Privacy Policy
This document aims to provide transparency regarding the data processing carried out by NUTRIRE INDUSTRIA DE ALIMENTOS LTDA, located at Rodovia Rota do Sol, RSC No. 453, Km 88.6, city of Garibaldi/RS, ZIP Code: 95.720-000, registered under CNPJ No. 04.693.895/0001-48.
We dedicate this Privacy Notice to explain, in a simple and summarized manner, how and when the personal data of individuals who are not part of this organization are used.
Your personal data may be processed by our organization in various situations or for various purposes, as described below. In all cases, the rules established by applicable legislation are followed.
It is important to note that our personal data processing practices may be changed, always aiming to improve the experience of our customers or suppliers, as well as data security. For this reason, it is important to review this notice regularly to be aware of any changes to this document.
1. PERSONAL DATA PROCESSING
First, we clarify that this Privacy Notice understands "personal data" as all information capable of identifying a natural person, either directly or indirectly, following four pillars regarding personal data processing: respect, balance, responsibility, and transparency.
Personal data will be collected mainly from the company's customers and employees, by phone, e-mail, instant messaging applications, or in person.
That said, it is important to mention that depending on the purpose of the respective processing, different data will be required for the organization to access, collect, or process in general, and the data that may be processed by NUTRIRE in the course of its activities will be detailed in the next item.
2. PURPOSE OF PERSONAL DATA USE
The processing of your personal data is essentially necessary to ensure customer service and the supply of our products.
Only the data necessary for the purposes for which it was collected will be processed. That is, no excess data will be collected, maintaining only the processing of data essential to achieving the respective purpose. Therefore, we highlight that the following data is used to achieve the respective purposes:
SUPPLIER REGISTRATION Legal Representative ➜ Data: Name, CPF No., RG No., address, e-mail, phone number, bank account number.
EMPLOYEE DOSSIER - NUTRIRE Employees ➜ Data: Full name, RG No., CPF No., position, address, filiation, date of birth, admission date, voter registration number (zone and section), CTPS No. (series, issue date), driver's license No. (category), military document No., gender, education level, banking details, vacation accrual period, marital status, phone number, place of birth, e-mail, signature. ➜ Documentation: Résumé, work permit, proof of address, identification document. ➜ Sensitive Data/Documents: Salary, race/color, health-related information, medical certificates, ICD No.
CUSTOMER SERVICE Customers ➜ Data: Full name, CPF No., workplace, phone number, e-mail, address.
CONTACT US (QUESTIONS, COMPLAINTS, COMPLIMENTS, ETC.) General public ➜ Data: Name, e-mail, phone number.
If there is any doubt about why any of your personal data was requested or processed by NUTRIRE, or what the legal basis for such processing is, please contact our DPO through the channels indicated at the end of this document, requesting the clarifications you deem appropriate.
The company will be ready to provide you with all the information necessary to exercise your rights guaranteed by the General Data Protection Law.
3. PRINCIPLES FOR PERSONAL DATA PROCESSING
It is important to clarify that all your data eventually processed by this institution is only processed to achieve a purpose grounded in the General Data Protection Law (Law No. 13.709/2018).
The legal bases that support NUTRIRE's personal data processing are:
➜ Upon prior obtaining of consent from the personal data subject, when applicable; ➜ To comply with legal or regulatory obligations that require personal data processing; ➜ When essential for the negotiation or execution of contracts established between NUTRIRE's customers, suppliers, and partners; ➜ For the regular exercise of rights, including in judicial, administrative, or arbitration proceedings.
4. COOKIES, WEB BEACONS, AND OTHER TECHNOLOGIES
When you first visit our website, you will be asked for your consent to the processing of your browsing data, or cookies, by the company. If consent is given for the use of your cookies, they will be used to assist in diagnosing and resolving any technical issues on the website or browsing, as well as to develop new improvements that enhance the quality of your experience on our platforms.
