Itaúsa Privacy Statement
Welcome to our Website. In this Privacy Statement, Itaúsa S.A. (“Itaúsa”) presents to you our protection and privacy practices for the Treatment of the Personal Data that is collected during your visit and interaction with us by means of this Website or that is used so that we can perform our corporate activities, as described below.
We seek, with this document, to inform you, in a clear and accurate way, of the rules that we have adopted for the Treatment of your data, always in compliance with the requirements provided for in the Applicable Data Protection Legislation.
We will be, under the terms of the Applicable Data Protection Legislation, the Controller of your Personal Data Treated in the scope of this Statement. For further information about Itaúsa and the companies that are part of its portfolio, please access the “Who We Are” section.
We ask you to read this document carefully and, if you do not agree with any of the terms presented in this Statement, we kindly ask you to not use our Website. You may contact our DPO (Data Protection Officer), Maria Fernanda Caramuru, if there are disagreements or any doubts, via the email: dadosprotegidos@itausa.com.br.
Itaúsa is always guided by the principles established in the Applicable Data Protection Legislation and Regulations for the Treatment of your Personal Data. They are the principles of purpose, adequacy, necessity, free access, data quality, transparency, security, non-discrimination, prevention, responsibility, and accountability.
To ensure compliance with these principles, Itaúsa makes an effort to ensure that the Data Treatment is:
- Compatible with the purpose for which the data was collected;
- Limited to the minimum necessary for the achievement of the purpose;
- Transparent, with clear and accessible information on the Treatment;
- Not discriminatory, illegal or abusive with respect to its purposes; and
- Compliant and secure, by means of the adoption of technical and administrative measures to prevent and protect the data against unauthorized accesses and accidental or illegal events of destruction, loss, change, communication, disclosure or any other damage.
A. If you are a User of our Website, there are two ways of collecting your Personal Data:
- The first is when it is directly supplied by you, which takes place by means of the communication channels on our Website (Contact Us, Notifications via Email, Media>Contacts, etc.). When filling out our forms, you provide information for registration and send us messages. In these cases, we always indicate the fields that must be filled out by means of asterisks when this data is necessary for: permitting the communication between you and Itaúsa;
- Contacting you if Itaúsa has news to share;
- Forwarding invitations to events and press releases;
- Directly supplying any information requested by you, including answers to questions or complaints;
- Permitting that our suppliers process or manage information on you in connection with your participation in events of Itaúsa or supply information requested by you;
- Security, administrative and legal purposes; and
- Segmenting the audience and forwarding aggregate information to Itaúsa’s senior management on the number and profile of the participants in Itaúsa’s events.
If you do not supply the data marked with an asterisk, our ability to serve you or your access to information and news on Itaúsa may be affected.
The second way of collecting information is through the use of Cookies, as we explain further below, or through another similar technology that allows us to store information on your browsing on our Website. To better understand how data collection through the use of Cookies works, please see the “Cookies” section in this Statement.
B. If you are one of our stockholders or a professional from the media that has a commercial or professional relationship with Itaúsa, we will collect your Personal Data over the course of our professional relationship.
With respect to our stockholders, we will use their data, as necessary, for:
- Filling out documents, corporate acts, books and/or other forms required by applicable legislation and regulation;
- Analyzing and supervising our stockholder base; and
- Complying with legislation and regulation applicable to publicly-listed companies.
If you are a professional from the media (journalists, public relations, for example), we will use your data to exchange information and improve our relationship with our stakeholders.
C. If you are an employee or individual acting on behalf of a supplier in the provision of services to Itaúsa, we can collect your data over the course of our commercial relationship with the supplier that you represent.
In these cases, the supplier, acting in the capacity of Controller of the Data of their representatives, will be responsible for ensuring that (a) the data on the representatives received by Itaúsa are collected and shared with us in accordance with the Applicable Data Protection Legislation, and (b) the representatives are informed of the Personal Data Treatment activities carried out by Itaúsa. Among the main purposes of the Personal Data Treatment are the:
- Performance of the contracts entered into with suppliers;
- Order or receipt of products or services;
- Supervision of billings and accounting;
- Control of access to Itaúsa’s systems and facilities;
- Facilitation of the commercial relationship with suppliers;
- Compliance with legal and regulatory requirements.
In Attachment I, you will find our Personal Data Treatment Table with detailed information on the Treatment of your Personal Data by Itaúsa. We share this information in columns, which will describe:
A. Treatment Activities.
In this column, we explain from which of your interactions with Itaúsa we collect or, otherwise, Treat Your Personal Data.
B. Which Data Can We Treat.
In this column, we list which Personal Data we can collect or, otherwise, use during your interaction with Itaúsa.
C. With Whom We Share Your Data.
In this column, we point out the agents with whom Itaúsa can share your Personal Data.
You will notice that your Personal Data may be shared with companies of our conglomerate, or suppliers, whenever the sharing is necessary to achieve the respective purposes, and the use of your Personal Data for any purpose other than the original purpose of the collection is not permitted. We always make our best efforts to ensure that all third parties with whom we work keep your Personal Data secure.
