Brazil Customer and Vendor Privacy Notice

May 2021

The privacy and protection of your Personal Data are of great importance to us.

As part of our business activities, Leggett & Platt do Brasil Ltda. (referred to as “Leggett,” “Company,” “we,” “our,” or “us”) collects and processes personal information of clients and suppliers (i.e., data that can be associated/attributed to an individual, hereinafter "Personal Data").

This Privacy Notice is intended to inform you, our business partners, about how and why we process your Personal Data, in accordance with Law No. 13.709/2018, the Brazilian Data Protection Law (“LGPD”) and its further amendments. It includes information about what is collected, with whom we share your Personal Data, how long we keep them, and what your rights are in regard to the processing.

1. Who is responsible for the processing of your Personal Data?

The Company is the responsible data controller, which means that it is the entity that collects your Personal Data and decides why and how to process them.

2. What Personal Data do we collect?

We collect the following types of information related to our business activities, provision of services, conclusion of contracts or maintenance of business relationships:

  • Contact information (e.g., your name, title, employer, business phone number, business email address, and business physical or postal address).
  • Information necessary to comply with legal or regulatory obligations, or Company requirements such as the name, age or Date of Birth of officers and principals for due diligence and anti-corruption purposes, business related credit information, banking or tax details, or registration numbers.
  • Information on your sales / our orders; and
  • Records tracking our relationship and communication with you.

We usually collect this information directly from you (e.g. when you request information about a product or place an order; when you apply for credit or submit a proposal). In certain scenarios, we will also obtain your Personal Data from other sources, such as from credit checks or due diligence and anti-corruption providers. In such cases, we will obtain information from other sources in strict compliance with applicable data protection laws and regulations.

3. For which purposes do we collect and process your Personal Data?

We collect and process your Personal Data for the following purposes:

  • Manage existing and prospective client, customers, supplier, or other third-party relationships (e.g., conclusion of a contract, purchases, sales, issuance of invoice, information required by the tax authorities, credit approval, queries, etc.);
  • Communicate about products we offer or intend to offer, the improvement of our products, and the review of our business relationship;
  • Perform accounting, auditing, billing, and collection activities;
  • Meet legal obligations (e.g. financial, fiscal, and administrative obligations); and
  • Establish, enforce or defend against legal claims.

4. Who has access to your Personal Data?

To manage our business relationship, we might share your Personal Data internally with members of our marketing, sales, supply chain, quality assurance and finance departments. We may also share your Personal Data within the group of Leggett & Platt, Incorporated companies (“Leggett Group”) who may be providing services to Company or otherwise involved in the marketing, sales, supply chain, quality assurance, finance, legal, or other corporate functions or management teams involved in providing products or managing our business relationship. In each case, only if the access to your data is actually needed and solely for professional purposes.

In addition, and only when necessary to fulfil the purposes mentioned above, we will disclose your Personal Data to the following recipients or categories of recipients, as the case may be:

  • Third party agents, service providers and advisers (e.g. in connection with payments, legal advice or postal services);
  • Law enforcement, government authorities or courts where necessary to comply with applicable laws or exercise our right of defense in administrative or court procedures; and
  • Other parties in the event of any contemplated or actual reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in any insolvency or similar proceedings) to the extent necessary.

We will not disclose your Personal Data to any parties who are not authorized to process them.

5. On which legal basis do we process your Personal Data?

We rely on the following legal basis for processing your Personal Data:

  • When processing is necessary for the performance of a contract with you or in order to take the necessary measures before entering into a contract;
  • For the establishment or protection of credit;
  • Your consent (e.g. when you initiate a request for contact or information; you choose to submit a bid to become a supplier)
  • Compliance with the legal obligations to which we are subject (e.g., when we are legally bound to retain certain client or supplier data) or in exercise of our right of defense in administrative or court procedures; and
  • When the processing is necessary in order to meet our legitimate interests (e.g., to communicate about the products we currently offer or intend to offer, the improvement of our products and the review of our business relationship), unless we determine, in a case-by case assessment, that our interests are superseded by your interests or fundamental rights and freedoms, and the Personal Data processed is limited to what is strictly necessary for the intended purpose.

6. Where will my Personal Data be processed?

Your Personal Data may be processed inside and outside of Brazil by us, the Leggett Group, or the data processors working on our behalf.

Please note that other countries have different laws regarding the protection of Personal Data. When your Personal Data are transferred from your own country to another country, the laws and regulations that protect your Personal Data in the country to which your information is being transferred may be different (or offer less protection) than those in your country of residence. For example, the circumstances in which law enforcement authorities can access your Personal Data may vary from country to country.

If your Personal Data are transferred outside Brazil, we will ensure that it is done in compliance with applicable laws, with appropriate safeguards, and in compliance with your rights regarding your Personal Data noted below.

7. How do we protect your Personal Data?

The Company maintains appropriate technical and organizational safety measures to help protect your Personal Data against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.

8. How long do we keep your Personal Data?

We will not retain your Personal Data for longer than necessary in order to meet the purposes for which the data was collected, or to comply with our legal obligations, such as:

  • Client contracts and the related information will be retained for as long as the contracts are in force and, subsequently, for an additional subsequent period for compliance with legal obligations (e.g., defense of legal claims.)
  • Financial and fiscal data will be retained according to applicable legal provisions (e.g., Fiscal Law); and
  • Commercial information will be retained for the purpose of maintaining consumption and relationship history.
  • Marketing information will be retained until the consent is withdrawn.

9. What are your rights with respect to your Personal Data?

To the extent permitted by the applicable data protection laws and regulations, you have the following rights regarding your Personal Data, at no cost to you:

  • Access to the Personal Data and confirmation of the existence of the processing;
  • Correction of incomplete, inaccurate, or out-of-date Personal Data;
  • Portability of the Personal Data to another service provider under certain circumstances;
  • Anonymization, blocking or deletion of your Personal Data;
  • Deletion of Personal Data processed with your consent, except in certain situations;
  • Information about public and private entities with which the Personal Data has been shared.
  • Withdrawal of your permission at any moment while your Personal Data is being processed with your permission (and information about the possible consequences of denying consent), without affecting the legality of the processing activities, based on your permission prior to said withdrawal.

You, or your legally constituted representative, may exercise the aforementioned rights by sending a request to contact indicated in Section 10 below and providing your name, your e-mail address and a description of your request.

If you believe we have not complied with our obligations under applicable data protection laws and regulation, or where you may wish to pursue independent resolution. The Company is committed to cooperating with National Data Protection Authority (ANPD), to investigate and resolve unresolved privacy concerns.

10. How can you contact us?

If you have any questions about this Privacy Notice, the Company's privacy practices, or other data privacy questions, please contact the Company at br.privacy@leggett.com and provide details about your question. You may also visit our privacy and data protection site at http://privacy.leggett.com or write to:

Leggett & Platt do Brasil Ltda.
Attn: Data Protection Officer
Av. Genésio Vargas, 1425
Camanducaia - MG, 37650-000
Brazil

Or

Leggett & Platt, Incorporated
Attn: Associate General Counsel - Privacy & Data Protection
No. 1 Leggett Road
Carthage, Missouri 64836
USA