LGPD

The following are subject to the law:

• Handling of personal data collected in Brazil and
  
  
• Handling of data involving the offer of goods or services to people who are in Brazil, - whether free of charge or for a fee -, and regardless of the country in which the data processing takes place.

The following are exempt from the law:

• Handling of personal data carried out for private and non-economic purposes;
• Data that is exclusively journalistic, artistic, or academic;
• Data exclusively related to public security, national defense, state security or the investigation and prosecution of criminal offenses, and
• Data that has no contact with Brazil in the entire processing chain.

According to legal definitions, Neoway is classified as a "Controller" of the personal data it is responsible for, as it determines what data will be collected, how it will be modeled and stored, what information security measures will be applied, how this data will be available on the Neoway Platform and for what purposes, and it also determines all other data processing specifications. The Neoway Platform handles and makes personal and anonymized data available, but it does not deal in any way or provide sensitive data.

Neoway applies all the principles established by the LGPD in its operation. For example, in terms of data quality, Neoway ensures that the data is up to date and reflects exactly how it is available from the original source. In terms of security, the ISO 27001 and ISO 27002 controls are incorporated into Neoway's operations through information security systems and tools that are in line with the latest on the market. The "Neo-SEC-way" culture is also developed through internal training.

As Big Data is Neoway's "core business", we have always paid special attention and care with the management and protection of data and, once the LGPD was enacted, we redoubled our concern regarding data processing in order to implement the controls of the law in our operation.