Privacy Policy

TRANSPORTES E AGENCIAMENTO DE CARGA INTERNACIONAL LTDA

CNPJ: 48.780.011/0001-68


I. INTRODUCTION


R.LOG TRANSPORTES E AGENCIAMENTO DE CARGA INTERNACIONAL LTDA, a private legal entity registered under CNPJ No. 48.780.011/0001-68, with its principal place of business at Rua Levindo Lopes, No. 323, Suite 301, Savassi District, Belo Horizonte, Minas Gerais, ZIP Code 30140-171, incorporated as a limited liability company, operating in road freight transportation, maritime and cargo agency, customs brokerage, and wholesale trade, values the trust that its clients, employees, suppliers, and partners place in it.


In this regard, respect for confidentiality, transparency, and the protection of personal data are priority matters in R.LOG's operations. The organisation values transparency in its communications and is committed to complying with the provisions of Law No. 13.709/18 – the Brazilian General Data Protection Law (LGPD).


II. ABOUT THIS PRIVACY POLICY


The purpose of this Privacy Policy ("Policy") is to describe, with transparency and clarity, the technical and organisational measures implemented by R.LOG to ensure the adequate protection of the personal data it processes in its operations. As defined by the Brazilian General Data Protection Law (LGPD – Law No. 13.709/2018), "personal data" means any information relating to an identified or identifiable natural person.


This Policy may be amended, supplemented, or updated periodically by R.LOG in order to adapt to any legislative, regulatory, judicial, or technological developments, as well as to reflect the launch of new services. However, the company guarantees that data subjects' personal data will always be processed in strict compliance with applicable principles and legislation.


III. HOW DO WE COLLECT PERSONAL DATA?


R.LOG collects personal data in a transparent and ethical manner, limiting collection to what is strictly necessary for carrying out its logistics, transportation, and internal management activities. Data may be collected in the following ways: Directly from the data subject:


Through the completion of forms, service proposals, email signatures, business cards, service via official channels, or interactions on our website.


Through third parties: Data lawfully provided by client companies, business partners, or suppliers to enable contracted transportation and agency services.


Public sources: Data obtained from sources where the data subject has manifestly made it public.


Below, we detail the categories of data we collect and their respective purposes


R.LOG TRANSPORTES E AGENCIAMENTO DE CARGA INTERNACIONAL LTDA

CNPJ: 48.780.011/0001-68


I. INTRODUCTION


R.LOG TRANSPORTES E AGENCIAMENTO DE CARGA INTERNACIONAL LTDA, a legal entity of private law, registered with the CNPJ under No. 48.780.011/0001-68, with establishment at Rua Levindo Lopes, number 323, office 301, Savassi Neighborhood, Belo Horizonte, Minas Gerais, ZIP Code 30140-171, established as a limited business company, active in road freight transport, maritime agency and cargo activities, customs brokerage and wholesale trade, values the trust that its clients, employees, suppliers, and partners place in it.


In this sense, respect for confidentiality, transparency, and the protection of personal data are priority themes in the actions of R.LOG. The organization values transparency in the communications it performs and care and respect for the provisions of Law No. 13.709/18 - General Personal Data Protection Law (LGPD).


II. ABOUT THIS PRIVACY POLICY


The purpose of this Privacy Policy ("Policy") is to describe, with transparency and clarity, the technical and organizational measures implemented by R.LOG to ensure the proper protection of personal data that it processes in its operations. As defined by the Brazilian General Personal Data Protection Law (LGPD - Law No. 13.709/2018), "personal data" is understood to mean all information related to an identified or identifiable natural person.


This Policy may be modified, complemented, or updated periodically by R.LOG, aiming to adapt to any legislative, regulatory, jurisprudential, or technological evolution, as well as to reflect the launch of new services. However, the company guarantees that the personal data of the holders will always be treated in strict compliance with the principles and legislation in force.


III. HOW DO WE COLLECT PERSONAL DATA?


R.LOG collects personal data in a transparent and ethical manner, limiting itself to the minimum necessary for the execution of its logistics, transport, and internal management activities. The data can be collected in the following ways:


Directly from the holder: Through the completion of forms, service proposals, email signatures, business cards, customer service through official channels, email, or interactions on our website.


Through third parties: Data provided lawfully by corporate clients, commercial partners, or suppliers for the feasibility of contracted shipping and freight forwarding services.


Public sources: Data obtained through sources where the holder has made them manifestly public.


