makes possible the acquisition of goods and services, in the country or abroad, which occurs in person, or through a digital payment solution offered by the eFX provider and integrated with an e-commerce platform; the current unilateral transfer, subject to the requirements and limits provided for in the regulations in force; the transfer of funds between an account in the country and an account abroad of the same ownership, subject to the requirements and limits provided for in the regulations in force; and the withdrawal in the country or abroad;
Computer and similar services: Data processing, and Licensing or assignment of the right to use computer programs;
operation services for the brokerage and custody of crypto-assets;
collection and registration information services;
intermediation and agency services for banking services.

"International Data Transfer": transfer of personal data to a foreign country or international body of which the country is a member.

"Transaction": a transaction in which the USER makes or receives payments by means of the payment instruments, initiates payment transactions available in the Payment System, or performs payment services or international transfers (eFX).

“Processing": any operation carried out with the USER's Personal Information, due to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, elimination, evaluation or control of the information, modification, communication, transfer, dissemination or extraction.

"Shared Use of Data": communication, dissemination, international transfer, interconnection of personal data or shared processing of personal data banks by public agencies and entities in the performance of their legal powers, or between these and private entities, reciprocally, with specific authorization, for one or more processing modalities permitted by these public entities, or between private entities.

"USER": a legal entity or natural person (including representatives, agents or authorized representatives to execute Transactions) who provides their Personal Information for Treatment by BRT, due to the services provided through its Systems.

2. Collection of Personal Data

2.1. BRT performs the Treatment of Personal Data necessary for the use, by the USER, of the set of Services provided by BRT, in order to, in accordance with the Contract, enable the

Opening a payment account ("Payment Account") and performing Transactions;
Receiving funds due to payment by card through the payment arrangements instituted by the flags accepted in the BRT's system;
Receipt of funds due to transactions through Available Electronic Transfer (TED), Credit Document (DOC) or payment slips;
Making instant payments within the PIX, in accordance with the rules instituted by Central Bank of Brazil ("Instant Payments");
Issuance of a prepaid card ("Card");
initiation of a payment transaction, without managing a payment account, and without holding at any time the funds transferred in the provision of the service;

eFX service, by means of an exchange operation or by payments or international transfer in Reais carried out as provided by the regulation in force in a systematic way offered in the exchange market, enabling the acquisition of goods and services, in the Country or abroad, which occurs in a face-to-face way; or by means of a digital payment solution;

intermediation and agency services for banking services;
services of brokerage and custody of crypto-corporate assets;
collection and registration information services.

2.2. To be accredited to the BRT’s System, the USER must make available the Personal Data requested in the Registration, so that the USER can be duly identified.

2.3. The USER's Personal Data may be used by BRT to form a registry and database and to improve its services while preserving the individuality and identification of the USER.

2.4. In order to prevent fraud and ensure the authenticity of the information provided, other Personal Data not contained in the Registration may be requested, as well as the sending of documents that allow the confirmation of the data provided by the USER. In this case, BRT will contact the USER directly. This additional information and documents may be stored by BRT while the USER maintains his/her registration active.

2.5. BRT will request the completion of the USERS' financial data, necessary to carry out the transfer of funds and/or opening of the Payment Account, limited to: (i) the credit and/or debit card number used by the USER, validity and security code; (ii) bank account identification data owned by the USER, containing name and number of the banking institution branch number, checking or savings account number; (iii) transaction information; and (iv) other information associated with the transaction, such as its value, Device Information, Technical Use Data and Geographic Location.

2.5.1. The data on the USER's card will be collected only when using the BRT's system, through its own equipment or systems for capturing card transactions. The processing of the card data will be carried out only to enable the completion of the payment transaction with the acquirers, issuers and card brands. This data will not be stored by BRT.

2.5.2. BRT's financial data are captured in the Platform, in an encrypted way, using the best international information security standards. This collection will be made through a partner of BRT, a provider of payment services, so that BRT will not have access to such information, disclaiming any and all liability with respect to such information.

2.5.3 The data relative to eFX transactions will be used by BRT to comply with the obligations arising from the Users' transactions, carried out by means of foreign currency purchase or sale transactions or international transfer in Brazilian Reais, with the use of proper codes created for the classification of the nature of the transaction.

2.5.4. The data related to the initiation of payment transactions will be used by BRT to meet the regulatory and legal requirements based on contractual relationship with the User, regarding the Cyber Security Policy; the Prevention of Money Laundering and Terrorism Financing Policy; and Open Finance.

