HURST CAPITAL LTDA. ("HURST") and HURST SERVIÇOS DE INVESTIMENTO COLETIVO E SECURITIZAÇÃO S.A. ("HURST CROWDFUNDING"), together with HURST ("HURST GROUP"), value and are committed to preserving the privacy, security, and transparency in the processing of personal data pertaining to their employees, clients, partners, and all other natural persons with whom they have any relationship. Consequently, this Data Privacy and Security Policy ("Policy") has been developed in compliance with the General Personal Data Protection Law – LGPD (Law No. 13,709/18) and the Brazilian Internet Civil Rights Framework (Law No. 12,965/14). Furthermore, this Policy may be updated in the event of any regulatory changes.

The Data Privacy and Security Policy defines the guidelines for the use, storage, processing, and protection of personal data collected digitally and/or physically by the HURST GROUP, encompassing data collection through various communication channels, such as websites, email, WhatsApp, social networks, points of sale, and events. Therefore, it is highly recommended that employees, clients, and other interested parties carefully read this document.

By utilizing our services, employees, clients, and other interested parties acknowledge the processing of their personal data as stipulated by Brazilian legal framework, specifically the General Personal Data Protection Law – LGPD (Law No. 13,709/18).

We clarify that this Policy applies when the HURST GROUP acts as the data controller for the personal data of employees, clients, and other interested parties.

Thus, the HURST GROUP, in its role as Data Controller, is bound by the provisions of this Privacy Policy.

Personal data is processed for the following purposes:

The HURST GROUP may share all collected Personal Data with third parties. This sharing may occur to comply with legal, regulatory, or tax requirements, as well as to fulfill the aforementioned purposes, and within the limits required and authorized by law:

• With employees and collaborators of the HURST GROUP, who are directly authorized for data processing, or with group companies acting as independent Controllers or Processors.
• With companies and individuals contracted to perform specific activities and services on behalf of HURST GROUP.
• With suppliers and partners for the execution of services contracted with HURST GROUP.
• For administrative purposes such as: research, planning, service development, security, and risk management.
• In the continuous development of our business operations, processes of company acquisition and merger, establishment of commercial partnerships, joint ventures, and other similar transactions may occur. Should any of these transactions take place, the information collected from our clients may be transferred; however, even in such situations, the Privacy Policy will be maintained, ensuring that the use of clients' personal data will be exclusively in accordance with the terms stipulated herein.
• When necessary due to a legal obligation, determination by a competent authority, or judicial decision.

In cases where your Data is shared with third parties, all entities mentioned in the preceding items must utilize the shared Data consistently and in accordance with the purposes for which it was collected (or for which the User previously consented), as stipulated in this Privacy Policy, and by observing other website or country-specific privacy statements, and all applicable privacy and data protection laws.

Should Data be shared, the third party will only receive the data essential for the provision of contracted services. It is important to note that our contracts are drafted in compliance with the data protection regulations of the Brazilian legal system. However, our partners maintain their own Privacy Policies, which may differ from ours.

Upon redirection to a third-party application or website, you will no longer be governed by this Privacy Policy or our platform's Terms of Service. We are not responsible for the privacy practices of other sites and encourage you to review their privacy statements.

No documents and/or personal information will be sold. Furthermore, Users' personal information (referred to as Data Subjects) will not be individually disclosed to third parties, except as stipulated herein or by law and upon judicial order.

The Personal Data of employees, clients, partners, and all other natural persons with any affiliation to the HURST GROUP are stored digitally and/or physically for the period necessary for service provision or the fulfillment of the purposes outlined in this document.

Data will be erased when they no longer serve the purpose for which they were collected. The user may request the erasure of their personal data when processing is based on their consent or if the processed data is excessive, unnecessary, or processed in non-compliance with the LGPD.

Furthermore, data subjects' personal data will only be retained after the conclusion of their processing in the circumstances stipulated in Article 16 of the LGPD, namely:

• For compliance with a legal or regulatory obligation by the controller;
• For research purposes by a research body, ensuring, whenever possible, the anonymization of personal data;
• For transfer to a third party, provided that the data processing requirements set forth in this Law are respected; and/or
• For the exclusive use of the controller, with third-party access prohibited, and provided that the data is anonymized.

