Privacy
Policy

Introduction

Natura &Co knows that you care about your personal data and how it is used, and we wantyou to trust that we use your personal data carefully. References in this Privacy Notice to“we”, “us” and “our” are references to Natura &Co, which will be the entity responsible for theprocessing of your personal data (as indicated in the following section).

This Privacy Notice describes the types of personal data we obtain when you access and useour Site https://ri.naturaeco.com/en/, why and how we use it, with whom we share it and howyou can exercise your rights regarding our processing of your personal data. Please read carefully this Privacy Notice before using our Site.

Who is responsible for your personal data?

Natura &Co is the group that controls the processing of your personal data which is collectedor generated when you access, use and navigate through our Site.

The contact details of Natura &Co are the following:

Identity: Natura &Co Holding S.A. (“Natura &Co”)
Address: Avenida Alexandre Colares no. 1188, Vila Jaguara, São Paulo, SP, 05106-000, Brazil
Email: [relacoescominvestidores@natura.net]

Who do I contact if I have a query?

If you have any queries about the protection of your personal data obtained and processedwithin the context of our Site you may send a communication to the following e-mail address:[relacoescominvestidores@natura.net]

What personal data we collect about you?

Personal data means any information that can be used to identify, either directly or indirectly,a specific individual. You are not required to provide us with the personal data that werequest, but if you choose not to do so, we may not be able to respond to any queries youmay have or send you the newsletters.

We will collect personal data about you either directly (e.g. when you provide your data forcontacting purposes, when signing up to our newsletter, etc.), from third parties (e.g. whenaccessing our Site through other platforms such as LinkedIn) or automatically (e.g. whenaccepting the use of cookies):

– Personal data we can collect directly from you: Identification data (e.g. name, surname, email address, telephone number), Professional data (e.g. company and job) and any other type of personal data that you may wish to share with us when filling in the contact form.
Please refrain from sharing with us sensitive personal data (e.g. health data, racial or ethnic origin, political opinions, etc.) when contacting us.

– Personal data we can collect from third parties: We may collect personal data from third parties if you authorize these third parties to share the referred personal data with us. For example, if you create an account in LinkedIn and access our Site through LinkedIn, LinkedIn may provide us with certain pieces of personal data that relate to you (e.g. name, email, etc.).
The information provided by the third party can be controlled by you in accordance with the third party’s privacy notice and choices they give you.

– Personal data we can collect automatically from you: When using our Site we can collect automatically from you certain information which may be defined as personal data (e.g. geography, operating systems, browsing services, number of visits to our Site, from where were you redirected into our website, etc.). Further information about our use of cookies and tracking technologies is available in our Cookie Notice.
– We use third-party web analytics services in connection with our Site, including Google Analytics, which uses cookies and similar technologies to collect data to evaluate use of and interaction with our Site. You may learn about Google’s advertising features, including Google Analytics’ currently available opt-out mechanisms, here. To learn more about these and other analytics services and how to opt out, please view our Cookie Notice.

How we use your personal data and on what legal basis?

We use and subsequently process personal data we collect about you on the following legal basis and for the purposes identified below:

– We will process your personal data on the basis of our legitimate interests, for the following purposes:

• Process and answer your inquiries or to contact you to answer your questions and/or requests. We understand that the processing of your data is also beneficial to you to the extent that it enables us to assist you and answer your requests.
• To manage our Site, including the protection of the security and/or integrity of our Site and our IT infrastructure;
• To understand how you use our Site and to enable us to improve and further develop the features, performance and support available on our Site. We understand that the processing of your data is also beneficial for you because the purpose is to improve the user experience and provide a higher quality service, as well as to address the suggestions that you, as user, send to us;
• In the event of a business transaction involving a structural modification of Natura &Co (e.g. a merger) or the transfer of most of our assets to a third party, transfer your personal data to the acquirer or resulting entity for the purpose of continuing to provide the services that are the subject of the data processing. The new data controller will communicate its contact details to you. We will comply with our duty to inform the relevant supervisory authority, if necessary, and will inform you of the change of controller at the time of such change.

Where we process personal data in fulfillment of our own legitimate interests, we will as appropriate balance such interests against your fundamental rights and freedoms, and implement robust safeguards in view of ensuring that your privacy is protected accordingly.

– We will process your personal data on the basis of your consent, for the purposes of sending you our newsletter. The consent for the sending of our newsletter will be granted by you when filling in the form and clicking the button “enviar”.
You may at any time revoke your consent by sending an email to us as specified in section 8 below or by clicking the unsubscribe button that appears in all newsletter communications that we sent to you.

