Contact Us
EN

PRIVACY AND PERSONAL DATA PROTECTION POLICY

Updated on March 17, 2026.

MasterSense, including its subsidiaries and operating units in Brazil, Mexico, Colombia, Chile, Bolivia, and Guatemala (“MasterSense” or “Company”), recognizes the importance of privacy and the protection of Personal Data.

This Policy establishes the general guidelines applicable to the Processing of Personal Data carried out by MasterSense in all countries where it operates, in compliance with applicable national data protection laws and widely accepted international standards.

In order to ensure local compliance and transparency, this Policy is complemented by country-specific Annexes, which detail the legal and operational provisions applicable in each jurisdiction and must be read and interpreted together with this multinational version.

The Company adopts principles of purpose, necessity, proportionality, transparency, prevention, minimization, security, and accountability in all operations involving Personal Data, ensuring respect for the privacy and trust of data subjects.

For the purposes of this Policy, “You” refers to any natural person whose Personal Data is processed by MasterSense, regardless of the country in which they are located.

1. DEFINITIONS

Before informing You how we collect, use, and store your Personal Data, we would like to define some terms used in this Policy so that, in case of doubt, You may refer to their meanings:

a) Personal Data: information related to an identified or identifiable natural person, including direct and indirect identifiers.

b) Sensitive Personal Data: information subject to enhanced protection under applicable laws, such as health data, biometric data, racial or ethnic origin, religious beliefs, or political opinions.

c) Processing: any operation performed on Personal Data, such as collection, access, use, storage, sharing, transmission, deletion, or anonymization.

d) Data Subject: the natural person to whom the Personal Data refers.

e) Controller: the entity that makes decisions regarding the purposes and means of Processing.

f) Processor: the entity or individual that processes data on behalf of the Controller.

g) Data Protection Authority: the public authority responsible for enforcing privacy regulations in each country.

h) Security Incident(s): any event that compromises the confidentiality, integrity, availability, or authenticity of Personal Data.

i) International Transfer: the transfer of Personal Data to another country or remote access by foreign entities.

j) Anonymization: a technical process that makes it impossible to identify, directly or indirectly, the data subject.

2. PERSONAL DATA WE COLLECT AND FOR WHAT PURPOSES?

MasterSense processes Personal Data within the scope of its commercial, operational, administrative, and institutional activities. The types of data collected and their purposes are outlined below, considering the Company’s global operations:

2.1 Commercial, institutional, and technical relationships with clients and partners

In the development of commercial and institutional relationships, Personal Data may be used to enable communication with clients, potential clients, suppliers, distributors, and other partners. This information allows the presentation of products and services, clarification of doubts, preparation and follow-up of proposals, negotiation processes, and the organization of meetings or technical visits.

It also enables maintaining interaction history, sharing technical and institutional materials, and ensuring the continuity of established relationships, always in a manner compatible with the Company’s legitimate purposes.

2.2 Digital interactions, technological platforms, and communication channels

When using MasterSense websites, electronic forms, digital platforms, and communication tools, Personal Data necessary for the functioning, authentication, and security of these environments may be processed.

Such information supports the recording of interactions and preferences, the improvement of functionalities, the prevention of Security Incidents, and the maintenance of the integrity of technological solutions.

Operational logs, technical records, and cookies may also be used for support, auditing, and continuous improvement of the Company’s digital interfaces.

2.3 Contract execution, product supply, and industrial and logistics operations

During contract execution and the performance of productive, technical, and logistics activities, Personal Data essential for order registration, delivery coordination, documentation of operational stages, product traceability, compliance with quality requirements, and proof of activities performed may be processed.

This information enables the fulfillment of contractual and legal obligations and ensures the proper functioning of operations conducted by MasterSense and its partners.

2.4 Sending and receiving samples, prototypes, and technical materials

When sending or receiving samples, prototypes, inputs, or technical materials, Personal Data may be used to identify senders and recipients, guide carriers, track shipments and receipts, and comply with safety or operational control requirements.

Addresses, contact details, and related information are processed exclusively for this purpose and only for the time strictly necessary.

2.5 Participation in events, trade fairs, external training, and webinars

In events, trade fairs, training sessions, workshops, and webinars organized or supported by MasterSense, Personal Data may be collected directly from the data subject or provided by event organizers.

This information enables registration, access control, provision of informational materials, scheduling, and institutional or technical interaction during and after participation.

Processing remains limited to the needs of each event and complies with applicable laws.

2.6 Administrative, employment, and service provider management

Within administrative activities and the management of employment or service relationships, Personal Data related to recruitment, hiring, contract administration, access control, time tracking, benefits processing, payments, corporate travel, and tax, labor, social security, health, and safety obligations may be processed.