Below, we detail the categories of data we collect and their respective purposes




IV. FOR WHAT PURPOSES DO WE USE PERSONAL DATA?

R.LOG collects and uses a wide variety of personal data and sensitive personal data of its clients, beneficiaries, dependents, employees, and business partners for operational, administrative, and transport and international freight forwarding service purposes. All data is processed in strict compliance with current legislation, guided primarily by the General Personal Data Protection Law (LGPD – Law No. 13,709/2018).

V. WITH WHOM DO WE SHARE PERSONAL DATA?

R.LOG shares personal data with third parties strictly in a necessary, secure, and proportional manner for the provision of its international transport and logistics services and internal management, operating as follows:

Public and Regulatory Authorities: Due to the requirements of current legislation (labor, tax, customs, transport, and regulatory standards), R.LOG reports to the competent authorities the personal data whose communication is imposed by law or regulation. In these cases, the public authorities act as independent Controllers.

Business Partners: We share information with insurance companies, shipowners, and logistics terminals to enable quotes, cargo transport logistics, and claims adjustment.

Technology Providers: For the facilitation and support of our daily operations, we use ERP/CRM, accounting management, and cloud storage system providers. These partners act as our Processors, processing data under the strict guidelines and information security rules stipulated by R.LOG, limiting themselves exactly to

Suppliers and Service Providers: The organization uses suppliers and third parties to enable and optimize its operations, such as system providers, cloud storage services, and logistics partners. Data sharing with these partners is based on the execution of contracts, and they act, as a rule, as our Processors, strictly following the technical, legal, and information security guidelines stipulated by R.LOG.

VI. INTERNATIONAL TRANSFER OF PERSONAL DATA

R.LOG, in conducting its activities of international freight forwarding and customs clearance, may perform the international transfer of personal data. As detailed in our ongoing Data Mapping process, the majority of activities involving international transfer occur due to cross-border logistics and the hiring of technology suppliers, such as corporate email providers and cloud data storage services, whose physical servers may be located outside the national territory.
Recognizing the sensitivity of this operation, R.LOG acts with rigor and transparency, ensuring that any and all transfers abroad occur in strict compliance with Chapter V of the General Personal Data Protection Law (LGPD) and the Regulation on International Data Transfer, approved by CD/ANPD Resolution No. 19/2024. To this end, the company requires appropriate contractual guarantees and the adoption of safeguards, such as the Standard Contractual Clauses established by the ANPD, ensuring that the level of protection of personal data is maintained in an equivalent manner to Brazilian legislation.

VII. HOW LONG DO WE STORE PERSONAL DATA?

R.LOG bases the storage of personal data on strict compliance with the Principle of Necessity and Limitation of Retention. This means that the data lifecycle in the operation is rigorously controlled, and information is kept securely only for the strictly necessary time to achieve the specific and legitimate purposes for which it was collected.

Retention periods at R.LOG are determined based on the purpose of the processing and the respective legal and regulatory requirements inherent to the cargo transport and labor relations sectors. It is important to highlight that the organization has the Personal Data Lifecycle duly specified in its Record of Processing

Operations (ROPA), maintained on the Privacy Point platform.
i. End of Processing and Secure Elimination: Once the purpose of the processing is fully met, the pre-established retention period expires, or upon revocation of consent by the data subject, the personal data is subjected to the company's Disposal Policy (secure elimination in physical media and definitive deletion or anonymization in digital media).

ii. Exceptions for Prolonged Retention: In strict compliance with article 16 of the LGPD, R.LOG reserves the right to retain personal data to comply with a legal or regulatory obligation, to guarantee the regular exercise of the company's rights, or to respond to internal audits and protect against fraud.

VIII. WHAT ARE THE RIGHTS OF THE PERSONAL DATA SUBJECT?

As a personal data subject, you have the right to:

  1. Right to Confirmation and Access: Confirm the existence of processing operations and have easy access to your personal data under the custody of the organization.

  2. Right to Rectification (Correction): Request the correction of data that is incomplete, inaccurate, or outdated in our systems.

  3. Right to Anonymization, Blocking, or Elimination: Request the anonymization, blocking, or elimination of data that is considered unnecessary, excessive, or that is being processed in non-compliance with the LGPD.

  4. Right to Portability: Request the transfer of your personal data to another service or product provider, upon express request and subject to commercial and industrial secrets.

  5. Right to Data Elimination: Request the elimination of personal data processed based on your consent, except in legal hypotheses where retention is permitted or required.

  6. Right to Information about Sharing: Be clearly informed about the public and private entities with which the company has carried out the shared use of your data.

  7. Right to Information on Refusal of Consent: Be informed about the possibility of not providing your consent and about the legal or operational consequences of such refusal.

  8. Right to Revocation of Consent: Revoke, at any time and through a free and facilitated procedure, the consent previously provided for the processing of your data.

