Latest revision: Ago. 2nd, 2023

Our Privacy Notice is designed to reaffirm our commitment to the security and privacy of the information and personal data we collect from users, a service offered by Petróleo Brasileiro S.A., hereinafter referred to as Petrobras. Petrobras’ commitment to the topic is reflected in our Code of Ethical Conduct.

This privacy notice covers the treatment given by Petrobras to the personal information and data of natural persons capable of identifying users, collected when they are on Petrobras’ website or that compose the company’s electronic databases.

It is important to note that the Petrobras website may have access to links to external websites (also known as “hyperlinks”) whose contents and privacy policies are not the responsibility of Petrobras, that is, outside of Petrobras’ control and not covered by this Notice of Privacy. Thus, it is recommended that, when redirected to external sites, users should always consult the respective privacy statements / policies before providing their personal data, especially sensitive ones. It should be noted that Petrobras does not control the privacy practices of such sites, and does not endorse statements about third-party sites.

We remind you that Petrobras frequently reviews privacy regulations, including this Privacy Notice. Therefore, periodic reading is recommended.

In the event of a change in the way in which it collects and / or treats personal information or data, as well as in the case of a change in purpose, Petrobras will inform the new privacy conditions clearly and objectively, in compliance with Petrobras’ information security regulations, for the transparent management of the processing of personal data: a) to the general public, by means of an announcement on our main page; b) registered users, through electronic communication.

For the purposes of this Privacy Notice, the following considerations must be observed:

Petrobras, in the treatment of personal data, is guided by the legal principles and principles in force, paying special attention to the foundation of informational self-determination, as well as to the principles of good faith, purpose, non-discrimination, accountability and accountability.

1. DEFINITIONS

• Petrobras website: Investor Relations Website for Petróleo Brasileiro S.A.
• User: Person who uses and / or interacts with any of Petrobras’ digital channels.
• Personal data: information related to the identified or identifiable natural person.
• Sensitive personal data: Personal data about racial or ethnic origin, religious beliefs, political opinion, union membership or organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data, when linked to a natural person.
• Treatment: any operation carried out with personal data, such as those referring to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, elimination, evaluation or control of information, modification, communication, transfer, diffusion or extraction.
• Cookies and similar technologies: cookies are small files created by visited websites and stored on the user’s computer through the browser, which can be used to identify visitors, customize the page based on the navigability profile, track usage patterns for improvement and control, and facilitate the transport of data between pages of the same website. The functions performed by cookies can also be performed by similar technologies, such as pixels, fingerprinting techniques, log files, web beacons, among others.

2. Petrobras can monitor all the movement of users on the Portal, to improve navigability and the consequent development of technological solutions in the daily activities, with a focus on simplifying the process, improving service, highlighting aspects of economy, governance and information traceability

3. Petrobras collects information and personal data capable of identifying users, such as texts and images, when they:

1. a) browse the site
2. b) download documents, presentations and other materials
3. c) fill out forms and access systems

From User

4. For each of the data collection modalities, different information may be requested, according to the specific purpose of the collection, with the respective legal support and storage time. Thus, users will be previously informed about the data and the purpose that will be collected, whether it is up to them to provide it or not.

5. Petrobras makes use of essential cookies on the Investor Relations website. The user can configure his browser not to be tracked.

1. a) Petrobras does not have access to the IP address of navigation in Petrobras’ Reporting Channel, which is an independent, confidential and impartial tool, and is available to the external and internal audiences of Petrobras and its controlled companies. It is, therefore, a confidential environment, hosted outside the Petrobras System and managed by the contracted company. Anonymity is guaranteed both over the internet and by phone, as there is no record of the IPs of whistleblowers’ computers or tracking of calls.

6. The entry of the user’s personal data on the Petrobras website is not a requirement for browsing the website, and is therefore optional. The user expressly decides to explicitly provide his personal data by knowing and accepting the terms of this Privacy Notice. Petrobras ensures that the specificities of its stakeholders are taken into account in the treatment of personal data and are included in the terms of prior use of collection, especially in situations where the express authorization of the holder is necessary, demonstrating unequivocally its manifestation of will.

7. Petrobras promotes the prevention of risks related to privacy in all its activities, from conception, with reflections in all its processes and information systems.

8. Petrobras makes the best efforts so that the risks inherent in the treatment of personal data and its management are mapped in an appropriate, updated and organized manner to include all information on the subject in the reports required by legal regulations in force.

9. Petrobras stores personal data in order to provide users with access, based on information security regulations, upon request, in the form of the LGPD.

10. All personal data collected will be incorporated into the Petrobras database for the time necessary to achieve the purpose stated in its collection and the resulting legal requirements, including to protect the rights of Petrobras and / or its employees. users.