Additionally, we may share your Personal Data to the extent that we are required by legal provisions or due to some administrative, arbitration or court order.
At some point, it may be necessary for Itaúsa to transfer your Personal Data outside Brazil (for example, if a data storage server is located in another country). We will only transfer your Personal Data outside Brazil in a safe manner and in accordance with the legal provisions, requiring the recipient of the data to comply with all commitments established in this Privacy Statement.
D. For Which Purposes We Use Your Data.
In this column, we point out the reasons for the use of your Personal Data.
Cookies are small files that may or may not be placed in the User’s computer and allow us to track movement on websites, storing and recognizing the data on your browsing.
During your browsing on the Website, we may collect some different types of Cookies:
- Browsing Cookies: which are used to develop, maintain and improve the resources and functionalities of the Website, and allow for the access and use of resources, improving the browsing experiences of Users on the Website; and
- Research, Analysis and Performance Cookies: the purpose of this type of Cookie is to help understand the performance of the Website, measure its audience, check the browsing habits of the Website’s Users, as well as how the User reached the Website’s page (for example, by means of links on other websites, search engines or directly using the address). For this purpose, we use Cookies of Google Analytics. Further information on the service can be obtained directly on https://developers.google.com/analytics/devguides/collection/gajs/cookie-usage.
Your Personal Data Treated by Itaúsa may be stored during:
- The entire time you are accessing our Website, interacting with us or using our services.
- The entire period required by some specific legislation or regulation, or by determination of a judicial, administrative or arbitration authority.
- The entire period necessary for achieving the respective purposes.
- The entire period necessary to make viable the regular exercise of the rights of Itaúsa, of the companies of its conglomerate or of its suppliers.
When the indicated Treatment period is over, your Personal Data will be removed from all systems in which they are stored, in a secure manner, or it will be anonymized, so that you can no longer be identified based on your data.
If you wish to exercise your right to eliminate Personal Data collected based on your consent, please see the “What are your rights?” section below for information on the exercise of this right.
Itaúsa undertakes to make an effort to ensure the privacy and protection of your data. To this end, it has physical, administrative and technical safeguards in accordance with the best market practices, including confidentiality agreements with our employees so that they can commit to the security and confidentiality of the data.
Likewise, we contractually require our suppliers that may, at some point, Treat Your Personal Data, to act in the same way.
As provided for in the Applicable Data Protection Legislation, you have the following rights related to your Personal Data:
- To confirm the existence of the Treatment;
- To ask us if we treat your Personal Data;
- To receive information;
- To request information on the public and private entities with which we share your Personal Data, as well as to receive information on the Treatment of your Personal Data;
- To access the Personal Data that we have on you by means of the receipt of a copy of your Data in electronic format, as permitted by the Applicable Data Protection Legislation;
- To request the correction of the incorrect, incomplete or outdated Personal Data we have on you;
- To request the elimination of Treated Data;
Except for when Itaúsa had any other legal basis to proceed with the Treatment, such as the need to comply with some legal obligation. - To request Anonymization, the blocking or elimination of Personal Data that is unnecessary or excessive or of Personal Data that is not being Treated in compliance with the provisions of the Applicable Data Protection Legislation;
- To request the portability of your data;
In some cases, that is, the transfer of the Personal Data Itaúsa has on you to another organization or directly to you. ? However, this procedure is yet to be defined and ruled upon by the National Data Protection Authority (ANPD). - To revoke consent;
For the Treatment of Personal Data at any time if this data is being Treated based on your consent. You also have the right to be informed of the possibility of not giving consent and what the consequences are of this refusal. If applicable, we will terminate the Treatment of your data, except when we have another legal basis that allows us to proceed. - To petition;
To the National Data Protection Authority (ANPD) against Itaúsa’s data protection and privacy practices. We hope, however, that you will feel free to contact us before needing to present any formal complaint. We are at your disposal to help you clarify your doubts.
To exercise your rights or clarify any doubts with respect to them, you may contact us via the email: dadosprotegidos@itausa.com.br.
On our Website you will find links to and from websites of third parties whose content and privacy policies are not the responsibility of Itaúsa. Itaúsa does not have access to the information collected by the Cookies that are present on the websites directed by these links. We advise you to consult the privacy policies of these third parties to understand how your Personal Data may be Treated by them.
Although the Website and activities carried out by Itaúsa do not have any character or content inappropriate for any audience, our services are not intended for children. Therefore, if you are under 12 years old, to ensure the most significant protection of your personal data, we request that you do not use our Website or supply any information related to you. If you become aware that an individual who is under this age group has supplied us with information, please contact us via the email address dadosprotegidos@itausa.com.br so that we can take the necessary measures for the management and possible exclusion of such data
This Statement can be reviewed at any time. If we make significant changes, we will disclose the new version on the Website, under the terms of Applicable Legislation. If any change requires your consent, we will send you a request for your new consent. We encourage you to review this Statement frequently so as to keep yourself informed of our data treatment practices.