  9. Right to Object: Object to data processing carried out based on other legal hypotheses that do not require consent (such as legitimate interest), in case of non-compliance with the provisions of the LGPD.

  10. Right to Review Automated Decisions: Request the review of decisions made solely on the basis of automated processing of personal data that affect your interests.



IV. FOR WHAT PURPOSES DO WE USE PERSONAL DATA?

R.LOG collects and uses a wide variety of personal data and sensitive personal data from its clients, beneficiaries, dependents, employees, and business partners for operational, administrative, and international freight forwarding and transport service provision purposes. All data is processed in strict compliance with current legislation, based primarily on the General Data Protection Law (LGPD – Law No. 13,709/2018).

V. WITH WHOM DO WE SHARE PERSONAL DATA?

R.LOG shares personal data with third parties in a strictly necessary, secure, and proportional manner for the provision of its international transport and logistics services and internal management, operating as follows:

Public and Regulatory Authorities: Due to the requirements of current legislation (labor, tax, customs, transport, and regulatory standards), R.LOG reports to the competent authorities the personal data whose communication is imposed by law or regulation. In these cases, the public authorities act as independent Controllers.

Business Partners: We share information with insurance companies, shipowners, and logistics terminals to enable quotes, cargo transport logistics, and claims adjustment.

Technology Providers: To enable and support our daily operations, we use ERP/CRM system suppliers, accounting management, and cloud storage. These partners act as our Operators, carrying out data processing under the strict information security guidelines and rules stipulated by R.LOG, limited exactly to the

Suppliers and Service Providers: The organization uses suppliers and subcontractors to enable and optimize its operations, such as system providers, cloud storage services, and logistics partners. Data sharing with these partners is based on the execution of contracts, and they generally act as our Operators, needing to strictly follow the technical, legal, and information security guidelines stipulated by R.LOG.

VI. INTERNATIONAL TRANSFER OF PERSONAL DATA

R.LOG, in conducting its international freight forwarding and customs clearance activities, may perform the international transfer of personal data. As detailed in our ongoing Data Mapping process, most of the activities involving international transfer occur due to cross-border logistics and the hiring of technology suppliers, such as corporate email providers and cloud data storage services, whose physical servers may be located outside national territory.
Recognizing the sensitivity of this operation, R.LOG acts with rigor and transparency, ensuring that any and all transfers abroad occur in strict compliance with Chapter V of the General Data Protection Law (LGPD) and the Regulation on International Data Transfer, approved by Resolution CD/ANPD No. 19/2024. To this end, the company demands appropriate contractual guarantees and the adoption of safeguards, such as the Standard Contractual Clauses established by the ANPD, ensuring that the level of protection of personal data is maintained in an equivalent manner to Brazilian legislation.

VII. HOW LONG DO WE STORE PERSONAL DATA?

R.LOG bases the storage of personal data on strict compliance with the Principle of Necessity and Limitation of Retention. This means that the data lifecycle in the operation is rigorously controlled, and information is kept securely only for the time strictly necessary to achieve the specific and legitimate purposes for which it was collected.

Retention periods at R.LOG are determined based on the purpose of the processing and the respective legal and regulatory requirements inherent to the cargo transport and labor relations sectors. It is important to highlight that the organization has the Personal Data Lifecycle duly specified in its Record of Processing

Operations (ROPA), maintained on the Privacy Point platform.
i. Termination of Processing and Safe Elimination: Once the purpose of the processing is fully met, the pre-established retention period expires, or upon revocation of consent by the holder, the personal data is subjected to the company's Disposal Policy (secure elimination in physical media and definitive deletion or anonymization in digital media).

ii. Exceptions for Prolonged Retention: In strict compliance with article 16 of the LGPD, R.LOG reserves the right to retain personal data for compliance with a legal or regulatory obligation, to ensure the regular exercise of the company's rights, or to meet internal audits and fraud protection.

VIII. WHAT ARE THE RIGHTS OF THE PERSONAL DATA OWNER?

As a personal data owner, you have the right to:

  1. Right to Confirmation and Access: Confirm the existence of processing operations and have facilitated access to your personal data under the custody of the organization.

  2. Right to Rectification (Correction): Request the correction of incomplete, inaccurate, or outdated data in our systems.

  3. Right to Anonymization, Blocking, or Elimination: Request the anonymization, blocking, or elimination of data considered unnecessary, excessive, or being processed in non-compliance with the LGPD.

  4. Right to Portability: Request the transfer of your personal data to another service or product provider, upon express request and subject to commercial and industrial secrets.

  5. Right to Elimination of Data: Request the elimination of personal data processed based on your consent, except in legal hypotheses where retention is permitted or mandatory.

