A. GENERAL PART 1.1. USER DATA COLLECTION AND PROCESSING Within the scope of making available the website hosted at www.ootyme.com (“Site”), the mobile application (“Application”), the conclusion of contracts and the provision of information, resources and content services, including newsletter, download areas , blogs, forums and recruitment (together, the “Services”) to its users (“User”), Black Oak Company, Lda, a limited liability company, headquartered at Travessa da Tomadia, n.º 248, 4740-493 , Gemeses - Esposende, registered at the Commercial Registry of Lisbon under the unique registration and legal person number 513414045, can request the User to provide personal data, that is, information provided by the User that allows Black Oak Company, Lda to identify and / or contact you (“Personal Data”). As a rule, Personal Data is requested when the User registers on the Site or Application, requests the sending of a quote, requests the sending of newsletters, subscribes to a certain Service, purchases a product or service available on the Site / Application / In person or through dos Serviços applies for a position or function at Black Oak Company, Lda or establishes a contractual relationship in this regard with Black Oak Company, Lda. The Personal Data collected and processed consists of information regarding the name, gender, date of birth, telephone, mobile phone, email, address, tax identification number, although other Personal Data that may be necessary or convenient for access may be collected. to certain Site / Application Services, for access to nutrition services, for certain promotions or commercial campaigns, for the purposes of personnel selection and recruitment or within the scope of the contractual relationship established in this regard with Black Oak Company, Lda. When collecting Personal Data, Black Oak Company, Lda provides the User with detailed information about the nature of the data collected and about the purpose and treatment that will be carried out in relation to Personal Data. Black Oak Company, Lda also collects and processes information about its hardware and software, as well as information about the pages visited by the User within the Site / Application. This information may include: your browser type, domain name, access times and the links through which the User accessed the Site / Application (“Usability Information”). We use this information only to improve the quality of your visit to our Site / Application. Usability Information and Personal Data are referred to in this Privacy Policy as “User Data”. Thus, the entity responsible for the processing of User Data and, well, for the preparation of this Privacy Policy, is Black Oak Company, Lda 1.2. SUBCONTRACTED ENTITIES As part of the processing of User Data, Black Oak Company, Lda uses or may use third parties, subcontracted by itself, to, on behalf of Black Oak Company, Lda, and in accordance with the instructions given by it, proceed with the treatment of User Data, in strict compliance with the provisions of the law and this Privacy Policy. These subcontracted entities will not be able to transmit User Data to other entities without Black Oak Company, Lda having previously given written authorization to do so, being also prevented from contracting other entities without prior authorization from Black Oak Company, Lda. Black Oak Company, Lda undertakes to subcontract only entities that present sufficient guarantees for the execution of the appropriate technical and organizational measures, in order to ensure the defense of the User's rights. All entities subcontracted by Black Oak Company, Lda are linked to the latter through a written contract which regulates, namely, the object and duration of the treatment, the nature and purpose of the treatment, the type of personal data, the categories data subjects and the rights and obligations of the parties. When collecting personal data, Black Oak Company, Lda provides the User with information about the categories of subcontracted entities that, in the specific case, can carry out data processing on behalf of Black Oak Company, Lda. 1.3. DATA COLLECTION CHANNELS Black Oak Company, Lda may collect data directly (i.e., directly from the User) or indirectly (i.e., through partner entities or third parties). Collection can be done through the following channels: Direct collection: in person, by phone, e-mail and through the Site / Application; Indirect collection: through partners or companies of the group, through family or friend of potential User and official entities.

