PRIVACY POLICY

This Privacy Policy applies to the following commercial companies, which act as Data Controllers for the personal data they collect and process in the scope of their activities:

SYNERE GROUP, LDA., with registered office at Rua da Zona Industrial, no. 420, 4580-565 Lordelo, Portugal, with the single registration and taxpayer identification number 509413692;

MUVV FORWARD, S.A., with registered office at Rua da Zona Industrial, no. 420, 4580-565 Lordelo, Portugal, with the single registration and taxpayer identification number 517856123;

These companies are part of the SYNERE Group (hereinafter, SYNERE GROUP)

1. Framework

This Privacy Policy establishes the commitment of all companies that are part of the Group to theprotection of personal data. For purposes of the GDPR, the Data Processing Responsibility belongs to the company that collects the data (the legal entity whose website or service you are using), except when the Group acts in Joint Controllership (see 'Data Sharing within the Group' section).

SYNERE GROUP aims to contribute to strengthening and consolidating the relationship of trust and proximity it has with its stakeholders (e.g., clients, employees, suppliers, shareholders and investors), through clear and transparent communication of what it does with this data and what rights it recognizes for the respective data subjects, as well as how to exercise them.

SYNERE GROUP acts in strict compliance with the principles described in this policy, Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR) and applicable data protection legislation, in all personal data processing activities under its responsibility.

The Privacy Policy is part of SYNERE GROUP's personal data protection regulatory framework, which includes standards and procedures for managing the security and privacy of personal data. SYNERE GROUP processes personal data through various operational and technical means to support its business process activities.

SYNERE GROUP shares personal data among its companies, identified above, when necessary for the pursuit of its legitimate interests. SYNERE GROUP has a legitimate interest in managing its activities efficiently and centrally, ensuring corporate cohesion and quality of services.

A. Objectives

The Privacy Policy, as a communication instrument, has the following main objectives:

  • Strengthen and consolidate the relationship of trust and proximity between SYNERE GROUP and all its stakeholders;
  • Demonstrate transparency about the purposes and legal grounds of processing activities carried out by SYNERE GROUP, as well as the retention periods for personal data involved;
  • Inform data subjects of their rights regarding the protection of their data and how they can exercise them;
  • Inform data subjects who are the SYNERE GROUP representatives they can contact to exercise their rights or clarify how their personal data is processed.

B. Scope of Application

The Privacy Policy applies exclusively to the processing of personal data carried out by SYNERE GROUP, within the context of the intended purposes.

For purposes of this policy, personal data is considered any information relating to an identified or identifiable natural person (data subject). A data subject is identifiable if they can be identified directly or indirectly, namely through an identification number or through specific characteristics of their physical, physiological, genetic, mental, economic, cultural or social identity.

C. Policy Maintenance, Communication and Application

The Privacy Policy must be reviewed annually when there is a change in circumstances and whenever there are legislative changes, to validate that it remains current and appropriate in light of applicable regulations and laws. Proposals for policy revision and supervision of its application and compliance are the responsibility of the competent management body of SYNERE GROUP.

This policy must be known to all SYNERE GROUP employees and must be made available to its stakeholders, whenever the processing of their personal data is at stake, through appropriate channels, namely on SYNERE GROUP's website.

2. Privacy Policy Content

A. Our Privacy Commitment

SYNERE GROUP operates based on trust and transparency. This commitment translates into the day-to-day relationship with our clients, employees, suppliers and other stakeholders. The privacy and security of the data you entrust to us are a priority for us.

It is our commitment to only collect, store, process, transmit or delete your personal data with transparency and that is essential for the maintained relationship.

We will inform you of how and for what purpose we use your personal data, with the guarantee that we collect, share and store your personal data with reference to best practices in the field of security and data protection.

When your personal data is collected, stored, processed, transmitted or deleted by other subcontracted entities, we require these entities to have the same level of privacy and security.

We want you to feel confident that your personal data is safe with us, as we will always be committed to protecting your privacy, and we take our responsibilitiesregarding the protection of your personal data very seriously and with great commitment.

Whenever you have any questions about the use we make of your personal data, we will be available to help you through the email info@muvv.pt.

B. Who is Responsible for Your Personal Data

The company SYNERE GROUP, LDA., better identified above, is the Data Controller of your personal data, for purposes of centralized Group management, under the terms of the General Data Protection Regulation and complementary legislation on personal data protection in force in the countries where it operates.

Each of the companies identified above is part of SYNERE GROUP, therefore your personal data may be transmitted and processed by any of the companies belonging to that Group for internal administrative purposes and based on the Group's legitimate interest.