2.5.5. Data related to the services of brokerage and custody of cryptoactive assets will be used by BRT to comply with RFB Normative Instruction 1888/2019.

2.6. BRT may collect and store other USER's Personal Data to comply with the requirements of the law or from the competent authorities, as well as to receive and process communications, calls and exercise the USER's rights.

2.7. Such Data and personal data treatment shall have observed, within the legal precepts, good faith and the strict principles of purpose, adequacy, necessity, free access, data quality, transparency, security, prevention, non-discrimination, and accountability.

2.8. BRT may request other documents and information that may be necessary for its completion. Such additional information and documents will be disposed of immediately after the completion of the transfer of funds by the USER.

2.8.1. BRT may store the USER's Personal Data and other information when there is a legitimate interest of BRT and to comply with legal requirements or those of the competent authorities.

2.8.2. If the Payment Account is closed, BRT may use and share the Personal Data in accordance with this Policy.

2.9. Personal Data are obtained upon clear request to the USER and with the express authorization of the USER (if applicable), when the registration is created by the USER, and are processed for the purpose of compliance with the Services offered in accordance with BRT's Contract. Additional information of the USER shall only be processed based on the legitimate interest of BRT.

2.10. BRT's website and internet services may use Device Information, Technical Usage Data and Geographic Location of the USER.

2.10.1. Moreover, BRT's websites and internet services may use cookies (files recorded in your computer to obtain navigation information within the website) in order to confirm identity and improve navigation. If the USER does not agree with their use, he/she may disable the use of this function using the options of his/her browser.

3. Sharing and Use of Personal Data

3.1. The USER's Personal Data may be used by BRT for the formation of a registry and database by means of the Treatment of Personal Information, preserving the USER's confidentiality, individuality and identification.

3.2. In order to improve its Services, BRT may perform Treatment of Device Information and Technical Usage Data.

3.3. For the provision of BRT's Services, the USER's Personal Information shall be shared by BRT with other USERS, through a secure network, restrictively to what is necessary and of legitimate interest to the purpose of the services provided by BRT, to identify the USER and the data of the transaction carried out through the Platform.

3.4. The USER's Personal Data may also be shared by BRT with (i) third parties hired to provide computing, data transfer and cloud hosting services, provided that these third parties maintain the same standard of privacy and security applied by BRT and are contractually obliged not to access the content, process or share the information, except upon express orders from BRT; (ii) to companies of BRT; (iii) to third-party service providers of BRT; and (iv) to financial institutions; (v) to inspection agencies of the National Financial System. These third parties may only use the Personal Information to enable the performance of the Services provided by BRT.

3.4.1. The contracted third parties are responsible for the observance and application of the best information security practices.

3.5. BRT may also be required, by law or by determination of the competent authorities, to share the USER's Personal Data.

3.6. The data from the transfer of funds and the Personal Data may be used by BRT to prepare surveys and statistics aimed at analyzing the efficiency of the Platform, the number of USERS, the total amount of debts paid, among others, provided that such Personal Data are anonymized or in the form of total amounts for the creation of statistics, so as not to identify the USER. The conclusions and results of these surveys may be shared or disclosed by BRT at its discretion, since they do not contain Personal Data.

3.7. BRT will process the USER's Personal Data in order to operate BRT's System and provide the services, in the following cases:

To send or request payments, to report the amount to a Payment Account or to make a transfer between Payment Accounts, as well as to initiate payment transactions or to perform international payment or transfer service;
Authenticate the USER's access to his/her Payment Account;
Communicate with the USER about the Registration, use of the BRT System or Services;
Create the Payment Account connection to another account or third party platform;
Perform credit and financial reputation checks;
Keep the Personal Information updated and the Payment Account active;
Monitor and analyze the USER's behavior with respect to the use of the BRT’s System, the Services and the Payment Account;
Perform USER identity verification to manage risk and protect the BRT System, the Services and the USER from fraud. The risk and fraud prevention tools will use Personal Information, Device Information, Technical Usage Data, and Geographic Location;
Conduct and promote marketing campaigns and improvement of the Services or the experience of using the BRT's System;
Offer personalized services provided by third parties, including through the use of cookies;
Promote offers of location-specific products or services, if the USER chooses to share his/her Geographic Location information, through the provision of advertisements, search results, and other personalized content;
Comply with the obligations set forth in the Contract, applicable laws and rules; and
Suggest connections between the USER and third parties, which the USER may know or with third parties that may be interested in performing Transactions through the BRT’s System.

