Data protection and Privacy

Commitment to Data Protection and Privacy

ROVENSA, S.A. complies with all applicable EU and national legal rules in the area of data protection, privacy and information security.

ROVENSA, S.A. is implementing a Personal Data Protection System and an Information Security System in order to ensure regulatory compliance and demonstration of institutional responsibility for data protection and information security, implementing all necessary technical and organizational measures, both to comply with the general legal regime of the current Data Protection Law and to comply with the special legal regime of the General Data Protection Regulation applicable from 25 May 2018.

For any clarification or additional information or to exercise rights in this area, please contact the ROVENSA, S.A. Data Protection Office by email at dataprotection@rovensa.com.

‘Personal data’ means information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier. Personal identifiers may be, for example, a name, an identification number, location data, identifiers by electronic means or one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

‘Processing’ means an operation or a set of operations carried out on personal data or on personal data sets by automated or non-automated means, such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of disclosure, comparison or interconnection, limitation, deletion or destruction.

‘Cookies’ are small text files stored on a user’s device (such as a computer or mobile phone) via the web browser when visiting a website. They contain information that enables the website to remember the user’s actions and preferences over time, such as login details, language selection, or other personalized settings. Cookies can also be used for statistical, analytical, or marketing purposes, depending on their type and the user’s consent.

ROVENSA, S.A., headquartered at Ed. Central Office, Av. Dom João II 45 8º, 1990-084 Lisboa – Portugal enrolled in the Commercial Registry Office of Lisbon under No 514194910 and holding the same Corporate Person number, with a share capital of 232.200.591,00€, hereinafter referred to as ROVENSA, S.A is the entity responsible for the websites www.rovensa.com and for the computerized applications, hereinafter referred to as channels or applications, through which Users, Service Recipients or Clients have remote access to the services and products of the Agrobusiness, which are presented, marketed or provided, at any time, through them.

The use of channels or applications by any User, Service Recipient or Client may entail the performance of personal data processing operations, whose protection, privacy and security by ROVENSA, S.A., as the entity responsible for their processing, is in accordance with the terms of this Data Protection and Privacy Policy.

For any inquiries, including those related to the processing of personal data, you may contact the Data Controller, ROVENSA, S.A., using the following contact details:– Postal address: Ed. Central Office, Av. Dom João II 45 8º, 1990-084 Lisboa – Portugal

– General Telephone: +351 213 222 750

In addition, you may contact the Data Protection Officer (DPO) of ROVENSA, S.A. specifically for matters related to data protection by email: dataprotection@rovensa.com. Please include the subject of your request.

ROVENSA, S.A. processes the personal data strictly necessary to ensure the disclosure of information and the operation of its channels, according to the uses made by Users, Service Recipients or Clients, whether those provided by Users or Service Recipients for the purpose of registering requests or obtaining information, or those provided by Clients for the purposes of subscribing to those channels, or those resulting from the use of the services provided by ROVENSA, S.A. through them, such as access, consultation, instructions, transactions and other records relating to their use.

In particular, the use or activation of certain channel functionalities may involve the processing of a number of direct or indirect personal identifiers, such as name, address, contact details, device addresses or geographical location, provided that the express consent of the User, Service Recipient or User/Client for such use has been given.

In all cases, Users, Service Recipients or Clients will always be informed of the need to access such data for the use of the functionalities of the channels in question.

The personal data collected by ROVENSA, S.A. are processed electronically, in certain cases in an automated way, including file processing or profile definition and in the scope of pre-contractual, contractual or post-contractual relationship management with Users, Service Recipients or Clients, in accordance with current national and Community regulations.

The categories or types of personal data of Users, Service Recipients or Clients processed are name, surname, date of birth, address, postcode, country, landline number, mobile number, e-mail, taxpayer number or identification document number (non-mandatory).

All personal data processing carried out by ROVENSA, S.A. complies with the principles established in applicable data protection legislation, particularly the General Data Protection Regulation (GDPR). These include the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.

ROVENSA, S.A. also adheres to the principle of accountability and is committed to being able to demonstrate compliance with these principles to data subjects or any third party with a legitimate interest.

