Privacy Policy

SECTION ONE: ABOUT THIS POLICY

HLTech Legal Technology & Consulting B.V. is a private limited liability company registered in the Netherlands (Chamber of Commerce no. 84721200), also trading under the name Eltemate, whose registered address is at Eduard van Beinumstraat 10, 2Amsterdam Building – East Tower, 1077 CZ Amsterdam, the Netherlands. HLTech Legal Technology & Consulting B.V. and our affiliated businesses (collectively, "ELTEMATE", "we", "us", "our") are committed to being responsible custodians of the personal data that we collect in the course of operating our business as a global provider of legal technology and other related services. For the purposes of this Privacy Notice ("Notice"), "you" and "your" shall mean a Data Subject (i.e., an individual human being) whose personal data we process for the purposes outlined herein.

This Notice describes how we collect, use, share, or otherwise process your personal data as a data controller in the course of operating our business and providing services, and in association with our services enhancement, marketing and business development practices, operation of our main website (www.eltemate.com), and our other digital properties that link to this Notice, including our websites, LinkedIn account, mobile applications, and digital communications (collectively, "Digital Services").

This Notice is intended to comply with applicable data protection laws in the jurisdictions where we operate, including the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the UK GDPR and Brazilian General Data Protection Law (Law No 13,709/2018) (“LGPD”).

While we may also process personal data during the performance of our services to a customer, such processing is performed on behalf of and at the direction of our customer, subject to either our Data Processing Addendum, accessible on our website here, or a signed Data Processing Agreement

"Personal data" as used in this Notice means information that identifies, relates to, describes, or can reasonably be linked, directly or indirectly, to a specific natural person (i.e., a Data Subject). It does not include information that is considered anonymous, de-identified, or aggregated, as determined by applicable law.

"Process" (and inflections thereof) means operations performed upon personal data, such as collection, storage, recording, organization, structuring, adaptation or alteration, retrieval, use, disclosure, dissemination or otherwise making available, alignment or combination, restriction, transmission, erasure, or destruction.

"Affiliated businesses" of ELTEMATE include any entity that directly or indirectly controls, is controlled by or is under common control with ELTEMATE, and, additionally includes Hogan Lovells International LLP, Hogan Lovells US LLP and any legal entity controlling, controlled by or under common control with Hogan Lovells US LLP or Hogan Lovells International LLP, as well as any entity, which provides legal services or other related services under a name or brand including the words or letters "Hogan Lovells", "HL" or "Eltemate". For purposes of this definition, the term "control" (including the terms "controlling", "controlled by" and "under common control with") means the possession, direct or indirect, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities or otherwise.

SECTION TWO: THE TYPES OF PERSONAL DATA WE COLLECT

The types of personal data we collect about you depend on your interactions with us and are described below. Please note that the data elements in the sections below are only considered "personal data" when concerning a natural person, and not when it directly concerns a legal person or entity.

I.  Personal Data You Provide to Us

Depending on the context of your interactions with us, the categories of your personal data we may process are:

  • Contact Data, such as your name, email address, business information, telephone number.
  • General Work Data, such as your business title, business email address and telephone number, office location, area, jurisdiction, job category, and practice group.
  • Unique Identifier Data, such as personal data that we can use to identify you as a unique individual, e.g., your name, telephone number, postal or email address, bar license number, job title, social media identifiers, signature, and government issued identification numbers (for example, your social security number, passport or identity card number). If you have registered with a Digital Service, we may also collect your account username and password.
  • Demographic Data, such as your age and gender, and which may include sensitive personal data or information about protected classifications, such as race, sexual orientation, marital status, or veteran status.
  • Professional and Educational Data, such as personal data related to your application for a role with us during a recruitment process. Such data can include, for example, your occupation, your current or previous employers, your job title, or other information about the organization with which you are affiliated. You might also provide information about your professional qualifications or your education, academic degrees, fields of study, the institutions you’ve attended, languages, professional memberships, and certifications. For further information on how we may process your personal data during the recruitment process, please refer to our Applicant Privacy Notice.
  • Third Party Risk and Security Assessment Data, such as personal data processed for risk assessment and security purposes during the procurement process of vendors (incl., information when using third party service providers for third party risk management), such as security questionnaire responses (where the Data Subject is personally identified/identifiable), full name of the vendor’s contact, job title and department, and work email.
  • Health Data, such as accessibility requirements and dietary restrictions. Where such data relates to individuals in Brazil, we only process sensitive personal data as defined under LGPD in strict accordance with the legal bases set out in Article 11 of the LGPD.
  • Geolocation Data, such as your city, state or province, and country. When you access the Digital Services, we may collect precise geolocation information if you permit the Digital Services to access such personal data so that we may provide you with content based on your location and your proximity to our offices.
  • Audio and Visual Data, such as your voice and likeness as captured in photographs, video, or audio recordings if you attend our events, visit our offices, or leave us a voicemail.
  • User Content Data, such as comments or other material you post to our social media pages, blogs, or other forums on our Digital Services.
  • Preferences Data, such as your stated interests, how frequently you wish to receive our newsletters, or other communications.
  • Support Data, such as personal data which may include the feedback you provide us, the data that you share with us when you reach out to us via the helpdesk to resolve an issue, etc.
  • Any other personal data you choose to provide us with.

