PRIVACY POLICY

1 SCOPE OF THIS POLICY
SIN – SISTEMA DE IMPLANTE NACIONAL S.A, registered in the Brazilian Registry of Corporate Taxpayers (CNPJ/MF) under No. 04.298.106/0001-74, with head offices at Rua Soldado Ocimar Guimarães da Silva, No. 2445, Vila Rio Branco, CEP 03.348-060, in the city of São Paulo, State of São Paulo (hereinafter referred to as “SIN IMPLANTES” or “SIN”) values the privacy of its Users. Therefore, it has produced this Privacy Policy (“Policy”) to demonstrate its commitment to protecting your privacy and your Personal Data, under the terms of the General Personal Data Protection Law (“LGPD”), Law No. 13,709/2018, and other laws on the subject, as well as to describe how your privacy is protected by SIN in the Treatment of Personal Data, when collecting, treating and storing your personal information.

Our Policy reaffirms our commitment to security, privacy, and transparency in the treatment of your personal information and data, describing how we collect and treat it when you access our Site.

SIN observes the SIN Code of Conduct (“Code of Conduct”) that represents the mission, vision, and values of SIN. The objective of which is to guide and portray the priority values of this company since its conception, always aiming at an ethical performance from all of its employees.

Because we acknowledge the importance of your privacy and protection of Personal Data, we recommend that you read our entire Policy carefully in order to be fully aware of the terms stipulated herein.

1.1 DEFINITIONS
For purposes of understanding this Policy, the following terms and descriptions shall have the meaning set forth below:

User(s): All natural persons who are Holders of Personal Data, who will use or visit SIN’s website(s) and/or Application(s), older than 18 (eighteen) years of age; emancipated and fully capable of performing the acts of civil life, those absolutely or relatively incapable duly represented or assisted, with special attention to the provisions of the LGPD in relation to children.

Holder(s): Natural person to whom the Personal Data, that are the object of Treatment, refer to;

Personal Data: Any information provided and/or collected by SIN and/or its affiliates, by any means, even if public, that: (I) identifies, or which, when used in combination with other information processed by SIN, makes an individual identifiable; or (II) by means of which the identification or contact information of a natural person can be derived. Personal Data may be in any media or format, including electronic or computerized records, as well as paper-based files.

Purpose: The objective, the purpose that SIN wishes to achieve from each act of personal information treatment.

Treatment: Any operation performed with Personal Data, such as those related to collection, production, reception, classification, use, access, reproduction, transmission, distribution, treatment, filing, storage, elimination, evaluation, or control of the information, modification, communication, transfer, dissemination, or extraction.

Necessity: Justification of why it is strictly necessary to collect Personal Data to achieve the purpose, avoiding excessive collection.

Legal Bases: They refer to the legal practices provided for in the LGPD that authorize SIN to process Personal Data.

Consent: Express and unequivocal authorization given by the User (Holder of the personal data) for SIN to process their Personal Data for a previously described purpose, where the legal bases necessary for the act requires the express authorization of the holder or, in the case of children, specific and outstanding consent given by at least one of the parents or legal guardian.

1.2 APPLICATION
In general, this Policy applies to all Users and potential Users of the services offered by SIN, including Users of the sites or other means operated by SIN and summarizes how SIN may carry out the Treatment of Personal Data in accordance with the applicable Legal Bases and all privacy and data protection laws in force.

By accessing and/or using this website, the User declares to be in any of the circumstances set out in the definition of User for all legal purposes.

If the User does not fit the above description and/or does not agree, even partially, with the terms and conditions stipulated in this Privacy Policy, the User should not access and/or use the services offered by SIN, as well as the sites and services operated by SIN.

2 COLLECTION AND USE OF PERSONAL DATA
SIN is responsible for Personal Data Treatment and may collect the information actively entered by the User at the time of registration as well as information automatically collected when this website and related pages are being used, such as, for example, the characteristics of the access device, IP with date and time, among others.

Thus, the treatment of personal data i) provided by the User and ii) those collected automatically is produced.

