Brazilian Resident Addendum to the Western Union Global Privacy Statement

We value and respect the privacy of Personal Data Holders who are in Brazil, and are committed to the Treatment of their Personal Data in accordance with the General Data Protection Law (“LGPD”) and other applicable Brazilian laws and regulations. This Addendum to Western Union’s Global Privacy Statement for Holders who are in Brazil (“Addendum”) is applicable to Holders residing in Brazil and other Holders who may be in the country at the time of Personal Data collection (collectively, “Brazilian Holders”), and, together with the Global Privacy Statement, aims to provide transparency on the main information related to the Treatment of your Personal Data. In the event of a conflict between the information in this Addendum and that described in the Global Privacy Statement, the information in this Addendum shall prevail.

In Brazil, the Western Union entities responsible for the Treatment (the Controllers of Personal Data) are: Western Union Corretora de Câmbio SA, a closed corporation, headquartered at Rua Iguatemi, 151, 9th floor, set 91, São Paulo / SP, CEP 01451-011, registered with CNPJ / ME under nº 13.728.156 / 0001-35; and Banco Western Union do Brasil SA, a closed corporation, headquartered at Rua Iguatemi, nº 151, 7th floor, set 72, São Paulo / SP, CEP 01451-011, registered with CNPJ / ME under nº 13.720.915 / 0001-13.

PERSONAL DATA WESTERN UNION COLLECTS
For Brazilian Holders, the same Personal Data described above is collected, except for the following:

In Brazil, no information is collected regarding participation in loyalty programs.

HOW WESTERN UNION COLLECTS PERSONAL DATA

In addition to the ways described above, Western Union may still collect your Personal Data at the following points:

Lists sent by public bodies and authorities, such as COAF;

Judicial or extrajudicial notifications received electronically or by mail.

HOW WESTERN UNION COLLECTS PERSONAL DATA
In addition to reasonable organizational, technical and administrative protections that comply with applicable governmental laws and regulations in order to protect your Personal Data, we also take institutional measures with the same intent, so that we have a Privacy and Data Protection Governance Program Personal Data applied to our activities, constantly reviewed and updated.

Access to the information collected is restricted to employees and authorized persons and only when strictly necessary. Those who misuse this information, in violation of the internal policies adopted, will be subject to appropriate administrative, disciplinary and legal sanctions.

HOW WESTERN UNION USES PERSONAL DATA COLLECTED
Western Union uses the personal information it collects to:

Help us provide Services to you and help you receive a personalized experience, including the use of personal information necessary to conduct money transfers, payment services or prepaid cards;
Recognize you and allow you to stay connected to your section during the visit without having to enter your password again;
Conduct analyzes on how to understand our customers, improving their experience, including the use of personal information to analyze and improve our products, locations, services, operations, the functioning of this website and their customer experience, in addition to any market research;
Determine whether you came to Western Union from a banner or an Affiliate’s website;
Provide information specific to your interests on non-Western Union websites and applications;
Better understand the effectiveness of our promotional campaigns and whether you have taken any action based on our promotional messages, as well as to measure the return on investment in marketing and brand satisfaction;
Promote security, reduce financial risks and fight fraud in our Services;
Meet the legal obligations to which Western Union is subject, in addition to meeting the regulations of regulatory bodies such as BACEN and CVM, especially when related to combating money laundering and anti-terrorist financing; detecting, preventing and prosecuting fraud and theft, as well as preventing the illegitimate or prohibited use of our services or other illegal or illicit activities; and
Responding to judicial and extrajudicial notifications, as well as exercising our defense in judicial, administrative or arbitration proceedings.

When Western Union carries out Personal Data Treatments based on a legitimate interest, this will always occur within the limits of your expectations, and never to the detriment of your fundamental interests, rights and freedoms.

It is important to note that, despite being informed in the Global Privacy Statement above, Western Union does not collect consent in the Treatment of Personal Data under the scope of this Addendum, using other legal bases provided for in the applicable legislation, except as described in the item INFORMATION ABOUT CHILDREN’S PERSONAL DATA.