Monitoring technologies are also used for statistical purposes, without individualizing the user.
Under no circumstances will malicious cookies be used, nor will your cookie information be provided to or shared with third parties under any pretext. Without your consent, your cookies will not be used; however, you should be aware that browsing our website or application will not take full advantage of all its features.
5. SHARING OF PERSONAL DATA
Your data may be disclosed, transferred, or shared with business partners that provide database storage and administrative support services. Information will also be shared when necessary for the preservation of rights and/or compliance with legal obligations, if requested by public authorities, or if necessary to comply with a court order, always ensuring full transparency and acting in accordance with the expectations of data subjects who interact with us, emphasizing that NUTRIRE does not sell personal data of any person, under any circumstances.
All NUTRIRE service providers or partners who have access to your data do so solely and exclusively for the purpose of fulfilling the respective service agreement and within the strict limits of the service itself.
5.1. International sharing of personal data
In order for NUTRIRE to provide its services, cloud service providers may be included in the operations, such as those in the United States, and as established by national legislation, the international transfer of personal data may be carried out to business partners or international organizations located in countries that offer a level of personal data protection compatible with that provided by law, or that guarantee this same level of protection through contractual agreements.
Therefore, we ensure that when transferring personal data to countries with different security standards, we adopt appropriate measures to ensure compliance with Brazilian legislation regarding security when performing international personal data sharing.
6. STORAGE AND DATA RETENTION PERIOD
Your digitally collected data is stored primarily on cloud-type servers. It is important to emphasize that even data stored on a cloud server, the control and responsibility over the data remain with NUTRIRE as the controller, together with the company that operates the respective processing.
The data retention and storage period varies according to the purpose for which the data was collected or is stored, but in general, data is used only for the period in which it is necessary for the provision of services, being stored only for rights protection purposes after this period, without use. It can be assumed that the retention period for each piece of data is related to the statute of limitations for possible legal actions and administrative proceedings related to each piece of data.
7. DATA SECURITY
Various security measures are adopted so that your data is stored securely, complying with all legal measures imposed by the General Data Protection Law. NUTRIRE has Information Security Control procedures, policies, and systems designed and implemented to ensure the confidentiality, integrity, and availability of personal data, with measures adopted to record and track access to personal data, allowing the monitoring of interactions and the prompt identification and correction of any adverse events.
The security measures aim, among other things, to prevent unauthorized access, destruction, loss, alteration, or any form of inappropriate or unlawful processing of your data that is with us.
However, we emphasize that unfortunately no digital platform is absolutely secure. The pursuit of greater security is ongoing in our organization, but no security technology available on the market is infallible — this is a fact.
Therefore, NUTRIRE is not responsible for security incidents that are generated or caused by third parties, without its fault. If you are concerned about the security of your data, please contact us through our Data Officer so that we can assist you and clarify whatever is necessary.
8. DATA SUBJECT RIGHTS
Any request for rights under the General Data Protection Law by the data subject must be made by completing the appropriate form, which must be requested from the DPO in person at the company's headquarters, or by e-mail through the contact indicated below.
To exercise rights, confirmation of your identity or of guardians, tutors, curators, and other legal representatives will be required. Therefore, our DPO may request some additional data and documents to supplement the request.
Data subjects may request the display, correction of inaccurate, incomplete, or outdated data, or anonymization, blocking, or deletion of their data, as well as the elimination of data, except in cases where the maintenance of collected data is necessary for the preservation of rights and/or compliance with legal or contractual obligations.
In cases where data subjects request the revocation of consent for future collection and processing of their personal data, it is important for them to be aware that this may partially or totally prevent the provision of a service, the execution of a request, or the protection of their own rights.
If the request for data deletion is approved, NUTRIRE will eliminate all your data from all our databases, except for those essential for compliance with a legal or regulatory obligation, for the protection of the organization's rights in any judicial or administrative proceedings, or for audit purposes.
