Data Protection Notice – MOTO GROSSO EXPORT'S

Data protection notice of MATO GROSSO Importação & Exportação Ltda

As of: May 2025

MATO GROSSO EXPORTS thanks you for your interest in our products and for visiting our website.

General information about our online offer

MATO GROSSO Importação & Exportação Ltda (hereinafter “MATO GROSSO“, “we” or “us“), with registered office at Avenida Salgado Filho, 2120 – Centro, Guarulhos-SP, CEP 07.115-000, Brazil, takes the protection of your personal data very seriously.

This data protection notice provides information about which personal data we collect, process and store as part of our website and our business activities. It applies to all users of our website and our services – worldwide – taking into account the relevant local data protection laws, in particular:

Brazil: Lei Geral de Proteção de Dados (LGPD, Law No. 13.709/2018)
European Union / EEA: General Data Protection Regulation (GDPR)
USA: California Consumer Privacy Act (CCPA) and other relevant federal regulations
Kanada: Personal Information Protection and Electronic Documents Act (PIPEDA)
Other national data protection regulations, insofar as they apply

The aim of this statement is to give you a transparent overview of how and for what purposes we use your personal data and what rights you have in this regard.

1. Responsible person and contact options

1.1 Person responsible within the meaning of data protection laws

Responsible for the processing of personal data within the meaning of the Brazilian Lei Geral de Proteção de Dados (LGPD) and – where applicable – the General Data Protection Regulation (GDPR) of the European Union:

MATA GROSSO Importação & Exportação Ltda
Avenida Salgado Filho 2420 Centro-Guarulhos-SP
CEP 07.125-000
Brazil

Our data protection officer is available to answer any questions you may have about data protection and the exercise of your rights:

Email: sale@matogrossoexportsltdabr.com

Phone / WhatsApp: +5511954576643

1.2 EU representative pursuant to Art. 27 GDPR

Since we do not operate a branch in the European Union, but process personal data of EU citizens – for example through website access from the EU area – we have appointed the following EU representative in accordance with Art. 27 GDPR:

Peter H. Burdzik

Email: sale@matogrossoexportsltdabr.com

Note: The EU representative is only responsible for official inquiries and formal complaints. EU users can also contact our Brazilian Data Protection Officer directly with general questions or to exercise their data subject rights.

Legal background:
According to Art. 27 GDPR, a representative in the EU is required if a non-European company processes personal data of persons within the EU without having its own establishment there. This applies in particular to the provision of online services, tracking via analysis tools or other interactions relevant to data protection.

2. Principles of data processing

The protection of your personal data is a key concern for us. We always process your data in accordance with the applicable data protection laws – in particular the Brazilian Lei Geral de Proteção de Dados (LGPD), the European General Data Protection Regulation (GDPR) and other relevant regulations. We adhere to the following principles:

Legality:
Personal data is only processed if legal permission or valid consent has been granted.
Transparency:
We inform you in a clear and comprehensible manner about the type, scope, purpose and legal basis of data processing.
Earmarking:
Data is only collected for clearly defined and legitimate purposes and is not processed in a way that is incompatible with these purposes.
Data minimization:
We only collect and process the data that is actually required for the respective purposes.
Correctness:
We ensure that your data is factually correct and up-to-date and take measures to correct incorrect data.
Memory limitation:
Personal data is only stored for as long as is necessary for the fulfillment of the purposes or as required by law.
Integrity and confidentiality:
We protect your data against unauthorized access, loss or manipulation using suitable technical and organizational security measures.

3. Types of personal data collected

When you use our website and contact us, we process the following categories of personal data:

3.1 Automatically collected access data (server log files)

When you visit our website, the browser you use automatically transmits information to our server. This information is temporarily stored in so-called server log files. The following data is collected automatically:

Anonymized IP address (shortened, no tracing possible)
Date and time of access
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transferred in each case
Website from which the request comes (referrer URL)
Browser type and version
Operating system and its interface
Language and version of the browser software

This data is technically necessary to display the website, to ensure its stability and security and to improve our offering. This data is not merged with other data sources.
Legal basis: Art. 10 LGPD, Art. 6 para. 1 lit. f GDPR (legitimate interest).

3.2 Data when contacting us (e.g. by form, e-mail or telephone)

When you contact us, for example via our contact form, by e-mail or by telephone, we process the personal data you provide, in particular:

First and last name
Email address
Your phone number
Company name (if specified)
Content of your message
Other voluntarily provided information or attachments

We process this data exclusively for the purpose of processing your request and for contacting you.
Legal basis: Art. 7 LGPD, Art. 6 para. 1 lit. b GDPR (contract fulfillment or pre-contractual measures).

