This website is maintained and operated by Lean Sales.

We collect and use some personal data belonging to those who use our website. In doing so, we act as the controller of this data and
are subject to the provisions of Federal Law no. 13.709/2018 (General Personal Data Protection Law - LGPD).

We care about the protection of your personal data and have therefore made available this privacy policy, which contains important information about:

- Who should use our website
- What data we collect and what we do with it;
- Your rights in relation to your personal data; and
- How to contact us.

1. Who should use our website

Our website should only be used by people who are at least 18 (eighteen) years old, and use by people under the age of 18
(eighteen) will only be possible with the consent of at least one of their parents or guardians.

2. Data we collected and reasons for collection

Our website collects and uses some personal data from our users, in accordance with the provisions of this section.

3. Personal data expressly provided by the user

We collect the following personal data that our users expressly provide to us when using our website:

- Name;
- E-mail;
- Telephone;
- Position
- Company
- CPF
- CNPJ
- Physical address

4. This data is collected at the following times:

- When the user fills in a contact form; 

- When the user fills in a form to take part in a Lean Sales event;

The data provided by our users is collected for the following purposes:

- For the user to purchase our products and services;
- So that Lean Sales can contact you with any questions;
- So that we can send products to users at our events;
- So that we can send informative e-mails about Lean Sales solutions.

5. Sensitive data

The site may collect the following sensitive data from users:

- genetic data
- data relating to the user's health
Sensitive data is collected at the following times:
- Biological data is collected when Lean Sales runs an event, whether face-to-face or online, and needs physical information from the user, such as food allergies and clothing measurements to send products.

This data is collected for the following purposes:

- The data is collected to ensure that users, after agreeing to participate in a Lean Sales event, receive their
products correctly and are not harmed during their participation in our events.

Sensitive personal data will only be collected and used with the specific and separate consent of the data subjects, except, where applicable, in the
cases in which the General Data Protection Law allows the processing of this type of data on other legal bases than consent.
In any case, sensitive personal data will only be processed to fulfill specific purposes expressed in this policy or duly
informed to the user by other means.

Collection of data not expressly provided for

Occasionally, other types of data not expressly provided for in this Privacy Policy may be collected, provided that they are provided with the
user's consent, or that the collection is permitted on the basis of another legal basis provided for by law. In any case, the collection of data and the processing activities resulting from it will be informed to the users of the website.

6. Sharing personal data with third parties

We do not share your personal data with third parties. However, we may do so in order to comply with a legal or regulatory requirement, or,
, to comply with an order issued by a public authority.

7. How long your personal data will be stored

The personal data collected by the website is stored and used for a period of time that corresponds to what is necessary to achieve the purposes listed in this
document and that takes into account the rights of its holders, the rights of the website controller and the applicable legal or regulatory provisions.

Once the periods of storage of personal data have expired, they are removed from our databases or anonymized, except in cases where
there is the possibility or need for storage due to legal or regulatory provision.

8. Legal bases for processing personal data

A legal basis for processing personal data is nothing more than a legal basis, provided for by law, that justifies it. Therefore, each operation
processing personal data must have a corresponding legal basis.

Non-sensitive personal data

We process the non-sensitive personal data of our users in the following cases:
- with the consent of the data subject
- for the fulfillment of a legal or regulatory obligation by the controller
- for the performance of a contract or preliminary procedures related to a contract to which the data subject is a party, at the request of the data subject
- when necessary to meet the legitimate interests of the controller or a third party

Sensitive personal data

We process the sensitive personal data of our users in the following cases:

- with the consent of the holder of the personal data
- for compliance with a legal or regulatory obligation by the controller

9. Consent

Certain personal data processing operations carried out on our website will depend on the prior agreement of the user, who must express this in a free, informed and unequivocal manner
. The user may revoke their consent at any time, and if there is no legal hypothesis permitting or requiring the storage of data, the data provided with consent will be deleted.

Furthermore, if they wish, users may not agree to any personal data processing operation based on consent. In these cases, however, it is
possible that you will not be able to use some functionality of the site that depends on that operation. The consequences of not consenting to a specific
activity are informed prior to processing.