2. GENERAL PRINCIPLES APPLICABLE TO THE PROCESSING OF USER DATA In terms of general principles relating to the processing of personal data, Black Oak Company, Lda undertakes to ensure that the User Data processed by it are: Subject to lawful, fair and transparent treatment in relation to the User; Collected for specific, explicit and legitimate purposes, not subsequently being treated in a manner incompatible with those purposes; Adequate, relevant and limited to what is necessary in relation to the purposes for which they are treated; Accurate and updated whenever necessary, taking all appropriate measures so that the inaccurate data, taking into account the purposes for which they are processed, are erased or rectified without delay; Kept in a way that allows the identification of the User only for the period necessary for the purposes for which the data are processed; Treated in a way that guarantees their safety, including protection against their unauthorized or illicit treatment and against their loss, destruction or accidental damage, taking appropriate technical or organizational measures. Data processing by Black Oak Company, Lda is lawful when at least one of the following situations occurs: The User has given his explicit consent to the processing of User Data for one or more specific purposes; Processing is necessary for the performance of a contract to which the User is a party, or for pre-contractual steps at the request of the User; Treatment is necessary to fulfill a legal obligation to which Black Oak Company, Lda is subject; The treatment is necessary to defend the vital interests of the User or another natural person; Treatment is necessary for the purpose of the legitimate interests pursued by Black Oak Company, Lda or by third parties (except if the fundamental interests or rights and freedoms of the User that require the protection of personal data prevail). Black Oak Company, Lda undertakes to ensure that the processing of User Data is only carried out under the conditions listed above and with respect for the principles mentioned above. When the processing of User Data is carried out by Black Oak Company, Lda based on the User's consent, the User has the right to withdraw his consent at any time. The withdrawal of consent, however, does not compromise the lawfulness of the treatment carried out by Black Oak Company, Lda based on the consent previously given by the User.

3. USE AND PURPOSES OF USER DATA PROCESSING In general terms, Black Oak Company, Lda uses User Data for the following purposes: Signature and management of contacts with the User; User billing and collection; User Registration on the Site / Application; Inform the User, who has requested it, of new products and services available on the Site / Application / Facilities, special offers and campaigns, updated information on the activity of Black Oak Company, Lda and, in general, for the purposes of marketing the Black Oak Company, Lda and its brands or group companies, through any means of communication, including electronic support; Ensuring that the Site / Application meets the needs of the User, through the development and publication of content as adapted as possible to the requests and type of User, improving the search capabilities and functionality of the Site / Application and obtaining information aggregate or statistical in relation to the user's type profile (analysis of consumption or profiling profiles); Provision of Services, and other services, such as newsletters, opinion polls, or other information or products requested or purchased by the User; Recording of telephone calls that may be made within the scope of the contractual relationship, either during the contract formation phase or during its term; Personnel selection and recruitment and management of the respective contractual relationship established with Black Oak Company, Lda. Black Oak Company, Lda can combine Usability Information with anonymous demographic information for research purposes, and we can use the result of that combination to provide more relevant content on the Site / Application. In certain restricted areas of the Site / Application, Black Oak Company, Lda may combine Personal Data with Usability Information to provide the User with more personalized content (profiling). The User Data collected by Black Oak Company, Lda is not shared with third parties without the User's consent, except for the situations referred to in the following paragraph. However, in case the User contracts with services from Black Oak Company, Lda that are provided by other entities responsible for the processing of personal data, the User Data may be consulted or accessed by those entities, to the extent necessary. the provision of said services. Under applicable legal terms, Black Oak Company, Lda may transmit or communicate User Data to other entities in the event that such transmission or communication is necessary for the performance of the contract established between the User and Black Oak Company, Lda or for due diligence pre-contractual at the User's request, in case it is necessary for the fulfillment of a legal obligation to which Black Oak Company, Lda is subject or if it is necessary for the purpose of pursuing legitimate interests of Black Oak COmpany, Lda or third party. In the event of a transmission of User Data to third parties, we will use reasonable efforts to ensure that the transferee uses the User Data transmitted in accordance with the Privacy Policy.

4. IMPLEMENTED TECHNICAL, ORGANIZATIONAL AND SECURITY MEASURES To ensure the security of User Data and maximum confidentiality, we treat the information you have provided to us in an absolutely confidential manner, in accordance with our internal security and confidentiality policies and procedures, which are updated periodically according to needs, as well as in accordance with the legally provided terms and conditions. Depending on the nature, scope, context and purposes of processing the data, as well as the risks arising from the treatment for the rights and freedoms of the User, Black Oak Company, Lda undertakes to apply, both at the moment of definition of the means of treatment as at the time of the treatment itself, the technical and organizational measures necessary and appropriate for the protection of User Data and for compliance with legal requirements. It also undertakes to ensure that, by default, only the data that is necessary for each specific purpose of treatment are processed and that this data is not made available without human intervention to an undetermined number of people. In terms of general measures, Black Oak Company, Lda adopts the following: Awareness and training of personnel involved in data processing operations; Mechanisms capable of ensuring the confidentiality, availability and permanent resilience of information systems; Mechanisms that ensure the restoration of information systems and access to personal data in a timely manner in the event of a physical or technical incident;

5. TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION In certain types of treatment, personal data collected by Black Oak Company, Lda may be made available to third parties, which may involve their transfer outside the European Union. In such a case, Black Oak Company, Lda undertakes to ensure that the transfer complies with the applicable legal provisions, namely regarding the determination of the suitability of such country with regard to data protection and the requirements applicable to such transfers.

6. CODES OF CONDUCT AND CERTIFICATION PROCEDURES Not applicable. 7. USE OF COOKIES When you visit our Site / Application, you will be asked for your consent to the creation and recording on your computer of a text file (Cookie). This file will make it easier and faster to access the Site / Application, as well as its customization according to your preferences. Most browsers accept these files (Cookies), but the User can delete them or automatically set their block. In the "Help / Help" menu of your browser you will find how to make these settings. However, if you do not allow the use of cookies, there may be some features of the Site / Application that you will not be able to use.

B. RIGHTS OF USERS (DATA HOLDERS) Under applicable legal terms, the User has the following rights: 8. RIGHT TO INFORMATION 8.1. Information provided to the User by Black Oak Company, Lda (when data is collected directly from the User): The identity and contacts of Black Oak Company, Lda, and, if applicable, its representative; The purposes of the processing for which the personal data are intended, as well as, if applicable, the legal basis for the processing; If the processing of data is based on legitimate interests of Black Oak Company, Lda or a third party, an indication of such interests; If applicable, the recipients or categories of recipients of personal data; If applicable, an indication that personal data will be transferred to a third country or an international organization, and whether or not an adequacy decision has been taken by the Commission or reference to appropriate or appropriate transfer guarantees; The right to ask Black Oak Company, Lda for access to personal data, as well as its rectification, erasure or limitation, the right to object to the treatment and the right to data portability; If the processing of the data is based on the User's consent, the right to withdraw the consent at any time, without compromising the lawfulness of the treatment carried out based on the consent previously given; The right to file a complaint with the CNPD or another supervisory authority; Indication whether the communication of personal data constitutes a legal or contractual obligation or a necessary requirement to conclude a contract, as well as whether the data subject is obliged to provide personal data and the possible consequences of not providing such data; If applicable, the existence of automated decisions, including profiling, and information regarding the underlying logic, as well as the importance and expected consequences of such processing for the data subject. If the User Data is not collected directly by the Black Oak Company, Lda from the User, in addition to the information referred to above, the User is additionally informed about the categories of personal data being processed and, as well, about the origin of the data. data and eventually come from publicly accessible sources. If Black Oak Company, Lda intends to proceed with the further processing of User Data for a purpose other than that for which the data was collected, before such treatment Black Oak Company, Lda will provide the User with information about that purpose and any other pertinent information, as referred to above. 8.2. Procedures and measures implemented to fulfill the right to information. The information referred to in 8.1. is provided in writing (including by electronic means) by Black Oak Company, Lda to the User prior to the processing of the personal data in question. Under the terms of the applicable law, Black Oak Company, Lda has no obligation to provide the User with the information mentioned in 8.1 when and to the extent that the User is already aware of it. The information is provided by Black Oak Company, Lda free of charge.

9. RIGHT OF ACCESS TO PERSONAL DATA Black Oak Company, Lda guarantees the means that allow the User to access his Personal Data. The User has the right to obtain from Black Oak Company, Ldat the confirmation that the personal data concerning him are or are not subject to treatment and, if applicable, the right to access his personal data and the following information: The purposes of data processing; The categories of personal data in question; The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients established in third countries or belonging to international organizations; Right to request Black Oak Company, Lda to rectify, erase or limit the processing of personal data, or the right to object to such treatment; Right to file a complaint with the CNPD or other supervisory authority; If the data has not been collected from the User, the information available on the source of that data; The existence of automated decisions, including the definition of profiles, and information related to the underlying logic, as well as the importance and expected consequences of such treatment for the data subject; Right to be informed about adequate guarantees associated with the transfer of data to third countries or international organizations. Upon request, Black Oak Company, Lda will provide the User, free of charge, with a copy of the User Data that is being processed. The supply of other copies requested by the User may incur administrative costs.