4. Cookies and tracking technologies

4.1 General information on the use of cookies

Our website uses cookies and similar technologies to enable certain functions, improve the user experience and statistically evaluate the behavior of visitors. Cookies are small text files that are stored on your end device and contain certain information.
We distinguish between the following categories:

a) Technically necessary cookies
These cookies are required to provide basic functions of the website (e.g. page navigation, access to protected areas). They are set automatically and do not require consent.
Legal basis: Art. 10 LGPD, Art. 6 para. 1 lit. f GDPR (legitimate interest in a functional website).

b) Analysis and marketing cookies
These cookies help us to better understand user behavior, optimize our website and target marketing campaigns. They are only activated with your express consent via our cookie banner.
Legal basis: Art. 7 LGPD, Art. 6 para. 1 lit. a GDPR (consent).

In detail, we use the following with the appropriate consent:

Google Analytics (Google LLC): For the creation of pseudonymous usage statistics
Meta Pixel (Meta Platforms Inc.): For the analysis and optimization of our Facebook/Instagram advertising
LinkedIn Insight Tag (LinkedIn Ireland Unlimited Company): For measuring the success of LinkedIn advertising campaigns

Note for users from Germany:
In order to comply with the provisions of Section 25 TTDSG and the GDPR, we only use analysis and marketing cookies if you have actively consented via the cookie banner. Our solution automatically recognizes the country from which you are accessing the site and adapts the consent management accordingly.

4. Cookies and tracking technologies

In detail, we use the following with the appropriate consent:

Google Analytics (Google LLC): For the creation of pseudonymous usage statistics
Meta Pixel (Meta Platforms Inc.): For the analysis and optimization of our Facebook/Instagram advertising
LinkedIn Insight Tag (LinkedIn Ireland Unlimited Company): For measuring the success of LinkedIn advertising campaigns

4.2 Managing your cookie settings

You can change or revoke your consent at any time:

Via the cookie banner (accessible again via the link in the footer of our website)
By making the appropriate settings in your browser (e.g. blocking or deleting cookies)

Please note that if cookies are deactivated, individual functions of the website may be restricted.

4.3 Use of the Consent Tool “Pressidium Cookie Consent”

We use the consent tool “Pressidium Cookie Consent” to manage the cookies and similar technologies used on our website (e.g. tracking pixels, tags) and the related consents. The tool displays a banner to obtain consent, controls the loading of non-essential scripts, and stores your preferences. Your consent decision is saved in a cookie on your device and—if configured—in a server-side log so that we can document your consent and its status.

Categories of data processed: consent decision per category (e.g. analytics), timestamp, language/region, technical metadata (e.g. pseudonymous identifier, browser information); no usage profiling is performed based on this data.

Legal bases: Art. 6(1)(c) GDPR (compliance with a legal obligation to obtain/manage consent) and Art. 6(1)(f) GDPR (our legitimate interest in documenting consents and controlling cookies/scripts).

Recipients / processing location: The tool is operated by us on our website. Our hosting/service providers act as processors under Art. 28 GDPR. We do not otherwise disclose consent data to third parties. Where data is processed outside the EEA, appropriate safeguards (e.g. Standard Contractual Clauses) are in place.

Storage period: The consent cookie is stored for 182 days (unless you delete it earlier). Server-side consent logs are retained for up to 24 months (or longer if required to demonstrate compliance) and then deleted or anonymised.

Voluntary provision & withdrawal: You are not legally or contractually obliged to provide personal data for this purpose. You can withdraw or change your consent at any time with effect for the future via the Cookie Settings (floating button). The lawfulness of processing based on consent before its withdrawal remains unaffected.

5. Data sharing and international transfers

5.1 Cooperation with service providers

We use external service providers to provide our services, particularly in the following areas:

Web hosting
Customer relationship management (CRM)
Marketing and analysis
IT security and support

All contracted service providers are carefully selected and contractually obliged to comply with strict data protection and confidentiality regulations. Processing is only carried out on our instructions and in accordance with the applicable data protection laws.

5.2 International data transfers

As an internationally active company, it may be necessary to transfer personal data to countries outside your country of residence. In doing so, we always ensure an appropriate level of data protection and take suitable protective measures.

Transfers are made on the following legal bases:

Our website is hosted exclusively on servers in Germany by a data protection-compliant hosting provider.

Please note:
Personal data will only be transferred to third countries outside the European Economic Area (EEA) if you communicate with us via channels outside the EU (e.g. email or WhatsApp to Brazil) or if this is necessary to fulfill contractual obligations.

6. Data security

The protection of your personal data is a top priority for us. We use a variety of technical and organizational security measures to ensure a level of protection appropriate to the risk – in accordance with Art. 32 GDPR, Art. 46 LGPD and relevant international standards.