3.8. Except for the provisions in the clauses above, BRT does not disclose or share the USER's Personal Information with third parties.

4. Instant Payment by PIX

4.1. To carry out Transactions through PIX, the USER may request the registration of a Pix Key linked to his/her Payment Account or Bank Account, being necessary that the USER has the possession of the chosen Pix Key - with the exception of the random key - and that he/she gives his/her consent for such registration.

4.1.1. By registering a Pix Key, the USER declares to be aware that third parties with whom the USER will carry out Transactions through PIX, will have visibility, at each Transaction, of his/her name, Pix Key identification data, and the name of BRT and of the Service Providers involved.

4.1.2. For the purposes of this Policy

“Pix Key": information indicated by the USER to identify its Payment Account or Bank Account in the scope of the PIX arrangement, by means of: (i) CPF or CNPJ number (as applicable); (ii) cell phone number; (iii) email address; or (iv) random key (sequence of letters and numbers randomly generated by Bacen), of free choice of the USER. The use of the Pix Key makes it possible to obtain the information about paying and receiving users stored in the Directory of Transactional Account Identifiers ("DICT") managed by the Bacen, in order to facilitate the process of initiation of Instant Payment Transactions and to mitigate the risk of fraud under the PIX.

"PIX": payment arrangement that disciplines the provision of services related to Instant Payment Transactions, whose rules and conditions are instituted by Bacen.

4.2. The USER declares to be aware that, under the terms of the PIX regulation and other norms instituted by the Central Bank of Brazil ("Bacen"), the BRT will be responsible for carrying out the Instant Payment Transactions, by transmitting the Personal Data and the Transaction to the Service Provider responsible for the settlement under the PIX.

4.2.1. For the execution of Instant Payment Transactions, the USER expressly consents to the collection, processing, and transmission of his/her Personal Data to the Service Provider, who, as a direct participant, will be responsible for the settlement of the Transactions before PIX.

4.3. The USER also authorizes BRT to carry out the collection, Processing and transmission, to the Service Provider with access to the DICT, to carry out the Registration, deletion and reinstatement of the Pix Keys.

4.3.1. The registration of the Pix Key by the USER implies the prior consent of the USER to the registration of Pix Keys in the DICT. Such consent will be confirmed and the registration of the Pix Key will be made in the DICT, if the USER does not delete his Pix Key in the Payment System of BRT.

5. Card Issuance

5.1. The USER may, under the terms of the Agreement, request a Card that will be issued by BRT.

5.2. By requesting the issuance of a Card, the USER expressly authorizes BRT to use his/her Personal Data as Issuer, and also declares to be aware and agrees that BRT will have access to all the financial data resulting from the Transactions performed with the Card.

5.3. The Issuer will carry out the Processing of the USER's Personal Data and may:

Adopt procedures to assure due diligence in the identification, qualification and classification of the USER;
Carry out the verification of the USER's status as a politically exposed person;
Collect information about the income and/or billing of the USER; and
Monitor the Transactions made by the USER in order to identify suspicions of money laundering and/or terrorism financing.

5.3.1. BRT may request additional information and documents, in addition to those informed in the Registration, to enable the issuance of the Card.

6. Initiating a Payment Transaction

6.1. BRT, when providing services through its Systems, for the initiation of payment transactions, prior to sharing data, shall identify the USER and obtain his/her consent.

6.1.1. Consent will be given as follows:

be requested through clear, objective and appropriate language;
refer to certain purposes;
have a validity period compatible with the purposes of the operation;
limit the consent period to twelve months;
discriminate the data transmitting institution or account holder, as the case may be;
discriminate the data or services that will be shared;
noted the ability to group shared data; and
include the customer's identification.

6.2. BRT, acting as the payment transaction initiating institution, shall request the consent of the USER to each new payment transaction, except in the case of successive payment transactions limited up to 12 months.

6.3. BRT shall communicate to the client the effectiveness of the sharing request, detailing the purposes, data and services subject to sharing, and performed through electronic service channels.

6.4. BRT shall not be responsible:

store the set of data related to end-user credentials sufficient to authenticate the payment transaction to the account-holding institution;
require from the end user any data other than that necessary to provide the payment transaction initiation service;
use, store or access the data for any purpose other than to provide the payment transaction initiation service expressly requested by the end user;
change the amount or any other element of the payment transaction authorized by the end user; and
initiate a payment transaction involving a payment account held by an institution that is not a member of the Brazilian Payment System.