You may use our Digital Services without providing us with personal data, though we may still collect your personal data automatically as described in the next section.

II.  Personal Data We May Collect Automatically or Generate

We may process your personal data when you interact with us or our Digital Services, which may include the following categories of personal data:

  • Device Data, such as information about the device you use to access our Digital Services, such as our website — whether it's a computer, phone, tablet, or another type of device. Depending on the device, this data may include your IP address (or proxy server), operating system and version, language settings, device and app identification numbers, location data, browser type, Internet service provider or mobile carrier, and system configuration details.
  • Interaction Data, such as information about your interaction with our Digital Services, for example the content you view and features you access on our Digital Services, the pages you view immediately before and after you access our Digital Services, whether and how you interact with content available on our Digital Services, and the search terms you enter on our Digital Services. Depending on the service, Interaction Data may also involve detailed content interaction data, such as when and how often content was viewed, patterns of page navigation, visit timestamps (e.g., duration of visits, number of visits, time spent on each page, and frequency of access), the navigation path taken (especially the sequence of pages visited), user interactions, features and modules accessed on our Digital Services. This type of personal data may also include number of logins, training completion status, the statistics related to your interactions with our Digital Services generated by you while using our Digital Services. This personal data may also be processed in an aggregated manner. We may also collect information about the events and materials in which you have indicated interest or for which you have registered. Interaction Data also includes our local area network facilities (such as WiFi).
  • Marketing and Communications Data, including inference thereof, such as social media data gathered through our social media campaigns, events you have chosen to attend, the names, job titles, companies and email addresses of subscribers to our newsletter and publications.
  • User Content Data, such as information you post or make available online, for instance through your social media posts or publications, or which is indexed by a search engine and freely accessible online when using a search engine.
  • Tracking Data, such as scripts, API calls, SDKs (Software Development Kits), Device Fingerprinting, IP Address Tracking, Pixels and Tags, Cookies, Unique Identifiers and Tokens. We and our service providers or third parties acting on our behalf may collect and store information on your device when you use, access, or interact with our Digital Services. For information about how we use these technologies and the choices you may have, please see our Cookies Policy and the notices hosted in the Digital Services you may use. We do not currently respond to "Do Not Track" signals.

III.  Personal Data Derived from Other Sources

ELTEMATE may process some of the categories of your personal data described above which we receive from other sources, such as from our customers, employees, business partners, business contact databases, enrichment services, and social media platforms. We may also process personal data which we obtain from publicly available sources, such as printed publications, websites and other information accessible via search engines.

SECTION THREE: HOW WE PROCESS YOUR DATA

ELTEMATE may process your personal data, as relevant, for the following purposes:

A.  Administration of Customer Accounts and Provision of Customer Support

ELTEMATE may process your personal data, such as Contact Data, Financial Data, General Work Data and Unique Identifier Data, to manage the business relationship with our customers, and provide customer support. For example, we may process your personal data:

  • For our legitimate business purposes, including internal administration, data analysis, billing, and detecting, preventing, and responding to actual or potential fraud, illegal activities, or intellectual property infringement.
  • To understand how you use our services, including by generating and analyzing statistics.
  • To manage your online account(s) with our Digital Services and send you technical notices, updates, security alerts, and other administrative messages.
  • To maintain the accuracy of our list of contacts.
  • To respond to customer inquiries or communications.

(collectively, "Customer Support").

Certain personal data, including a business partner’s or customers' names and addresses, can be used for other purposes in accordance with the agreement entered into between the business partner or customer and us. In this case, you will be informed how and for what purposes this personal data will be processed.

