Privacy Policy

DATE OF LAST UPDATE:  January 12nd, 2024.

BTG Pactual is committed to safeguarding the privacy and protecting the personal data of its customers and, hence, would like to further explain to the Data Subject about how their data is processed.

1. To whom does this policy apply?

The terms of this policy refer to the personal data of BTG Pactual costumers.

2. Why does BTG process my personal data?

BTG is committed to always offering the best services, believing in the user’s power of choice. The protection of personal data involves not only a commitment to data security and respect for privacy, but also the compromise of the Data Subject’s control over their personal data.

The customers’ personal information is collected, primarily, to provide the contracted services, such as banking and insurance services. For this purpose, BTG collects the personal data provided by the customer when registering on BTG Pactual’s platforms, carrying out financial transactions and contacting or interacting with us through our products or communication channels, and this data is only that which is considered essential for the activities in question.

These are just a few examples of how BTG uses personal data in a lawful manner and in accordance with your expectations, always respecting the legal basis for the processing. BTG Pactual is committed to the protection of its customers’ data and aims to minimize the amount of personal information with which it comes into contact, whenever possible.

If you have any questions, you may contact us through the communication channels identified in this Policy. The terms used in this Policy are described in Section 12 – “Basic Terms”.

Communication Channel
DPO: Gabriel Borges
E-mail: SH-Privacidade@btgpactual.com

3. How does btg collect your personal data and what types of data are collected?
Source Type of Data Collected Purpose
Platform Browsing Browse Data: Data collected through cookies or device IDs, including IP address, access date and time, geolocation, browser type, duration of the visit and pages visited. Access logs: we have a legal duty to store information (such as IP address, access date and time) to eventually provide them to legal authorities.
Data on the access device: model, manufacturer, operational system, unique identification, telephone operation, screen resolution, browser type and connection speed. Cookies: activate essential functionalities, such as antimalware software, present screen content, generate statistical information to enhance our Platform and offer custom advertising. For more information, please refer to Item 5 in this Policy.
Forms Registration Data: name, email address, phone number, CPF, national identification number, date of birth, passport, home address. To Contact Us: we request your registration data (such as name and email address or phone number) so that you can contact our support team.
Profile Data: interests, relation to investments, and amount invested. Newsletter and communications: we use registration data to send informative content or advertising on Products and Services we offer that could interest you. It may be based on your profile data to direct you custom advertising according to your interests.
Platform Use Registration Data: name, email address, phone number, gender, home address or geolocation, National Identification Number, ID, date and place of birth, marital status, name of the mother, citizenship and profession.

Financial Data:
Average monthly income, declared wealth.

Biometric Data: face photo.

Optional Data: phone contact list.

Registration: to allow you to register and use our Services and Products such as a checking account. Some of the information is required to report to public authorities, others to secure your account, and still others to enable functionalities in the applications.
Credit analysis and protection: to prevent frauds, such as, for example, ideological falsehood.

Open Finance: if the Data Subject chooses to share information through Brazilian Open Finance, BTG will have access to this data.

Insurance services Registration Data: full name, phone number, email address, CPF, National Identification Number, ID or driver’s license, home address, profession, date of birth, marital status, sex.

Financial Data: average monthly income.

Health Data: physical condition, history of illness, injuries or disabilities, and hobbies.

Service Provision: depending on the type of insurance you contracted, we need certain information to provide you the appropriate services, such as issuing policies, claims or simply to formalize contracts.

In certain situations, additional information may be collected, including Special Data. For example, in the case of curated customers or people with disabilities, information may be collected to verify these conditions so that personalized and accessible Products and Services can be offered. Or, in the case of a life insurance policy, it may be necessary to obtain health information in order to properly provide the service.
To offer certain products or services, such as opening an account for a minor, personal data may be requested from of children or adolescents. BTG Pactual affirms that the processing of personal data of children and adolescents will be carried out in their best interests and in compliance with the legal basis for the processing.

