Privacy Policy

DATE OF LAST UPDATE:  June 23rd, 2022.

BTG Pactual is committed to protecting and safeguarding your personal data. We would like to explain in more detail how we handle your personal information.

Why does BTG use my personal data?

BTG is committed to always offering the best services, believing in the user’s freedom of choice. Personal data protection involves responsibility and commitment to the security of your data, as well as respect for your privacy and our commitment to you being in control of your personal data.

Your personal information is mainly used to provide the services you have contracted, such as banking and insurance services. To this end, we collect the personal information that you share when you register on our platforms, make financial transactions and contact or interact with us through our products or contact channels.

These are just a few examples of how our services need to use personal data, legitimately and within your expectations. We take the protection of your data very seriously, and this policy describes how it is collected, used, shared and stored. If after reading this Policy you still have doubts, feel free to contact us. For a better understanding of the terms used in this policy, please refer to item 9 – “Basic Concepts”.

Contact channel:

Email: sh-privacidade@btgpactual.com

1. To whom does this policy apply?

The terms of this policy refer to the Personal Data of BTG Pactual costumers.

2. Why does BTG process my personal data?

BTG is compromised in always offering you the best service, for we believe in user power of choice. When we talk about protecting personal data, this involves not only commitment with securing your data and respect to your privacy, but also our compromise with you so that you oversee your personal data.

We collect your personal information mainly to provide the services you contracted for such as bank and insurance services. To do this, we collect personal information that you share with us upon registering in our platforms, making financial transactions, and contacting or interacting with us through our contact channels or products.

These are only a few examples of how our activities use personal data in a legitimate manner and within your expectations. We take data protection seriously and this policy describes how data is collected, used, shared, and stored. If after reading this policy you still have any questions, please feel free to contact us. For better understanding of the terms used in this policy, please refer to Item 9 – “Basic Concepts”.

Communication Channel
DPO: Gabriel Borges
E-mail: SH-Privacidade@btgpactual.com

3. How does btg collect your personal data and what types of data are collected?
Source Type of Data Collected Purpose Legal Basis
Platform Navigation Navigation data: data collect-ed through cookies or device IDs, including IP, date and time of access, geographic location, browser type, dura-tion of
visit and pages viewed.
Access records: we have a legal duty to store some of your information (such as your IP, date and time of access) to eventually provide it to legal
authorities.
Compliance with legal obligation
Access device data: model, manufacturer, operating sys-tem, unique identifier, tele-phone operator, screen reso-lution, browser type and con-nection
speed.
Cookies: to activate essential functions, such as antivirus software, display content, generate statistical information to improve the Platform and
enable personalized adver-tising. For more information, please see item 2 of this Policy.
Legitimate interest
Forms Registration data: name, e-mail, telephone, gender, home address. Contact Us: we request some of your regis-tration details (such as name and e-mail or phone number) so that you can contact our support team. Consent
Profile data: interests, hob-bies, consumption habits. Newsletter and other communications: we use registration data to send informational content or advertising about the Services and Products we offer and
may interest you. We rely on profile data to target advertising tailored to your interests.
Legitimate interest and consent
Use of the Platform Registration data: name, e-mail, telephone, gender, home address or geolocation, CPF, identification document, date of birth.Financial data: average monthly income.

Biometric data: facial recognition.

Registration: to allow you to register and use our Services and Products, such as your checking account. Some of the information is required by public
authorities, and some is required to ensure the security of your account.
Execution of contract and compliance with legal obligation
Credit analysis and protection: to prevent fraud such as, for example, falsehood. During the process, we can consult public sources to enrich the
database.
Credit protection and consent
Insurance services Registration data: full name, phone number, e-mail, CPF, identification document or driver’s license, full address. Pervice provision: depending on the type of insurance you have taken out, we need specific information to provide you certain services, such as issuing
policies, claims, or simply to formalize contracts.
Contract execution
Kenoby (application platform) Registration data: full name, e-mail, password, date of birth, gender, phone number, country, city, state.Professional data: professional experience, company and position held, education and languages.

