1. Applicability and Legal Scope

1.1. This instrument constitutes the master governance for the processing of personal and corporate data within the BioAtlas ecosystem. It is designed to meet the strict requirements of Brazil's Lei Geral de Proteção de Dados (Law 13.709/2018) and the EU General Data Protection Regulation (2016/679).

1.2. By interacting with our platforms, negotiating contracts, or utilizing our Atlas Strategy logistics, the data subject (User, Client, or Partner) acknowledges and accepts the terms herein established.

2. Specific Data Collection for Energy Trading

2.1. Due to our regulated status as an ANP-authorized fuel trader, we collect mandatory information for KYC (Know Your Customer) and AML (Anti-Money Laundering) purposes, including but not limited to:

• Identity Data: Legal representative identification, digital signatures, and powers of attorney.
• Compliance Data: Tax residence, proof of financial capacity, and international sanctions list screening.
• Technical Data: Logistical metadata, IP addresses, device identifiers, and encrypted session logs to prevent industrial espionage.

3. Legal Grounds for Processing

3.1. We process data based on the following pillars of Art. 7 (LGPD) and Art. 6 (GDPR):

• Execution of Contract: Necessary for the export of certified fuels and biofuels.
• Legal Obligation: Reporting to the ANP (National Agency of Petroleum) and Federal Revenue.
• Legitimate Interest: Safeguarding the Atlas Strategy operational integrity and preventing cyber threats.
• Legal Defense: For use in judicial, administrative, or arbitration proceedings.

4. Advanced Security and Cybersecurity

4.2. Any breach of technical barriers for the purpose of accessing trade secrets or personal data will be prosecuted under the Budapest Convention on Cybercrime and Brazil's Law 12.737/12.

5. International Data Transfers and Sovereignty

5.1. As a global trading house, data may be transferred to international port authorities, specialized banking institutions (for Letters of Credit), and cloud infrastructure in jurisdictions with adequate data protection levels.

5.2. BioAtlas utilizes Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCRs) to ensure that your data sovereignty remains intact, regardless of the geographic location of the server.

6. Retention and Mandatory Archiving

6.1. In alignment with the Statute of Limitations for international trade and fiscal transparency, BioAtlas retains operational and contract-related data for a minimum of ten (10) years.

6.2. Non-essential data (navigation cookies, newsletter logs) is purged every 24 months, unless otherwise requested by the subject or required by law.

7. Rights of the Data Subject

7.1. The data subject may at any time exercise their rights to access, correction, portability, and deletion (the latter being limited by the compulsory retention clauses of Article 6). Formal requests must be directed to our DPO (Data Protection Officer).

8. Intellectual Property and "Atlas Strategy"

8.1. All operational methodologies, trade flow diagrams, and digital content are protected under Intellectual Property laws. The use of data scraping or reverse engineering on our platforms is strictly prohibited and constitutes a violation of our Terms of Use and Privacy.