These activities ensure compliance with legal requirements and the proper functioning of MasterSense’s internal operations.

2.7 Credentialing, access, and security in internal and external facilities

To allow individuals to enter Company or third-party facilities, Personal Data related to identification, credential issuance, entry and exit records, and compliance with security requirements may be processed.

These processes ensure operational integrity, protection of people and assets, and traceability for audits and investigations when applicable.

2.8 Compliance with legal, regulatory, and contractual obligations

Certain activities require the processing of Personal Data to comply with legal, regulatory, or contractual obligations related to MasterSense operations in the countries where it operates.

This includes tax, accounting, logistics, labor, social security, health, environmental, and compliance obligations.

Data is used exclusively for purposes related to the corresponding obligation, always observing the principle of data minimization.

2.9 Information security, system integrity, and business continuity

Maintaining the security of MasterSense’s technological environments may require processing Personal Data for user authentication, access logging, activity monitoring, and ensuring the integrity, confidentiality, and availability of information.

These processes aim to protect technological assets, prevent Security Incidents, and ensure business continuity.

Personal Data in this context is processed proportionally and limited to what is necessary, in compliance with applicable laws and internal information security policies.

2.10 Other compatible and previously informed purposes

MasterSense may also use Personal Data for additional purposes, provided they are compatible with the original context of collection, aligned with reasonable expectations of data subjects, and supported by an appropriate legal basis.

This may include internal process improvements, product and service development, operational enhancements, institutional analyses, or other activities aligned with the Company’s legitimate purposes.

In all cases, processing will be transparent and limited to what is necessary.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL DATA?

The Personal Data Processing activities described in Section 2 of this Policy are carried out based on legal grounds recognized by applicable data protection laws in the countries where MasterSense operates.

The choice of legal basis depends on the context of the Processing, the purpose involved, and the nature of the relationship established between the data subject and the Company.

National laws may provide for specific legal grounds or additional conditions for certain Processing activities. Such particularities are detailed in the Annexes of this Policy.

3.1 Commercial, institutional, and technical relationships with clients and partners

The Processing of Personal Data carried out to enable communication with clients, suppliers, distributors, and other partners is primarily based on the execution of a contract and the preliminary steps necessary for its formalization.

In certain cases, where applicable under local legislation, the Company’s legitimate interest may also serve as a legal basis, particularly when related to maintaining business relationships, responding to requests, or providing technical support associated with products and services.

3.2 Digital interactions, technological platforms, and communication channels

The Processing of Personal Data resulting from the use of websites, digital platforms, corporate systems, and communication channels is generally based on the Company’s legitimate interest in ensuring the functionality, security, and continuous improvement of its digital environments.

This also includes the recording of access, logs, and interactions necessary to prevent Security Incidents and maintain technological integrity.

When the use of these tools is directly related to contracted services, Processing may also be based on contract execution.

3.3 Contract execution, product supply, and industrial and logistics operations

Processing related to contract execution and supply, production, and logistics activities is primarily based on contract execution and obligations arising from legitimate commercial relationships.

In some cases, Processing may also rely on compliance with legal or regulatory obligations, particularly those related to tax, transportation, safety, and traceability requirements.

3.4 Sending and receiving samples, prototypes, and technical materials

Processing necessary for sending or receiving samples, prototypes, and technical materials is based on contract execution or preliminary procedures related to commercial, technical, or industrial activities.

When necessary to document deliveries, meet safety standards, or comply with operational requirements, Processing may also be based on legal or regulatory obligations.

3.5 Participation in events, trade fairs, training, and webinars

Processing in the context of events, trade fairs, training sessions, and institutional activities is generally based on contract execution or preliminary measures required for registration, participation, or organization.

When required for access control, attendance tracking, or compliance with health and safety regulations, Processing may rely on legal or regulatory obligations.

For post-event communications, informational materials, or invitations to future activities, Processing may be based on consent or legitimate interest, depending on applicable law.

3.6 Administrative, employment, and service provider management

Processing related to administrative, employment, and service provider management is primarily based on compliance with legal and regulatory obligations, including labor, tax, social security, and occupational health and safety requirements.

It may also rely on contract execution when necessary to formalize and manage employment or service relationships.

3.7 Credentialing, access, and security in facilities

Processing for credentialing, access control, and security purposes is based on compliance with legal and regulatory obligations related to the protection of people, assets, and information.

Where permitted under local law, it may also rely on the Company’s legitimate interest, particularly in ensuring physical safety, preventing incidents, and maintaining order within its premises.