4. Cookies: what are they and how does btg use them?

Cookies are small text files stored in web browsers or devices. Cookies allow us to recognize the users’ preferences and adapt BTG’s website to the visitors’ specific needs.

Cookies usually have an expiration date. Some cookies are automatically deleted upon closing the web browser (called session cookies), while others might be stored for longer in the computer until they are manually deleted (named persistent cookies). BTG uses the following types of cookies:

  • strictly necessary cookies, so that BTG’s website functions correctly, authenticating logins for example. It is not possible to refuse these cookies if the user wishes to access the website;
  • performance cookies, to enhance website content, providing information on how it is being used in order to improve the user experience. They automatically collect certain Personal Data to identify, for example, how many times a specific page was accessed; and
  • marketing cookies, so BTG can provide the best offers of Products and Services to users according to their interests.

It is important to highlight that BTG is not responsible for cookies used by third parties. Be aware that cookies used by third parties may eventually continue to monitor the user’s online activities even after leaving BTG’s website, so it is recommended to manually delete them.

If you wish to remove cookies installed in your computer, it is possible to manually delete them through the settings available in the browser, as instructed, for example, by Google ChromeMozilla FirefoxMicrosoft Edge or Safari. Note, however, that some website functionalities might became unavailable after deleting certain cookies.

5. With whom does BTG share my personal data?

Sometimes it is necessary to share Data Subject’s personal data with third parties that provide services to BTG Pactual. It is the case, for example, with providers contracted to host databases or for auditing. Some situations are described below, considering the context of BTG, in which customers’ Personal Data may be shared:

Providers. BTG Pactual relies on the help of providers who can process the Personal Data that is collected. BTG always seeks to carefully evaluate the providers and enter contractual obligations for the protection of Personal Data and information security with them, in order to minimize risks to Data Subjects. Depending on the activity they perform, such as in cases of accessing costumer information, for instance, BTG may request the providers’ Personal Data for verification to establish their good repute, always aiming to process as little Personal Data as possible. Among these providers are, for example, companies with public databases hired to assist in credit analysis for when you open an account or contract a credit operation; card manufacturing and processing companies; investment software companies; among others.

Analytics. Data stored by BTG may be used for statistical purposes (analytics), to understand who are the people that visit the website and that are consumers of our Products and Services. This data is anonymized and is not used to identify Data Subjects nor make them identifiable, but only to better comprehend how they access BTG’s Digital Platform to improve the provision of services and customize products directed according to their interests.

Public Authorities. As a financial institution, BTG Pactual is subject to regulations and the obligations imposed by them. Hence, if an authority with legal competence, such as BACEN, CVM or Procon, requires BTG to share certain personal data, for example, to meet regulatory needs, it is necessary to share this information, if applicable to BTG Pactual’s activity. It is important to highlight that BTG is against any abuse of authority and, should BTG understand that a certain order is abusive, it will always privilege the privacy of its customers.

Rights protection. BTG Pactual reserves the right to share any personal data that it believes to be necessary to comply with a legal obligation, enforce the Terms of Use, or otherwise protect the rights of BTG Pactual, its employees and customers.

Economic group. In case the customer is interested or may be interested in the services of other companies in the BTG economic group, it is possible to share customers’ personal data with the companies of the economic group or with other companies or people trusted to process the information for this purpose. In these cases, the processing of Personal Data will be protected and supported by the applicable legal instruments.

Business Partners. It is also possible to share customers’ personal data, such as registration information or browsing data or use of the Platform, with our business partners or with other trusted companies or people (such as administrators and/or investment fund managers) to process such information for purposes of providing services that interest or may interest customers.

If you have any questions regarding these companies or our providers, you can contact BTG Pactual through the channels provided in this Policy.

6. Does BTG transfer personal data to other countries?

As mentioned in the previous item, BTG Pactual may share customers’ personal information with employees, representatives and affiliated or partner companies of BTG based outside your country of residence to provide BTG services to its customers. It is possible, for example, to transfer personal data to the company responsible for hosting databases, whose headquarters are located abroad.

