NOVUS PRODUTOS ELETRÔNICOS LTDA., a Brazilian company enrolled with the

CNPJ under No. 88.176.995/0001-97 (“NOVUS”), which provides the Telik Geter

Connect Application (“Telik Geter Connect App”), assumes responsibility for

processing Users’ personal data in accordance with the Brazilian General Data Protection

Law (Law No. 13,709/2018, also referred to as “LGPD”), the Brazilian Civil Rights

Framework for the Internet (Law No. 12,965/2014), and other applicable regulations.

The purpose of this Privacy Policy (“Policy”) is to provide transparency regarding the

processing of personal data within the Telik Geter Connect App, a white-label solution

customized by NOVUS based on a platform developed, hosted, and operated by HEDRO

SISTEMAS INTELIGENTES LTDA., a company enrolled with the CNPJ under No.

26.199.823/0001-81, headquartered at Rua Hélio Ribeiro, No. 212, Downtown, in the

city of Entre Rios de Minas/MG, ZIP Code 35490-000 (“HEDRO”).

This Policy must be read with HEDRO’s Privacy Policy (“HEDRO’s Privacy Policy”),

available at: link. In it, the User declares, under penalty of law, to have fully read,

understood, and accepted its terms without reservation upon accessing or using the

Application. The Terms and Conditions of NOVUS and HEDRO are also included by

reference.

If there is a conflict, the provisions of this Policy shall prevail regarding NOVUS’ specific

obligations toward the User. For all technical, operational, security, storage, processing,

and intellectual property aspects related to the Application’s infrastructure, HEDRO’s

elements.

The User expressly acknowledges that the Telik Geter Connect App depends on

HEDRO’s technological solution and is subject to its data processing rules, limitations,

and exclusive technical responsibilities.

This Policy binds the User as an ancillary agreement to the use of the Telik Geter

Connect App.

1. IDENTIFICATION OF DATA PROCESSING AGENTS

1.1. For the purposes of this Policy, the term “Application” includes the interface

referred to as the Telik Geter Connect App, provided under the NOVUS brand, and

the technological infrastructure, systems, functionalities, and operational base of the

HEDRO Callisto Application, owned and operated by HEDRO. For the purposes of this

Policy, the term “Application” may refer to either of these layers, depending on the

context.

1.2. NOVUS – Responsible for the User Relationship. NOVUS controls personal

data strictly within the scope of the relationship established with the User through the

Telik Geter Connect App, including registration, account management,

communications, and support to data subjects.

NOVUS defines purposes related to the use of the interface and user experience but

does not have access, influence, or control over the Application’s technical architecture

or the internal processes of storage, processing, and/or security implemented by

HEDRO.

1.3. HEDRO – Controller of the technological infrastructure. HEDRO is the

developer, owner, and operator of the Application’s technological infrastructure

(originally named HEDRO Callisto), available to NOVUS under a white-label model.

HEDRO controls personal data processed for the operation, maintenance, security,

processing, and/or storage of the Application. All technical decisions regarding data

processing, security measures, incident management, backups, integration with

processors, and other operations are the sole responsibility of HEDRO, in accordance

with its own privacy policies and internal standards. NOVUS acts as a facilitator of the

relationship with the User and does not assume responsibility for data processing

performed by HEDRO.

1.4. Limitation of NOVUS liability. The Application is technically developed,

maintained, and operated by HEDRO, which holds control over the technological

infrastructure and the personal data processing necessary for its operation. NOVUS does

not influence or control any data processing activities performed by HEDRO or its users,

including collection, storage, processing, analysis, transmission, and/or deletion of data.

Thus, NOVUS shall not be liable for security incidents, operational failures, data

processing activities, or consequences occurring from acts performed by HEDRO or its

processors. Legal, administrative, or contractual liabilities related to such operations shall

be the exclusive responsibility of HEDRO.