  6. Right to Information about Sharing: Be clearly informed about the public and private entities with which the company has carried out the shared use of your data.

  7. Right to Information about the Refusal of Consent: Be informed about the possibility of not providing your consent and about the legal or operational consequences of such refusal.

  8. Right to Revocation of Consent: Revoke, at any time and through a free and facilitated procedure, the consent previously provided for the processing of your data.

  9. Right to Object: Object to data processing carried out based on other legal hypotheses that waive consent (such as legitimate interest), in case of non-compliance with the provisions of the LGPD.

  10. Right to Review Automated Decisions: Request the review of decisions made solely on the basis of automated processing of personal data that affect your interests.


IX. ROPA - RECORD OF DATA PROCESSING OPERATIONS

The ROPA (Record of Data Processing Operations) is the document that inventories the personal data processing activities carried out by the organization. At R.LOG, the ROPA was designed to meet the accountability requirements of the LGPD and provide a clear overview of how data is collected, used, stored, and shared.

X. INFORMATION SECURITY POLICY

R.LOG's Information Security Policy (PSI) serves as the fundamental cornerstone for the effectiveness of the institution's data protection practices. Structured based on the recommendations of the international standard ABNT NBR ISO/IEC 27002, our PSI defines rigorous technical and administrative standards to ensure that all information is handled in strict compliance with the triad of security: Confidentiality, Integrity, and Availability (CIA).

To ensure a resilient environment and proactively mitigate risks, R.LOG adopts a set of mandatory security measures, which include:
Rigorous Access and Password Management: Application of strong authentication policies, requiring periodic rotation of credentials and automatic account lockout after consecutive incorrect login attempts.

Continuous Monitoring: Use of preventive monitoring systems on corporate networks, systems, and workstations to detect anomalies and respond quickly to potential incidents.

Hardware and Device Control: Rigid restrictions on the use of unauthorized removable storage devices (such as flash drives) and the installation of non-approved software to prevent data leakage and the entry of malware.

Security Culture: Implementation of an ongoing awareness program and periodic training for the entire team, ensuring that guidelines on security, data protection, and attack prevention are fully understood and applied in day-to-day operations.

XI. USE OF COOKIES

Our website uses cookies to track visits and enable secure and personalized navigation. Non-necessary cookies are disabled by default and can be managed directly on our Cookies Banner.

XII. HOW TO CONTACT THE COMPANY REGARDING YOUR PERSONAL DATA?

In case of questions or to exercise your rights, please contact our Data Protection Officer (DPO):
Name of the Officer: PRIVACY POINT, CNPJ 44.649.485/0001-14
Contact email: dpo@privacypoint.com.br


IX. ROPA - RECORD OF DATA PROCESSING OPERATIONS

The ROPA (Record of Data Processing Operations) is the document that inventories the personal data processing activities carried out by the organization. At R.LOG, the ROPA was designed to meet the accountability requirements of the LGPD and provide a clear overview of how data is collected, used, stored, and shared.

X. INFORMATION SECURITY POLICY

R.LOG's Information Security Policy (PSI) serves as the fundamental cornerstone for the effectiveness of the institution's data protection practices. Structured based on the recommendations of the international standard ABNT NBR ISO/IEC 27002, our PSI defines rigorous technical and administrative standards to ensure that all information is handled in strict compliance with the triad of security: Confidentiality, Integrity, and Availability (CIA).

To ensure a resilient environment and proactively mitigate risks, R.LOG adopts a set of mandatory security measures, which include:
Rigorous Access and Password Management: Application of strong authentication policies, requiring periodic rotation of credentials and automatic account lockout after consecutive incorrect login attempts.

Continuous Monitoring: Use of preventive monitoring systems on corporate networks, systems, and workstations to detect anomalies and respond quickly to potential incidents.

Hardware and Device Control: Rigid restrictions on the use of unauthorized removable storage devices (such as flash drives) and the installation of non-approved software to prevent data leakage and the entry of malware.

Security Culture: Implementation of an ongoing awareness program and periodic training for the entire team, ensuring that guidelines on security, data protection, and attack prevention are fully understood and applied in day-to-day operations.

XI. USE OF COOKIES

Our website uses cookies to track visits and enable secure and personalized navigation. Non-necessary cookies are disabled by default and can be managed directly on our Cookies Banner.

XII. HOW TO CONTACT THE COMPANY REGARDING YOUR PERSONAL DATA?

In case of questions or to exercise your rights, please contact our Data Protection Officer (DPO):
Name of the Officer: PRIVACY POINT, CNPJ 44.649.485/0001-14
Contact email: dpo@privacypoint.com.br