10. DPO (DATA PROTECTION OFFICER)
NUTRIRE has a Data Protection Officer, responsible for guiding our operations in accordance with the legislation, as well as receiving and responding to complaints and communications from personal data subjects and authorities, providing clarification when necessary.
The Data Protection Officer is Contego Security, responsible person Ruan Diego Batista, and can be contacted via e-mail: dpo@contego.com.br.
11. UPDATES TO THE PRIVACY NOTICE
Our privacy notice is constantly being improved and enhanced, so we reserve the right to modify it at any time without prior notice. To be aware of modifications, we recommend that you visit our page periodically.
12. CONTACT
If you have any questions about this Privacy Notice, about how we handle your personal data, would like to exercise any of your rights under the LGPD, or in the event of a violation, non-compliance, or any irregularity related to personal data operations carried out by us or our partners/suppliers, please contact our Data Officer/DPO, Contego Security, responsible person Ruan Diego Batista, via e-mail at dpo@contego.com.br.
Last updated: February 13, 2026.
Cookies Policy
This Cookies Policy presents how personal data will be collected and used through Cookies on our website www.nutrire.ind.br. In accordance with the principles of free access and transparency established in the General Data Protection Law (LGPD), we will provide detailed information about the specific purposes that justify data collection, the retention period of this information, and whether there is sharing with third parties. This policy is essential to ensure that data subjects fully understand how their data is used and what their rights are regarding the collection, storage, and use of such data.
WHAT ARE COOKIES
Cookies are small files that are placed on a user's device to collect specific information, including personal data, with the aim of serving various purposes. This information plays a crucial role in the functioning of the NUTRIRE website, enabling the provision of digital services. For example, Cookies can recognize a user before an online transaction or recall previous choices, such as preferred language, favorite product type, passwords and logins used on websites, as well as items added to the shopping cart.
COOKIES AND THEIR CATEGORIES
The ways to classify Cookies are diverse and may vary depending on the approach adopted. In this policy, we will present some of the most common categories, organized according to the most frequent types of Cookies. It is important to note that the same cookie may fit into more than one category.
Therefore, the following Cookie categories will be addressed considering:
- Who is responsible for their management;
- Their essentiality;
- Their purpose;
- The information retention period.
COOKIES ACCORDING TO MANAGEMENT RESPONSIBILITY
- First-Party or Own Cookies: These are Cookies placed on your device by the website itself. They generally do not track activity on other websites. They may include information such as login, cart items, or preferred language, making the user experience more personalized and efficient.
- Third-Party Cookies: These are Cookies created by a website different from the one the user is visiting. These Cookies are carried from other pages embedded in the one the user is browsing, such as advertisements.
COOKIES ACCORDING TO ESSENTIALITY
- Necessary Cookies: These are essential for the proper functioning of the website, allowing the user to perform the main activities. They collect information that will ensure the provision of the requested service, such as login credentials and language preferences.
- Non-Necessary Cookies: These are Cookies that perform non-essential functions, such as behavior tracking and ad display. That is, disabling them does not affect the functioning of the website.
COOKIES ACCORDING TO PURPOSE
- Analytical or Performance Cookies: These are Cookies that collect data about website usage, enabling page analysis, such as which pages are visited most frequently on the site.
- Functionality Cookies: They provide basic services and remember user preferences, such as name, region, or language.
- Advertising Cookies: They collect information to display personalized ads based on the user's interests.
COOKIES ACCORDING TO RETENTION PERIOD
- Session or Temporary Cookies: These are Cookies that store information during the user's session and are discarded when the browser is closed. They are used for temporary purposes, such as a list of products in a shopping cart.
- Persistent Cookies: These Cookies retain the collected data for an indefinite period.
COOKIES COLLECTED
On our website, we collect persistent, session, first-party (own), and third-party Cookies. However, the user may choose not to make all data available for processing; in this case, Cookies that improve performance and all features available on the page will not be used during the user's browsing, and the user will be aware of the possible drawbacks resulting from this choice.