– We will process your personal data in order to comply with applicable laws, which may include the disclosure of your personal data and other complementary information to comply with requests received from the relevant authorities and/or bodies with compelling power.

We will not use your personal data for any purposes other than those described in this Privacy Notice.

How do we share your personal data and with whom?

As indicated in the previous section, your personal data collected by us will be used exclusively for the purposes indicated here. In addition, some of your personal data may be shared, for the purposes and on the legal basis indicated above, with:

– Our affiliates: We may share your personal data with other entities of our group (in particular, Avon Int., Natura, The Body Shop and Aesop) for any of the purposes listed above.
– Our service providers: We may share your personal data with third parties that perform services for us, such as web-hosting companies, mailing vendors, analytics providers, event hosting services, and information technology providers;
– Law enforcement, government authorities, or third parties with legal rights: We may share information as may be permitted or required by the laws of any jurisdiction that may apply to us. In these circumstances, we strive to take reasonable efforts to notify you before we disclose information that may reasonably identify you or your organization, unless prior notice is prohibited by applicable law or is not possible or reasonable in the circumstances.
– Parties in connection with a business transaction: We can share your personal data with service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a transaction in which we are acquired by or merged with another company or we sell, liquidate, or transfer all or a portion of our assets, as well as any bankruptcy or corporate reorganization.

For how long do we store your personal data?

Your personal data will be kept for as long as they are necessary to meet your requests or, where applicable, as long as you have not revoked your consent or our legitimate interests persist. Afterwards we will subsequently keep your personal data for the legally required periods to manage any possible liabilities or obligations arising from the service provided, in compliance with legislation in force from time to time.

What rights do you have over your personal data?

We undertake to keep your personal data confidential and to ensure that you may exercise your rights. Bearing that in mind, you may exercise your rights by writing us an e-mail to our e-mail address: [relacoescominvestidores@natura.net].

Below is an overview of the rights you may be able to exercise, and what they entail for you, depending upon your location:

– The right of access which entitles you to obtain from us confirmation on whether or not we are processing your personal data and, where that is the case, access to the said personal data. Additionally, you are entitled to obtain clear, transparent and easily understandable information about, among other things, how we use your personal data and your rights.
– The right of rectification which allows you to obtain from us without undue delay the rectification of inaccurate personal data concerning you.
– The right to erasure which entitles you, under certain circumstances, to request us to delete your personal data without undue delay.
– The right to restrict the processing which allows you to, under certain circumstances, require us to stop processing your personal data.
– The right to portability which entitles you to receive from us your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit that personal data to another controller under certain circumstances.
– The right to object which allows you to, under certain circumstances, object to certain types of processing, including processing for direct marketing purposes.
– The right to withdraw the consent which entitles you to withdraw any consent you may grant to us.
– The right to lodge a complaint which allows you to lodge a complaint directly with any local supervisory authority about how we process your personal data.

The exercise of these rights is personal, so it will be necessary for you to be able to prove your identity. Consequently, if we consider this necessary to correctly identify you, we may request you to provide a copy of a document evidencing your identity.

Third party social plugins and links

Our Site uses the so-called “social plugins” of the social networks including Facebook, YouTube, LinkedIn, Twitter and Instagram. When you visit our Site, no data is automatically transmitted to the affected social networks. Only when you have clicked on a social media button does your browser establish a direct connection to the social network server. Even if you are not a member of one of the social networks, it is possible that they will find out your IP address via the social plugin and save it if necessary. We have no influence on the extent of the data collected in this way by the operators of the social networks. If you are logged in to one of the social networks at the same time, the operator can assign the corresponding calls to your account with the respective social network. In addition, if you interact with the social plugins (i.e. click on the “Like Button” or “share”), the respective social network processes the corresponding personal data. For details on the purpose and scope of the data processing, collection and use by Facebook, YouTube, LinkedIn, Twitter and Instagram and your rights and settings options in this regard, please refer to their respective privacy policies: Facebook, YouTube, LinkedIn, Twitter and Instagram. If you do not want social networks to collect information about you via our Site, exercise your choice, and do not click on the relevant buttons. You can also block the social plugins using add-ons for your browser.

Our Site may contain links to websites of other providers. We are not responsible for the data processing on these websites. You can find out how the respective providers handle your personal data by reviewing their privacy notices.

Changes to the Privacy Notice

We may amend the information contained in this Privacy Notice when we consider this appropriate. In such case, we will announce the changes made on our Site with sufficient visibility. In any event, we suggest you review this Privacy Notice from time to time in case minor changes are made or we make any interactive improvement, taking the opportunity that you will always find it on our Site.

Notwithstanding the above, we will in no event modify policies and practices to make them less effective in protecting your personal data previously stored.

Last update: April 2021