Sensitive Data: ethnicity and disabilities.

Work with us: we use the Kenoby platform on our website (see here) so you can apply for job
opportunities currently available.
Consent

In specific situations, we may collect additional information, including Sensitive Data. In the case of persons under conservatorship or people with
disabilities, for example, we may collect information that proves these condi-tions so that we can offer more personalized and accessible Products and Services. Or in the case
of contracting life insurance, health data is collected to allow the adequate provision of the service.
We do not intend to directly collect Personal Data from children or young persons, except with the specific and prominent consent of parents or legal
guardians.

4. Cookies: what are they and how does btg use them?

Cookies are small text files stored on your browser or device. Cookies allow us to remember your preferences in order to adapt our website to your specific requirements.

Cookies usually have an expiration date. Some cookies are automatically deleted when you close your browser (session cookies), while others can be stored on your computer for longer, until you delete them manually (persistent cookies). BTG uses the following types of cookies:

  • strictly necessary cookies, which allow our website to function properly, such as logins with authentication. It is not possible to reject these cookies if you want to access the website;
  • canalysis cookies, to improve the content of the website, providing information about how it is being used in order to enhance your user experience. These cookies automatically collect certain Personal Data to identify, for example, how often a particular page was visited;
  • cfunctionality cookies, to record data previously provided, such as your login information, in order to improve the browsing experience; and
  • marketing cookies, which enable us to provide the best offers of Products and Services to the user, according to their interests.

It is important to clarify that BTG is not responsible for third-party cookies. Please note that cookies placed by third parties may eventually continue to track your online activities even after you leave our website, therefore, it is recommended that you delete them manually.

If you want to delete the cookies installed on your computer, you can do so manually using the settings available in your browser, following the instructions on Google ChromeMozilla FirefoxMicrosoft Edge or Safari. It should be noted, however, that some of the website’s features may become unavailable after the deletion of certain cookies.

5. With whom does BTG share my personal data?

Sometimes we need to share your Personal Data with third parties that provide services on our behalf.
It is the case, for example, with services we hire to host our databases of for auditing. Below we describe some situations, considering the context of BTG, in which we may share your Personal Data:

Our providers. We rely on the help of providers who can process the Personal Data that we collect. We always seek to carefully evaluate our providers and enter contractual obligations for the protection of Personal Data and information security with them, in order to minimize risks for Data Subjects. Depending on the activity they perform, such as in cases of access to costumer information, for instance, we may request our providers’ Personal Data for verification similar to that applied to BTG Pactual employees to establish their reputability, always aiming to process as little Personal Data as possible. Among these providers are, for example, companies with public databases that we hire to assist us in credit analysis for when you open an account or contract a credit operation, as well as card manufacturing and processing companies, investment software companies, among others.

Analytics. Data stored by BTG may be used for statistical purposes (analytics), so that BTG can understand who are the people that visit our website and that are consumers of our Products and Services. This data is pseudonymizable and is not to identify Data Subjects nor make them identifiable, but only to better comprehend how they access BTG’s Digital Platform to improve our service provision and customize products directed according to their interests.

Public Authorities. We must comply with the law. Thus, if an authority with legal competence, such as BACEN, CVM or Procon, requires BTG to share certain Personal Data to, for example, meet regulatory needs, we will need to share this information. We are against any abuse of authority and, if BTG understands that a certain order is abusive, we will always privilege your privacy.

Rights protection. In addition, we reserve the right to share any Personal Data that we believe is necessary to comply with a legal obligation, enforce our Terms of Use, or protect the rights of BTG, our employees and customers.

Economic group. If you, for example, are interested or may be interested in our services by other companies in our Economic Group, we may share your Personal Data with companies in our economic group or with other companies or people trusted to process such information for this purpose.

Business Partners. We may share your Personal Data, such as registration information or browsing data or use of the Platform, with our business partners or with other trusted companies or people (such as administrators and/or investment fund managers) to process such information for purposes of providing services that interest you or that may interest you.