10. RIGHT TO RECTIFY PERSONAL DATA The User has the right to request, at any time, the rectification of his Personal Data and, as well, the right to have his incomplete personal data completed, including by means of an additional declaration. In case of rectification of the data, Black Oak Company, Lda communicates to each recipient to whom the data have been transmitted the respective rectification, unless such communication proves impossible or implies a disproportionate effort for Black Oak Company, Lda. If the If requested, Black Oak Company, Lda provides information about the referred recipients.

11. RIGHT TO DELETE PERSONAL DATA (“RIGHT TO BE FORGOTTEN”) The User has the right to obtain, on the part of Black Oak Company, Lda, the deletion of his data when one of the following reasons applies: User Data is no longer necessary for the purpose that motivated its collection or treatment; The User withdraws the consent on which the data processing is based and there is no other legal basis for said processing; The User opposes the treatment under the right of opposition and there are no prevailing legitimate interests that justify the treatment; If the User Data is processed illegally; If the User Data has to be erased in order to comply with a legal obligation to which Black Oak Company, Lda is subject; If User Data has been collected in the context of an information society service offering to children. Under applicable legal terms, Black Oak Company, Lda has no obligation to delete User Data to the extent that the treatment proves necessary to fulfill a legal obligation to which Black Oak Company, Lda is subject or for the purposes of declaration, exercise or defense of a right of Black Oak Company, Lda in a judicial process. In case of data deletion, Black Oak Company, Lda communicates to each recipient / entity to whom the data has been transmitted the respective deletion, unless such communication proves impossible or implies a disproportionate effort for Black Oak Company, Lda. If the User requests it, Black Oak Company, Lda provides information about the referred recipients. When Black Oak Company, Lda has made User Data public and is obliged to delete it under the right to erase, Black Oak Company, Lda undertakes to ensure reasonable measures, including technical, taking into account the available technology and the costs of its application, to inform those responsible for the effective treatment of personal data that the User has requested that they delete the links to such personal data, as well as copies or reproductions thereof.

12. RIGHT TO LIMIT THE PROCESSING OF PERSONAL DATA The User has the right to obtain, on the part of Black Oak COmpany, Lda, the limitation of the treatment of the User Data, if one of the following situations applies (the limitation is to insert a mark in the personal data kept with the aim of limiting treatment in the future): If you challenge the accuracy of personal data, for a period that allows Black Oak Company, Lda to verify its accuracy; If the treatment is illegal and the User opposes the deletion of the data, requesting, in return, the limitation of its use; If Black Oak Company, Lda no longer needs User Data for processing purposes, but such data is required by the User for the purposes of declaring, exercising or defending a right in a judicial process; If the User has opposed the treatment, until it is found that the legitimate reasons of Black Oak Company, Lda prevail over those of the User. When User Data is subject to limitation, it may only, with the exception of retention, be treated with the User's consent or for the purpose of declaring, exercising or defending a right in a judicial proceeding, defending the rights of another natural person or collective action, or for reasons of public interest provided for by law. The User who has obtained a limitation in the treatment of his data in the cases referred to above will be informed by Black Oak Company, Lda before the limitation to treatment is lifted. In case of limitation in the processing of data, Black Oak Company, Lda will communicate to each recipient to whom the data has been transmitted the respective limitation, unless such communication proves impossible or implies a disproportionate effort for Black Oak Company, Lda. If the User requests it, Black Oak Company, Lda provides information about the referred recipients.

13. RIGHT TO PORTABILITY OF PERSONAL DATA The User has the right to receive the personal data that concerns him and that he has provided to Black Oak Company, Lda, in a structured format, in common use and automatic reading, and the right to transmit that data to another responsible for the processing, if: Treatment is based on consent or a contract to which the User is a party; and The treatment is carried out by automated means. The portability right does not include inferred data or derived data, i.e., personal data that is generated by Black Oak Company, Lda as a consequence or result of the analysis of the data being processed. The User has the right to have personal data transmitted directly between controllers, whenever technically possible. The exercise of the data portability right applies without prejudice to the right to erase the data.