In cases where access is linked to contracts or pre-arranged visits, Processing may also be based on contract execution.

3.8 Compliance with legal, regulatory, and contractual obligations

Processing necessary to meet legal, regulatory, or contractual requirements is primarily based on compliance with a legal obligation applicable in the countries where MasterSense operates.

This includes obligations related to tax, accounting, logistics, environmental, labor, health, safety, auditing, and compliance matters.

When Processing arises from contractual commitments with clients, suppliers, or partners, it may also be based on contract execution.

3.9 Information security, system integrity, and business continuity

Processing carried out to ensure information security, system integrity, and business continuity is primarily based on the Company’s legitimate interest in protecting its technological assets, preventing Security Incidents, and ensuring confidentiality, availability, and integrity of data.

This includes technical and administrative measures such as user authentication, logging, access control, and activity monitoring.

Where local legislation does not allow reliance on legitimate interest, consent will be obtained as required.

When certain actions are mandated by internal, contractual, or regulatory security requirements, Processing may also be based on legal or contractual obligations.

3.10 Other compatible and previously informed purposes

Processing for additional purposes not explicitly described in this Policy may occur when such purposes are compatible with the original context of collection, legitimate, and properly communicated to the data subject.

In these cases, the legal basis may vary between:

depending on the nature and objective of the Processing.

In all cases, Personal Data will be processed in a transparent, proportional manner and limited to what is strictly necessary.

4. HOW LONG DO WE RETAIN YOUR PERSONAL DATA?

MasterSense retains Personal Data only for as long as necessary to fulfill the legitimate purposes that justified its collection, or as required by applicable laws, regulatory requirements, and contractual obligations in the countries where it operates.

Retention periods are defined based on technical, legal, and operational criteria, taking into account factors such as:

i. the duration of the commercial, contractual, or institutional relationship with the Data Subject;
ii. the need to retain records to comply with legal, regulatory, and tax obligations;
iii. the preservation of information for audits, investigations, legal defense, or the regular exercise of contractual rights; and
iv. the existence of valid consent for communications or optional activities.

Once the purposes that justified the Processing have been fulfilled, or once the applicable legal and contractual retention periods have expired, Personal Data will be:

in a secure manner, through appropriate technical and organizational procedures designed to prevent unauthorized access, use, or recovery of the information.

When Personal Data is stored in backup environments, contingency systems, or other business continuity mechanisms, MasterSense will adopt measures to ensure that such information:

always in accordance with the principles of necessity and proportionality.

In countries where local legislation establishes specific retention periods or different conditions for data deletion, such requirements are detailed in the corresponding Annexes of this Policy.

5. WHEN DO WE SHARE YOUR PERSONAL DATA WITH THIRD PARTIES AND WHY?

MasterSense may share Personal Data with third parties only when such sharing is necessary, legitimate, and compatible with the purposes informed to the data subject.

All sharing is conducted transparently, with the adoption of contractual and technical safeguards to ensure the security and proper use of the information.

5.1 Commitments and requirements applicable to third parties

All third parties that receive Personal Data from MasterSense — including service providers, business partners, suppliers, consulting firms, carriers, financial institutions, and technology providers such as cloud platforms and other operational support entities — must adopt appropriate technical and administrative security measures.

These measures aim to protect Personal Data against:

Such third parties are contractually required to:

always in compliance with applicable data protection laws.

MasterSense applies strict criteria in the selection, monitoring, and evaluation of its partners, requiring them to meet privacy and security standards equivalent to those adopted internally, ensuring that data sharing is carried out responsibly and transparently.

5.2 Sharing scenarios

Personal Data may be shared in the following situations, always in accordance with the purposes informed to the data subject and the applicable legal bases in each country:

a) Service provision and operational support
With suppliers, service providers, and partners that support corporate activities, including:

b) Human resources management and recruitment processes
With companies responsible for:

exclusively for administrative and employment-related purposes.

c) Compliance with legal and contractual obligations
With:

when sharing is necessary to comply with legal requirements, defend rights, or fulfill contractual obligations.

d) Interaction between group entities and subsidiaries
Between companies within the MasterSense group, located in different countries, when necessary for the integrated management of:

always with appropriate safeguards in place.

e) Digital services and institutional communication
With providers of:

strictly for the execution of contracted activities and within the limits of the purposes communicated to data subjects.

5.3 Restrictions on data sharing

MasterSense does not sell or disclose Personal Data to third parties for:

Any new data sharing activity will be subject to a prior compliance assessment and, when required, will depend on:

Specific rules regarding the sharing of Personal Data with public authorities or foreign entities are detailed in the local Annexes, in accordance with the legal requirements of each country.