Also, note that not necessarily all of the purposes described here will apply to all customers. This will depend on the product / service actually hired. To learn more about the purposes that apply to you, enter into a contract with our Supervisor through the channels indicated in the “HOW TO CONTACT” section of this Declaration.

INFORMATION ABOUT CHILDREN’S PERSONAL DATA
Western Union does not knowingly collect or store information from our retail, website or mobile apps from people under the age of 12. In any case, if such information is collected, it will only be provided with the specific and highlighted consent provided by a parent or legal guardian, under the terms of the law.

WHAT ARE YOUR RIGHTS AND HOW TO EXERCISE THEM
According to Brazilian law, you can exercise the following rights with respect to your Personal Data:

a) Confirm the existence of the Treatment by Western Union or by any group company;

To exercise this right, access our Request Portal, and after identifying yourself (Customer, Agent or Employee) click on “Access to Data”, also informing us in the “Request Description” that you intend to exercise the right to confirm the existence of Treatment.

b) Request access to Personal Data processed by Western Union or any company in the group;

To exercise this right, access our Application Portal, and, after identifying yourself (Customer, Agent or Employee) click on “Access to Data”, also informing us in the “Request Description” that you intend to exercise the right to access the data.

c) Correct, update and / or complete your Personal Data;

To exercise this right, access our Request Portal, and, after identifying yourself (Customer, Agent or Employee) click on “Data Correction”, also informing us in the “Request Description” which Data you want rectify.

d) Request the anonymization, blocking or elimination of unnecessary, excessive or illegally processed data;

To exercise this right, access our Application Portal, and after identifying yourself (Customer, Agent or Employee) click on “Restrict Processing” or on “Data Delete” and also inform us in the “Request Description” , because we are treating the data in an unnecessary, excessive or illicit way.

e) Revoke your consent, when your Personal Data is treated under this hypothesis;

To exercise this right, access our Requests Portal, and, after identifying yourself (Customer, Agent or Employee) click on “Marketing Deactivation”, if applicable, or on “General Privacy Inquiry” and also inform us on the “Application Description”, which is the activity whose consent you intend to revoke.

f) Request the portability of Personal Data to another service or product supplier, upon express request;

To exercise this right, access our Application Portal, and after identifying yourself (Customer, Agent or Employee) click on “Data Portability”.

g) Know with whom we share your Personal Data; and

h) Request the review of automated decisions.

To exercise this right, access our Request Portal, and after identifying yourself (Customer, Agent or Employee) click on “Deactivation (automated decision making/profile creation”, also informing us of the automated decision object of the review request.

Registered users can also access the website https://www.westernunion.com/br/pt/home.html and edit their Profile settings.

You also have the right to file a complaint with the National Data Protection Authority or another body described in the LGPD (such as those for consumer protection).

When we receive a request, we may ask for additional information from you to confirm your identity. In some situations, we may refuse to act or we may impose limitations on your rights as permitted by applicable law, and we will explain the reasons that justified the failure to comply with your request, such as requests involving Personal Data and / or documents from other Owners.

To exercise such rights, access https://wuprod.service-now.com/wu_privacy or contact Western Union through the section entitled “HOW TO CONTACT US”. We will endeavor to respond to your request immediately, if required, or within 15 days. Depending on the complexity of your request, we may extend this period to serve you accordingly.

HOW TO CONTACT US
If you have any questions or complaints about how we treat your Personal Data, we ask that you register your request in writing. We will review your query and will usually respond in writing within 15 days of receipt. You can also contact us, including our Person in Charge of the Processing of Personal Data:

Western Union’s Data Protection Officer

email: wuprivacy@westernunion.com

To contact us via a toll-free or local phone number, click this link to Talk to WU Customer Service: https://www.westernunion.com/br/pt/contact-us.html.

Other, more specific privacy statements may be applicable for a particular application or service. In such cases, the specific privacy statement overrides this in the event of a conflict of information.