B.  Talent Management

ELTEMATE may process your personal data for recruitment, hiring, and employment purposes. Where necessary and where permitted by applicable law this may include the processing of sensitive/special categories of personal data such as political opinions, religious beliefs, health, race/ethnicity, sexual orientation, trade union membership, criminal offences and proceedings. Please refer to our Applicant Privacy Notice, as applicable, to learn how we process your data when you apply for a position with us.

For individuals in Brazil, processing of sensitive personal data will be limited to the legal bases permitted by Article 11 of the LGPD (e.g., compliance with legal or regulatory obligations, the exercise of rights, protection of life or health, or express consent).

C.  Other Activities, Including Marketing and Business Development

ELTEMATE may invite customers, you and/or third parties to attend events or take advantage of resources that we think might be relevant or of interest to them.

When we process personal data to send direct marketing messages electronically, we will offer appropriate opt-out options as required by applicable law.

D.  Collaboration and Communication Tools

Where required, ELTEMATE may use different means to communicate to prospective or existing customers or third parties in order to inform about new functionalities of our Digital Services, receive feedback regarding our Digital Services and/or maintain business relationships. This may include the use of secured collaboration tools such as Zoom, Microsoft Teams or Microsoft Outlook, as well as online surveys.

We also use automated cybersecurity systems to review, scan, and analyze collaboration tools for all the purposes listed in Section 3.

E.   Analytics, Usage and Improvement of Digital Services

We may automatically process personal data for analytical purposes to better understand how our customers and business partners interact with our Digital Services. This enables us to identify trends, improve the quality of functionalities we provide, enhance user experience, and develop new features that meet the evolving needs of our users. By analyzing usage patterns and feedback, we can make data-driven decisions that ensure our product remains effective, reliable, and aligned with user expectations. This information may also be processed for testing purposes and troubleshooting. We may also invite customers and business partners to participate in surveys and conduct other market research from time to time.

Certain business partners may be invited to join a dedicated online platform to interact with us and/or exchange experiences with other business partners.

Please consult the information we provide when you are invited to participate in a survey, market research, or to join an online platform, to understand how your personal data may be processed differently than what is described in this Notice.

F.  Access, E-Discovery, Security, Fraud Detection and Prevention

ELTEMATE may process the information provided to us, which may include personal data, in order to provide you with access to our legal technology and other services.

We may also process personal data in order to ensure the integrity, confidentiality and availability of our systems, investigate, prevent, and detect fraud/misconduct and other illegal acts. This may include personal data a customer or business partner has provided to ELTEMATE.

ELTEMATE may also process personal data to facilitate investigation and enforcement by competent authorities, where necessary. For these purposes, personal data may be shared with law enforcement authorities.

ELTEMATE can also use personal data for risk assessment and security purposes, including the authentication of users, using third-party service providers for third-party risk management. These providers help us to assess the business risk profile of our business partners and may provide us with third-party due diligence reports.

G.  Legal and Contractual Compliance

We may process personal data as we believe reasonably necessary or appropriate to comply with our legal obligations, and to respond to legal processes or requests for information issued by government authorities or other third parties, or to protect your, our, or others’ rights.  We may also use it to enforce our agreement(s) with customers and business partners or solve a complaint or claim involving a customer or business associate, as reasonably expected, and in accordance with internal policies and procedures.

If we ever automate means to process personal data, which produces legal effects or significantly affects you or other natural persons similarly, we will implement suitable measures to safeguard your or another person’s rights and freedoms. This includes the right to obtain human intervention.

SECTION FOUR: LEGAL BASES FOR PERSONAL DATA PROCESSING

ELTEMATE generally relies on its and its customers’ legitimate interests to process personal data for the purpose of managing its business, providing its services, obtaining services from business partners, preventing fraud and improving its services. When using personal data to serve its or a third party's legitimate interest, ELTEMATE will always balance an individual’s rights and the protection of their personal data against ELTEMATE and/or the third party’s rights and interests.

For processing subject to the LGPD, we rely on the legal bases provided under LGPD, which include consent, compliance with legal or regulatory obligations, the execution of contracts or preliminary procedures, the exercise of rights in judicial, administration or arbitration proceedings, and legitimate interests supported by a balancing assessment.

