PRIVACY STATEMENT

This Privacy Statement ("Statement") explains how Sietch processes personal data when Sietch acts as a controller on its own behalf. It applies to personal data we process through our websites, communications, events, commercial activities, vendor and procurement processes, and other business interactions.

This Statement does not cover personal data that our customers process using Sietch products or services where Sietch acts only on the customer's behalf. In those situations, the relevant customer controls why and how that personal data is processed, and Sietch acts as a processor/operator under applicable law and in accordance with the customer's instructions. If you want to understand how one of our customers processes personal data in connection with a Sietch deployment, please consult that customer's privacy notice or contact the customer directly.

1. Who we are and how to contact us

For purposes of this Statement, "Sietch," "we," "our," and "us" mean [Full Legal Name of Sietch Entity], with registered office at [Full Address], and, where applicable, any Sietch affiliate identified to you as the relevant controller for a specific interaction.

Privacy contact:
Email: privacy@sietch.tech
Data Protection Officer / Encarregado: Victor Zanfelice, MD.
Postal address: Av. José de Sousa Campos, 900 - Nova Campinas, Campinas - SP, 13092-123 - Brazil

If you would like to understand more about how we use your information, or if you would like to exercise your privacy rights, please contact us using the details above.

2. Why you should read this Statement

As a commercial company that develops and provides software, data, and AI-enabled solutions, Sietch may collect, use, store, and disclose personal data in the ordinary course of operating our business. This Statement describes what personal data we collect, how we use it, when we share it, how long we keep it, and what rights you may have under applicable privacy and data protection laws.

3. What this Statement covers

This Statement applies to Sietch's own controller-side processing activities, including when you:

• visit a Sietch website or interact with our digital content;
• request a demo, meeting, proposal, or information about our products or services;
• communicate with us by email, phone, forms, messaging tools, or social media;
• attend a Sietch event, webinar, or meeting;
• visit a Sietch office or another managed space;
• participate in vendor onboarding, diligence, contracting, procurement, or commercial discussions with us; or
• otherwise engage with Sietch in a professional or business context.

This Statement does not apply to:

• personal data processed by our customers using Sietch products or services where Sietch acts as processor/operator;
• privacy practices of third-party websites, services, platforms, or customers that are not under Sietch's control; or
• employment and recruiting activities, which may be covered by a separate applicant or employee privacy notice.

4. Personal data we collect

We collect personal data from three main sources:

A. Personal data you provide directly to us

This includes information you submit through forms, emails, event registrations, meeting requests, commercial discussions, procurement processes, support interactions, or other communications.

B. Personal data we collect automatically

When you interact with our websites, communications, or online content, we may automatically collect technical and usage information using logs, cookies, pixels, software development kits, or similar technologies.

C. Personal data we obtain from other sources

We may receive personal data from your employer, business partners, channel partners, resellers, event co-hosts, public procurement portals, official gazettes, corporate registries, publicly available websites, professional networking services, analytics providers, or other third parties that lawfully provide the information to us.

Depending on how you interact with us, the categories of personal data we may collect include:

Contact Data
Name, business email, telephone number, address, country, company, social media handles, and similar contact details.

Professional and Organizational Data
Job title, employer, department, professional background, areas of responsibility, areas of expertise, and information about your organization's relationship with Sietch.

Commercial and Procurement Data
Information related to proposals, tenders, procurement processes, diligence, contracting, licenses, requested services, products of interest, commercial history, and records relating to a purchase, attempted purchase, or evaluation of our products or services.

Billing and Transaction Data
Billing address, invoicing details, tax information, payment status, and other transaction-related information where relevant to a contract or payment. If a third-party payment processor is used, that provider may collect payment information directly from you.

Technical Data
IP address, browser type, operating system, device identifiers, cookie IDs, pages visited, referring URLs, authentication logs, timestamps, and information about how you interact with our websites, emails, or digital content.

Communication Data
Messages, correspondence, call notes, meeting notes, support records, feedback, survey responses, and any information you choose to provide when communicating with us.

Event, Office Visit, and Security Data
Registration details, attendance records, photographs, video or audio recordings, visitor logs, badge details, and security monitoring information collected when you attend a Sietch event or visit a Sietch-managed space.

Government Identifier or Verification Data
Government-issued identification information or similar records where reasonably necessary for identity verification, office access, due diligence, security, compliance, or responding to rights requests.

Preference and Inference Data
Your communication preferences, content preferences, likely areas of interest, and internal assessments derived from your interactions with us, provided that such use is permitted by applicable law.

5. How we use personal data

We may use personal data for the following purposes:

To communicate with you
We use Contact Data, Professional Data, and Communication Data to respond to your requests, schedule meetings, send updates, provide customer or commercial support, and otherwise communicate with you.

