RBR Asset Management (specifically for purposes of compliance with the Brazilian General Data Protection Law – LGPD)

In the event of holding Personal Data, particularly for purposes of compliance with its Policy for the Prevention of Money Laundering, Terrorism Financing, and the Financing of the Proliferation of Weapons of Mass Destruction, RBR Asset Management shall be responsible for maintaining technical and administrative security measures to protect Personal Data from unauthorized access, as well as from accidental or unlawful situations of destruction, loss, alteration, disclosure, or improper or unlawful processing. Furthermore, it should be noted that Personal Data under its control shall only be accessed by duly authorized professionals, in accordance with the principles of proportionality, necessity, and relevance for the specific purpose, and always subject to the commitment of confidentiality and the preservation of privacy, as set forth in this policy.

Accordingly, Personal Data under the control of RBR Asset Management may be shared, for example: (i) with competent judicial, administrative, or governmental authorities whenever there is a legal requirement, request, demand, or court order; (ii) automatically, in the event of corporate transactions such as mergers, acquisitions, or incorporations involving the manager; or (iii) for the investigation of possible violations and analysis within the scope of its Policy for the Prevention of Money Laundering, Terrorism Financing, and the Financing of the Proliferation of Weapons of Mass Destruction.

RBR Asset Management, through its Data Protection Officer (“DPO”), will honor any requests from Data Subjects whose Personal Data is under RBR Asset Management’s control, including: (i) confirmation of the existence of data processing, as well as access to or rectification of their Personal Data; (ii) limitation on the use of their Personal Data; (iii) withdrawal of consent regarding the use of their Personal Data; and/or (iv) deletion of their Personal Data.

RBR Asset Management will store Personal Data only for as long as necessary to fulfill the purposes for which access was granted or performed, noting that applicable regulations allow for data processing over an additional period for: (i) compliance with a legal or regulatory obligation; (ii) studies conducted by a research body; and (iii) transfer to a third party (in accordance with the data processing requirements set forth in the regulation). Once such storage period has ended, Personal Data will be deleted using secure disposal methods or anonymized for statistical purposes.

In accordance with the LGPD, Section II, Chapter VI, the companies belonging to the RBR Asset Management Economic Group have appointed Mr. Ricardo Mahlmann de Almeida, registered with CPF No. 360.613.278-62, as Data Protection Officer (DPO), pursuant to Article 5, item VIII of the LGPD. The DPO shall act as the communication channel between the RBR Asset Management Economic Group companies, the Data Subjects (as defined under the LGPD), and the Brazilian National Data Protection Authority (ANPD).

If you have any questions regarding this section of the policy or about the Personal Data under the control of RBR Asset Management, please contact the DPO at the following email address: [email protected].