ROVENSA, S.A. processes personal data only where there is a valid legal basis under Article 6 of the General Data Protection Regulation. The lawful bases for processing include:

• The data subject has given their consent to the processing of his or her personal data for one or more specific purposes;

• The processing is necessary for compliance with a legal obligation to which the controller is subject;

• The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

• The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

ROVENSA, S.A. processes personal data for specific, explicit and legitimate purposes, in accordance with Article 5(1)(b) and Article 13(1)(c) of the GDPR. The main purposes for which personal data is collected and processed include:

• Providing information requested by users and service recipients;

• Managing communications and relationships with users and clients, including pre-contractual, contractual and post-contractual interactions;

• Performing and delivering the services subscribed by clients;

• Ensuring the technical and operational functioning of ROVENSA, S.A.’s digital channels;

• Complying with legal and regulatory obligations;

• Generating aggregated statistics for internal analysis and service improvement;

• Sending promotional or marketing communications about new features, products or services, through electronic or traditional means (e.g., email, SMS, telephone or postal mail);

• Conducting satisfaction surveys or other forms of direct engagement for promotional purposes;

Each of these processing activities is based on a lawful ground under Article 6(1) of the GDPR, such as the necessity for contract performance, legal obligation, consent, or legitimate interests pursued by ROVENSA, S.A.. Where applicable, the specific lawful basis will be communicated to the data subject at the time of data collection.

Where personal data is to be processed for purposes other than those for which it was originally collected, ROVENSA, S.A. will ensure that such processing is compatible with the original purpose, or will obtain the data subject’s explicit consent when required. In such cases, the data subject will always be informed in advance of the new purpose, and of their rights in relation to such processing, in accordance with applicable data protection legislation.

ROVENSA, S.A. retains personal data only for as long as is strictly necessary to fulfil the purposes for which it was collected, in accordance with the principle of storage limitation under the GDPR.

Retention periods are determined based on the nature of the data, the processing purposes, and any legal or regulatory obligations that require longer retention. Where no specific legal retention period applies, data will be securely deleted or anonymised once it is no longer needed.

ROVENSA, S.A. ensures compliance with all applicable laws and regulations concerning data retention.

1. What is a cookie?

Cookies are small files that may be stored on your computer through your internet browser, retaining information related to your browsing preferences. These files are widely used to ensure the website functions correctly and efficiently, as well as to provide information to the website owners.

There are two main categories of cookies:

• First-party cookies, used directly by us on your device;
• Third-party cookies, used by third parties through ROVENSA S.A.

2. How Are Cookies Used?

Visitors to this website use different computers and web browsers. To make your visits as simple as possible, a record of the type of browser (e.g., Microsoft Edge, Google Chrome, Mozilla Firefox) and operating system (e.g., Windows) in use, as well as the domain name of your Internet service provider, is automatically stored.

3. Cookies Management

All browsers allow users to accept, refuse, or delete cookies, namely through the selection of appropriate settings within the respective browser. Please note, however, that disabling cookies may partially or fully affect your browsing experience on the website.

You may configure cookies in the “options” or “preferences” menu of your browser. To learn more about cookies, visit www.allaboutcookies.org, where you can find information on how to manage your settings on various browser providers.

ROVENSA, S.A. reserves the right to modify, add, update, or delete, in whole or in part and without prior notice, the present cookie information at any time, with immediate effect.

Type of cookies used in our websites

We use different types of cookies, as described below:

• Strictly necessary cookies, essential for the website’s basic functions. The site will not operate as intended without them. These cookies do not store any personally identifiable information.
• Performance cookies, which help us measure website performance and improve the user experience.
• Targeting cookies, allows us to build a profile of user interests and show personalized ads tailored to users.

The following table provides an explanation of the cookies used on the ROVENSA, S.A. website and their respective purposes:

4. Cookies Previously Set

If you disabled one or more cookies, we may still use the information collected before your preference change. However, the disabled cookie will no longer be used to collect additional information.

5. How to Manage Cookies in Different Browsers

Users may allow, block, or delete cookies installed on their devices by configuring the browser settings. Please refer to the help section of your browser to learn how to activate “private browsing mode” or unblock specific cookies. Please note that refusing the use of website cookies may partially or fully affect your navigation.

You can also find information on how to control cookies in your web browser at the following links:

• Microsoft Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
• Chrome: https://support.google.com/chrome/answer/95647?hl=en&co=GENIE.Platform%3DDesktop
• Firefox: http://support.mozilla.org/en-US/kb/Clear%20Recent%20History
• Safari: http://support.apple.com/kb/PH5042
• Opera: http://www.opera.com/browser/tutorials/security/privacy/

6. Consent

By consenting to the use of non-essential cookies, we consider that you accept the use of cookies for the purposes indicated and in accordance with the conditions set out on this page.

If, at any time, you wish to withdraw your consent to our Cookie Notice, you must delete stored cookies by adjusting the corresponding options found in the “Tools” menu of your browser.

7. Contact us

For more information on the processing of personal data and the use of cookies, you may contact ROVENSA, S.A. at dataprotection@rovensa.com or consult the Privacy Notice available at this site.

