Blockbit Privacy Policy

1. Purpose
This document outlines the Privacy Policy for data processed by Blockbit Tecnologia Ltda, in accordance with Brazilian Federal Law No. 13,709/2018 (General Data Protection Law – LGPD).

2. About Data Collection by Blockbit
This agreement aims to clarify how Blockbit uses the personal data it collects and stores. In order to offer its solutions and content, Blockbit collects various data and information to enhance user and partner experiences. We take this responsibility seriously and are committed to ensuring privacy.

Acceptance of our Policy is obtained through legal means and with consent. To use our solutions—even free ones—acceptance of this Policy is required when using or installing any Blockbit technology—hardware, software, firmware, updates, or any provided solution. Acceptance indicates full awareness and agreement with how personal information is handled. If you disagree, please do not proceed or use our solutions.

By using or installing any Blockbit technology—hardware, software, firmware, updates—you voluntarily accept the terms of this Policy.

Additionally, anyone who contacts us, visits any of our websites, portals, or other digital resources, applies for a job, or voluntarily submits information through one of our online forms will also be agreeing to the terms of this Policy.

Blockbit prioritizes security and transparency. That’s why this Privacy Policy provides relevant information on how we process personal data and for what purposes. In this Policy, you will learn more about:

• Who uses our websites, portals, hardware, software, firmware, and updates;

• What data we collect and how we use it;

• Data subject rights; and

• How to contact Blockbit.

3. Who Uses Our Websites, Portals, Hardware, Software, Firmware, and Updates

3.1 Websites
Our websites are publicly accessible, but we recommend they be used only by individuals over the age of 16. When used by minors, data will only be collected with consent from at least one parent or guardian.

3.2 Portals
Our portals are accessible only to Blockbit employees, authorized partners, and/or customers under legally signed agreements. Login credentials are personal and non-transferable to ensure permission control and action tracking within these systems. All users are over 18.

3.3 Software / Hardware / Firmware and Updates
Blockbit solutions are used by end-users who have acquired them and may grant access to Blockbit employees or authorized channel representatives for support, setup, configuration, analysis, or other needs, provided formal and legal consent is given by the purchasing organization or representative.

4. What Data We Collect and What We Do With It
Blockbit uses appropriate technologies and procedures to protect all personal data. Our security policies and procedures align with accepted standards and are regularly updated to meet business needs, technological changes, and regulatory requirements.

Data collected by Blockbit products is used solely for analytical purposes and only by authorized personnel under strict confidentiality agreements.

When personal data is collected directly by cloud providers or third-party services we subscribe to, Blockbit is not responsible for the security, storage, or privacy of such data.

4.1 Blockbit as Data Controller
Blockbit may request information including, but not limited to: name, company address, phone number, mobile number, or email. Requests may be made via direct contact by phone or email. When processing data for our own business benefit, Blockbit is the Data Controller.

As a Data Controller, Blockbit may use data to:

• Provide products, services, and business offers;

• Promote events, training, and certifications;

• Launch and optimize websites and manage web communities;

• Conduct marketing, advertising, and communications;

• Manage HR and recruitment;

• Support sales and customer service;

• Build relationships with customers, partners, suppliers, leads, etc.;

• Conduct market research;

• Comply with legal and industry regulations; and/or

• Ensure business continuity.

We may also collect automatic information for evaluation and optimization, such as IP address, device type, OS details, unique device IDs, browser type, language, time zone, geolocation, or other technical data.

Some data is collected via cookies on our websites. Blockbit software does not use cookies. For more information, see our [Cookie Statement].

Only authorized Blockbit personnel may access personal data stored in our systems. Personal data is never publicly disclosed. All collected data is confidential and used in accordance with this Policy. Blockbit makes every effort to ensure system security.

4.2 Blockbit as Data Processor
When legally permitted or consented to by the data subject, Blockbit may process data on behalf of clients or partners. In this case, Blockbit is the Data Processor.

As a Data Processor, Blockbit may use data to:

• Provide products and services, support, setup, maintenance, updates, and evaluation;

• Support sales and/or customer service;

• Comply with legal and regulatory requirements; and/or

• Assess credit decisions.

4.3 Use of Personal Data
Blockbit commits not to transfer or disclose your personal data except in the following situations:

• To internal Blockbit teams for legitimate business purposes;

• To suppliers, service providers, and auditors when necessary for quality services;

• To Blockbit shareholders;

• To authorized Blockbit channels to process orders, manage subscriptions, support, etc.;

• To government authorities upon formal request and in compliance with law;

• To courts to protect legal rights or in litigation;

• In other legally necessary cases, always with the data subject’s consent.

We may use third-party services to:

• Provide products on Blockbit’s behalf;

• Perform services related to Blockbit solutions;

• Help analyze how Blockbit solutions are used.

These third parties may access personal information only to perform their duties and are legally bound not to disclose or use it for other purposes.

4.4 Data Retention and Deletion
Blockbit retains your data as long as necessary to meet the purposes described in this Policy or comply with regulatory obligations, provided there’s a legitimate business need and legal permission.

When the retention period expires, personal data is deleted or anonymized, unless storage is required by law or regulation.

4.5 Sensitive Data
Blockbit does not collect sensitive personal data—such as racial or ethnic origin, religious beliefs, political opinions, union membership, health or sexual orientation, genetic or biometric data—via our websites, portals, or systems.

4.6 Legal Grounds for Processing

4.6.1 Consent
Consent is a clear and explicit statement of will. Users may voluntarily agree to data use for specific Blockbit purposes, such as opting in through form checkboxes. Requirements:

• Freely given: Consent must be voluntary.

• Informed: Users must understand what they are consenting to.

• Unambiguous: Users must take a clear, positive action.

• Specific: Consent must be tied to a defined purpose.

Blockbit does not use your data for any purpose other than what you explicitly consented to.

4.6.2 Legitimate Interest
For certain data processing activities, Blockbit relies on legitimate interest. To understand when this applies, contact our Data Protection Officer using the information in section 7.

4.6.3 Contracts
Data may be processed for the purpose of fulfilling or initiating a contract between the user and Blockbit.

4.6.4 Other Legal Grounds
Other legal justifications include:

• Legal Obligation

• Public Policy Execution

• Research by accredited institutions (with anonymization)

• Judicial Proceedings

• Protection of Life

• Healthcare Provision

• Credit Protection

5. Data Subject Rights
Under the LGPD, data subjects have the following rights:

• Confirm if data is being processed

• Access personal data

• Correct incomplete, inaccurate, or outdated data

• Request anonymization when identification is unnecessary

• Limit data processing

• Request deletion of unnecessary or improperly processed data

• Data portability (pending regulation)

• Right to erasure (except in legal exceptions)

• Information about data sharing

• Deny consent and understand the consequences

• Revoke consent at any time, without retroactive effect unless deletion is also requested

6. Changes to the Privacy Policy
This Privacy Policy may be updated at any time. Any changes will be published on Blockbit’s website.

If data is to be used for purposes not previously stated, new consent will be requested and this Policy will be updated immediately.

7. How to Contact Blockbit
You may contact our Data Protection Officer (DPO) at any time to ask questions or exercise your data rights.
DPO Contact: Marcos Eurico da Silva
Email: dpo@blockbit.com