If you have any questions on this Statement, you should contact our DPO (Data Protection Officer), Maria Fernanda Caramuru, via the email dadosprotegidos@itausa.com.br.
Whenever the terms, as defined below, are used in this Statement in capital letters, they will have the meanings ascribed to them below. Any other terms that are not defined in this Glossary but are written in capital letters should be interpreted in accordance with the Applicable Data Protection Legislation.
- “Personal Data” or “Data”: any information related to the identified or identifiable natural person.
- “Anonymization” or “Anonymized”: adoption of reasonable technical means available at the time of the Treatment by means of which one piece of data can no longer be directly or indirectly associated with an individual.
- “Treatment” or “Treat” or “Treated”: every operation carried out with Personal Data, such as those that refer to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, elimination, information assessment or control, modification, communication, transfer, diffusion or extraction.
- “Applicable Data Protection Legislation”: the Brazilian General Data Protection Law No. 13,709/2018 (“LGPD”) and subsequent amendments, as well as the Brazilian Civil Rights Framework for the Internet No. 12,965/2014, Executive Order No. 8,771/2016, Federal Constitution, Brazilian Civil Code, Criminal Code, Consumer Protection Code, Executive Order No. 7,963/2013 and other laws and regulations related to Personal Data Treatment and privacy that are applicable to a party and, if applicable, all practice guidance and codes issued by the National Data Protection Authority (“ANPD”) or another proper data supervisory or protection authority.
- “User(s)”: any person who visits our Website.
A. Type of Owner of the Data | B. Personal Data Treatment Activities | C. Which Data Can We Treat | D. With Whom We Share the Data | E. For Which Purposes We Use Your Data |
---|---|---|---|---|
Website Users | Browsing the Website | Geographic location, operating system, browser and its respective versions, screen resolution, programming language, information related to the date and time of the use of the Website by a given User, and information related to the number of clicks and attempts to use the Website, as well as to pages accessed by the User. | With suppliers contracted to provide any services related to the Website, including storage, without an individualized indication of the User that allows their identification. |
|
Website Users | “Notifications via Email” | Name and email. | With suppliers contracted to provide any services related to the Website and communication and marketing services. |
|
Website Users | “Contact Us” | Name and email. | With suppliers contracted to provide any services related to the Website and communication and marketing services. |
|
A. Type of Owner of the Data | B. Personal Data Treatment Activities | C. Which Data Can We Treat | D. With Whom We Share the Data | E. For Which Purposes We Use Your Data |
---|---|---|---|---|
Website Users | Contacts (Media) | Name, email, phone and media. | With suppliers contracted to provide communication and marketing analysis services. |
|
Investors, Journalists and/or any Stakeholder | Subscription for Events and Transmission | Name, surname, company, email and phone. | With suppliers contracted to provide communication and marketing services. |
|
A. Type of Owner of the Data | B. Personal Data Treatment Activities | C. Which Data Can We Treat | D. With Whom We Share the Data | E. For Which Purposes We Use Your Data |
---|---|---|---|---|
Journalists or other media professionals | Press relations | Personal identification data, professional experience data and contact details. | We do not share this data. | Communicating with the media (journalists, public relations, for example) to improve our relationship with our stakeholders and send out press releases. |
Stockholders, Management Members and their dependents | Management of Stockholders and Compliance with Legal Obligations | Identification data and documents, academic and professional background data and contact and family details. | Within the conglomerate, with the applicable proper authorities and bodies, stock brokerages, independent auditors, Registry of deeds and documents, newspapers and providers of translation and file storage services. |
|
Stockholders, Management Members and Attorneys-in-Fact | Powers of Attorney and Contracts | Qualification data, identification data and documents. | Within the conglomerate, with the applicable proper authorities and bodies, law firms, counterparties in contracts and file storage service providers. | Entering into contracts with stakeholders or Itaúsa’s representation instruments. |
A. Type of Owner of the Data | B. Personal Data Treatment Activities | C. Which Data Can We Treat | D. With Whom We Share the Data | E. For Which Purposes We Use Your Data |
---|---|---|---|---|
Stockholders, Management Members and Representatives of Suppliers | Accessory Obligations | Identification data and documents and financial data. | With inspection bodies. | Providing tax and economic information to the applicable inspection bodies. |
Representatives of Suppliers | Relationship with representatives of suppliers. | Personal identification data, identification documents, images, vehicle data for parking purposes, professional contact details, financial data, academic and professional background data, family details. | With financial institutions, inspection bodies, building and security of Itaúsa’s offices, service providers and file management and storage systems. |
|
Any person that needs to make a complaint or is complained about | Whistleblowing Channel | Identification data and documents, contact details, financial data, academic and professional background data and family details. | Within the conglomerate, supervisors, management members, audit service providers and Personnel and Ethics Committee. |
|