These transfers only involve companies that demonstrate compliance with applicable data protection laws and maintain a similar or stricter level of compliance than provided for in the applicable law or regulation. In addition, the transferred data may only be processed, under the terms of this Policy and BTG’s corporate rules, for the provision of our services or fulfillment of the company’s purpose.

If you have any questions about these companies, feel free to contact us through the channels provided in this Policy.

7. What are your rights as a data subject?

The personal data is the property of the Data Subjects, and the applicable privacy laws and regulations guarantee a series of rights relating to data protection. BTG Pactual is committed to fulfilling these rights and, in this section, it is possible to locate how the Data Subject may exercise them with BTG:

Confirmation and Access The Data Subject can verify whether BTG processes their Personal Data and, if so, request a copy of the Personal Data.
Correction/Rectification It allows the Data Subject to request the correction of incomplete, inaccurate, or outdated Personal Data.
Anonymization, blocking or
deletion
It allows the Data Subject to ask to (a) anonymize their data, so that it can no longer be linked to the Data Subject; (b) block their Data, temporarily suspending the possibility of process it; and (c) delete their Data.
Portability The Data Subject has the right to request, upon express request, that BTG provide them, or a third party of their choice, with their Personal Data in a structured and interoperable format, for transfer to another service or product provider, as long as it does not violate the intellectual property or business secrets of the company.
Information about sharing The Data Subject has the right to request, upon express request, that BTG provide them, or a third party of their choice, with their Personal Data in a structured and interoperable format, for transfer to another service or product provider, as long as it does not violate the intellectual property or business secrets of the company.
Information about the
possibility of not consenting
It allows the Data Subject to have clear and complete information about the possibility and consequences of not providing consent. Their consent, when necessary, must be free and informed. Therefore, whenever asked for consent, the Data Subject is free to deny it – even if, in such cases, it may be necessary to limit the Services available.
Withdrawal of Consent The Data Subject has the right to withdraw their consent in relation to processing activities that are based on consent. However, this will not affect the legality of any processing carried out previously. If the Data Subject withdraws their consent, it may not be possible to continue providing certain Services.
Automated Decision
Review
The Data Subject has the right to request the review of automated decisions that may affect their interests.

BTG Pactual is committed to responding to any Data Subject request, within the limits of the applicable regulations.

If the Data Subject has any questions about these issues or how to exercise these rights, please contact us through the channels provided in this Policy.

8. How long will personal data be stored for?

BTG Pactual stores and maintains information: (i) for as long as required by law; (ii) until the end of the processing of personal data, as mentioned below; or (iii) for the time necessary to preserve BTG’s legitimate interest. Therefore, the data will be processed, for example, during the applicable statute of limitations periods or for as long as necessary to comply with a legal or regulatory obligation.

The end of the processing of personal data will cease in the following cases:

  • When the purpose for which the Data Subject’s personal data were collected has been achieved and/or the Personal Data collected is no longer necessary or relevant to achieve such purpose;
  • When the Data Subject has the right to request the termination of the processing and the deletion of their Personal Data and they do so; and
  • When there is a legal determination to this effect.

In these cases of termination of processing of personal data, with the exception of the processing basis established by applicable legislation or by this Privacy Policy, the personal data will be deleted.

9. What are our responsibilities and how do we protect your personal data?

BTG Pactual’s responsibility is to take care of the personal data collected and to use it for lawful purposes, as described in this Policy. To ensure the privacy and the protection of your personal data, BTG Pactual adopts the appropriate security practices for its market, including:

  • encryption and double authentication systems in the Platforms environments;
  • training and awareness policies to keep the employees updated on how to avoid risks to the Data Subject and identify threats and malicious activities;
  • controls and access privileges to personal data, so that each employee can only access the data strictly necessary for the performance of their duties;
  • control and preventive monitoring of security incidents, including data leakage, carried out by our Information Security team and by automated security tools recognized by the market;
  • drafting and executing an internal audit plan, which considers both risk and regulatory audits; and
  • establishing disciplinary measures in case of data privacy violations, as deemed necessary, including termination.

