DATE OF LAST UPDATE: June 23rd, 2022.

BTG Pactual is committed to protecting and safeguarding your personal data. We would like to explain in more detail how we handle your personal information.

Why does BTG use my personal data?

BTG is compromised in always offering you the best service, for we believe in user power of choice. When we talk about protecting personal data, this involves not only commitment with securing your data and respect to your privacy, but also our compromise with you so that you oversee your personal data.

We collect your personal information mainly to provide the services you contracted for such as bank and insurance services. To do this, we collect personal information that you share with us upon registering in our platforms, making financial transactions, and contacting or interacting with us through our contact channels or products.

These are only a few examples of how our activities use personal data in a legitimate manner and within your expectations. We take data protection seriously and this policy describes how data is collected, used, shared, and stored. If after reading this policy you still have any questions, please feel free to contact us. For better understanding of the terms used in this policy, please refer to Item 9 - "Basic Concepts".

Communication Channel:

DPO: Gabriel Borges

E-mail: SH-Privacidade@btgpactual.com

1. How does btg collect your personal data and what types of data are collected?

The type of Personal Data and how BTG collects it depends on your relationship with us and why. For example, the Personal Data collected is different if you wish to invest in financial market, hire an insurance plan or open a checking account.

Since such data is necessary for the provision of the contracted services and products, BTG defines the appropriate manner for collecting, using, retaining, and processing data in compliance with the guidelines established in the Brazilian Lei Geral de Proteção de Dados Pessoais (LGPD-BR), General Data Protection Regulation (GDPR-EU) and by the competent authorities (Autoridade Nacional de Proteção de Dados, ANPD, and European Data Protection Board, EDPB).

To know more about what data is used and its respective purpose, please refer to our Personal Data Table below, in which it’s possible to identify, according to your reality, how your data is processed by us.

If you have any questions on this, please feel free to contact us through the beforementioned communication channels in this Policy and we will be able to further explain about how, when and why we use Personal Data.

Origin Data Type Collected Purpose
Platform Browsing

Browse Data: Data collected through cookies or device IDs, including IP address, access date and time, geolocation, browser type, duration of the visit and pages visited.

Access logs: we have a legal duty to store information (such as IP address, access date and time) to eventually provide them to legal authorities.
Data on the access device: model, manufacturer, operational system, unique identification, telephone operation, screen resolution, browser type and connection speed. Cookies: activate essential functionalities, such as antimalware software, present screen content, generate statistical information to enhance our Platform and offer custom advertising. For more information, please refer to Item 2 in this Policy.
Forms

Registration Data: name, email address, phone number, gender, home address.

To Contact Us: we request your registration data (such as name and email address or phone number) so that you can contact our support team.
Profile Data: interests, hobbies, spending habits. Newsletter and communications: we use registration data to send informative content or advertising on Products and Services we offer that could interest you. It may be based on your profile data to direct you custom advertising according to your interests.
Platform Use

Registration Data: name, email address, phone number, gender, home address or geolocation, National Identification Number, ID, date of birth.

Financial data: average monthly income.

Biometric Data: face photo.

Registration: we use your data to enable your registration and use of our Services and Products such as, for example, checking account.Some of the information is required for accountability to public authorities, and others to secure your account.
Credit Analysis and Protection: we use your data to prevent frauds, such as, for example, ideological falsehood.
Insurance services Registration Data: full name, phone number, email address, National Identification Number, ID or driver’s license, full home address. Service Provision: depending on the insurance type you contracted, we need certain information to provide you the appropriate services, such as issuing policies, claims or simply to formalize contracts.

In specific situations, we may collect additional information, including Sensitive Data. In case of curated clients or people with disabilities, for example, we might collect information that proves these conditions so we can offer personalized and accessible Products and Services. Or, in case of contracting life insurance, we will need to obtain health data to enable us to provide you the appropriate service.