7 eFX

7.1. The provision of eFX services comprises international payment or transfer service relating to:

acquisition of goods and services, in Brazil or abroad, in person or through a digital payment solution offered by the eFX provider and integrated to the e-commerce platform;
current unilateral transfer of up to US$10,000.00 (ten thousand US dollars) or its equivalent in other currencies;
transfer of up to US$10.000.00 (ten thousand U.S. dollars), or its equivalent in other currencies, between an account in Brazil and an account abroad of the same ownership, provided that (i) the account in Brazil must be a deposit or prepaid payment account held with financial institutions and other institutions authorized to operate by BCB or payment institutions that integrate the Brazilian Payment System (SPB) exclusively by virtue of their adhesion to Pix; and (ii) the deposit or payment account abroad must be kept in an institution subject to effective prudential and conduct supervision, or member of a financial group subject to effective consolidated supervision; and
withdrawal in the country or abroad.

7.2. To this end, BRT shall ensure that its USER:

is informed in a clear and timely manner, and must be capable of proving awareness of and prior agreement with (i) its eFX responsibilities regarding the service provided; (ii) the nature and conditions of the service provided; and (iii) the specific conditions related to the USER's rights in accordance with the payment instrument used for the delivery of the actuals to the eFX provider; and
has access to a statement or invoice of the operations containing, at least, the breakdown of the operation, including its date, the parties involved, the amount in local currency, any fees charged for the operation, in addition to subtotals related to withdrawals, payments, and transfers made.

8. Advertising

8.1. The contacts of the USER informed when filling out the registration form will be used as a means of communication by BRT, only to send information about the BRT’s system, request documents and Personal Data, as well as to communicate about the services provided.

8.2. The USER will be able to opt to receive newsletters, promotional and marketing materials when filling out the registration form or request the cancellation of the sending of informative emails through the options available in the USER's Registration. The processing of personal information necessary for this will be done with the consent of the USER.

8.3. BRT does not use third-party services to send e-mails on its behalf. If the USER receives e-mail that he/she believes has not been sent by BRT, he/she shall refrain from taking any action and immediately contact BRT to confirm its veracity.

8.4. In view of the need to share Personal Data with other USERS in relation to the payments made through the Platform, the USER is aware that he/she may receive telephone calls, e-mails and correspondence directly from such USERS, but that these cannot be attributed to BRT.

8.5. The USER is aware and agrees that, in order to verify the execution of any Transaction in BRT's Systems, he/she shall always access the Platform and check the information provided by BRT; the mere receipt of any communication by other means of communication (including e-mail, WhatsApp, telephone and SMS) shall not serve as proof.

9. Storage

9.1. The Personal Data collected by BRT are stored in secure servers, in encrypted form, using information security measures constantly updated. The Data shall be kept confidential and all possible measures shall be adopted against loss, theft, misuse, alteration and unauthorized access.

9.2. The Personal Data related to the registration and execution of transactions in BRT's systems will be stored as long as the USER maintains an active registration and uses BRT's services, for as long as necessary to achieve the purposes related to the Services, including for the fulfillment of any legal, regulatory, contractual, accountability or request by competent authorities.

9.3. Personal Data will be stored for a minimum period of 05 (five) years from the end of the Contract, or other period that may be determined in the Applicable Law. During this period the data may be shared in accordance with this Policy.

9.4. BRT employs advanced security standards in order to ensure the protection of Personal Data and to provide a safe environment for Transactions, by adopting information security practices, such as authentication of Users, strict access control, prevention and detection of intrusion and unauthorized accesses, prevention of information leakage, periodic testing and scanning to detect vulnerabilities, protection against malicious software, traceability mechanisms, access controls and computer network segmentation, maintenance of backup copies of Personal Data, among others.

9.5. Although BRT is dedicated to protecting the Platform, the USER is responsible for protecting and maintaining the privacy of his/her registration and Personal Data. BRT is not responsible for Personal Data that the USER shares with third parties. The USER is responsible for protecting and maintaining the confidentiality of his/her Personal Data.

9.6. To the extent of the applicable legislation, BRT is not responsible for illegal violations of its Platform, which may compromise its database and the USERS' Personal Information and is not responsible for the improper use of the Personal Information obtained in the Platform, fraudulently or illegally.