1.5. HEDRO Processors. HEDRO may use technological infrastructure providers

and cloud computing services as processors or technical service providers to enable the

operation of the Application. The selection, contracting, and supervision of these

providers are the sole responsibility of HEDRO, which shall ensure appropriate security

and data protection measures.

2. DATA SUBJECT RIGHTS AND PRINCIPLES

2.1. Under the LGPD and without prejudice against the provisions of HEDRO’s Privacy

Policy, data subjects may exercise, among others, the following rights:

a) Confirm data processing.

b) Access processed data.

c) Correct incomplete, inaccurate, or outdated data.

d) Anonymize, block, or delete unnecessary or excessive data or data processed

in violation of applicable law.

e) Request data portability to another service or product provider, in

accordance with applicable regulations.

f) Delete data processed based on consent.

g) Obtain information about the public and private entities with which the data

may have been shared.

h) Object to data processing performed without consent when applicable.

i) Withdraw consent when applicable.

j) Request review of decisions made based on the automated processing of

personal data when applicable.

2.2. Requests related to the enforcement of rights provided for in applicable law may

be submitted through the channels designated by NOVUS and/or HEDRO.

2.2.1. NOVUS will serve as an intermediary for receiving and forwarding

requests and may, when necessary, coordinate the response with

HEDRO, which is responsible for the Application’s technological

infrastructure.

2.2.2. The response time shall be up to 15 (fifteen) days, counted from the

reception of the request. When the request involves data processed by

HEDRO’s technological infrastructure, NOVUS may depend on

information or technical measures from HEDRO to properly address the

request. In this case, the response period shall be automatically extended

for an additional equal period.

2.3. The processing of personal data shall comply with the principles set forth in

Brazilian Law No. 13,709/2018, including purpose, adequacy, necessity, transparency,

quality, security, prevention, non-discrimination, and accountability. HEDRO bears sole

responsibility for data processing performed on the technological infrastructure.

3. DATA CATEGORIES, SOURCES, PURPOSES AND LEGAL BASES

3.1. Personal data may be collected from the User through the relationship

established with NOVUS, specifically during registration in the Application and the

voluntary submission of information. Additionally, certain technical data and browsing

records may be automatically collected by the Application’s technological infrastructure,

operated by HEDRO, through data collection technologies, access logs, and other

technologies necessary for the functioning and security of the system.

3.2. The personal data processed during the use of the Application may involve

several categories of information. Data related to registration and the relationship with

the User will be processed by NOVUS. Technical or operational data required for the

functioning of the Application’s infrastructure may be processed directly by HEDRO:

Category

Examples

Source

Main purpose

Legal basis (LGPD)

Name, email,

phone,

CPF/CNPJ, job

title

Direct supply

(registration)

and, additionally,

contact the customer

service center

Contract performance

(Art. 7, V); Legal

obligation (Art. 7, II);

Legitimate interest (Art.

7, IX)

Technical/

Usage

IP address,

access logs,

device,

approximate

geolocation

Automatic

(cookies,

servers)

Security,

improvements, audit

Legitimate interest (Art.

7, IX); Legal obligation

(Art. 7, II)

When involving third-

party and/or non-

essential cookies, it will

be based on consent

(Art. 7, I).

Telemetry

device

Data collected

by hardware

(sensors,

metrics)

App/cloud

integration

Viewing/reports

Contract performance

(Art. 7, V); Necessity

(Art. 6, III)

3.3. Personal data may be used for additional purposes compatible with those

originally informed, if they are related to the use of the Telik Geter Connect App and

in compliance with the provisions of this Policy and, where applicable, HEDRO’s Privacy

Policy, as well as the limits set in applicable legislation.

3.4. Automatically collected information. When using the Application,

information may be collected by the technological infrastructure used to operate the

service, including, but not limited to: type of mobile device used, unique device identifier,

mobile device operating system, type of Internet browser used, technical logs related to

the operation of the Application, and information related to how the User interacts with

the Application. Such information is collected to ensure proper functioning of the

Application, improve the User experience, ensure Application security, perform technical

performance analyses, and identify and correct operational failures or inconsistencies.

