Policy Cookie Notice

POLICY COOKIE NOTICE

1. PURPOSE

The purpose of this document is to determine general guidelines for handling Cookies on our digital platforms.

2. SCOPE

This document covers all Assaí business areas.

3. GUIDELINES
3.1. General Guidelines.

Assaí respects your privacy concerns and values its relationship with those who access and use the digital products and services we offer.

3.1.1. Like many companies, Assaí uses technology on platforms to collect information that helps us improve the consumer experience and relations. This Cookies Policy was developed to detail what cookies are, which type of cookies Assaí uses, what information is collected using cookies and what this information is used for. For more details of collection, use, storage and maintenance of secure personal data, see our privacy policy.

3.2. Definition of cookies.

3.2.1. Cookies are small text files that are transferred to a browser or device (such as a cellphone or tablet) that recognize the browser or device, and show how and when Assaí websites, products and services are used. They may be useful for several purposes, such as adapting the size of the website to a screen, better understanding of preferences and offering more efficient service.

3.2.2. Cookies usually expire within a certain time. For example, some cookies are automatically deleted when a browser is closed (so-called session cookies), while others may be stored for longer periods on a device until they are manually deleted (persistent cookies).

3.3. Reasons for using cookies

Assaí uses cookies for the following:
3.3.1. Authentication. The use of cookies and similar technologies to recognize users accessing products and services. These technologies help show the correct information and personalize the experience depending on each user’s settings, thus facilitating access and the browsing experience.

3.3.2. For instance, cookies may be used to remember which browser is being used so that a user does not need to authenticate to access their account whenever they want to enter Assaí platforms.
3.3.3. Security. The use of cookies and similar technologies help protect each account and make for safer interactions with Assaí products and services.

3.3.4. For example: using cookies to help detect harmful activity and possible account violations, such as when someone tries to access a user’s account without authorization. Cookies are also used to store data that allows you to recover an account if its user forgets their password or requires additional authentication if a user states that their account has been hacked.

3.3.5. Preferences and features. The use of cookies to maximize personalization of browsing experiences and enable the broad functionality of Assaí products and services, storing some of the preferences.

3.3.6. For example: using cookies to help fill out certain registration forms more easily. This technology is also used to remember information about the browser and language preferences, visualize page views and communicate.

3.3.7. Personalized content and advertising. Use of cookies and similar technologies to steer personalized content, including marketing and advertising content, based on information about people’s interaction with Assaí platforms.

3.3.8. For example: cookies allow certain interactions made on Assaí products to be remembered, so that when the user returns to the platforms, they may be offered additional useful and relevant information related to each user’s profile and preferences.

3.3.9. Social network plugins. Cookies and similar technologies are used to enable plugins from certain social networks when a user chooses to access Assaí’s products and services through these networks.
3.3.10. For example: some websites and products allow you to register through social networks, such as with the button “Access with Facebook”. These plugins use cookies and other technologies to provide analytics and recognize each user on these social networks to connect with Assaí products.

3.3.11. Measuring website performance and analysis. The use of cookies to understand how Assaí products and services are being used and therefore improve user experience.

3.3.12. For example: cookies are used to automatically collect certain data for a user’s interaction with Assaí website elements to identify how many times a page has been visited or how many people have accessed the page. These cookies help to better understand audiences and how they interact with platforms in order to improve the entire user experience.

3.3.13. In any case, users can always refuse to install the cookies described in this Policy on their device and/or choose to remove these cookies at any time, as per information in the item below headed “How to remove or block cookies” below.

3.3.14. Assaí is not responsible for the use of third-party platforms cookies. Cookies installed on interacting with third-party platforms may continue to monitor users’ online activities even after interacting with the platforms, therefore user should clear their browsing history regularly to ensure that their device uses only the technologies of their interest.