Information provided by the User: SIN collects all the information actively entered by the User on the Site, such as full name, ID, social security number, CRO number, email, telephone/cell phone number, once the User fills out the forms. SIN will use this information to promote the dissemination of institutional material, newsletters, and invitations to lectures and events, among others if the User gives their consent for this communication.
Automatically collected data: SIN also automatically collects a series of information, such as: characteristics of the access device, browser, IP (with date and time), IP Addresses, information on clicks, pages accessed, pages accessed after leaving the Site, or any search term typed on the Site or in reference to it, among others. To this end, SIN will make use of certain technologies such as cookies, pixel tags, beacons, and local shared objects, which are used to optimize the User’s browsing experience on the Site according to their habits and preferences.
It is possible to disable, through the settings of your internet browser, the automatic collection of information through some technologies, such as cookies and caches, as well as on our own Site, specifically regarding cookies. However, the User should be aware that if these technologies are disabled, some features offered by the Site, which depend on the treatment of such data, might not work properly. To learn more about the cookies we use, please visit our Cookies Policy.

3 USE OF PERSONAL INFORMATION AND DATA
SIN uses your information and personal data to adapt the Site to your preferences, to provide the services requested by the User, and to send you information about products and services, fulfilling the strict purposes described in this Policy. When you register on the SIN Site, you may choose to receive certain information by email.

Legal Bases: In the above cases, the treatment of personal data is legitimized by section I of Article 7 of the Brazilian Federal Law No. 13,709/2018, the General Law of Protection of Personal Data (“LGPD”) (provision of consent by the holder). The other legal bases for personal data treatment are stipulated below in section 9, “Legal Bases for Personal Data Treatment”.

4 DATA SHARING AND PERSONAL DATA TREATMENT
SIN will not make Personal Data collected on its websites available to email list intermediary without your express consent.

Based on conducting our business and services, we will share Users’ Personal Data with our professionals duly authorized to provide the requested service(s), respecting the principles provided in the LGPD. All access to the Personal Data will preserve its confidentiality, in accordance with the terms of this Policy.

In addition, SIN may share Personal Data collected with third parties in the following situations and within the limits required and authorized by Law:

With clients and partners when necessary and/or appropriate to the provision of related services;
With the companies and individuals contracted to perform certain activities and services on behalf of SIN;
With companies of the economic group;
With suppliers and partners for the performance of services contracted with SIN (such as information technology, accounting, among others);
For administrative purposes such as research, planning, service development, security, and risk management.
When necessary as a result of a legal obligation, determined by a competent authority, or judicial decision.
In case of sharing Personal Data with third parties, all the subjects mentioned in sections 1 to 6 be consistent and in accordance with the purposes for which they were collected (or to which the User previously consented), as well as in accordance with what has been determined by this Privacy Policy, by the LGPD, by the guidelines of the National Authority for Personal Data Protection (ANPD), other privacy statements of websites or countries and all applicable privacy and data protection laws.

5 INTERNATIONAL DATA TRANSFER
It is possible that in the activities performed by SIN, as a result of the nature of the operations, it may be necessary to treat personal data, together with employees, departments, or even bodies and institutions in other countries, outsourced service operators contracted outside of the domestic jurisdiction, or even share data with foreign institutions with which agreements and partnerships have been established.

In such events, there will be international data transfer, which means that the personal data will be transferred to a foreign country or international body of which the country is a member, as per art. 5, XV, of LGPD).

SIN only transfers personal data collected in Brazil to other countries, considering the organizations that make up the same economic group.

However, third-party services used by SIN may also transfer personal data to other countries, as long as business partners, which adopt adequate personal data protection standards, are sought.

Personal data may be transferred to other SIN companies, contracted entities, or business partners located in other countries that in some way need to act for the provision of SIN services, as well as database backup companies and other systems related and necessary for the provision and maintenance of the services of SIN companies, in accordance with the principles and guarantees established by Law no. 13,709/2018 (LGPD).

SIN ensures that, in the event of international transfer of personal data, all rules of the General Law on Data Protection will be complied with, especially those referring to the

requirement for an adequate protection and proof of guarantee compliance with the principles, rights of the holder and data protection regime provided for by law.

