Cookie Policy

GOATCOM COOKIE POLICY

1. Introduction

This Cookie Policy aims to clarify, in a detailed, transparent, and accessible manner, how GOATCOM COMMERCE LTDA ("GOATCOM") uses cookies and similar technologies on its digital platform (https://goatcom.io/), in compliance with the General Data Protection Law (Law No. 13.709/2018 – LGPD), the Brazilian Civil Rights Framework for the Internet (Law No. 12.965/2014), and international best practices for privacy and data protection. This document complements our Privacy Policy, available on our website, and should be interpreted in conjunction with the Platform Terms of Use. Our goal is to ensure transparency and user control over the processing of their personal data, promoting a secure and personalized experience.

2. What Are Cookies?

Cookies are small text files that are stored on the user's browser or device when they access a digital platform. They contain specific information about navigation, such as preferences, interactions, session data, and unique identifiers. In addition to cookies, we may also use similar technologies, such as web beacons, pixels, tags, local storage, and embedded scripts, which fulfill similar functions. These tools are widely used to make navigation more efficient, personalized, and secure.

3. Why Do We Use Cookies?

GOATCOM uses cookies for various reasons, with the aim of improving the user experience and ensuring the full functioning of the platform. The main objectives include:

• Ensuring the technical and secure functioning of the platform;
• Enabling user login and authentication;
• Memorizing preferences and personalized settings;
• Analyzing navigation performance and usage behavior, in an aggregated and anonymous manner, with the aim of identifying failures and improving functionalities;
• Providing personalized content, recommendations, and experiences adapted to the user's interests;
• Displaying relevant ads and limiting advertising repetition;
• Evaluating the effectiveness of advertising campaigns and marketing strategies; meeting legal obligations and ensuring compliance with our internal terms and policies.

4. What Types of Cookies Do We Use?

GOATCOM adopts different categories of cookies, classified according to their purpose and origin:

• Strictly Necessary Cookies: indispensable for the functioning of the platform and for the secure use of the services offered. They allow, for example, session authentication, fraud prevention, security maintenance, and cookie consent management. They cannot be disabled in our systems.
• Performance and Analysis Cookies: collect information anonymously for statistical purposes. They are used to understand how users interact with the platform, which pages are most accessed, how long they stay, among other metrics that contribute to optimizing the navigation experience and detecting failures.
• Functional Cookies: enable the personalization of the user experience, storing their preferences (such as language, location, layout, accessibility settings, and previously viewed content). They are useful for providing a more fluid and tailored navigation.
• Advertising and Marketing Cookies: allow presenting relevant ads based on the user's navigation profile, helping to measure campaign performance and avoid excessive repetition of ads. These cookies may be set directly by us or by advertising partners.
• Third-Party Cookies: are cookies set by domains other than the site being visited. GOATCOM uses third-party cookies provided by analysis platforms (e.g., Google Analytics), advertising, social networks, and marketing management systems. These third parties have their own privacy policies and practices, over which we have no direct control.

All cookies used undergo an assessment of purpose, necessity, and proportionality, in accordance with principles provided in the LGPD. The use of non-essential cookies is conditioned on the holder's consent, who may manage their preferences through the Cookie Settings Panel available on our website.

If desired, the user can also configure their browser to refuse or delete cookies, although this may negatively impact the functioning of certain platform functionalities.

5. User Cookie Management

The user has full control over the use of cookies on our platform. Upon accessing the GOATCOM website, a consent banner will be displayed allowing granular management of cookie preferences, enabling total or partial acceptance or rejection of specific categories, except for strictly necessary cookies.

In addition, the user may review and change their preferences at any time by accessing the Cookie Preferences Panel, permanently available in the platform footer.

It is also possible to manage directly in the internet browser used, including options for blocking, deletion, and prior warning about cookies. However, it is worth noting that disabling certain cookies may compromise essential site functionalities, negatively impacting the navigation experience and full access to platform resources.

We recommend that the user consult the specific instructions of the browser used to configure cookie preferences securely.

6. Legal Basis for Cookie Usage

GOATCOM processes data through cookies in compliance with the General Data Protection Law (LGPD), observing the principles of necessity, purpose, transparency, and security. The legal bases applied are:

• Holder's consent (Art. 7, I, LGPD): applicable for non-essential cookies, such as marketing, advertising, statistics, and additional functionalities. Consent is collected in a free, informed, prominent manner and through unequivocal affirmative action.
• Controller's legitimate interest (Art. 7, IX, LGPD): applicable for strictly necessary cookies, used to ensure the technical functioning of the platform, user authentication, and system security. In these cases, we perform a prior assessment of the impact on the rights and freedoms of the holders.

GOATCOM undertakes to periodically review the applicable legal bases and update its governance documentation, such as the Data Protection Impact Assessment (DPIA), whenever necessary.

7. Third-Party Cookies

We may use third-party cookies integrated into our platform for various purposes, such as:

• Analytics tools (e.g., Google Analytics, Hotjar);
• Advertising and retargeting platforms (e.g., Facebook Ads, Google Ads);
• Social media plugins (e.g., Instagram, WhatsApp, LinkedIn);
• External performance and error monitoring services.

These cookies are under the responsibility of the respective third-party companies and governed by their own privacy and cookie policies, which we strongly recommend the user read carefully before consenting to data collection.

GOATCOM performs prior assessment of the providers with which it integrates, requiring security standards compatible with national legislation and international best practices.

8. Security of Collected Data

GOATCOM adopts robust technical and administrative measures to protect personal data processed through cookies, in compliance with Art. 46 of the LGPD and the principle of information security.

Among the measures implemented, the following stand out:

• Encryption of data in transit and at rest;
• Access control with multi-factor authentication;
• Monitoring and recording of access logs;
• Vulnerability analysis and periodic testing;
• Internal training and data protection governance policy.

Data collected through cookies is stored securely, with restricted access and only for the time necessary to fulfill the declared purposes.

9. Changes to This Cookie Policy

This Cookie Policy may be modified at any time, especially due to relevant legal, regulatory, or operational updates. In case of substantial change affecting how we process personal data, the user will be notified through the channels available on the platform or by e-mail, when applicable.

The date of the last update will always be available in the footer of this document. We recommend periodic review of this Policy so that the user remains informed about how their data is being treated.

10. Contact

For any questions, suggestions, or requests related to this Cookie Policy or the processing of personal data by GOATCOM, the user may contact the Personal Data Processing Officer (DPO) through the following channels:

E-mail: support@goatcom.io

The DPO is responsible for ensuring compliance with the rights of holders, as provided in Arts. 18 to 22 of the LGPD, as well as acting as a point of contact with the National Data Protection Authority (ANPD).