We do not intend to directly collect children or adolescents Personal Data, except upon specific and highlighted consent from parents or legal guardians.

2. Cookies: what are they and how does BTG use them?

Cookies are small text files stored in your web browser or device. Cookies allow us to recognize your preferences and adapt our website to your specific needs.

Cookies usually have an expiration date. Some cookies are automatically deleted when you close your web browser (called session cookies), while others might be stored for longer in your computer until they are manually deleted (named persistent cookies). BTG uses the following types of cookies:

  • strictly necessary cookies, so that our website functions correctly, authenticating logins for example. It is not possible to refuse these cookies if you wish to access our website;
  • analysis cookies, to enhance website content, providing information on how it is being used in order to improve your user experience. They automatically collect certain Personal Data to identify, for example, how many times a specific page was accessed;
  • functionality cookies, tare used to save previously provided data such as login information, to improve your browsing experience; and
  • marketing cookies, used so we can provide the best Products and Services offers to users according to their interests.

It is important to highlight that BTG is not responsible for cookies used by third parties. Be aware that cookies used by third parties may eventually continue to monitor your online activity even after you have left our website, so it is recommended that you manually delete them.

If you wish to remove cookies installed in your computer, you can delete them manually through the settings available in your browser as instructed, for example, by Google Chrome, Mozilla Firefox, Microsoft Edge or Safari. Note, however, that some website functionalities might became unavailable after deleting certain cookies.

3. With whom does BTG share my personal data?

Sometimes we need to share your Personal Data with third parties that provide services on our behalf. It is the case, for example, with services we hire to host our databases of for auditing. Below we describe some situations, considering the context of BTG, in which we may share your Personal Data:

Our providers. We rely on the help of providers who can process the Personal Data that we collect. We always seek to carefully evaluate our providers and enter contractual obligations for the protection of Personal Data and information security with them, in order to minimize risks for Data Subjects. Depending on the activity they perform, such as in cases of access to costumer information, for instance, we may request our providers’ Personal Data for verification similar to that applied to BTG Pactual employees to establish their reputability, always aiming to process as little Personal Data as possible. Among these providers are, for example, companies with public databases that we hire to assist us in credit analysis for when you open an account or contract a credit operation, as well as card manufacturing and processing companies, investment software companies, among others.

Analytics. Data stored by BTG may be used for statistical purposes (analytics), so that BTG can understand who are the people that visit our website and that are consumers of our Products and Services. This data is pseudonymizable and is not to identify Data Subjects nor make them identifiable, but only to better comprehend how they access BTG’s Digital Platform to improve our service provision and customize products directed according to their interests.

Public Authorities. We must comply with the law. Thus, if an authority with legal competence, such as BACEN, CVM or Procon, requires BTG to share certain Personal Data to, for example, meet regulatory needs, we will need to share this information. We are against any abuse of authority and, if BTG understands that a certain order is abusive, we will always privilege your privacy.

Rights protection. In addition, we reserve the right to share any Personal Data that we believe is necessary to comply with a legal obligation, enforce our Terms of Use, or protect the rights of BTG, our employees and customers.

Economic group. If you, for example, are interested or may be interested in our services by other companies in our Economic Group, we may share your Personal Data with companies in our economic group or with other companies or people trusted to process such information for this purpose

Business Partners. We may share your Personal Data, such as registration information or browsing data or use of the Platform, with our business partners or with other trusted companies or people (such as administrators and/or investment fund managers) to process such information for purposes of providing services that interest you or that may interest you.

If you have any questions regarding who these companies or our providers are, feel free to contact us through the channels provided in this Policy.

4. Does BTG transfer personal data to other countries?

As mentioned in the item above, we may share your personal information with employees, representatives and affiliated or partner companies of BTG based outside your country of residence to provide BTG services to you. We may, for example, transfer your Personal Data to the company responsible for hosting our databases, whose headquarters are located abroad.