To provide our products and services
We use relevant personal data to deliver, configure, support, secure, and administer our products and services; to handle demos, pilots, onboarding, implementation, support, and account management; and to perform our contractual obligations.

To manage commercial, procurement, and vendor processes
We use personal data to evaluate opportunities, participate in procurement or tender processes, conduct due diligence, negotiate contracts, manage vendor and partner relationships, and administer commercial operations.

To operate, maintain, and improve our websites, products, and services
We use Technical Data, Communication Data, and feedback to understand how our websites and services are used, diagnose issues, maintain security, and improve performance, reliability, usability, and product design.

To send marketing and event communications
We may use Contact Data, Professional Data, Technical Data, Communication Data, and preferences to send updates about Sietch products, services, events, insights, or other content that may interest you, subject to applicable law and your communication preferences.

To personalize our communications and understand interest in our offerings
We may analyze interactions with our communications, websites, events, and commercial activities to better understand which solutions may be relevant to you or your organization.

To manage events and visits
We use relevant data to register you for events, provide access to venues, administer webinars or meetings, manage attendance, and maintain the security of our offices, systems, and visitors.

To protect Sietch and others
We may use personal data to detect, investigate, and prevent fraud, misuse, security incidents, harmful activity, or other unlawful conduct, and to protect our rights, systems, employees, customers, and partners.

To comply with legal and regulatory obligations
We may process personal data to comply with applicable laws, regulations, contracts, government requests, judicial or administrative orders, accounting and tax requirements, audit obligations, and other lawful requests.

To establish, exercise, or defend legal claims
We may process relevant personal data where necessary in connection with disputes, investigations, litigation, administrative proceedings, or enforcement of our contracts and policies.

To support corporate transactions
We may process and disclose personal data in connection with an actual or proposed merger, acquisition, financing, reorganization, sale of assets, or similar corporate transaction.

To create aggregated or de-identified information
Where permitted by law, we may transform personal data into aggregated, anonymized, or de-identified information for analytics, security, reporting, and product improvement purposes.

6. Legal bases for processing

Where applicable law requires a legal basis for processing, Sietch relies on one or more of the following, depending on the context:

• your consent;
• the need to take steps at your request before entering into a contract, or to perform a contract with you or your organization;
• compliance with a legal or regulatory obligation;
• the regular exercise of rights in judicial, administrative, or arbitration proceedings;
• protection of life, health, or safety where applicable;
• our legitimate interests or those of a third party, provided those interests are not overridden by your rights and freedoms; and
• any other legal basis permitted under applicable law.

If we process your personal data based on consent, you may withdraw that consent at any time for future processing. If we need certain information to perform a contract or comply with law and you do not provide it, we may be unable to provide some products, services, responses, or interactions.

7. When we disclose personal data

We may disclose personal data to the following categories of recipients where necessary for the purposes described in this Statement:

Sietch affiliates
We may share personal data with affiliated entities within the Sietch group, where applicable, for internal administration, support, security, service delivery, and business operations.

Service providers
We may share personal data with vendors and service providers that support hosting, cloud infrastructure, cybersecurity, CRM, communications, website operations, analytics, customer support, document management, identity verification, payment processing, event management, or similar services. These providers are required by contract to process personal data only on our instructions and to protect it appropriately.

Business partners, resellers, distributors, and event partners
We may share relevant data with channel partners, implementation partners, resellers, distributors, co-sponsors, or event partners where necessary to respond to a request, manage an opportunity, deliver a service, organize an event, or support our commercial activities.

Professional advisers and auditors
We may disclose personal data to lawyers, accountants, auditors, insurers, or other professional advisers where necessary for legal, compliance, tax, audit, or risk-management purposes.

Government authorities, regulators, and courts
We may disclose personal data where required to comply with law, regulation, court order, subpoena, lawful government request, or to protect rights, property, safety, or security.

Corporate transaction counterparties
We may disclose personal data in connection with an actual or proposed investment, financing, merger, acquisition, reorganization, sale of assets, or similar transaction, subject to appropriate safeguards where required.

At your direction
We may also disclose personal data to third parties where you request or direct us to do so.

8. Cookies and similar technologies

We may use cookies and similar technologies, including pixels, tags, analytics tools, and server logs, to operate our websites, remember preferences, understand how visitors use our websites and communications, measure performance, improve user experience, and support security and marketing activities where permitted by law.

Where required by applicable law, we will ask for your consent before placing non-essential cookies or similar technologies on your device. You can also manage cookies through our consent tools, where available, or through your browser or device settings. Some site functions may not work properly if certain cookies are disabled.

