PRIVACY POLICY

1. PURPOSE AND GENERAL INFORMATION

Granistone A Rocha ("Granistone") values the privacy of its customers, suppliers, service providers, business partners and employees and has prepared this Privacy Policy to reaffirm its commitment to the protection of personal data, in accordance with the General Data Protection Law (LGPD) and other applicable regulations.

This Privacy Policy describes how your Personal Data is collected, used, stored and protected when you access our pages and/or use the services and tools on our website.

1.1 Definitions

For the purposes of this Privacy Policy, the following definitions apply:

  • Legal Basis: legal basis that authorizes the processing of Personal Data, in accordance with the hypotheses provided for in the General Personal Data Protection Law (LGPD) .
  • Consent: free, informed and unequivocal expression by which the Data Subject agrees to the processing of their Personal Data for a specific purpose.
  • Personal Data: any information that allows a specific person to be identified, such as name, address, telephone number and email address.
  • Sensitive Personal Data: information about racial or ethnic origin, religious beliefs, political opinions, membership of a trade union or organization of a religious, philosophical or political nature, data relating to health or sexual life, as well as genetic or biometric data, when linked to a natural person.
  • Data Controller (DPO): natural or legal person formally appointed by Granistone to act as a communication channel between Granistone, data subjects and the competent authorities in matters of personal data protection.
  • Purpose: the legitimate, specific and informed purpose for which the Personal Data is processed.
  • General Personal Data Protection Law (LGPD): Law No. 13,709/2018 , which provides for the processing of Personal Data, including in digital media, by a natural person or by a legal entity under public or private law, with the aim of protecting the fundamental rights of freedom, privacy and the free development of the natural person's personality.
  • Necessity: limitation of processing to the minimum amount of Personal Data essential to achieving its purpose, with a proportionate and non-excessive scope.
  • Data Subject: The natural person to whom the Personal Data being processed refers. The Data Subject may be, for example, a User of Granistone's websites, platforms, or applications, a consumer, a Granistone employee, among others.
  • International Transfer of Personal Data: sending or making Personal Data available to a foreign country or international organization of which the country is a member.
  • Treatment: any operation carried out with Personal Data such as those relating to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, transfer or elimination.
  • User: natural person who accesses or uses Granistone A Rocha websites, platforms or applications, and must be over 18 years of age, fully capable or, in cases of incapacity, be duly represented or assisted by a legal guardian.
1.2 SCOPE

This Privacy Policy applies to all Users and potential Users of the pages, tools and services of Granistone's websites and applications.

By accessing Granistone's services, websites, or applications, you acknowledge that you have read, understood, and agree to the terms of this Policy. Your acceptance is voluntary but necessary for full use of the resources offered. Failure to agree may limit, in whole or in part, access to and provision of the services available on Granistone's websites and applications.

2. COLLECTION AND USE OF PERSONAL DATA

Granistone may collect Personal Data provided directly by you, by third parties or collected automatically, through necessary, functional and performance cookies enabled on our websites and applications.

In order to carry out our activities, we may process the following categories of Personal Data:

  • Registration and identification data, such as name, telephone number, address and identifying information registered with public bodies, such as the Individual Taxpayer Registry (CPF) number;
  • Data related to electronic communications and the use of electronic devices, such as electronic mail (e-mail), IP address, date and time, and information about pages accessed;
  • Professional data, such as profession, place of work, academic qualifications and information related to professional opportunities offered by Granistone.

The Personal Data collected may vary depending on the nature of the service provided, product purchased or type of relationship between the Data Subject and Granistone.

All Personal Data submitted by you directly to Granistone websites or applications will be collected to fulfill legitimate purposes, including, but not limited to, preparing commercial proposals or contracts, providing contracted services, conducting marketing communications, recruitment and selection, and complying with legal obligations.

3. SHARING PERSONAL DATA

Granistone may share your Personal Data with public or private organizations, respecting the provisions of the LGPD, in particular the principle of necessity and always in a manner compatible with the purpose(s) for which they were collected, as provided for in this Policy.