  1. For purpose A: Administration of Customer Accounts and Provision of Customer Support

We rely on the need to fulfil our contractual obligations, where we process your personal data to fulfill our obligations to you such as responding to support queries and troubleshooting. We may also rely on our legitimate interests to improve our services and resolve issues, ensuring that these interests do not override your rights. In some instances, we process data based on your consent, particularly when you voluntarily share additional information with us.

b.       For purpose B: Talent Management

We rely principally on our need to process personal data for the purpose of compliance with relevant laws relating to recruitment and employment, and for the purposes of managing our contractual obligations with the relevant individual. This also includes the steps taken by us prior to recruiting you at ELTEMATE. For further information, please consult the Applicant Privacy Notice. In the case of the processing of sensitive personal data, the principal legal basis will be the consent of the individual. Where we are required to conduct background checks on you, we do so to comply with applicable laws.

      c.       For purpose C: Other Activities, Including Marketing and Business Development

We may process your personal data based on our legitimate interests to invite you and/or third parties to attend events, or access resources that we believe may be relevant or of interest. When using personal data for direct marketing, we rely on your consent or legitimate interests, ensuring that we provide appropriate opt-out options as required by law.

      d.      For purposes D to G: Collaboration and Communication Tools, Analytics, Usage and Improvement of Digital Services, Access, E-Discovery, Security, Fraud Detection and Prevention and Legal and Contractual Compliance

We rely, where applicable, on compliance with legal obligations (such as obligations under statute or lawful requests from law enforcement bodies, and to conduct due diligence when onboarding vendors). We may also process your personal data by relying on our legitimate interests to improve our Digital Services, ensure system integrity, assess vendor readiness and resolve issues, ensuring that these interests do not override your rights. Where needed under applicable data protection laws, we will obtain your consent prior to processing personal data, including for marketing purposes or as otherwise required by law. During the vendor procurement process, we may process your personal data based on contractual necessity to identify and communicate with you.

Object to Processing:

If you wish to object to the processing set out under purposes A, C to G and you are unable to find a way to opt out directly (for example, in your account settings), please contact dpo@eltemate.com.

SECTION FIVE: DATA SHARING

ELTEMATE does not sell your personal data. We also do not share personal data that reasonably identifies you with unaffiliated entities for their independent use except when we have your permission, are doing so at your direction, as needed to comply with our legal obligations, as permitted by applicable law, or as otherwise described in this Notice. Please note that any personal data that you may post to a profile, blog, comment section, or forum on our Digital Services or social media pages may be available to other users of those forums or, in some cases, made publicly available.

We may also disclose the categories of personal data we process to the following categories of recipients in furtherance of the purposes described above:

  • Affiliated Businesses: We may share personal data with our affiliated businesses located in jurisdictions around the world for any of the purposes listed above.
  • Business Partners and Third Party Service Providers: We may share personal data with our business partners and third parties that perform services on our behalf, such as web-hosting companies, mailing vendors, third-party analytics providers, event hosting services, and information technology providers. We may share your personal data with others, with your consent or at your direction, including if we notify you that your personal data may be shared, and you provide us with such personal data. For example, we may share your name and contact information with a business partner who co-sponsors an event you attend or publication you sign up for or with a social media service if you share or like our content. Additionally, our Digital Services may include integrated content or links to content provided by third parties (such as video materials). This Notice does not address the privacy, security, or other practices of the third parties that provide such content; please refer to the respective third-party privacy notice(s).

Our third party service providers or third parties engaged on our behalf, may use cookies and similar tracking technologies to collect data from you and store information on your device when you use, access, or otherwise interact with our Digital Services. These third parties may track your online activities over time and across different websites and applications. Please see our Cookies Policy for more information about such third-party providers and your choices.

  • Law Enforcement, Government Authorities, or Third Parties with Legal Rights: We may share personal data as may be permitted or required by the laws of any jurisdiction that may apply to us, as provided for under an applicable contract that we may have with you or a third party, or as we deem reasonably necessary to provide our services. In these circumstances, we strive to take reasonable efforts to notify you before we disclose personal data that may reasonably identify you or your organization, unless prior notice is prohibited by applicable law or is not possible or reasonable in the circumstances.
  • Parties in Connection with a Business Transaction: We may share your personal data with service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a transaction in which we are acquired by or merged with another company or if we sell, liquidate, or transfer all or a portion of our assets, as well as in relation to any bankruptcy or corporate reorganization.

SECTION SIX: PERSONAL DATA RETENTION AND DESTRUCTION

We will retain personal data for only as long as deemed necessary to manage the business relationship with a customer, you or a business partner, to provide Digital Services to you, a customer or business partner and to comply with applicable laws (including those regarding document retention), resolve disputes or claims with any parties, and as otherwise necessary to allow us to conduct our business.