8. Changes to the Cookie Notice

ROVENSA, S.A. may, at any time, amend this Cookie Notice, namely to reflect legislative changes, guidance from supervisory authorities, or technological updates to the website. Periodic consultation is recommended. The latest version of the Cookie Notice was approved on November 27, 2025.

The disclosure of information or the provision of services by ROVENSA, S.A. to its Users or Clients through the channels may possibly involve the use of services of subcontracted third parties, including entities with head offices outside the European Union, to provide certain services, which may imply access by these entities to the personal data of Users or Clients.

In such cases, ROVENSA, S.A. ensures that all processors provide sufficient guarantees of implementing appropriate technical and organisational measures, in accordance with applicable data protection legislation. These obligations are formalised through written data processing agreements, in compliance with Article 28 of the GDPR.

Where personal data is transferred to countries outside the European Economic Area (EEA), ROVENSA, S.A. ensures that such transfers comply with Chapter V of the GDPR.

In addition, ROVENSA, S.A. may disclose personal data to third parties when required to do so by law, for example in response to lawful requests by public authorities, regulators, courts, or law enforcement agencies, in accordance with legal obligations to which ROVENSA, S.A. is subject (Article 6(1)(c) of the GDPR).

Outside these situations, personal data will not be disclosed to third parties who are not processors.

Except in the scope of compliance with legal obligations, in no case will there be any communication of the personal data of Users, Service Recipients or Clients to third parties that are not subcontracted entities or legitimate recipients, and also no other communication will be carried out for any purposes other than those mentioned above.

Any transfer of personal data to a country outside the European Economic Area (EEA) or to an international organisation will only take place in compliance with Chapter V of the General Data Protection Regulation (GDPR).

ROVENSA, S.A. implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR. These measures are adopted taking into account the state of the art, implementation costs, the nature, scope, context, and purposes of the processing, as well as the likelihood and severity of risks to the rights and freedoms of data subjects.

Such security measures aim to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access, and any other form of unlawful processing.

Where ROVENSA, S.A. relies on third-party processors that may access personal data, these entities are required, under written agreement, to implement equivalent security measures to ensure the confidentiality, integrity, and availability of the data, in accordance with applicable data protection laws.

Users, Service Recipients, and Clients also have an important role in safeguarding their personal data. They are responsible for maintaining the confidentiality of their access credentials and must not share them with third parties. In particular, when using computer applications or digital channels provided by ROVENSA, S.A., they should ensure that their access devices are kept secure and follow recommended security practices. This includes, among other measures, installing and regularly updating antivirus software or any other necessary security applications, as advised by device manufacturers or service providers.

Data subjects have the right to request from the controller access to their personal data, as well as the rectification or erasure of such data. They also have the right to request the restriction of processing, to object to the processing of their data, and to request the portability of their personal data to another controller, where applicable.

Where the processing is based on consent data subjects have the right to withdraw their consent at any time. The withdrawal of consent shall not affect the lawfulness of processing carried out prior to its withdrawal.

Furthermore, data subjects have the right to lodge a complaint with a supervisory authority.

These rights may be exercised at any time by submitting a written request to the DPO of ROVENSA, S.A.. Requests can be sent via email to dataprotection@rovensa.com.

Users and Clients of ROVENSA, S.A. have the right to submit a complaint by submitting a complaint to the data protection control authorities.

Users and Clients may address any suggestions, enquiries, or concerns related to data protection by contacting the Data Protection Officer via email at dataprotection@rovensa.com.

ROVENSA, S.A. has implemented an incident management system to ensure a timely and effective response to any personal data breaches, in line with applicable data protection and information security obligations.

A personal data breach is defined as any event that leads to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Users and Clients who become aware of or suspect the occurrence of a personal data breach are encouraged to report the incident promptly. Reports may be submitted to the Data Protection Officer via dataprotection@rovensa.com.

In order to ensure its updating, development and continuous improvement, ROVENSA, S.A. may, at any time, make any changes considered appropriate or necessary to this Data Protection and Privacy Policy, and its publication is assured in the different channels to guarantee their transparency and information to Users and Clients.

The terms of the Data Protection and Privacy Policy are complementary to the terms and provisions regarding personal data provided in the General Conditions of Use of ROVENSA, S.A.’s channels.

The free, specific and informed disclosure of personal data by the data subject implies the knowledge and acceptance of the conditions contained in this Policy, considering that, by using the channels or by making their personal data available, Users, Service Recipients and Clients expressly authorize their processing, in accordance with the rules defined in each of the applicable channels or collection instruments.

For any requests concerning data protection, including the exercise of their rights under the GDPR, Users, Service Recipients, and Clients of ROVENSA, S.A. may contact the Data Protection Officer via email at: dataprotection@rovensa.com.