If the user clicks "accept," the user consents to the use of Cookies that will assist in diagnosing and resolving any technical issues on the website or browsing, as well as enabling the development of improvements that will enhance the quality and performance of the experience on our website.
On the banner that will appear on the screen upon the first access to the website, options to accept or refuse the use of Cookies will be available, including the possibility of managing which Cookies will be collected through the "preferences" button, in addition to the essential ones.
If a user who previously consented to Cookie collection wishes to stop this collection, they may delete or manage these Cookies through the settings of each browser used.
HOW TO DISABLE NON-ESSENTIAL COOKIES
The main browsers used provide Cookie disabling guides, which can be accessed through the links below:
- When using Internet Explorer.
- When using Firefox.
- When using Safari.
- When using Google Chrome.
- When using Microsoft Edge.
- When using Opera.
FINAL PROVISIONS
This Cookies Policy was drawn up with the aim of providing transparency about the use of Cookies on our website www.nutrire.ind.br. By using our website, you agree to the use of Cookies in accordance with the terms and conditions established in this policy.
Any changes to this policy will be updated and the user will be notified of the changes made.
If you have any questions about this policy, the user may contact our Personal Data Officer, NUTRIRE, via e-mail at marcelo.silva@nutrire.com.br or through our service channels.
Política de Segurança da Informação
1. OBJECTIVE
This document is an integral part of the Privacy Program and represents an essential strategic measure for NUTRIRE's operations. The continuous evolution of this system requires governance-endorsed initiatives aligned with strategic guidelines and applicable legislation. These initiatives cover the assessment of the Information Security environment's maturity, risk management, business continuity, user scope, and organizational growth, as specified in control 5.1, "Information security policies," of section 5, "Organizational controls," of ABNT NBR ISO/IEC 27002:2022.
The Information Security Policy (ISP) establishes corporate principles for Information Security within NUTRIRE, with the objective of protecting the confidentiality, integrity, and availability of information. All business areas are responsible for adjusting their processes in accordance with the requirements of this policy and the General Data Protection Law (LGPD).
To implement this policy, NUTRIRE adopts the following Information Security principles to protect all information security assets under its ownership or custody:
a) Confidentiality: Ensures that information is not accessible or disclosed to unauthorized or uncredentialed individuals, systems, bodies, or entities.
b) Integrity: Ensures that information contained in technological resources is not improperly altered or destroyed in an unauthorized manner, whether intentionally or accidentally.
c) Availability: Ensures that information is accessible and in conditions to be used by authorized users or custodians.
2. SCOPE
This Policy covers all of NUTRIRE's information assets, including personnel, physical infrastructure, data, systems, applications, devices, and networks. It applies to all employees, staff, contractors, partners, and third parties who access or process the organization's information, and to all physical facilities managed or used.
3. VALIDITY
This procedure will take effect immediately upon its approval. A review must be carried out within a period of up to 12 (twelve) months from its formal approval, in accordance with its version control, or whenever the Information Security and Privacy Committee (CSIP) or the Information Technology Coordinator deems it necessary.