If you have any questions regarding who these companies or our providers are, feel free to contact us through the channels provided in this Policy.

6. Does BTG transfer personal data to other countries?

As mentioned in the item above, we may share your personal information with BTG employees, representatives and affiliated companies or partners based outside your country of residence, in order to provide our services to you. We may, for example, transfer your Personal Data to the company responsible for hosting our databases, whose head-quarters are located abroad.

These transfers only involve companies that demonstrate compliance with applicable data protection laws, and main-tain a similar or stricter level of compliance than the provisions of Brazilian legislation. In addition, the Data transferred may only be processed, in accordance with this Policy and BTG’s corporate rules, for the provision of our services or fulfillment of the company’s objective.

If you have any doubts about who these companies are, feel free to contact us through the channels available in this Policy.

7. What are your rights as a data subject?

Your Personal Data is yours alone and the Brazilian LGPD law as well as EU GDPR guarantee that you have a number of rights related to it. We are committed to fulfilling these rights and, in this section, we explain how you can exercise them with BTG. As a Data Owner you have the following rights:

Transparency You have the right to request for information relating to the processing of your Personal Data provided it’s requested through the official privacy communication channel and that it’s within the scope presented in this policy. We shall deliver it to you in a concise, transparent, intelligible and easily accessible form.
Confirmation and Access Allows you to verify whether BTG processes your Personal Data and, if so, request a copy of the Personal Data we hold about you.
Correction/Rectification Allows you to request the correction of incomplete, inaccurate, or outdated Personal Data.
Anonymization, blocking or
deletion
Allows you to ask us to (a) anonymize your data so that it can no
longer be related to you and therefore ceases to be Personal Data;
(b) block your Data, temporarily suspending your ability to process
it; and (c) delete your Data.
Portability You have the right to request, upon express request, that BTG
provides you, or a third party of your choice, with your Personal
Data in a structured and interoperable format, for transfer to another
service or product provider, provided that it does not violate the
intellectual property or business secret of the company.
Information about sharing You have the right to know the public and private entities with which BTG shares data. We will keep in this Policy information about the types of partners with whom we share personal data. In any case, if you have questions or want more details, you have the right to ask us for this information.
Information about the
possibility of not consenting
Allows you to have clear and complete information about the
possibility and consequences of not providing consent. Your
consent, when necessary, must be free and informed. Therefore,
whenever we ask for your consent, you are free to withhold it –
although in such cases we may have to limit our Services.
Withdrawal of Consent You have the right to withdraw your consent in relation to
processing activities that are based on consent. However, this will
not affect the legality of any processing carried out previously. If you
withdraw your consent, we may not be able to provide certain
Services, but we will notify you when this occurs.
Automated Decision
Review
You have the right to request the review of automated decisions that may affect your interests.

If you have any questions about these issues or how you can exercise these rights, please feel free to contact us through the channels provided in this Policy.

8. How long will personal data be stored for?

We store and maintain your information: (i) for as long as required by law; (ii) until the end of the processing of personal data, as mentioned below; or (iii) for the time necessary to preserve BTG’s legitimate interest. Thus, we will process your data, for example, during the applicable statute of limitations or while necessary to comply with a legal or regulatory obligation.

The end of the processing of personal data will occur in the following cases:

  • When the purpose for which the Data Subject’s personal data were collected is achieved and/or the personal data collected is no longer necessary or relevant to the scope of that purpose;
  •  When the Data Subject has the right to request the termination of the treatment and the deletion of his personal data and he does so; and
  •  When there is a legal determination to this effect. In these cases of termination of processing of personal data, except for the cases established by applicable legislation or by this Privacy Policy, the personal data will be deleted.
9. What are our responsibilities and how do we protect your personal data?