Our most important protective measures at a glance:

TLS encryption (HTTPS) for all connections
Regular security and system updates
Access restrictions through role and rights management
Two-factor authentication for administration access
Regular training for our employees in the area of data protection and information security

Obligation to report data breaches:
In the event of a security breach affecting personal data, we fulfill our legal obligations to provide information:

EU citizens: Notification to the competent supervisory authority within 72 hours (Art. 33 GDPR)
Brazilian users: Notification to the ANPD and persons concerned within 2 working days (Art. 48 LGPD)
Canadian users: Informing data subjects within 60 days in the event of reportable incidents (in accordance with PIPEDA)

Hosting in Germany – additional security from our provider:

ISO/IEC 27001-certified data centers
Physical protection through biometric access systems, video surveillance and access controls
Daily backups in geographically separated high-security data centers
Regular external security audits and penetration tests

These measures ensure a high level of availability, integrity and confidentiality of your data – in accordance with international data protection requirements.

7. Your rights

Depending on your place of residence and the applicable data protection legislation, you have certain rights in relation to your personal data.

7.1 Rights under the LGPD (Brazil)

You have the right to:

Confirmation of whether your data is being processed
Access to your personal data
Correction of incomplete, incorrect or outdated data
Anonymization, blocking or deletion of unnecessary or excessive data
Data portability to another service provider
Revocation of your consent
Information about public and private bodies with which we share your data

7.2 Rights under the GDPR (EU/EEA)

You have the right to:

Confirmation of whether your data is being processed
Access to your personal data
Correction of incomplete, incorrect or outdated data
Anonymization, blocking or deletion of unnecessary or excessive data
Data portability to another service provider
Revocation of your consent
Information about public and private bodies with which we share your data

7.2 Rights under the GDPR (EU/EEA)

You have the following rights:

Information about your stored data (Art. 15 GDPR)
Correction of incorrect or incomplete data (Art. 16 GDPR)
Erasure of your data (“right to be forgotten”, Art. 17 GDPR)
Restriction of processing (Art. 18 GDPR)
Data portability (Art. 20 GDPR)
Objection to certain processing operations (Art. 21 GDPR)
Withdrawal of your consent (Art. 7 para. 3 GDPR)

7.3 Rights pursuant to CCPA (California, USA)

California users are entitled to:

Information about the personal data collected about you
Deletion of this data
Opt-out from the sale of personal data
Protection against discriminatory treatment when exercising these rights

7.4 Rights under PIPEDA (Canada)

Canadian users have the following rights:

Access to the personal data stored about them
Correction of incorrect information
Objection to use for marketing purposes
Right to complain to the Office of the Privacy Commissioner of Canada (OPC)
Right to written information within 30 days (Art. 8 PIPEDA)
No disclosure to third parties without express consent (except for contract fulfillment; Principle 4.1.3)
Protection for data transfers, e.g. to the USA, through standard contractual clauses and encryption

Note: Responses to Canadian privacy requests will be in English or French in accordance with Section 4.5 of the PIPEDA Guidelines.

How to exercise your rights:

Send your request by e-mail to sale@matogrossoexportsltdabr.com with the following details:

Subject: “Data protection request [your region]”
Clarification of which right you wish to exercise
Copy of a valid identity document (please black out sensitive information)

We process all requests within the legally prescribed deadlines – usually within 30 days.

8. Storage period

We only store personal data for as long as is necessary for the respective purposes or as required by law. The storage period depends, among other things, on contractual, tax or data protection requirements.

After expiry of the respective period, your data will either be deleted or anonymized, provided there are no other legal obligations to the contrary.

7.4 Rights under PIPEDA (Canada)

After expiry of the respective period, your data will either be deleted or anonymized, provided there are no other legal obligations to the contrary.

9. Special provisions by region

Our data protection practice is based on the applicable legal requirements of the country from which you access our services. Please note the following country-specific information:

9.1 Brazil (LGPD)

This privacy policy has been drawn up in accordance with the Lei Geral de Proteção de Dados (LGPD, Law No. 13.709/2018). The original Portuguese version of this statement is authoritative.

9.2 EU/EEA (GDPR)

In accordance with Art. 27 GDPR, we have appointed a data protection representative in the European Union, who can be contacted at

Email: sale@matogrossoexportsltdabr.com

EU citizens can also contact the competent data protection supervisory authority in their member state in the event of complaints.

As our website is operated by a German hosting provider, the GDPR applies primarily to all EU data processing. Data is only transferred to third countries:

at your express initiative (e.g. contacting our Brazilian branch by email),
in compliance with the guarantees specified in section 5.2 (e.g. SCCs).

Validity and Multilinguality

This data protection notice is published in several languages.

In the event of discrepancies or questions of interpretation, only the original Portuguese version shall be legally binding.

Translations into other languages are provided solely for the convenience of international users.