In the case of international data transfers, SIN guarantees that personal data sharing will be carried out in accordance with the applicable privacy laws and, in particular, using all appropriate contractual, technical, and organizational measures in place, such as the General Contractual Clauses approved by the EU Commission and subsequent regulations issued by the National Data Protection Authority.

SIN is based in Brazil and Brazilian law governs the data we collect. By accessing or using our services, the Site User acknowledges and agrees with the treatment and transfer of such data to Brazil and eventually to other countries through the service of third parties. The personal data of Users of the Site, when transferred to these countries, may be subject to local legislation and relevant rules.

SIN informs you that at any time, you may have access to information about the sharing of your data, requesting the info by emailing dpo@sinimplante.com.br, or any other contact available that you choose for this purpose.

6 LEGAL REASONS FOR SHARING YOUR DATA
Under certain circumstances, SIN may share your Personal Data, to the extent necessary or appropriate, to government agencies, consultants, and other third parties to comply with applicable law or with a court order or subpoena, or if SIN believes in good faith that such action is necessary to:

Comply with a law requiring such disclosure, legal obligation, court order, or a request from administrative authorities having the requisite authority to do so;
Investigate, prevent, or take action regarding suspected or actual illegal activities or to cooperate with government agencies, or to protect national security;
Execute its contracts;
Investigate and defend itself against any claims or allegations from third parties;
Protect the security or integrity of the services (for example, sharing with companies that are experiencing similar threats);
Exercise or protect the rights, property, and safety of SIN and its affiliated companies;
Protect the rights and personal safety of its employees, users, or the public;
In the event of the sale, purchase, merger, reorganization, liquidation, or dissolution of SIN.
SIN will notify the respective Users of any legal demands that result in the disclosure of personal information, in terms of what was explained in section 4, unless such notification is prohibited by law or prohibited by a court order or, moreover, if the request is an emergency. SIN may impugn such requests if they are considered excessive, vague or made by incompetent authorities.

7 DATA SECURITY MEASURES
All Personal Data will be stored in SIN’s database or in databases maintained “in the cloud” by providers hired by SIN, which duly comply with LGPD.

SIN and its suppliers employ physical, technical, and organizational security measures to protect the confidentiality, security, and integrity of your Personal Data, preventing the occurrence of any damage as a result of the Treatment of such data.

Although SIN uses security measures and monitors the system for vulnerabilities and attacks to protect your Personal Data against unauthorized disclosure, misuse or alteration, the User acknowledges and agrees that there is no guarantee that the information cannot be accessed, disclosed, altered, or destroyed by unlawful and improper violation of any of the physical, technical or organizational protections.

Therefore, should the User identify or become aware of anything that compromises the security of the Personal Data, SIN requests that the User contact the following email address: dpo@sinimplante.com.br

8 RETENTION OF PERSONAL DATA
SIN retains all data provided, including Personal Data, in respect of the purpose, necessity, and adequacy, as necessary for the performance of its services.

In this sense, SIN will retain your Personal Data for the necessary period in order to comply with the legal purposes of the services, contractual and accountability obligations or requests from the competent authorities.

All data collected will be excluded from our servers when the User so requests or when they are no longer necessary or relevant for the provision of our services unless there is any other reason for keeping them, such as any legal obligation to retain the data or the need to preserve them to protect the rights of SIN.

In determining the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purpose for which your Personal Data is being treated and whether we can achieve such purposes through other means, as well as applicable legal requirements.

9 LEGAL BASES FOR PERSONAL DATA TREATMENT
SIN only processes Personal Data in situations where it is legally authorized or upon your express and unambiguous consent.

As described in this Privacy Policy, SIN complies with all legal bases for collecting, producing, receiving, classifying, using, accessing, reproducing, transmitting, distributing, processing, archiving, storing, eliminating, evaluating or controlling information, modifying, communicating, transferring, disseminating or extracting data about the User, in compliance with the LGPD.