4. TERMS AND DEFINITIONS
a) Senior Management: The highest level of leadership within the organization, responsible for establishing the strategic direction and objectives of Information Security and Privacy;
b) Asset: Anything that has value and needs to be adequately protected;
c) Backup: Safeguarding of information carried out through reproduction and/or copying of a file base for the purpose of recovery in the event of an incident or restoration need;
d) Collaborator: Employee, intern, service provider, outsourced employee, supplier, minor apprentice, or any other individual or organization that has a professional relationship, directly or indirectly, with the organization;
e) Personal Data Processing Officer: The person designated by the organization to act as a point of contact between NUTRIRE, data subjects, and the National Data Protection Authority (ANPD);
f) Information: A set of data that, whether processed or not, can be used for the production, transmission, and sharing of knowledge, contained in any medium, support, or format;
g) Risk: A combination of the probability of a threat materializing and its potential impacts;
h) Information Security: The preservation of the confidentiality, integrity, and availability of information. It aims to protect information from various types of threats to ensure business continuity, minimize business damage, maximize return on investments, and create new transaction opportunities;
i) Information and Communication Technology Resources: Encompass all technological means used to process, store, transmit, and access information, such as computers, networks, information systems, mobile devices, among others;
j) Violation: Any activity that disregards the rules established in normative documents;
k) General Personal Data Protection Law: According to its art. 1, the LGPD "This Law governs the processing of personal data, including in digital media, by a natural person or by a public or private legal entity, with the aim of protecting the fundamental rights of freedom and privacy and the free development of the personality of the natural person."
5. GENERAL PROVISIONS
The objectives of the Information Security Policy are:
a) To define principles and guidelines for the protection of information assets and knowledge generated or received;
b) To establish general information security guidelines, contributing to efficient risk management and limiting risks to acceptable levels, while preserving the principles of availability, integrity, reliability, and authenticity of information;
c) To determine competencies and responsibilities related to information security;
d) To guide the creation of standards for the effective implementation of information security;
e) To align information security actions with NUTRIRE's organizational planning strategies.
6. PRINCIPLES AND GUIDELINES
6.1 It is essential that all users are aware of and committed to the safe and appropriate use of NUTRIRE's information assets. Therefore, they must ensure compliance with this Policy, Management Procedures, Work Instructions, and applicable laws, when relevant.
6.2 All information produced, accessed, handled, stored, or discarded for the development of activities contracted by NUTRIRE, as well as other tangible and intangible assets provided, is the property of or under the exclusive responsibility and use of the organization. These resources must be used strictly for corporate purposes, with the aim of serving NUTRIRE's interests, and may not be disclosed or shared without authorization.
6.3 The use of personal technological resources to handle information belonging to or in the custody of NUTRIRE without authorization is prohibited. All data, regardless of its nature, must circulate exclusively in secure environments under NUTRIRE's control. Applications, especially those linked to social media and used on personal devices, must not contain confidential information, thus avoiding exposure to vulnerabilities that could result in incidents.
6.4 The use of social media to perform professional responsibilities on behalf of NUTRIRE must be restricted and previously authorized, being permitted only when essential and aligned with the organization's objectives, in accordance with the guidelines set out in this Policy. All activities in this context must be carried out exclusively through NUTRIRE's Information and Communication Technology (ICT) resources.
6.5 It is expressly prohibited to use, access, store, or disclose discriminatory, pornographic, malicious, obscene, offensive, or illegal material, or material that contradicts the principles established by NUTRIRE and applicable legislation.
6.6 NUTRIRE reserves the right to monitor or audit, without prior notice, the use of technological resources under its ownership or custody, as well as information stored on local disks, on the corporate network, and in corporate cloud storage services.
6.7 Any use of NUTRIRE's internal documents, software, industrial designs, trademarks, visual identity, or other present or future distinctive signs, in any medium, including the Internet and social media, must be previously and expressly authorized by NUTRIRE and aligned with its interests.
7. INFORMATION SECURITY MANAGEMENT
7.1 NUTRIRE's Privacy Program is constituted, at a minimum, by the following processes:
a) Privacy and personal data protection; b) Information processing; c) Physical and logical security of environments; d) Incident management in information security and personal data privacy; e) Asset management; f) Management of the use of information and communication technology (ICT) resources; g) Information backup; h) Access controls; i) Vulnerability management; j) Supplier assessment; k) Change management; l) Continuous improvement.