These transfers only involve companies that demonstrate compliance with applicable data protection laws and maintain a similar or stricter level of compliance than provided for in applicable Brazilian or EU legislation. In addition, the transferred Data may only be processed, under the terms of this Policy and BTG‘s corporate rules, for the provision of our services or fulfillment of the company‘s purpose.

If you have any questions regarding which are these companies, feel free to contact us through the channels provided in this Policy.

5. What are your rights as a data subject?

Your Personal Data is yours alone and the Brazilian LGPD law as well as EU GDPR guarantee that you have a number of rights related to it. We are committed to fulfilling these rights and, in this section, we explain how you can exercise them with BTG. As a Data Owner you have the following rights:


Transparency You have the right to request for information relating to the processing of your Personal Data provided it’s requested through the official privacy communication channel and that it’s within the scope presented in this policy. We shall deliver it to you in a concise, transparent, intelligible and easily accessible form.
Confirmation and Access Allows you to verify whether BTG processes your Personal Data and, if so, request a copy of the Personal Data we hold about you.
Correction/Rectification Allows you to request the correction of incomplete, inaccurate, or outdated Personal Data.
Anonymization, blocking or deletion Allows you to ask us to (a) anonymize your data so that it can no longer be related to you and therefore ceases to be Personal Data; (b) block your Data, temporarily suspending your ability to process it; and (c) delete your Data.
Portability You have the right to request, upon express request, that BTG provides you, or a third party of your choice, with your Personal Data in a structured and interoperable format, for transfer to another service or product provider, provided that it does not violate the intellectual property or business secret of the company.
Information about sharing You have the right to know the public and private entities with which BTG shares data. We will keep in this Policy information about the types of partners with whom we share personal data. In any case, if you have questions or want more details, you have the right to ask us for this information.
Information about the possibility of not consenting Allows you to have clear and complete information about the possibility and consequences of not providing consent. Your consent, when necessary, must be free and informed. Therefore, whenever we ask for your consent, you are free to withhold it - although in such cases we may have to limit our Services.
Withdrawal of Consent You have the right to withdraw your consent in relation to processing activities that are based on consent. However, this will not affect the legality of any processing carried out previously. If you withdraw your consent, we may not be able to provide certain Services, but we will notify you when this occurs.
Automated Decision Review You have the right to request the review of automated decisions that may affect your interests.



If you have any questions about these issues or how you can exercise these rights, please feel free to contact us through the channels provided in this Policy.

6. How long will personal data be stored?

We store and maintain your information: (i) for as long as required by law; (ii) until the end of the processing of personal data, as mentioned below; or (iii) for the time necessary to preserve BTG‘s legitimate interest. Thus, we will process your data, for example, during the applicable statute of limitations or while necessary to comply with a legal or regulatory obligation.

The end of the processing of personal data will occur in the following cases:

  • When the purpose for which the Data Subject‘s personal data were collected is achieved and/or the personal data collected is no longer necessary or relevant to the scope of that purpose;
  • When the Data Subject has the right to request the termination of the treatment and the deletion of his personal data and he does so; and
  • When there is a legal determination to this effect.

In these cases of termination of processing of personal data, except for the cases established by applicable legislation or by this Privacy Policy, the personal data will be deleted.

7. What are our responsibilities and how do we protect your personal data?

Our responsibility is to take care of your Personal Data and use it for lawful purposes as described in this Policy. To ensure your privacy and the protection of your Personal Data, we have adopted the appropriate security practices for our market, including:

  • encryption and double authentication systems in our Platforms environments;
  • training and awareness policies to keep our employees updated on how to avoid risks to the Data Subject and identify threats and malicious activities;
  • controls and access privileges to Personal Data, so that each employee can only access the data strictly necessary for the performance of their duties;
  • control and preventive monitoring of security incidents, including data leakage, carried out by our Information Security team and by automated security tools recognized by the market;
  • drafting and executing an internal audit plan, which considers both risk and regulatory audits; and
  • establishing disciplinary measures in case of data privacy violations, as deemed necessary, including termination.