All personal data we retain about you, a customer or a business partner is subject to this Notice, contractual obligations with the customer, and our internal retention and destruction guidelines. If you have questions about the specific retention periods for the various types of personal data we process, please contact dpo@eltemate.com.

For individuals in Brazil, personal data will be deleted or anonymized once the processing purposes have been achieved, except where further retention is required to comply with legal or regulatory obligations or to protect rights in judicial, administrative or arbitration proceedings, in line with LGPD.

SECTION SEVEN: PERSONAL DATA PROTECTION AND STORAGE

ELTEMATE deploys commercially reasonable organizational, technical, and physical safeguards designed to comply with applicable legal requirements and safeguard the personal data that we process. This includes, when required or appropriate and feasible, obtaining written assurances from third parties that may access your personal data that they will protect such personal data with safeguards designed to provide a level of protection similar to those adopted by us.

However, no information system can be 100% secure. We cannot guarantee the absolute security of your personal data. Moreover, we are not responsible for the security of the personal data you transmit to us over networks that we do not control, including the Internet and wireless networks.

We may transfer your personal data to countries outside of your country of residence, which may have data protection laws and regulations that differ from those in your country.

Any transfers of personal data originating from within the European Union/European Economic Area, United Kingdom or Brazil to countries outside the EU/EEA, UK or Brazil (other than to territories deemed to have adequate data protection legislation by relevant authorities) will normally be made on the basis of the model clauses approved by the European Commission, which may be found at the European Commission's website at https://ec.europa.eu, and/or (as appropriate) on the basis of the standard contractual clauses issued by the Brazilian Data Protection Authority ("ANPD") under Resolution CD/ANPD No. 19/2024, Annex II, located at https://www.gov.br/anpd/pt-br/acesso-a-informacao/institucional/atos-normativos/regulamentacoes_anpd/resolucao-cd-anpd-no-19-de-23-de-agosto-de-2024 and/or standard data protection clauses issued by the UK’s Information Commissioner Office, which may be found on its website at https://ico.org.uk. We retain personal data we collect no longer than reasonably necessary to fulfill the purposes for which personal data was collected and to comply with our legal obligations.

In the event of a personal data breach involving individuals in Brazil that may cause relevant risk or damage, we will notify ANPD and affected data subjects as required by LGPD.

SECTION EIGHT: YOUR PRIVACY & DATA PROTECTION RIGHTS

ELTEMATE operates in jurisdictions that impose varying obligations and that grant you differing levels of protection, particularly with respect to your personal data. Depending on applicable data protection laws, you may have certain rights with respect to your personal data, including, for example, the rights to:

  • Update or correct your personal data if you believe it is incomplete or inaccurate.
  • Erase or delete your personal data, subject to certain exceptions under applicable laws.
  • Object to our processing of your personal data, if we rely on a legitimate interest, or otherwise restrict our processing activities (if permitted by law). For instance, if you no longer wish to receive marketing communications from us, you can let us know by contacting us using the information available in Section Twelve: How to Contact Us . Our digital marketing communications may provide unsubscribe or opt-out mechanisms that allow you to modify your communications preferences. Please note that if you opt-out of marketing communications, we may still contact you with non-promotional communications, such as those about ongoing business relations or administrative messages.
  • Restrict certain transfers of your personal data to third parties.
  • Withdraw your consent to processing, where we base our processing of your personal data on consent. For instance, if you have previously consented to sharing precise geolocation information with our Digital Services, you can choose to stop the collection of this information at any time by changing the preferences on your browser or mobile device settings.
  • Not be denied goods or services for exercising your rights under applicable law.
  • Complain to your local supervisory authority.
  • Right to opt-out of sales or sharing of personal data.
  • Right to be informed on how we are processing your personal data.
  • Right to access personal data of yours that we process as well as to collect a copy of such personal data.
  • Where applicable, right to request and obtain your personal data in a structured, commonly used, and machine-readable format (only applies to personal data that is being processed by automated means, and that is processed based on your consent or to fulfil our contractual obligations to you).
  • Right not to be subject to a decision based solely on automated processing, unless the legal requirements for this are met.

We do not process your personal data for the purposes of making decisions based solely on automated decision-making).

You can exercise your rights (if applicable) by submitting a request to our Data Protection Officer at dpo@eltemate.com. We are required to verify your identity to ensure the confidentiality of your personal data. This means that before we can fulfil your request, we may need to request certain details or documentation from you to confirm your identity. We will only use the personal data provided by you for the sole purpose of identity verification. Please note that until your identity is verified, we may not be able to process your request.