3.4.1. The Application does not collect through these automatic mechanisms

sensitive personal data or User access credentials, such as email

addresses, usernames, passwords, or other authentication information,

except when such data is freely provided by the User during registration,

authentication, or use of Application functionalities (when applicable).

3.5. Storage and tracking technologies. When using the Application, local

storage technologies, device identifiers, technical logs, third-party SDKs, and other

similar technologies may be used to store or access certain information on the User’s

device. These technologies are intended, among other purposes, to: (i) enable the

technical operation of the Application; (ii) simplify the use of functionalities and improve

User experience; (iii) record User preferences and settings; and (iv) collect statistical

or technical information related to access, use, and performance of the Application.

3.5.1. The User may manage selected permissions and privacy settings through

the operating system settings of their device or within the Application.

However, if the User chooses to restrict or disable such technologies,

some functionalities of the Application may operate in a restricted manner

or may not function properly, which may affect usability.

3.6. When accessing and interacting with the Application, certain records may be

collected by the servers involved in operating the service, such as IP address, date and

time of access, approximate location, type of browser used, operating system, and pages

visited, including the time spent on each page.

3.7. Location information. The Application does not collect precise real-time

location data from the User’s mobile device (such as GPS data). Any approximate location

information, when collected through IP address or similar technologies, is used for

technical, statistical, security, and user experience improvement purposes, in accordance

with this Policy.

3.8. The Application made available to the User operates on a technological

infrastructure developed and maintained by HEDRO. Specific cookie technologies,

technical logs, or monitoring tools may be associated with this infrastructure operation.

In these cases, the processing of such information may also be subject to HEDRO’s

policies and technical guidelines, without prejudice to the provisions of this Policy.

4. DATA SHARING, TRANSFER, AND THIRD PARTIES

4.1. Considering the white-label model of the Application, certain personal data

processing activities may occur within the scope of the User’s relationship with NOVUS

and within the technological infrastructure operated by HEDRO, each within the limits

of the roles and responsibilities described in this Policy and in HEDRO’s policies.

4.2. Within this infrastructure, HEDRO may employ technological service providers

or processors, such as cloud computing providers or operational management tools. Such

parties shall act under HEDRO’s responsibility and shall be subject to contractual

obligations of confidentiality, information security, and personal data protection.

4.3. Due to the technological infrastructure used to operate the Application, personal

data may be stored or processed on servers located outside Brazil, including by cloud

service providers or other technology suppliers used by HEDRO.

4.3.1. In these cases, international data transfers shall be performed in

compliance with applicable legislation, and appropriate legal and

contractual mechanisms shall be adopted to ensure proper level of

personal data protection.

4.4. Personal data may be disclosed when necessary to comply with a legal or

regulatory obligation, by order of a competent authority or a court order, or when

necessary for the exercise of rights in administrative, arbitration, or judicial proceedings.

4.5. It is expressly stated that NOVUS shall not be held liable for personal data

processing operations performed by HEDRO and/or its processors.

5. SECURITY MEASURES AND INCIDENT MANAGEMENT

5.1. NOVUS Security. NOVUS adopts reasonable organizational and administrative

measures to protect the personal data it processes, within the scope and limitations set

in this Policy.

5.2. HEDRO Security. The technical implementation of security measures is

responsibility of HEDRO, in accordance with HEDRO’s Privacy Policy. It is expressly

stated that NOVUS has no direct involvement in the technical operation.

5.3. Incident management. When a security incident involving personal data is

suspected or confirmed in the Telik Geter Connect App, NOVUS shall formally notify

HEDRO, describing the event. After receiving formal notification, HEDRO will use its

best efforts to identify, contain, and conduct a technical analysis of the incident, limiting

its actions to the scope of its own technological infrastructure and excluding systems,

devices, or environments under the control or responsibility of NOVUS or third parties.

5.3.1. Considering that the Application is provided under a white-label model,

each party’s actions shall be limited to the environments, systems, and

operations within its respective sphere of control.