We work to protect your Personal Data, but unfortunately, we cannot guarantee complete security. Unauthorized entry or use of your account by a third party, failure of hardware or software not under the control of BTG and other factors may compromise the security of your Personal Data. Therefore, your intervention is essential for maintaining a safe environment for everyone. You can help us by adopting security best practices in relation to your data (such as not sharing passwords with third parties), and if you identify or become aware of something that compromises the security of your data, please contact us through our Data Protection Officer, whose contact channels are below.

8. How to talk with BTG about personal data?

If you believe that your Personal Data has been used in a way that is incompatible with this Privacy Policy or with your choices as Data Subject, or if you have any questions, comments or suggestions related to this Policy, please contact us. We have a Data Protection Officer (DPO) who is available at the following contact addresses:

Mailing address: Praia de Botafogo, 501/5th floor - Rio de Janeiro - RJ - 22250-040
E-mail: sh-privacidade@btgpactual.com

9. Basic concepts: what do I need to know to understand this policy?

In order to simplify your reading, we present some useful definitions for your interpretation:

Term Concept
LGPD, GDPR LGPD is the Brazilian Lei Geral de Proteção de Dados Pessoais and GDPR is the EU General Data Protection Regulation. These laws bring new rules and more protective principles for companies to handle the information of individuals, including you. Their purpose is for you to have more privacy, freedom, transparency, and control in relation to your personal data used by third parties.
ANPD, EDPB The Autoridade Nacional de Proteção de Dados (ANPD) and the European Data Protection Board (EDPB) are the authorities established by Brazilian and European data protection laws respectively. They are the bodies that set guidelines based on the aforementioned laws.
Personal Data It is the data relating to a natural person, which is capable of identifying him or making him identifiable within a certain context. The following can be cited as examples of personal data: Name, National Identification Number, ID, home address, phone number, e-mail address, IP address, etc.
Sensitive Data It is any information about racial or ethnic origin, religious conviction, political opinion, membership of a union or organization of a religious, philosophical or political nature, data relating to health or sex life, genetic or biometric data, when linked to an individual.

Processing

These are the uses that BTG makes of Personal Data, including, but not limited to, the following activities: collection, storage, consultation, use, sharing, classification, reproduction, processing, and evaluation of this data.

Consent

It is the hypothesis that authorizes the processing of Personal Data based on the Data Subject’s free, informed, and unequivocal expression when agreeing to the processing of his Personal Data for a specific purpose and informed by BTG.
Opt-in/Opt-out It is the granting/revocation of consent by the Data Subject. Opt-in is requested when there is a change in the purpose for which the data is being processed. Out-put is available to the Data Subject in certain circumstances, with due regard for the legal bases.
BTG The controller of your personal data is: BANCO BTG PACTUAL S.A., a financial institution headquartered at Praia de Botafogo, nº 501, 5th floor, part, in the city of Rio de Janeiro, State of Rio de Janeiro, registered with the CNPJ/ME under No. 30.306.294/0001-45.
Economic Group It is the economic group of BTG, formed by any company controlled, controlling or under common control of BTG, subject to the definition of control provided for in Brazilian corporate law.
Data Subject It is you: the natural person to whom the Personal Data refers, which may be a customer or user of our Platform.
Plataform ou Plataforms These are the websites and applications owned by BTG.
Products e Services These are all the services and products offered by BTG, with a financial and banking focus, including insurance, pension plans, brokerage, and checking accounts
Policy

It is this BTG Privacy Policy.

10. Changes to the Privacy Policy

As we are always looking to improve our Platforms and Services, this Privacy Policy may be updated to reflect the improvements made. Therefore, we recommend that you periodically visit this page so that you are aware of the changes made. If relevant changes are made, we will notify you.