All data provided by employees, clients, partners, and other natural persons affiliated with the HURST GROUP will be treated with confidentiality and solely for achieving specific purposes. To maintain the security of personal information, we employ physical, electronic (our servers), and managerial tools, guided by our security policies and standards for the protection of your privacy.

These tools are applied considering the nature of the personal data collected, the context, the purpose of processing, and the risks that potential violations would pose to the rights and freedoms of the data subject whose data is collected and processed.

Among the measures we adopt, the following are noteworthy:

• Only authorized personnel have access to the personal data of employees, clients, partners, and all other natural persons affiliated with the HURST GROUP;
• Access to personal data is granted only after a commitment to confidentiality; and
• Personal data is stored in a secure and suitable environment.

The HURST GROUP is committed to implementing best practices to prevent security incidents. However, it is crucial to emphasize that no information transmission is entirely secure and risk-free, remaining susceptible to technical failures, viruses, or similar actions. It is possible that, despite all our security protocols, issues arising from the exclusive fault of third parties may occur, such as cyberattacks by hackers, or also due to the negligence or imprudence of the user/client themselves.

In the event of a security incident that may pose a significant risk or harm to personal data subjects, the HURST GROUP commits to exerting full effort to remedy the consequences of the event. Additionally, we will notify affected parties and the National Data Protection Authority of the occurrence, in accordance with the provisions of the General Personal Data Protection Law – LGPD (Law No. 13,709/18).

The HURST GROUP ensures the rights stipulated in Article 18 of the General Personal Data Protection Law – LGPD (Law No. 13,709/18). Thus, the Personal Data Subject may, free of charge and at any time:

• Confirm the existence of data processing, either in a simplified manner or in a clear and comprehensive format.
• Access their data, requesting it in a legible copy, either in printed form or via a secure and reliable electronic medium.
• Rectify their data, by requesting its editing, correction, or update.
• Restrict the processing of your data when it is unnecessary, excessive, or processed in non-compliance with legislation, through anonymization, blocking, or deletion.
• Request the portability of your data via a report containing your registration data processed by the HURST GROUP.
• Erase their data processed based on their consent, provided there is no legal justification for retaining it.
• Revoke their consent, by explicitly requesting the DPO and withdrawing authorization for their data processing.
• Be informed about the possibility of not providing your consent and the consequences of such refusal.

To exercise the rights stipulated in the LGPD, the Personal Data Subject must contact the HURST GROUP via the following email address:

• Email: atendimento@dpooficial.com.br

To ensure your correct identification as the personal data subject, we may request documents or other proofs to verify your identity. In such an event, you will be informed in advance.

The client/user guarantees and is responsible for the veracity, accuracy, currency, and authenticity of the information provided to acquire our products or services. The HURST GROUP bears no responsibility for the insertion of false data or its inaccuracy, should any inaccuracy be detected.

The current version of the Privacy Policy was last updated on September 17, 2025.

We reserve the right to modify this Privacy Policy at any time, primarily to accommodate any changes made to our website or within the legislative framework.

Any changes will take effect upon their publication on our website.

The HURST GROUP establishes the responsibility of agents involved in data processing activities, in accordance with Articles 42 to 45 of the General Data Protection Law – LGPD (Law No. 13.709/18).

The HURST GROUP is responsible for the security of data processing operations and for ensuring compliance with the purposes described herein.

The HURST GROUP commits to keeping this Privacy Policy updated, observing its provisions and ensuring its compliance.

Furthermore, it undertakes to seek technical and organizational conditions that are demonstrably capable of protecting the entire data processing operation. Moreover, should the National Data Protection Authority (ANPD) require the adoption of measures concerning data processing carried out by the HURST GROUP, we commit to complying with them.

Cookies are files installed on users' electronic devices to collect information about the website for various purposes, such as to ensure the website's functionality, monitor performance, or display advertisements.

The HURST GROUP website utilizes essential cookies, the disabling of which prevents the website from functioning or users from utilizing its services, as well as non-essential cookies, which provide functionalities not critical to the service and can therefore be disabled by users without affecting the website's operation.