A+ A- Readable Font
Contrast
Accessibility

Privacy Statement

Compass is committed to privacy and the protection of personal data, ensuring transparency, confidentiality, integrity, and availability of all personal data processed, in compliance with the Brazilian Data Protection Law (LGPD), including the exercise of data subjects’ rights to all stakeholders.

This Privacy Statement provides:

• the types of personal data processed by Compass;

• how data is collected and for what purposes;

• with whom data may be shared;

• the measures we adopt to protect your data;

• your rights as a data subject and how to exercise them.

To reinforce Compass’ commitment to security and privacy regarding information collected from its investors, suppliers and employees, we have created the Personal Data Holder Rights Channel. Through this channel, data subjects can make requests related to their personal data in accordance with LGPD.

What types of personal data does Compass process?

When you browse our website or interact with us, we may collect various types of information, such as your name, email, phone number, CPF, address, access data, and other personal details contained in the content you choose to submit on the website, download documents, fill out forms or access systems.

Additionally, when visiting the website, we may obtain certain information through automated means, such as cookies and other web server logs. This information may include the browser used to access the website, IP address, access logs (date and time), location, mobile device model and the system used to access the site, as well as the connection provider.

On what grounds does Compass process personal data?

All personal data processing conducted by Compass will have a legitimate and specific purpose, adhering to the principles of good faith, adequacy, necessity, free access, data quality, security, prevention, non-discrimination and transparency.

Processing of personal data will occur only under the conditions permitted by LGPD, such as: compliance with legal or regulatory obligations; execution of a contract or pre-contractual measures; regular exercise of rights in legal proceedings; obtaining your free and explicit consent, when applicable; credit protection; and/or due to the controller’s legitimate interests aligned with your expectations.

How are personal data processed and for what purposes?

Compass processes personal data for specific and pre-defined purposes, which are disclosed to data subjects prior to collection. We ensure that there will be no subsequent processing incompatible with the previously informed purposes, in compliance with the applicable legal framework. For each type of data collection, different information may be requested, depending on the specific purpose, legal basis and storage duration. Users providing personal data on this website must ensure its accuracy and veracity. Compass, however, guarantees the possibility of updating or correcting data upon request by the data subject.

Personal data may be used for the following purposes:

  • Enhancing user experience during website navigation;
  • Creating general statistics;
  • Responding to users’ inquiries and requests;
  • Communicating with users to provide information about the company and its subsidiaries;
  • Verifying the identity of users using the Personal Data Holder Rights Channel;
  • Responding to investor inquiries through our contact channels;
  • Disseminating relevant information to investors via email lists;
  • Providing access to the Ethics Channel.

Sensitive personal data will be processed with your consent for specific purposes as required by law or when essential for: compliance with legal or regulatory obligations; execution of public policies established by law or regulation; conducting research by authorized bodies, ensuring anonymization whenever possible; regular exercise of rights; protection of life or physical safety; health protection; fraud prevention; and user security assurance.

It is important to note that Compass website may provide access to external links (also known as “hyperlinks”) whose content and privacy policies are not under Compass’ responsibility and, therefore, are not covered by this Privacy Statement. Thus, it is recommended that, upon being redirected to external websites, users always review the respective privacy statements/policies before providing their personal data, especially sensitive data.

What are cookies, and how does Compass use them?

Cookies are files containing information that your computer or mobile device stores when you visit websites. Examples include preferred language and login details.

At Compass, we use strictly necessary cookies for our website’s functionality and optional cookies to enhance your user experience.

Cookies serve various specific purposes, such as:

  • Ensuring your security and privacy on secure websites;
  • Storing login details for secure websites;
  • Temporarily storing input information for tools, illustrations, and demonstrations;
  • Providing ads more relevant to your interests and improving your navigation across our sites and partner websites;
  • Improving our understanding of website navigation to identify improvements; and
  • Evaluating advertising and promotional effectiveness (we have access to the anonymized data collected and do not share it with anyone).

We use both first-party and third-party cookies. The storage duration of cookies depends on their type, ranging from a single session to over a year (e.g., Google Analytics cookies for performance).

The duration for which your browser stores cookies will depend on the type of cookie in question. Some will last only while you are online, while others may remain for a longer period, such as up to one day (Google Analytics – view counting and tracking), one month (Cookie-Script – cookie consent), or one year and one month (Google Analytics – performance cookies).

You can manage your cookie preferences at any time through your device or browser by accessing the Cookie Management settings directly in your preferred application:

With whom may we share your data?

Compass may share your personal data in the following cases:

  • Within the corporate group for strategic decision-making;
  • With service providers or partners for managing specific operational aspects on our behalf, such as IT and marketing services;
  • With third parties in case of reorganization, merger, sale, joint venture, transfer, or similar transactions, ensuring that any transfer complies with applicable legal and contractual safeguards;
  • With public authorities to comply with legal obligations, regulatory requirements, or during disputes, including settlements and legal actions.

Access to collected data is restricted to authorized personnel. Misuse of such information is subject to penalties as per Compass’ internal policies and the applicable legal measures.

Compass neither discloses nor sells personal data for commercial purposes. In cases of sharing data with third-party service providers, Compass ensures appropriate data protection in compliance with Brazilian legislation, such as the LGPD, by implementing contractual clauses and other safeguards to ensure the data is used only for its intended purposes.

What measures are taken to protect personal data?

Compass implements technical and administrative measures to safeguard personal data against unauthorized access, destruction, loss, alteration or dissemination. Access to personal data is limited to those employees or other parties that need the data for the execution and performance of their functions.

How long is personal data stored?

Compass will retain personal data for as long as necessary to fulfill the purposes for which it is processed and/or for the duration of consent, when applicable. Once these circumstances end, personal data will be retained for the periods required to comply with applicable legislation, and deleted in accordance with legal requirements and Compass’ internal data protection policies.

What are your rights as a data subject?

Compass provides access to users’ personal data to ensure secure and appropriate access for its holders, guaranteeing its availability (while respecting trade and industrial secrets, in compliance with information security and data protection regulations), in a timely manner and upon request for:

  • Confirmation of data processing;
  • Access to personal data;
  • Correction of incomplete, inaccurate, or outdated data;
  • Anonymization, blocking, or deletion of unnecessary or unlawful data;
  • Data portability to another service provider;
  • Deletion of data processed with your consent;
  • Information about public or private entities with whom data has been shared;
  • Details on consent refusal and its consequences; and
  • Revocation of consent.

Your requests will be handled with special care to ensure the effectiveness of your rights. You may be asked to provide proof of your identity to ensure that only the data subject can exercise their rights over their Personal Data.

To submit a request related to your personal data, please use the Personal Data Holder Rights Channel. You can also contact our Data Protection Officer (DPO) directly via e-mail at dpocompass@compassbr.com, providing the necessary details to process your request.

Privacy Statement Changes

We reserve the right to change this Privacy Policy at any time without prior notice. All changes and updates will be documented in this section of the website. In the event of substantial changes to how your data is processed, we will prominently notify you on our website to ensure you are properly informed.

Contact the Data Protection Officer (DPO)

To exercise your rights and access more information about the processing of your personal data, please contact the Data Protection Officer of Compass through the Personal Data Holder Rights Channel or via e-mail at dpocompass@compassbr.com, providing the necessary details to fulfill your request.