14. RIGHT OF OPPOSITION TO TREATMENT The User has the right to object at any time, for reasons related to his particular situation, to the processing of personal data concerning him based on the exercise of legitimate interests pursued by Black Oak Company, Lda or when the treatment is carried out for purposes other than those for which personal data were collected, including the definition of profiles, or when personal data are processed for statistical purposes. Black Oak Company, Lda will cease the processing of User Data, unless it presents imperative and legitimate reasons for such treatment that prevail over the interests, rights and freedoms of the User, or for the purposes of declaring, exercising or defending a right of Black Oak Company, Lda in a lawsuit. When User Data is processed for the purposes of direct marketing (marketing), the User has the right to object at any time to the processing of data concerning him for the purposes of said marketing, which covers the definition of profiles in insofar as it relates to direct marketing. If the User opposes the processing of his data for the purpose of direct marketing, Black Oak Company, Lda ceases processing the data for that purpose. The User also has the right not to be subject to any decision taken exclusively on the basis of automated treatment, including the definition of profiles, which has effects in its legal sphere or which significantly affects him in a similar way, unless the decision: It is necessary for the conclusion or execution of a contract between the User and Black Oak Company, Lda; It is authorized by legislation to which Black Oak Comapny, Lda is subject; or It is based on the User's explicit consent.

15. PROCEDURES WITH A VIEW TO THE EXERCISE OF RIGHTS BY THE USER The right of access, the right to rectification, the right to erase, the right to limitation, the right to portability and the right to object can be exercised by the User by contacting Black Oak Company, Lda, through the e-mail boc @ boc-pt.com. Black Oak Company, Lda will respond in writing (including by electronic means) to the User's request within a maximum period of one month from receipt of the request, except in cases of special complexity, in which this period may be extended up to two months . If the requests submitted by the User are manifestly unfounded or excessive, namely due to their repetitive nature, Black Oak Company, Lda reserves the right to charge administrative costs or refuse to proceed with the request.ido.

16. PERSONAL DATA BREACHES In the event of a data breach and to the extent that such breach is likely to imply a high risk to the User's rights and freedoms, Black Oak Company, Lda undertakes to report the breach of personal data to the User concerned within the period 48 hours from the moment the incident is identified. Under legal terms, communication to the User is not required in the following cases: If Black Oak Company, Lda has applied appropriate protection measures, both technical and organizational, and these measures have been applied to the personal data affected by the breach of personal data, especially measures that make the personal data incomprehensible to any unauthorized person to access to such data, such as encryption; In the event that Black Oak Company, Lda has taken subsequent measures to ensure that the high risk to the User's rights and freedoms is no longer likely to materialize; or If the communication to the User implies a disproportionate effort for Black Oak Company, Lda. In that case, Black Oak Company, Lda will make a public communication or take a similar measure through which the User will be informed.

C. FINAL PART

17. CHANGES TO THE PRIVACY POLICY Black Oak Company, Lda reserves the right to change this Privacy Policy at any time. In case of modification of the Privacy Policy, the date of the last change, available at the top of this page, is also updated. If the change is substantial, a notice will be posted on the Site. 18. CONTACT Without prejudice to the provisions of clause 15 regarding the exercise of the rights conferred on the User under legal terms, if you wish to ask questions or complaints related to the Privacy Policy, you can do so by email boc@boc-pt.comt. 19. APPLICABLE LAW AND JURISDICTION The Privacy Policy, as well as the collection, processing or transmission of User Data, are governed by the provisions of Regulation (EU) 2016/679, of the European Parliament and of the Council, of 27 April 2016 and by the applicable laws and regulations in Portugal. Any disputes arising from the validity, interpretation or enforcement of the Privacy Policy, or which are related to the collection, processing or transmission of User Data, must be submitted exclusively to the jurisdiction of the judicial courts of the Lisbon district, without prejudice to the legal rules applicable imperatives.