7.2 Information security controls must address, at a minimum, the following aspects:
a) Compliance with the guidelines set out in the LGPD and with the regulations and guidelines issued by the National Data Protection Authority (ANPD);
b) Classification of information according to its level of confidentiality and criticality, among other factors, to define appropriate security controls;
c) Protection of data against unauthorized access and accidental or unlawful situations of destruction, loss, alteration, communication, or any form of inappropriate or unlawful processing;
d) Acceptable use of information and use of storage media;
e) Entry and exit of information assets from NUTRIRE's facilities;
f) Security perimeters of all NUTRIRE units;
g) Access controls based on the principle of least privilege;
h) Identification, containment, eradication, recovery, and post-incident activity steps;
i) Criteria for communicating incidents to personal data subjects and the ANPD;
j) Security Incident Management Plan, considering different scenarios;
k) NUTRIRE's Asset Management Policy, covering asset protection, classification according to criticality, maintenance of an updated inventory including type, location, responsible party or custodian, and security status; acceptable use of assets, personal use being prohibited; mapping of vulnerabilities and threats, monitoring according to Information Security and privacy principles; and investigation in the event of suspected security and/or privacy breach;
l) Appropriate use of operational and communication resources provided by NUTRIRE, exclusively for professional purposes and in compliance with the organization's ethical and professional principles, avoiding unethical, discriminatory, or offensive behaviors or those that could compromise its reputation;
m) Rules for e-mail use, sending confidential information, software installation, and antivirus;
n) Rules for internet access, file download, restricted use to appropriate websites, and prohibition of unauthorized software installation;
o) Use of social media, disclosure of information, use of personal accounts for professional purposes, and interactions with strangers;
p) Rules for the use of cloud computing, selection of providers, data security, and compliance with applicable laws and regulations;
q) Access control rules, including the use of Multi-Factor Authentication (MFA), least-privilege-based authorization controls, segregation of duties, auditing, tracking, access verification, and the termination or removal of employees and partners who operate NUTRIRE's information assets;
r) Management of information security vulnerabilities, covering the analysis of environments, assets, and threats, adoption of a methodology to identify and document vulnerabilities and threats, including description, origin, potential impact, and probability, assessment to determine priorities and treatment, which may include mitigation with security controls or acceptance;
s) Change Management of information assets, based on risk assessment reports, with definition of roles and responsibilities for assessment, approval, implementation of changes, and creation of a formal process for requesting and documenting changes;
t) Careful adoption, continuous monitoring, and control of emerging technologies, such as Artificial Intelligence, ensuring their application occurs ethically, securely, and in compliance with security attributes and privacy principles.
7.2.1 NUTRIRE will conduct periodic internal information security assessments to ensure compliance with this Policy and other applicable requirements whenever necessary.
8. RESPONSIBILITIES
8.1 Senior Management
a) Provide the resources necessary to ensure the development and implementation of Information Security Management at NUTRIRE, ensuring that information security actions and decisions are treated with due relevance and priority;
b) Formalize and approve NUTRIRE's Information Security Policy, including its revisions and updates.
8.2 Information Security and Privacy Committee (CSIP)
a) Advise on the implementation of information security actions; b) Form working groups to address specific topics and propose targeted solutions in information security; c) Contribute to the development of the Information Security Policy and internal information security standards; d) Propose revisions to the Information Security Policy and internal security standards; e) Deliberate on internal information security standards; f) Evaluate actions proposed by the information technology manager.
8.3 Information Technology Coordinator
a) Coordinate the development of the Information Security Policy and other documented information security controls, observing applicable legislation and best practices on the subject; b) Advise Senior Management on the implementation of the Information Security Policy; c) Encourage training and professionalization actions for human resources on topics related to information security; d) Promote the dissemination of the policy and other documented information security controls to all users and service providers of NUTRIRE; e) Foster studies on new technologies and assess their possible impacts on information security; f) Propose the resources necessary for the execution of information security actions; g) Monitor the activities of the Security and Privacy Incident Response Team; h) Evaluate the results of audit work on information security management; i) Monitor the application of corrective and administrative actions in cases of information security violations.
