For a better understanding of this Policy, the following definitions should be considered:

Cookies: small files sent to your browser or devices, which store your preferences and other information about how and when Our Websites are visited, as well as the number of people who access them.

Personal Data or Data: data relating to a natural person, capable of identifying them or making them identifiable. For example: name, email, RG number, personal preferences, IP address, geolocation, etc.

Sensitive Personal Data: any Data on racial or ethnic origin, religious beliefs, political opinions, affiliation to a trade union or to a religious, philosophical or political organization, data related to their health or sexual life, genetic or biometric data, when linked to a natural person.

Data Protection Officer (DPO): person appointed by Maple Canada Education Ltd to act as a communication mediator between us, the Personal Data Subjects and the National Data Protection Authority (ANPD).

Applicable legislation: all legislation that deals with privacy and protection of Personal Data, especially Law No. 13.709/2018 (General Law on Personal Data Protection – LGPD).

Our websites: it designates the electronic address https://maplebear.com.br and other sites linked to Maple Canada Education LLC, including those for various operations.

Policy: this Privacy Policy herein and the Treatment of Personal Data.

Personal Data Subject: you, the natural person to whom the Personal Data refers to, as a user of our websites.

Treatment: any operation performed with Personal Data, such as those relating to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, diffusion or extraction.

How we collect Data. Data may be collected when you interact with Our Websites.

Registration Data: What We Collect: School of Interest Type of Service (Online or In-Person) Grade of Interest Full Name of the Guardian Gender Marital Status Place of Birth Nationality Mobile Phone of the Guardian Landline Email of the Guardian Full Name of the Student RG (Registration Number) of the Guardian CPF (Individual Taxpayer Registration) of the Guardian RG (Registration Number) of the Student CPF (Individual Taxpayer Registration) of the Student Where Did You Learn About the School Relationship With the Student Education Level Faltam Date of Birth CEP (Zip Code) Address Bank Account Number or Credit Card Number or Debit Card Number Health Data

Why Do We Collect Data? To identify and authenticate You as a user. To comply with the obligations resulted from the use of our services. To expand our relationship, informing you about updates, features, content, news and other events that we consider relevant to you. To enrich your experience with us and promote our products and services. To comply with our legal and regulatory obligations.

Digital Identification Data:

What We Collect IP Address and Logical Source Port Device (Operating System Version) Time and Date Stamps of Every Action You Perform Session ID Sessions Cookies

Why Do We Collect It? To identify and authenticate You as a user. To comply with legal obligations to maintain records established by the Brazilian Civil Rights Framework for the Internet (Law Number 12.965/2014). To comply with our legal and regulatory obligations. To keep a record of our operations regarding personal data treatment, as established by the Brazilian General Data Protection Law (Law Number 13.709/2018). To improve our website/application.

Required data. Our services directly depend on the data informed above. We may be unable to provide all or part of our services in the absence of some of the data. Updated and accurate Data. You are solely responsible for the accuracy, veracity or updating of the Data you provide to us. We are not obligated to process your Data if there are reasons to believe that such Processing may impute to us a violation of any applicable law, or if you are using our websites for illegal or unlawful purposes. Database. The database formed through the collection of Data is our property and under our responsibility, and its use, access and sharing, when necessary, will be made within the limits and purposes described in this Policy. Technologies used. We use Cookies in our websites, and it is up to you to do the setup of your internet browser to allow or not their use. In the latter case, some features we offer may be limited. For more information, visit our Cookies Policy.

:Cases of Data Sharing. Data collected and recorded activities (logs) can be shared: With competent judicial, administrative or governmental authorities, whenever there is a legal determination, request, requisition or order in this regard; With the companies and within business areas of Maple Canada Education Ltd, which are in agreement with this Policy; With service providers or partner companies, to facilitate, provide or perform activities related to Our Websites; With marketing and advertising companies, to automatically deliver promotions and information appropriate to your profile, in case of corporate changes, such as mergers, acquisitions or incorporations performed by of Maple Canada Education LLC. If you have any questions about who we share your Data with, please contact us through the Service Channels provided at the end of this Policy.

Security and Governance Practices. To protect your privacy and protect your Data, we have a governance program that contains rules of good practice, internal policies and procedures, which establish conditions for organization, training, educational activities and mechanisms for supervision and mitigation of related risks to the Treatment of Personal Data.