10. Compliance with a legal or regulatory obligation by the controller

Some personal data processing operations, in particular data storage, will be carried out so that we can comply with obligations provided for by law
or other regulatory provisions applicable to our activities.

Contract execution

In order to execute any purchase or service contract signed between the website and the user, other data related to or necessary for its execution may be collected and
stored, including the content of any communications with the user.

 Legitimate interest

For certain personal data processing operations, we rely exclusively on our legitimate interest.
To find out more about in which cases,
specifically, we rely on this legal basis, or to obtain more information about the tests we carry out to make sure we can use it, please contact our Personal Data Protection Officer through one of the channels indicated in this Privacy Policy, such as contacting us.

11. User rights

Website users have the following rights under the Personal Data Protection Act:

- confirmation of the existence of processing;
- access to data;
- correction of incomplete, inaccurate or outdated data;
- anonymization, blocking or deletion of unnecessary, excessive data
or data processed in breach of the provisions of the law;
- portability of data to another service or product provider, upon express request, in accordance with the regulations of the national authority, observing commercial and industrial secrets; 

- deletion of personal data processed with the consent of the data subject, except in cases provided for by law;
- information on public and private entities with which the controller has shared data;
- information on the possibility of not providing consent and on the consequences of refusal;
- revocation of consent.

It is important to note that, under the terms of the LGPD, there is no right to delete data processed on legal grounds other than
consent, unless the data is unnecessary, excessive or processed in breach of the law.

12. How the holder can exercise their rights:

Holders of personal data processed by us may exercise their rights using the form available at the following address: https://leansales.com.br/oldLean2024contato. Alternatively, if you wish, you can send an e-mail or correspondence to our Personal Data Protection Officer. The information required for this can be found in the How to contact us section of this Privacy Policy.

The holders of personal data processed by us may exercise their rights by sending a message to our Personal Data Protection Officer, either by e-mail or by post. The information required for this can be found in the How to contact us section of this Privacy Policy.

In order to guarantee that the user who wishes to exercise their rights is in fact the owner of the personal data which is the subject of the request, we may ask for documents or other
information which may help to correctly identify them, in order to protect our rights and the rights of third parties. This will only be done, however, if it is
absolutely necessary, and the requester will receive all related information.

13. Security measures in the processing of personal data

We employ technical and organizational measures to protect personal data from unauthorized access and from situations of destruction, loss, misplacement or
alteration of such data. The measures we use take into account the nature of the data, the context and purpose of the processing, the risks that a possible breach would generate for the rights and freedoms of the user, and the standards currently employed in the market by companies similar to ours. Among the security measures adopted by us, we highlight the following:

- Our users' data is stored in a secure environment;
- We limit access to our users' data, so that unauthorized third parties cannot access it;
- We use an SSL (Secure Socket Layer) certificate, so that data transmission between users' devices and our servers takes place in encrypted form;
- We keep records of all those who have, in some way, come into contact with our data.

Even if we do everything in our power to prevent security incidents, it is possible that a problem may occur that is caused exclusively by a third party
- such as in the case of hacker or cracker attacks, or even in the case of the user's exclusive fault, which occurs, for example, when they themselves transfer
their data to a third party. Therefore, although we are generally responsible for the personal data we process, we disclaim liability in the event of an exceptional situation
such as these, over which we have no control whatsoever. In any case, should any type of security incident occur that could
generate a significant risk or damage to any of our users, we will notify those affected and the National Data Protection Authority of what has occurred, in
accordance with the provisions of the General Data Protection Act.

14. Complaint to a control authority

Without prejudice to any other administrative or judicial remedy, data subjects who feel in any way wronged may submit a complaint to the National Data Protection Authority at
.

15. Changes to this policy

This version of this Privacy Policy was last updated on: 18/11/2020. We reserve the right to modify these rules at any time,
especially to adapt them to any changes made to our website, either by making new features available or by deleting or modifying
existing ones. Whenever a change is made, our users will be notified of the change.

16. How to contact us

If you have any questions about this Privacy Policy or the personal data we process, please contact our Data Protection Officer at
through one of the channels mentioned below:

E-mail: paulo@leansales.com.br

Telephone: 47996783347
Postal address: Rua Georg Lucas, 225. Rio do Sul - SC