8.4 Personal Data Processing Officer
a) Monitor compliance with the standards established in this policy regarding the protection and privacy of personal data; b) Direct responsible sectors to improve procedures related to the protection and security of personal data processing, establishing more protective guidelines when dealing with sensitive personal data; c) Stay updated on the technologies used by NUTRIRE in the protection and privacy of personal data, as well as suggest new technologies to the CSIP whenever deemed pertinent; d) Inform the CSIP whenever any current or potential security failure is identified in relation to the privacy, availability, and/or integrity of personal data; e) Maintain LGPD compliance plans updated in accordance with documented information security controls.
8.5 Collaborators
a) Actively protect NUTRIRE's confidential information, maintaining the confidentiality, integrity, and availability of data they have access to; b) Strictly follow this Policy, other documented information security controls, and the Privacy Program established by NUTRIRE; c) Immediately report any Information Security incidents, suspected violations, or inappropriate behaviors; d) Participate in Information Security and Privacy training and awareness activities to stay updated on best practices and emerging threats; e) Use only authorized information technology resources and not alter any security measures in their daily activities.
9. PROHIBITIONS
9.1 It is prohibited to use NUTRIRE's information and communication technology resources to access, store, or disclose material that is incompatible with the work environment, infringes copyright, or violates applicable legislation.
9.2 The use or installation of information technology resources that have not been approved or acquired by NUTRIRE is not permitted.
9.3 The disclosure to third parties of identification, authentication, and authorization mechanisms, such as accounts, passwords, or digital certificates, that are for personal and non-transferable use and provided to users, is prohibited.
9.4 It is prohibited to exploit identified vulnerabilities, which must be immediately communicated to departmental managers.
9.5 Reports of violations of this policy may be made to the Information Technology Coordinator through the following channel: marcelo.silva@nutrire.com.br.
9.6 Compliance with this Policy and its complementary regulations must be periodically assessed by NUTRIRE through compliance checks, aiming to ensure compliance with information security requirements and the responsibility and confidentiality clauses present in terms of responsibility, contracts, agreements, and related instruments.
9.7 Non-compliance with this policy or its related normative instruments subjects the offender to administrative sanctions in accordance with applicable legislation, without prejudice to civil and criminal liability, ensuring the right to due process and full defense.
9.8 This policy will be reviewed periodically, at least every four years, or more frequently as necessary, to reflect changes in NUTRIRE's environment, information security risks, and industry best practices.
10. VERSION CONTROL
This policy will be reviewed according to the criteria of item 3 "Validity," taking into account the date of its approval, in order to maintain its ongoing relevance and effectiveness.
DocumentVersionValidityResponsibleChange ControlISP1.012 monthsFranciele Monique CiprianiNone.
11. FINAL PROVISIONS
11.1 This document must be read and interpreted under Brazilian law, in the Portuguese language, together with the Standards, Policies, and Management Procedures applicable by NUTRIRE.
11.2 Omitted cases will be assessed by the Information Security and Privacy Committee (CSIP) for subsequent deliberation.
11.3 Any questions regarding this policy should be directed to the e-mail address franciele.cipriani@nutrire.com.br.
11.4 This policy takes effect on the date of its publication.
12. ANNEXES
No annexes.
13. COMPLEMENTARY DOCUMENTS
Personal Data Management Policy
This document establishes guidelines and procedures for the collection, use, storage, and protection of personal data within NUTRIRE, aiming to ensure compliance with applicable legislation, as well as to promote transparency and security of the information processed.
14. RECORDS
Statement on Senior Management's Commitment to Information Security
NUTRIRE's Senior Management must reinforce its institutional commitment to the security of information processed in its activities, through the publication of an official statement.
Publication of the Information Security Policy
NUTRIRE's Information Security Policy will be formally published, establishing the guidelines, responsibilities, and controls necessary to ensure the confidentiality, integrity, and availability of institutional information.