3.4. Authentication cookies
Name Domain Purpose Expires
cookie- agreed- version assai.com. br stores user consent to use of cookies 99 days
rc::a google.co m detects whether a human or a robot is accessing the site does not expire
rc::c google.co m detects whether a human or a robot is accessing the site each new session
test_cookie doubleclick
.net
checks whether the user’s browser supports cookies 1 day
3.5 Security cookies
Name Domain Purpose Expires
cookie- agreed- version assai.co m.br stores user’s consent to use of cookies 99 days
has_js assai.co m.br logs whether user’s browser has javascript enabled each new session
rc::a google.co m detects whether a human or robot is accessing the site does not expire
rc::c google.co m detects whether a human or robot is accessing the site each new session
test_coo kie doubleclic k.net checks whether the user’s browser supports cookies 1 day
3.6. Cookies for preferences and functionality
Name Domain Purpose Expires
yt-remote- cast-installed youtube.co m logs whether user’s browser has javascript enabled each new session
yt-remote- connected- devices youtube.co m logs user’s video preferences does not expire
yt-remote- device-id youtube.co m logs user’s video preferences does not expire
yt-remote- fast-check- period youtube.co m logs user’s video preferences each new session
yt-remote- session-app youtube.co m logs user’s video preferences each new session
yt-remote- session-name youtube.co m logs user’s video preferences each new session
Ip assai.com.b r logs data for caching and storing javascript files on the site each new session
3.7. Cookies for sending personalized content and ads
Name Domain Purpose Expires
_fbp assai.co m.br used by Facebook to deliver personalized ads 3 months
fr facebook. com used by Facebook to deliver personalized ads 3 months
sync sync.nav damp.co m ccollect user behavior data to send ads each new session
3.8. Cookies for social media plugins
Name Domain Purpose Expires
fr facebook. com used by Facebook to deliver personalized ads 3 months
tr facebook. com sends ads to user each new session
VISITOR_INF O1_LIVE youtube.c om estimates YouTube video bandwidth use 179 days
YSC youtube.c om logs YouTube video screening statistics each new session
yt-remote- cast-installed youtube.c om logs whether user’s browser has javascript enabled each new session
yt-remote- connected- devices youtube.c om logs whether user’s browser has javascript enabled does not expire
yt-remote- device-id youtube.c om logs whether user’s browser has javascript enabled does not expire
yt-remote- fast-check- period youtube.c om logs whether user’s browser has javascript enabled each new session
yt-remote- session-app youtube.c om logs whether user’s browser has javascript enabled each new session
yt-remote- session-name youtube.c om logs whether user’s browser has javascript enabled each new session
3.9. Cookies for website performance metrics and analytics
Name Domain Purpose Expires
_ga assai.co m.br logs a unique ID that will generate website access statistics 2 years
_gat assai.co m.br used by Google Analytics to measure data load speed 1 day
_gid assai.co m.br logs a unique ID that will generate website access statistics 1 day
collect google- analytics.com sends Google Analytics data on behavior of user and their access device each new session
3.10. How to remove or block cookies

3.10.1. If a user needs to know which cookies are installed on their device, or wishes to delete or restrict them, they may do so through their browser settings. Users may find more explanations on how to proceed by clicking the links below. To find details for other browsers, visit their developer website.

• Firefox

• Chrome

• Safari

• Internet Explorer

3.10.2. By using cookies, we can offer better product and service experiences. If a user blocks our products’ cookies or decides not to allow some of them, there is no way of ensuring that all Assaí platform functionalities will work properly, and users may be unable to access certain areas of Assaí products. In addition, certain functions and pages will probably not work properly.

4. PENALTIES

An employee who witnesses a breach of any of the above rules should report it through our Ombudsman Channel. In addition, our Code of Ethics guidelines states that failing to obey rules and instructions mandated in this document may be considered a serious breach subject to appropriate disciplinary sanctions.

5. ATTACHMENTS

N/A

6. REFERENCES

6.1 The following are part of this Policy:

6.1.1. Code of Ethics
6.1.2. Privacy Policy

7. DEFINITIONS

N/A

8. VERSION HISTORY AND APPROVALS
Version / Year Changes Reviewers (position / business area) Approved by (position/business area)
00/2021 First version of document Bruno Moraes Cardoso.
IT manager
Natanael dos Santos Silva.
IT Information Security
Washington Oliveira dos Santos.
IT coordinator
Rodrigo Catani.
IT coordinator
Thiago Cunha.
IT Information Security
Arnor Milton.
Personal Data Protection
Sadik Sarkis.
DPO Assaí
Maria do Carmo.
Marketing manager
Rodrigo Callisperis.
IT officer
9. PUBLICATION

Please ensure this is the latest version posted on our Intranet.
Office of Projects and Processes
Controlled document. May be out of date at the time of printing

LAST UPDATE: 04/30/2021