We are responsible for processing your Personal Data and use it for lawful purposes, as described in this Policy. And, in order to ensure your privacy and the protection of your Personal Data, we adopt the appropriate security prac-tices for our market, including:

  • encryption and two-factor authentication systems in our Platforms environments;
  • training and awareness policies to keep our employees up to date on how to avoid risks to the Data Subject and identify threats and malicious activities;
  • controls and access privileges to Personal Data, so that employees can only access data strictly necessary for the performance of their duties; and
  • control and monitoring to prevent security incidents, including data leakage, carried out by our Information Security team and by automated security tools recognized by the market.

We work to protect your Personal Data, but unfortunately we cannot guarantee complete security. Unauthorized or third-party access to your account, hardware or software failure that is not under the control of BTG and other factors can compromise the security of your Personal Data. For this reason, your actions are fundamental for the mainte-nance of a safe environment for all. You can help us by adopting good security practices in relation to your data (for example, not sharing passwords with third parties), and if you identify or become aware of something that undermines the security of your data, please contact us through our Data Protection Officer, whose contact channels are below.

10. How to contact btg about your personal data?

If you believe that your Personal Data has been used in a way which conflicts with this Privacy Policy or with your choices as the Personal Data Holder, or if you have any questions, comments or suggestions related to this Policy, please contact our Data Protection Officer (DPO) through the following:

Data Protection Officer (DPO): Reinaldo Nogueira
Mailing address: Praia de Botafogo, 501/5º andar – Rio de Janeiro – RJ – 22250-040
E-mail: sh-privacidade@btgpactual.com

11. Basic concepts: what do i need to know to understand this policy?

In order to make your reading easier, below are some useful definitions:

Term Concept
LGPD The LGPD is the Brazilian Personal Data Protection Law. The law imposes new protection rules and principles for companies to handle the personal information of individuals, including you. The purpose of the law is to ensure you more privacy, freedom, transparency and control in relation to your personal data used by third parties.
Personal Data Any information related to an identified or identifiable individual, within a certain context. Some examples of personal data are: Name, RG (identity card), CPF (taxpayer identification number), address, cell phone, e-mail, IP address etc.
Sensitive Data Any information about an individual’s race or ethnicity, religious beliefs, political opinion, trade union membership, affiliation with any organization of a religious, philosophical or political nature, data relating to health or sex life and genetic or biometric data.
Handling of data These are the ways Personal Data is handled by BTG, including, but not limited to, the following activities: collection, storage, consultation, use, sharing, classification, reproduction, processing and assessment.
Legal Basis It is the legal hypotheses that authorize BTG to process Personal Data: given consent or the fulfillment of a legal obligation, for example.
Consent The hypothesis that authorizes the processing of Personal Data based on the free, informed and unequivocal manifestation of the Data Subject when agreeing with the handling of Personal Data for a specific purpose, as informed by BTG.
Legitimate Interest It is a Legal Basis, as defined above. It authorizes the processing of your data (even without your consent), whenever the use of such data is necessary for the purposes of the legitimate interests pursued by BTG or by a third party.
For example, marketing cookies may collect your Personal Data to offer you advertising tailored to your interests. The Law establishes that interests are only legitimate if your data is used in compliance with Brazilian regulations, and as long as there is effective transparency of such uses and your rights are respected.
BTG BANCO BTG PACTUAL S.A., financial institution headquartered at Praia de Botafogo, No. 501, 5º andar, parte, in the city and state of Rio de Janeiro, enrolled under corporate taxpayer ID (CNPJ/ME) No. 30.306.294/0001-45.
Data Subject You: the individual to whom the Personal Data is related, being either a customer or user of our Platform.
Platform or Platforms BTG’s websites and applications.
Products and Services All the services and products offered by BTG, focused on the financial and banking markets, such as insurance, pension plans, brokerage, current accounts.
Policy BTG’s Privacy Policy.
12. Changes in privacy policy

We are always working to improve our Platforms and Services, and consequently, this Privacy Policy may be amend-ed in order to reflect the improvements made. Therefore, we recommend that you visit this page periodically so that you are aware of any changes. If relevant changes are made, we will notify you.