9.7. In case of suspicion or confirmation of violation of the Platform or loss of the USER's Personal Information, BRT will make its best efforts and will take immediate measures to eliminate or reduce the risks of damage to the USER, as well as inform the potentially affected USERS and the competent authorities of such fact, the risks involved and the necessary measures to avoid such damage.

9.8. If the Contract is terminated by the USER, BRT may use and share the USER's Personal Data in accordance with this Policy.

10. Indication of new USERS

10.1. BRT enables the USER to invite his/her contacts to use the BRT‘s System.

10.2. The invitation to new USERS may be made by means of different communication channels made available on the Platform, among which, but without limitation, WhatsApp, email, SMS and social network services, such as Facebook and Instagram ("Communication Channels").

10.3. The use of the Communication Channels will be subject to the Agreements and conditions of services provided by third parties, as content providers.

10.4. If the invitations are sent by email, BRT shall request approval to access the electronic addresses in the USER's address book. The information will be used for the sole purpose of sending the invitations, as well as for the sending of newsletters, promotional and marketing materials by BRT.

10.5. The sending of invitations by the USERS may be encouraged by means of promotions and marketing actions, as per the regulation disclosed by BRT.

10.6. Due to the indication of new USERS, BRT does not collect or retain the contact information that will be used to send messages.

11. Changes in Privacy Policy

11.1. This Policy shall be revised periodically by BRT to adapt it to the provision of Services to the USER, by means of the exclusion, modification or insertion of new clauses and conditions and shall be informed to the USER, by means of the publication of the updated version of this Policy in BRT's website.

11.2. If the USER does not agree with the changes, he/she may request the cancellation of his/her registration with BRT.

11.3. The completion of the Registration and/or the continuity of the use of the Platform and Services of BRT by the USER shall be interpreted as agreement and acceptance of the current version of the Policy, including the latest changes made, which shall be fully applicable.

12. USER Rights

12.1. It is allowed to the USER, at any time, within the limits of the applicable data protection legislation, to exercise the rights of: (i) confirmation of the existence of treatment of Personal Information of that USER; (ii) access to such Personal Information; (iii) correction of incomplete, inaccurate or outdated Personal Information; (iv) anonymization, blocking or elimination of unnecessary, excessive Personal Information or treated in disagreement with the provisions of the applicable legislation; (v) portability of Personal Information to another service provider upon express request and subject to commercial and industrial secrets of BRT, in accordance with the regulations of the competent authority; (vi) elimination of Personal Information handled based on the consent of the USER, save for the exceptions set forth in the applicable legislation; (vii) the information of public and private entities with which BRT has shared Personal Information of the USER; (viii) the information about the possibility of not giving consent and the consequences of not giving consent, in cases where their Personal Data are collected and processed with their consent, as well as the right to the elimination, when requested, of the Personal Data collected with their consent, in the form of the applicable legislation, and the right to revoke their consent for the collection and processing of data in these same cases; and (ix) the revocation of consent, in the Contracts of the applicable legislation.

12.1.2. Furthermore, the USER has the right to easy access to information about the treatment of his/her data, which must be made available in a clear, appropriate and ostentatious manner with regard to: the specific purpose of the treatment; the form and duration of the treatment, observing commercial and industrial secrets; identification of the controller; contact information for the controller; information about the shared use of data by the controller and the purpose; the responsibilities of the agents who will carry out the treatment; and; the rights of the USER.

12.1.3. In case of cancellation of your Personal Information, the USER will not be able to use the BRT’s System.

12.2. The rights may be exercised by sending a written request by the USER, accompanied by proof of identity, to the address indicated in the preamble of the Policy, addressed to the Data Protection Officer of BRT.

12.3. BRT may contact the USER to confirm his/her identity before fulfilling the request, which will only be approved if the USER's identity is confirmed.

12.4. Confirmation of the existence of Personal Data Processing shall be provided, in a simplified format, within 15 (fifteen) days. For all other requests, BRT may present its response within 30 (thirty) days, which may be extended depending on the nature and complexity of the request.

13. Clarification of doubts

13.1. Any questions regarding this Privacy Policy or requests concerning USERS' rights may be sent to the BRT's Data Protection Officer, by e-mail: suporte@beeteller.com, at https://www.beetellertoken.com/, or at BRT's correspondence address.

Version updated on August 1, 2022.

BEETELLER REAL TOKEN LTDA.