PERSONAL DATA SECURITY POLICY

TRIUNFO DO BRASIL INDÚSTRIA E COMÉRCIO LTDA.

        TRIUNFO DO BRASIL INDÚSTRIA E COMÉRCIO LTDA., a privately held company headquartered at Rod. PR 151 – Km 424, s/n, Coxilhão do Meio, São João do Triunfo/PR, ZIP Code: 84.150-000, registered under CNPJ No. 04.504.045/0001-54 (“TRIUNFO”), greatly values all users of its website and fully understands the importance of keeping your data secure!

        To that end, TRIUNFO has implemented a range of SECURITY MEASURES—aligned with current legislation and best practices—to mitigate risks associated with the processing of personal data. If you would like to learn more about how TRIUNFO collects and processes data, please refer to our Privacy Policy.

        Additionally, TRIUNFO is committed to maintaining information security across all internal systems and processes by preventing, detecting, and minimizing vulnerabilities to incidents involving personal data. This approach is based on the three core pillars of information security: (i) confidentiality; (ii) integrity; and (iii) availability. Access to personal data is granted solely to authorized personnel and only when necessary. All data is managed throughout its lifecycle—from creation to deactivation.

        Please note: The security measures adopted by TRIUNFO apply to personal data only from the moment it is received and while it is under TRIUNFO’s custody. The functioning and security of the users’ own devices and the partner networks through which data is transmitted are not the responsibility of TRIUNFO.

        In the unlikely event of a DATA INCIDENT involving personal data that is under TRIUNFO’s custody, our team will act swiftly and effectively, determining the necessary measures through an action plan. An Incident Report will be prepared—detailing the actions taken and a risk assessment—which may be requested at any time within five (5) years from the date of the incident by contacting: [dpo@grupogadens.com.br].

        IMPORTANT: An incident may include any confirmed or suspected adverse event involving a breach of personal data security, such as unauthorized, accidental, or unlawful access resulting in destruction, loss, alteration, or leakage of data, and which may pose a risk to the rights and freedoms of the data subject.

        Users are also encouraged to adopt the following basic measures to help prevent and reduce personal data attacks:

• Create strong passwords and avoid using personal information (e.g., name, CPF, date of birth);
• Do not reuse the same password across multiple platforms;
• Change passwords whenever a leak is suspected;
• Never share your passwords with others;
• When possible, use a password manager and enable two-factor authentication;
• Avoid accessing TRIUNFO’s website on third-party and/or public or untrusted devices;
• Be cautious when opening emails from unknown sources and avoid clicking on suspicious links;
• If you suspect your personal data has been compromised, contact the service provider and report the incident to the appropriate law enforcement authority.

           QUESTIONS OR CONCERNS: If you have any questions regarding this Policy or wish to learn more about TRIUNFO’s personal data processing practices, please contact us at: [dpo@grupogadens.com.br].