BTG Pactual works to protect the personal data to which it has access. Unauthorized entry or use of your account by third parties, hardware or software failure that’s not under the control of BTG and other factors may compromise the security of your personal data. For this reason, the actions of the Data Subject are fundamental to maintaining a safe environment for everyone. The Data Subject may help by adopting security best practices in relation to their data (such as not sharing passwords with third parties, for example), and if they identify or become aware of something that compromises the security of their data, please contact BTG Pactual through the Data Protection Officer, whose contact channels can be found in this Policy.

10. How to contact BTG about your personal data?

If the Data Subject believes that their personal sata has been used in a way that is incompatible with this Privacy Policy or with their choices as Data Subject, or if they have any questions, comments or suggestions related to this Policy, they may contact BTG through the channel indicated below. BTG Pactual has a Data Protection Officer (DPO) who is available at the following contact addresses:

Mailing address: Praia de Botafogo, 501/5th floor – Rio de Janeiro – RJ – 22250-040

Contact email: SH-Privacidade@btgpactual.com

Data Protection Officer: Gabriel Borges

11. Basic terms: what do you need to know to understand this policy?

In order to simplify the reading, BTG Pactual presents some useful definitions for your interpretation:

Term Concept
Privacy Laws and Regulations  As a financial institution, BTG Pactual is subject to sector-specific regulations and therefore to the obligations they impose, in addition to the privacy and data protection laws applicable locally. Both bring new rules and more protective principles for companies to handle the information of individuals, including the Data Subject. Their purpose is for Data Subjects to have more privacy, freedom, transparency, and control over their personal data used by third parties.
Personal Data It is the data relating to a natural person, which is capable of identifying them or making them identifiable within a certain context. The following can be cited as examples of Personal Data: Name, National Identification Number, ID, home address, phone number, e-mail address, IP address, etc.
Special Data It is any information about racial or ethnic origin, religious conviction, political opinion, membership of a trunion or organization of a religious, philosophical or political nature, data relating to health or sex life, genetic or biometric data, when linked to a natural person. GDPR considers this data as special category data.
Processing These are the operations that BTG does or may do with Personal Data, including, but not limited to, the following activities: collection, storage, consultation, use, sharing, classification, reproduction, processing, and evaluation of this data.
Consent It is the case in which the Data Subject authorizes the processing of Personal Data through a free, informed, and unequivocal expression, agreeing to the processing of their Personal Data for a specific purpose and informed by BTG.
Opt-in/Opt-out It is the granting/revocation of consent by the Data Subject. Opt-in is requested when there is a change in the purpose for which the data is being processed. Out-put is available to the Data Subject in certain circumstances, with due regard for the legal bases.
BTG It is the controller of your Personal Data: BANCO BTG PACTUAL S.A., a financial institution headquartered at Praia de Botafogo, n° 501, 5th floor, part, in the city of Rio de Janeiro, State of Rio de Janeiro, registered with the CNPJ/ME under No. 30.306.294/0001-45
Economic Group It is BTG’s economic group, formed by any company controlled by, controlling or under common control with BTG, observing the definition of control provided for in Brazilian corporate law.
Data Subject The natural person to whom the Personal Data belongs and refers, who may be a customer or user of our Platform.
Plataform ou Plataforms These are the websites and applications owned by BTG.
Products e Services These are all the services and products offered by BTG, with a financial and banking focus, including insurance, pension plans, brokerage, and checking accounts
Policy It is this BTG Pactual Privacy Policy.
12. Changes in privacy policy

This Privacy Policy may be updated to reflect any improvements made. Therefore, BTG Pactual recommends that you visit this page periodically so that you are aware of any changes made.

Updated on January 12th, 2024.