The legal basis include your consent (manifested at the time you completed the registration on the website), compliance with legal or regulatory obligation by the controller, regular exercise of rights in lawsuits, contracts, and preliminary contractual procedures (where the treatment is necessary to enter into the contract with the User) and legitimate interests, provided that such treatment does not infringe your rights and freedoms. In relation to Article 7 of the LGPD, these legal bases are: section I (consent); section II (compliance with a legal or regulatory obligation by the controller); section V (necessary for the performance of a contract or preliminary procedures); section VI (regular exercise of rights in judicial, administrative or arbitration proceedings); section IX (meeting the legitimate interests of the controller or a third party).

Such interests include protecting the User and SIN from threats, complying with applicable legislation, the regular exercise of rights in judicial, administrative or arbitration proceedings, enabling the conduct or administration of business, including quality control, reports, and services offered, managing business transactions, understanding and improving business and client relationships and enabling users to find economic opportunities.

The User has the right to deny or withdraw the consent provided to SIN, when it is the legal basis for the Treatment of Personal Data, and SIN may terminate the provision of its services to this user in the event of such request, in accordance with the provisions set out below in this Privacy Policy

10 EXERCISE OF RIGHTS
In compliance with the LGPD, with regard to the protection of Personal Data, SIN respects and guarantees the User the possibility of submitting requests based on the following rights:

Deleting data: the User may request the elimination of some of their Personal Data (for example, if there is no longer necessary to provide them with the services). The User is entitled to the elimination of data processed with their consent, except in the cases provided for in Article 16 of the LGPD (when retention is authorized for the following purposes: compliance with a legal or regulatory obligation by the controller; evaluation by a research body, ensuring, whenever possible, the anonymity of personal data; transfer to a third party, observing the data treatment requirements set out in the LGPD; or exclusive use of the controller, with no access by a third party, as long as the data is anonymous).
Data Correction: the User may correct or request the correction of their Personal Data that is incomplete, inaccurate, or outdated;
Exercising the right to object to the Treatment carried out, on the grounds of one of the cases of waiver of consent, in case of non-compliance with the provisions of the LGPD.
The User has the right to confirm the existence of treatment and access to data. Thus, the User may request a copy of their Personal Data and the data the User has provided in a readable format in printed form or by electronic means.
Requesting the anonymity, blocking, or elimination of unnecessary, excessive data or data treated in non-compliance with the LGPD.
Requesting information on public or private entities with which your data has been shared by SIN.
Requesting information about the possibility of not providing consent, as well as the consequences of this refusal.
Requesting data portability to another service or product provider, upon express petition and in accordance with the authority’s regulations.
Revoking consent previously given at any time, upon express request and by a free and facilitated process, as already indicated in this Policy;
Requesting a review of decisions made solely on the basis of automated treatment of personal data affecting your interests, including decisions intended to define your personal, professional, consumer, and credit profile or aspects of your personality.
If the User requires any assistance in exercising their rights, they may contact SIN in accordance with the guidelines contained in this Policy. SIN will make the necessary effort to respond to the legitimate requests within a period of 15 (fifteen) calendar days after confirming their identity.

Occasionally, a longer period may be required if the request(s) are complex and/or several. In this case, we will inform you and keep you updated about the progress of your request(s).

11 CONTACT
SIN informs that at any time you may contact us for clarification of any questions regarding the topics described in this Policy or in order to request the petitions, indicated above.

You may contact our Data Protection Officer (“EPD”) through a request form directed to dpo@sinimplante.com.br.

Rafael de Lima Moscatelli

dpo@sinimplante.com.br

12 POLICY REVISIONS
We are constantly improving, and this Policy may be updated to provide the User with higher security. Therefore, we recommend the Users to access our Policy periodically, in order to be aware of any modifications.

If SIN modifies this Privacy Policy, these modifications will be published in a visible manner on SIN website. The date of the last update will be shown at the end of this Policy.

13 MEDIATION AND GOVERNING LAW
This Policy shall be governed by the Federative Republic of Brazil Law and the Forum of the District of São Paulo has jurisdiction to settle any controversy in relation to it.

Updated on July 15, 2022.