For all questions related to the processing of your personal data and the exercise of your rights, you can contact us through:

Email: info@muvv.pt

Address: Rua da Zona Industrial, no. 420, 4580-565 Lordelo, Portugal

C. Personal Data We May Collect

In this Privacy Policy, the term "Personal Data" means the set of information that relates to you and allows us to identify you, directly or indirectly. Your personal data may include, for example, your name, your tax identification number and your contacts (physical and/or electronic).

We may also receive your personal data from other companies, namely when they collect, process or store them within the scope of a service provision contract entered into with us.

D. How and Why We Use Your Personal Data and What is the Legal Basis

We use your personal data only for the following specific purposes, based on the respective legal grounds provided for in the GDPR:

  • Contractual and Commercial Management (e.g., order processing, invoicing, delivery of goods/services);
  • Direct Marketing Communications (e.g., sending newsletters, communications);
  • Recruitment and Human Resources Management (e.g., processing applications, salary management);
  • Compliancewith Legal Obligations;
  • Improvement of our services and Fraud Prevention.

SYNERE GROUP may centralize certain services or business functions (such as Human Resources Management, Customer Support or Marketing). In these cases, the company that provides this centralized service (which may be any company of SYNERE GROUP) acts as a Data Processor for the remaining companies of the Group, always ensuring the application of security and confidentiality measures required by the GDPR.

E. How Long We Keep Your Personal Data

We keep your personal data only for the period necessary to fulfill the objectives defined within the scope of the maintained relationship and in compliance with any legal obligations.

Once the maximum retention period is reached, your personal data will be anonymized or destroyed/deleted securely.

F. With Whom We May Share Your Personal Data

In some cases we may disclose your personal data to other entities, within the scope of services provided by them. In these cases, we require that they have appropriate security measures in place to protect your personal data, namely through a subcontracting agreement.

When required by law, we may have to disclose your personal data to authorities or third parties (e.g., Tax Authority, Courts).

In the case of transfer or access to your personal data by companies that are part of SYNERE GROUP or to suppliers/service providers based outside the European Union (EU) or the European Economic Area (EEA), we guarantee that your personal data is processed in accordance with appropriate security and protection measures. These transfers will only be carried out if:

  • The country in question has an Adequacy Decision from the European Commission; or
  • We use Standard Contractual Clauses approved by the European Commission to ensure a level of data protection equivalent to the GDPR.

G. How You Can Exercise Your Personal Data Protection Rights

In certain circumstances, you have the right to access or request from us, at any time and in writing, through the email info@muvv.pt:

  • Access to additional information about the use we make of your personal data;
  • Rectification of your personal data;
  • Erasure of your personal data ("right to be forgotten");
  • Objection to the processing of your personal data (e.g., objection to marketing);
  • Restriction of how we use your personal data while we correct it or clarify any doubts;
  • Portability of your personal data, so that you can transmit it to another entity, if technically possible;
  • Withdraw the consent you have given us to use your personal data.

The exercise of these rights is excepted when your personal data is used to safeguard the public interest, namely in cases of detection and prevention of crimes, or when they are subject to professional secrecy or legal conservation obligations.

Regardless of which SYNERE GROUP company is processing your data, you can exercise your rights through the email info@muvv.pt.

If you are dissatisfied with the way we use your personal data or with our response to your request to exercise your rights, you may file a complaint with the National Data Protection Commission (CNPD). You can find the contacts at www.cnpd.pt.

H. How We Protect Your Personal Data

SYNERE GROUP has a variety of information security measures, aligned with national and international best practices, in order to protect your personal data. We implement technological controls, administrative, technical, physical measures and procedures that ensure the protection of your personal data, preventing its misuse, unauthorized access and disclosure, its loss, its improper or inadvertent alteration, or its unauthorized destruction. We assume in terms of information security the same commitment to continuous improvement by which we guide ourselves in our daily activity.

Among others, we highlight the following measures:

  • Restricted access to your personal data only by those who need it for the objectives we set out above;
  • Storage and transfer of personal data only in a secure manner;
  • Protection of information systems through devices that prevent unauthorized access;
  • Implementation of mechanisms that guarantee the safeguarding of the integrity and quality of your personal data;
  • Permanent monitoring of information systems, with the objective of preventing, detecting and impeding improper use;
  • Equipment redundancy to avoid loss of availability.

I. Updates to this Privacy Policy

This Privacy Policy may be updated in due course, which will be disclosed through appropriate channels, namely SYNERE GROUP's website. The date of the last update will appear at the end of the document.

Date of Last Update: 10/10/2025