6. INTERNATIONAL TRANSFER OF PERSONAL DATA

MasterSense may transfer Personal Data across countries whenever such transfer is necessary for:

The legal criteria, restrictions, and procedures applicable to international data transfers vary according to the legislation of each country and are detailed in the specific Annexes of this Policy.

All international transfers are carried out in compliance with applicable data protection laws in each jurisdiction, ensuring that:

The Company adopts appropriate contractual, technical, and organizational measures to ensure that recipient entities maintain:

equivalent to those adopted internally and required by local legislation.

6.1 Transfers arising from MasterSense’s international operations

Due to MasterSense’s presence in multiple countries, Personal Data may be shared between its:

located in different jurisdictions.

These transfers occur in a controlled manner and are supported by:

that ensure compliance with the principles of:

as well as adherence to applicable data protection laws in each country where the Company operates.

6.2 Transfers resulting from the use of cloud technology services

MasterSense may also carry out international transfers of Personal Data due to the use of:

operated by providers located outside the country of origin of the data.

These transfers are conducted only with business partners recognized for their:

They are supported by contractual clauses that ensure compliance with:

All technology providers undergo internal evaluation and approval processes to ensure they maintain:


7. SECURITY

The security of Personal Data is one of MasterSense’s top priorities.

To protect data against:

MasterSense adopts technical, organizational, and administrative measures aligned with international best practices in information security and digital compliance.

These measures include, among others:

To support its operations, MasterSense uses:

and may record information related to:

always in a proportional manner and limited to legitimate purposes such as security, administration, and operational continuity.

When the use of personal devices for professional purposes is allowed (BYOD – Bring Your Own Device), MasterSense may implement specific technical controls, such as:

ensuring that such controls are limited to the professional environment and respect the privacy of personal use.

MasterSense considers:

In the event of a Security Incident that may compromise Personal Data, MasterSense will adopt the necessary technical and administrative measures to:

in accordance with the applicable legislation of each country.

8. WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?

MasterSense recognizes that respecting data subjects’ rights is a fundamental pillar of Personal Data protection.

For this reason, the Company ensures that the exercise of these rights is guaranteed in accordance with applicable data protection laws and regulations in each country where MasterSense operates, taking into account local differences and specificities.

The rights of data subjects and response deadlines may vary depending on the applicable legislation in each country. Local details are described in the Annexes of this Policy.

Data subjects may exercise their rights through the official contact channels indicated in this Policy. Each request will be analyzed based on:

In general, data protection laws grant, among others, the following rights:

a) Confirmation of Processing
The right to obtain confirmation as to whether Personal Data is being processed.

b) Access to data
The right to access processed information and understand its purposes.

c) Correction of data
The right to request correction, updating, or completion of inaccurate, incomplete, or outdated Personal Data.

d) Deletion, anonymization, or blocking
The right to request the deletion, anonymization, or blocking of unnecessary, excessive, or unlawfully processed Personal Data.

e) Information about data sharing
The right to obtain information about public or private entities with which Personal Data has been shared.

f) Withdrawal of consent
The right to revoke consent, when consent is the legal basis for Processing.

MasterSense may request additional information to confirm the identity of the requester and ensure that the request is handled securely and confidentially.

The Company is committed to ensuring that all requests are handled with:

strictly observing the deadlines, procedures, and requirements established by applicable data protection laws in each country where it operates.

9. DATA PROTECTION OFFICER (DPO)

MasterSense has appointed the following professional as its Data Protection Officer (DPO), responsible for acting as the communication channel between:

Name: Gustavo Assis Rodrigues
Email: [email protected]

Address:
Rodovia Vice Prefeito Hermenegildo Tonolli, S/Nº – Modules 4, 5 and 6
Industrial District – Jundiaí – SP – ZIP Code 13.213-086

Rod. Anhanguera, Km 62, s/n
Anhanguera Logistics Complex (CLA) – Warehouses 7, 8, 9
Industrial District – Jundiaí – SP – ZIP Code 13.213-055

The DPO is responsible for:


10. POLICY UPDATES AND EFFECTIVENESS

This Policy may be reviewed and updated periodically by MasterSense whenever there are relevant changes in:

This Policy becomes effective on the date of its publication and will remain valid until it is replaced by a new version, reflecting MasterSense’s ongoing commitment to:

Updates to this Policy may include revisions or replacements of the country-specific Annexes, in order to ensure alignment with:

in each jurisdiction where MasterSense operates.