The main situations in which Personal Data may be shared are listed below:

  • With clients and partners, to provide services;
  • With service providers hired by Granistone;
  • With companies from the same economic group as Granistone;
  • With suppliers for administrative purposes;
  • To fulfill legal or contractual obligations;
  • For marketing purposes, with your express consent;
  • By court order or request from a competent authority.

When we share your Personal Data with third parties, we will require that the processing be carried out in accordance with the guidelines of this Policy and under our instructions, which includes secure storage, retention only for the instructed period and non-subsequent sharing with other organizations without the prior and express authorization of Granistone.

4. INFORMATION SECURITY

Personal Data processed by Granistone will be stored for the time necessary to fulfill the purposes for which it was collected, or to comply with legal and/or regulatory requirements, fulfill contractual obligations, so that Granistone can exercise its rights in administrative, arbitration, and/or judicial proceedings, or to comply with other circumstances set forth in the LGPD. After the Personal Data storage period ends, Granistone will securely delete it.

At the request of the data subject, Personal Data processed with consent may be deleted before the processing purposes are achieved, provided there are no legal impediments to this.

5. INTERNATIONAL TRANSFER OF PERSONAL DATA

Personal Data collected on Granistone's websites and applications are stored on its own servers and those of contracted third parties, located in Brazil, as well as in the cloud, which may lead to the transfer or processing of data outside of Brazil, in which case Granistone will adopt the appropriate technical and organizational measures to ensure that international transfers of Personal Data are made in compliance with applicable legislation.

7. LEGAL BASIS FOR PROCESSING

The processing of your Personal Data may be carried out based on the following hypotheses:

  • With your consent, provided it is obtained freely, informed and unequivocally;
  • Execution of contract or preliminary measures;
  • Compliance with legal or regulatory obligation;
  • For the regular exercise of rights in judicial, administrative or arbitration proceedings;
  • When necessary to meet Granistone's legitimate interests, observing the rights of the holder;
  • Supported by any other legal basis permitted by the LGPD;
8. RIGHTS OF THE PERSONAL DATA SUBJECT

Data Subjects may:

  • Request confirmation of the existence of processing and access to Personal Data;
  • Correct incomplete, inaccurate or outdated Personal Data;
  • Request the anonymization, blocking or deletion of Personal Data that is unnecessary, excessive or processed in non-compliance with the Law;
  • Know with whom we share your Personal Data;
  • Deny consent or revoke it at any time.

If you wish to exercise your rights, please send a request to pdo@granistone.com.br. Exercising your rights is free and can be done at any time. Granistone will evaluate the possibility of immediate assistance, and if this is not possible, you will be informed of the reasons and the necessary deadlines.

9. CONTACT DETAILS

You can contact us by email, WhatsApp, and mail. To view all our customer service channels, visit our website.

Our physical address is: Av. Vicente Linhares, 500 – Aldeota – Fortaleza – CE Zip Code: 60.135-270

10. CONTACT DETAILS OF THE PERSONAL DATA CONTROLLER (DPO)

If you have any questions about this Privacy Policy or how we process your Personal Data, you can contact our Personal Data Processing Officers.

Data Controller Contact Information

  • Encarregado Titular:Nicolas Diógenes Meneses
  • Encarregado Substituto:José Cláudio Bandeira de Araújo Júnior
  • E-mail:dpo@granistone.com.br.
11. JURISDICTION AND APPLICABLE LEGISLATION

This Policy will be governed by and interpreted in accordance with the legislation of the Federative Republic of Brazil, with the jurisdiction of the District of Fortaleza/CE being chosen to resolve any disputes.

12. POLICY UPDATES

This Policy may be changed at any time. We recommend that you review this document periodically.

Last updated: 08/22/2025.

“Some trust in chariots and some in horses,
but we trust in the name of the LORD our God.” (Psalm 20:7)
SustainabilityCode of EthicsWork with usReporting channelTerms of usePrivacy Policy
Copyright 2025 Granistone. Todos os direitos reservados.
Granistone A Rocha
CNPJ: 23.363.570/0001-41