5.3.2. In cases where the security incident is exclusively related to the Telik

Geter Connect App, communication to data subjects and competent

authorities, including the Brazilian Data Protection Authority, shall be the

sole responsibility of NOVUS, which shall comply with the applicable legal

deadlines. HEDRO shall cooperate by providing available technical

information within a reasonable deadline to be agreed between the parties

and shall not be held liable for delays resulting from technical complexity

or dependence on third parties. In other cases, particularly when the

incident arises, in whole or in part, from systems, infrastructure, or

environments under HEDRO’s responsibility, HEDRO shall be responsible

for the communications applicable to it, without prejudice to cooperation

between the parties and the provision of information necessary to comply

with legal obligations.

5.3.3. HEDRO’s liability shall be limited to incidents originating in or verified

within its own infrastructure. NOVUS shall be exclusively responsible for

incidents arising directly and exclusively from acts or omissions noticeably

attributable to it, within the scope of activities, access, credentials,

integrations, and/or environments under its direct responsibility and control.

NOVUS shall not be held liable for incidents whose origin lies in the

technological infrastructure, systems, or security mechanisms maintained

by HEDRO.

6. AUTOMATED TECHNOLOGIES

6.1. As provided in Clauses 3.4 and 3.5 above, the Application may use automated

data collection technologies.

6.2. Pursuant to Clause 4, certain technologies, technical logs, or monitoring tools

may be associated with the technological infrastructure of the Application, operated by

HEDRO, and may also follow the technical guidelines, security standards, and policies

applicable to this infrastructure, without prejudice to the provisions of this Policy.

6.3. The User may manage certain permissions related to automated data collection

directly through the privacy settings of their device’s operating system or within the

Application settings. The User acknowledges that restricting or disabling certain

permissions or technologies may limit or harm the functioning of certain features.

7. CHANGES TO THIS POLICY

7.1. NOVUS may update this Privacy Policy at any time, whenever necessary to

reflect legislative, regulatory, technical, and/or operational changes related to the use of

the Telik Geter Connect App.

7.2. The current version of this Policy will always be available within the Application,

indicating the date of its latest update. It is the User’s responsibility to read and monitor

the provisions of this Policy, as well as the HEDRO Privacy Policy regarding the technical

operation of the Application and the data processing performed by HEDRO. Continued

use of the Application after the publication of an updated version shall be considered as

the User’s acknowledgment of the changes made, except where applicable law requires

specific consent.

7.3. When changes entail significant modifications to personal data processing

practices, the User may be informed through reasonable means of communication, such

as in-app notifications, informational banners, or electronic communications.

8. FINAL PROVISIONS

8.1. NOVUS has appointed a Data Protection Officer (DPO) responsible for

communication with data subjects and with the Brazilian Data Protection Authority, as

follows:

Paulo Junior Lopes

Email: paulo.lopes@NOVUSautomation.com

Phone: +55 51 98191.6388

8.2. As established in this Policy, the Telik Geter Connect App operates on

technological infrastructure provided by a specialized third party (HEDRO), which is

responsible for the technical aspects related to data hosting, storage, and processing.

NOVUS has no control over the technical architecture of such infrastructure and may

depend on information or technical measures from the provider for the operation of the

Application or for responding to requests related to personal data.

8.3. Although NOVUS and HEDRO adopt reasonable technical and administrative

measures to protect the information processed and stored in their systems, the User

acknowledges that no security system is immune to failures or unauthorized access, and

absolute protection against all potential security incidents cannot be guaranteed.

8.4. This Policy shall be interpreted in accordance with the laws of the Federative

Republic of Brazil.

8.5. The courts of the District of Porto Alegre, Rio Grande do Sul, are hereby elected

as the exclusive jurisdiction, with express waiver of any other, however privileged it may

be, to resolve any disputes occurring from or related to this Policy.

Version 1.0 | Last updated: March 25, 2026 | Must be read in conjunction with HEDRO’s