11. Petrobras may disclose your personal data, as required / permitted by current law in the event of protection of rights and / or lawsuit / action or request from a regulatory body.

12. Petrobras, including by third parties, supported by the current legal regulations, collects and treats user data for specific and determined purposes, informed to users before their collection, and without further treatment in an incompatible way for these purposes, supported by the current legal regulations.

Petrobras uses the information collected for the following purposes: (i) to optimize the use and interactive experience during the user’s navigation on the website; (ii) prepare general statistics; (iii) answer the questions and requests of its users; (iv) carry out communication and relationship marketing campaigns; (v) communicate with users in order to provide them with information about the company, products, services and promotions; (vi) with respect to information of children under 13, the use of this information will be for educational purposes.

13. Petrobras handles sensitive personal data:

1. a) with consent, and with specific purposes, according to the legislation in force. If the processing of personal data occurs at the request of the user, consent is considered to have been given.

b) without the user’s consent if they are indispensable, according to current legislation, for:

(i) compliance with a legal or regulatory obligation;

(ii) shared processing of data necessary for the implementation of public policies provided for in laws or regulations;

(iii) carrying out studies by a research body, guaranteeing their anonymity, whenever possible;

(iv) regular exercise of rights, including in contract and in judicial, administrative and arbitration proceedings;

(v) protection of the life or physical safety of the user or third parties;

(vi) health supervision, exclusively, in a procedure performed by health professionals, health services or health authority;

(vii) ensuring the prevention of fraud and user security, in the identification and authentication processes of registration in electronic systems, except in the case of fundamental rights and freedoms that require the protection of personal data.

14. Petrobras preferably treats personal data with legal support different from the user’s authorization, based on legal aspects. In case of doubt as to its necessity and other normative bases, the user’s consent will necessarily be expressly requested, with its purpose and the consequences of the non-authorization. And, in the case of treatment of personal data based on consent, the user will be explained the possibility of its revocation and developments.

15. Access to the information collected is restricted to employees and persons authorized for this purpose. Employees and / or authorized persons, who misuse this information, will be subject to the penalties provided for in our disciplinary proceedings, without excluding other applicable legal measures. Petrobras does not release or sell personal data to third parties to allow the sale of products and services. However, there may be a need to share with other companies in the Petrobras System and / or third-party service providers, including to other countries. In these cases, Petrobras guarantees that personal data are provided with an adequate level of protection to that of Brazilian legislation on the subject and that they are used for the purposes indicated at the time of collection and following the guidelines established in the contractual clause and guarantee of privacy. Petrobras can also verify compliance with its contractual clauses to assess compliance with obligations on the subject.

Access to the information collected is restricted to employees and / or persons authorized for this purpose, especially for sensitive personal data. If they misuse this information, violating our Privacy Notice, they will be subject to applicable disciplinary and legal measures.

16. Personal data can also be shared with public bodies that are subject to the same national legislation on the protection of personal data.

17. The user guarantees the veracity and accuracy of the personal data he provides on this website, assuming the corresponding responsibility if they are not accurate. The updating of personal data is the responsibility of the holder. Petrobras does not assume any responsibility in case of inaccuracy of the personal data entered by the user on this website, but guarantees its correction upon request from the holder.

18. Petrobras stores the data in a complete and authentic manner, ensuring the confidentiality of the information provided to us. Users ‘personal data will be kept in accordance with PETROBRAS’ information security standards, which adopt technological solutions for the protection of personal data in terms of integrity and confidentiality. However, PETROBRAS does not guarantee that its systems are immune to invasions by third parties or the action of malicious software. PETROBRAS is not responsible for damages resulting from access and / or use by unauthorized third parties, in accordance with the law.

19.Petrobras provides secure and suitable access to its data subjects to their personal data, ensuring that it is obtained (observing commercial and industrial secrets, based on information security and data protection regulations), in a timely manner and upon request to:

(i) confirm the existence of treatment;

(ii) access the data;

(iii) correct the data (incomplete, inaccurate or outdated);

(iv) anonymize, block or eliminate unnecessary, excessive or non-compliant data;

(v) portability of data to another service or product provider, when possible;

(vi) inform about the possibility of not providing consent and about the consequences of the refusal;

(vii) eliminate the personal data processed with your consent, except in case there is another legal basis for carrying out the treatment;

(viii) revoke the consent, ratifying the treatments carried out under the protection of the previously expressed consent;

(ix) inform the public and private entities with which Petrobras has made shared use of data.

20.Petrobras frequently reviews internal privacy regulations, including this Privacy Notice. In the event of a change, the revision date at the top of this page will be updated and it will take effect from that date. Therefore, we encourage you to read this Notice periodically.

In case of doubts or comments regarding this Notice, please contact privacidade@petrobras.com.br.