T&B PHARMA CONSULTING
Policy
Document Code: TB_GDQ_PQ-002
Page: 1 of 7
DATA PROTECTION
Version: 01
Issue Date: October/2025

INDEX

1. AIM
2. SCOPE
3. TERMS AND DEFINITIONS
4. PRINCIPLES OF DATA PROTECTION
5. ACTIONS RELATED TO DATA
6. HOLDER'S RIGHTS
7. LEGAL BASIS FOR DATA PROCESSING
8. RESPONSIBILITIES
9. INFORMATION SECURITY MEASURES
10. CONSENT AND REVOCATION
11. HOLDER SERVICE CHANNEL
12. RELATED DOCUMENTS
13. HISTORY

1. OBJECTIVE

Establish guidelines for the protection of personal data and information security at T&B Pharma Consulting, in accordance with the General Personal Data Protection Law (LGPD – Law nº 13,709/2018).

2. SCOPE

It applies to all employees, consultants, partners and third parties who process personal data or access T&B Pharma Consulting information.

3. TERMS AND DEFINITIONS

Personal data: information related to an identified or identifiable natural person, such as name, CPF, email, telephone, among others.

Sensitive personal data: personal data on racial or ethnic origin, religious conviction, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, data relating to health, sexual life, genetic or biometric data, when linked to a natural person.

Titular: natural person to whom the personal data that is subject to processing refers.

Controller: natural or legal person, governed by public or private law, who is responsible for decisions regarding the processing of personal data.

Operator: natural or legal person, under public or private law, who processes personal data on behalf of the controller.

Anonymization: use of reasonable technical means available at the time of processing, through which data loses the possibility of association, directly or indirectly, with an individual.

Consent: free, informed and unequivocal expression by which the holder agrees to the processing of their personal data for a specific purpose.

4. PRINCIPLES OF DATA PROTECTION

T&B Pharma Consulting processes personal data based on the fundamental principles established by Article 6 of the General Personal Data Protection Law (LGPD), ensuring:

• Purpose
• Adequacy
• Need
• Free access
• Data quality
• Transparency
• Security
• Prevention
• Non-discrimination
• Accountability and accountability

5. ACTIONS RELATED TO DATA

The processing of personal data carried out by T&B Pharma Consulting is based on legitimate, specific and previously informed purposes to the holders, respecting the principles of the LGPD…

6. HOLDERS’ RIGHTS

Confirmation of the existence of processing, access, correction, anonymization, portability, deletion, information on sharing and revocation of consent.

Contact: tbpharma@tbpharma.com.br

7. LEGAL BASIS FOR DATA PROCESSING

Consent, legal obligation, execution of a contract, regular exercise of rights, protection of life, protection of health, legitimate interest and credit protection.

8. RESPONSIBILITIES

The board is responsible for data governance. Consultants must follow security and confidentiality guidelines. Third parties must sign data protection contracts.

9. INFORMATION SECURITY MEASURES

• Confidentiality
• Integrity
• Availability
• Authenticity
• Access control
• Secure storage
• Local storage ban
• Backup
• Incident management

10. CONSENT AND REVOCATION

Consent will be obtained in a clear and specific way. The holder can revoke at any time.

11. HOLDER SERVICE CHANNEL

Requests must be sent to the Data Processing Officer (DPO) via the company's official email.

12. RELATED DOCUMENTS

• TB-GDQ-PRO-003 Information Security
• TB_GDQ_PQ-003 Email Use Policy

13. HISTORY

Version 01 December / 2021 – Initial Version
Version 02 October / 2025 – Unified version