Access to Data, proportionality and relevance. Internally, the Data collected is accessed only by duly authorized professionals, respecting the principles of proportionality, necessity and relevance for the purposes of our business, in addition to the commitment to confidentiality and preservation of your privacy under the terms of this Policy.

Establishment of good practices. You are also responsible for the confidentiality of your Data and must always be aware that the sharing of passwords and access data and/or, the sharing of passwords violates this Policy and may compromise the security of your Data and Our Websites. If you detect or learn of the compromise of the security of your Data, please contact our Supervisor through the Service Channels provided at the end of this Policy.

External Links. When you use Our Websites, you may be led, via a link, to other websites, portals or platforms, which may collect your Data and have their own privacy policy. It is up to you to read these policies, and it is your responsibility to accept or reject them. We are not responsible for the privacy policies of third parties or the content of any websites or services linked to websites other than our own.

Treatment by third parties under our guidelines. We seek to carefully evaluate our partners and service providers, and we establish contractual obligations of confidentiality, information security and data protection with them, in order to protect you.

Storage location. Data collected and activity records (logs) are stored in a secure and controlled environment, and may be on our servers located in Brazil, as well as in a resource use environment or cloud computing servers, which may require transfer and/or processing of your Data outside Brazil. These transfers only involve companies that demonstrate compliance with applicable laws, maintaining a similar or stricter level of compliance than the one provided for in Brazilian law.

Storage time period. We store the Data only for as long as it is necessary to fulfill the purposes for which it was collected or to comply with any legal, regulatory or rights preservation obligations.

Disposal of Data. After the maintenance period and the legal requirement are over, the Data will be deleted using safe disposal methods or used anonymously for statistical purposes.

Your basic rights. The Data are yours and the applicable Law brings a series of rights related to them, which may be exercised by you by requesting our Manager through the Service Channel provided at the end of this Policy.

Confirmation and access: you may request confirmation about the existence of Treatment and access to your Data by requesting copies of records we have about you. Correction: you may request correction of your incomplete, inaccurate or out of date Data. Anonymizing, blocking or deletion: you may request to anonymize your Data, so that they can no longer be related to you, the blocking of your Data, temporarily suspending the possibility of Treatment for certain purposes, or the deletion of your Data. Portability: you may request that we provide your Data in a structured and interoperable format in order to transfer to a third party, respecting our intellectual property or business secret. Information Sharing: you may request information about third parties with whom you share your Data, limiting such disclosure of information to what does not infringe our intellectual property or trade secret. Withdrawal of Consent: you may choose to withdraw consent that you have already given. Such revocation will not affect the legality of any Treatment carried out previously. If you wish to withdraw your consent for purposes that are fundamental to the functioning of our websites and services, it may be unavailable to you. Opposition: you may oppose the Treatment of your Data, if you do not agree with some purpose. Requests. For your security, whenever you submit a request to exercise your rights, we may ask for additional information to verify your identity in order to prevent fraud.

Non-fulfillment of requests: we may fail to comply with any request, if the service violates our intellectual property or business secret, as well as when there is a legal or regulatory obligation to retain Data. In addition, we may fail to comply with your request if we need to retain the Data to enable us or third parties to defend themselves in disputes of any nature.

Replies to requests. We make the commitment to respond to all requests within a reasonable amount of time and always in compliance with applicable law.

Alteration of content and update. You acknowledge our right to change the content of this Policy at any time, according to the purpose or need, and you are responsible for checking it whenever you access our websites. In the event of relevant updates to the Policy, we will notify you through the contact details you informed us.

Lack of applicability. If any point of this Policy is considered not enforceable by the Data Authority or court, the other conditions will remain in full force and effect.

Service Channels. In case of any questions regarding the provisions contained in this Policy, including the exercise of your rights, you may contact our CPO, who is available at the following channel:

DPO: Tatiane Martins Franco Bascuñan

Contact email: dpo@mbcentral.com.br

Applicable law and jurisdiction. This Policy will be interpreted in accordance with Brazilian legislation, in the Portuguese language, and the jurisdiction of your domicile will be chosen to settle any dispute involving this document, except for specific reservations of personal, territorial or functional competence under the applicable legislation.

Last updated on: August, 4 de 2021

Service Channels. In case of any questions regarding the provisions contained in this Policy, including the exercise of your rights, you may contact our CPO, who is available at the following channel:

DPO: Dannemann Siemsen
Contact email: dpo@sebsa.com.br