If you use social media plug-ins or third-party integrations, the relevant third party may independently collect or receive information through those tools. Your interactions with those third-party services are governed by their own privacy notices.

9. AI-assisted processing

Sietch may use AI-assisted and automated tools to support internal business operations such as document handling, analytics, security, support workflows, lead routing, and product improvement. Unless expressly stated otherwise, we do not make legally significant decisions about you solely by automated means in the context covered by this Statement without appropriate safeguards where required by law.

Where applicable law grants you the right to request review of a decision made solely on the basis of automated processing that affects your interests, you may contact us using the details in this Statement.

10. International data transfers

Sietch may transfer personal data to affiliates, service providers, partners, or systems located in countries other than the country where the data was originally collected, including where our infrastructure or service providers operate globally.

When we make international transfers, we take steps required by applicable law to protect the transferred data. Depending on the circumstances, these steps may include adequacy mechanisms, contractual safeguards, standard contractual clauses, transfer agreements, internal policies, or other lawful mechanisms recognized under the laws that apply to the transfer.

11. Data retention

We keep personal data only for as long as reasonably necessary for the purposes described in this Statement, including to provide our products and services, manage commercial and procurement processes, maintain security, comply with legal and regulatory obligations, conduct audits, resolve disputes, establish or defend legal claims, and enforce our agreements.

Retention periods vary depending on the nature of the information, the context in which it was collected, the sensitivity of the data, contractual requirements, regulatory requirements, and operational needs. When personal data is no longer required, we will delete, anonymize, block, or otherwise dispose of it in accordance with applicable law and our retention practices.

12. Security

We implement technical, administrative, and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, loss, or destruction. These measures may include access controls, logging, encryption, segmentation, vendor oversight, and security monitoring, as appropriate to the nature of the information and the risks involved.

No method of transmission over the internet or method of storage is completely secure. For that reason, while we work to protect personal data, we cannot guarantee absolute security.

13. Your rights

Depending on where you are located and which laws apply, you may have one or more of the following rights in relation to your personal data:

• confirmation of whether we process your personal data;
• access to your personal data and information about how it is processed;
• correction of incomplete, inaccurate, or outdated data;
• anonymization, blocking, restriction, or deletion of certain data;
• portability of certain personal data;
• deletion of personal data processed on the basis of consent, subject to legal exceptions;
• information about public and private entities with which we have shared data, where applicable;
• information about the possibility of refusing consent and the consequences of such refusal;
• revocation of consent where processing is based on consent;
• objection to certain processing activities, including direct marketing where applicable;
• review of decisions made solely on the basis of automated processing where applicable; and
• the right to lodge a complaint with a competent data protection authority or supervisory authority.

To exercise your rights, please contact us at [privacy@sietch.tech]. We may request additional information to verify your identity before acting on your request. If we process personal data on behalf of a customer as processor/operator, we may direct your request to the relevant customer or support the customer in responding, as required by applicable law.

14. Brazil-specific information

If Brazil's General Data Protection Law (Lei Geral de Proteção de Dados Pessoais – LGPD) applies to the processing, you may exercise the rights granted by Article 18 of the LGPD and, where applicable, request review of decisions made solely on automated processing under Article 20 of the LGPD. You may also petition the Brazilian National Data Protection Authority (ANPD) where permitted by law.

Our Encarregado / privacy contact details are identified in this Statement.

15. EEA, UK, and Switzerland-specific information

If you are located in the European Economic Area, the United Kingdom, or Switzerland, and the GDPR or UK GDPR applies to the processing, you may have rights including access, rectification, erasure, restriction, portability, objection, and the right to lodge a complaint with the relevant supervisory authority. Where required, Sietch will use an appropriate lawful basis for processing and an appropriate transfer mechanism for international transfers.

16. Third-party websites and services

Our websites, communications, and services may contain links to third-party websites, platforms, or services. Sietch is not responsible for the privacy practices, content, or security of third parties that are not under our control. We encourage you to review the privacy notices of each third-party site or service you use.

17. Children

Our websites and business services are intended for professional and organizational use and are not directed to children. We do not knowingly collect personal data from children through the activities covered by this Statement. If you believe that a child has provided personal data to us inappropriately, please contact us and we will take appropriate steps in accordance with applicable law.

Where we ever process personal data relating to children or adolescents, we will do so only where permitted by applicable law and with appropriate safeguards.

18. Updates to this Statement

We may update this Statement from time to time to reflect changes in our business, products, practices, technologies, or legal obligations. When we do, we will post the updated version on this page and revise the "Last updated" date above. Where required by applicable law, we will provide additional notice of material changes.