SECTION NINE: ADDITIONAL RIGHTS

California Residents

In addition to the rights stipulated in Section 8, residents of California have additional rights related to their personal information through the California Consumer Privacy Act amended by the California Privacy Rights Act. This section supplements the other sections of this Notice. In this section, “personal data” and “personal information” shall be read as being analogous to one another.

Right to Know About Personal Information Collected or Disclosed and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you upon request:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or sharing your personal information.
  • The categories of third parties to whom we disclose personal information.
  • The specific pieces of personal information we collected about you.
  • If we share your personal information, or disclose it for a business purpose, we will also disclose:
    • The categories of personal information that we shared; and
    • The categories of personal information that we disclosed for a business purpose.

Right to Correction and Deletion

You have the right to request that we correct any inaccurate personal information that we maintain about you considering the nature of the personal information and the purposes of the processing of the personal information. You also have the right to request deletion of your personal information that we have collected from you and retained, subject to certain exceptions.

Once we receive and confirm your verifiable consumer request, we will use commercially reasonably efforts to correct the inaccurate information and delete (and notify our service providers and/or contractors to delete) your personal information from our records, unless an exception applies. We will also notify all third parties with whom we have shared your personal information to delete it to the extent required by law.

Right to Opt-out of Sales or Sharing of Personal Information

Right to direct us to not sell or share (i.e., disclose to a third party for cross-context behavioural advertising, whether or not for monetary of other valuable consideration) your personal information at any time (the "right to opt-out").

Right to Limit the Use and Disclosure of Sensitive Personal Information

Right to direct that we limit the use of any sensitive personal information that we might collect about you to that which is necessary for the purposes specified under applicable law.

Right to Non-Discrimination

ELTEMATE will not discriminate against you for exercising any of your rights as set forth in this Notice. Unless permitted by the law, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives permitted by the law that can result in different prices, rates, or quality levels. 

Rights Under California’s "Shine the Light" Law

Under California’s "Shine the Light" law (Civil Code Section § 1798.83), California residents who are users of our Digital Services can request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.

Exercising your Rights

To exercise your rights, please submit a verifiable consumer request to us by email to dpo@eltemate.com.  You will be asked to provide certain personal information when submitting your request including your relationship with us, first and last name, email address, telephone number, and postal address in order for us to determine if your information is in our systems.

We will verify and respond to your request consistent with applicable law. We may need to request additional personal information from you in order to protect against fraudulent or spoofed requests. If you want to make a request as an authorized agent on behalf of a California resident, you may use the submission method noted above. As part of our verification process, we may request that you provide us with the documentation specified under applicable law.

A.   Brazilian Residents

Brazilian residents benefit from legal protections granted by Brazil's Federal General Personal Data Protection law (Lei Geral de Proteção de Dados Pessoais "LGPD"). In addition to the rights listed in Section 8 of this Notice, Brazilian residents also have the following additional rights:

Right to Information on Public and Private Data Sharing

Right to know the names of public and private entities with which your personal data has been shared.

Right to Anonymization or Blocking for Unnecessary or Excessive Data

Right to request anonymization or blocking of personal data processed unnecessarily, or more than the stated purpose.

You can exercise your rights under the LGPD by submitting a request to our Data Protection Officer at dpo@eltemate.com.

SECTION TEN:  CHILDREN UNDER THE AGE OF 13

We do not knowingly collect and/or process any personal data from children under the age of 13 without parental consent, unless permitted by applicable laws. If we learn that a child under the age of 13 has provided us with personal data, we will delete that information in accordance with applicable laws.

SECTION ELEVEN: CHANGES TO THIS PRIVACY NOTICE

We may update this Notice periodically and will revise the date at the bottom of this Notice to reflect the date when such update occurred. If we make any material changes in the way we collect, use, and/or share the personal data that you have provided, we will endeavour to provide you with notice before such changes take effect, such as by posting a notice on the ELTEMATE website.

SECTION TWELVE: HOW TO CONTACT US

If you have questions, requests, or concerns about how we process your personal data, or would like to exercise any of the rights you have under this Notice, contact our Data Protection Officer at dpo@eltemate.com. You can also contact your local data protection authority.

We address privacy specific questions, requests, and concerns that are reported to us by using our internal policies and procedures, which are based on applicable data protection laws, regulations, and guidance. We revisit and enhance these policies and procedures regularly, also considering customer or business partner feedback.

Last Updated: 15 October 2025