Privacy and personal data protection notice
1. Introduction
Transfero is an innovative company that uses blockchain technology to offer infrastructure to companies that want to provide their customers in Latin America with payment services using digital assets. The company also has global operations in countries such as Brazil, Argentina, Switzerland, Chile, Colombia, the Bahamas, among others.
Among the company’s values, transparency and trust guide issues related to the protection of personal data. The company constantly adapts to current regulations related to the processing of all personal data collected, stored, and shared.
Therefore, the purpose of this Privacy Notice is to explain and assure customers and partners how Transfero addresses privacy and personal data protection, as well as the respective treatment and processing of such data by the company.
2. Terms and definitions
For a better understanding of this document, below are the terms used and their respective definitions:
National Data Protection Authority (ANPD): Brazilian federal agency responsible for supervising and enforcing personal data protection measures at the national level.
Data encryption: A security method that involves converting data into an unreadable format, called ciphertext, using a specific algorithm. This process is used to protect the confidentiality and integrity of data, making it incomprehensible to anyone who does not have the appropriate decryption key.
Personal data: Any information relating to a natural person that can identify or make such person identifiable.
Sensitive personal data: Information that may reveal intimate aspects of a person and generate the possibility of discrimination, according to the exhaustive list provided by the Brazilian General Data Protection Law (LGPD).
Data protection officer (DPO): A person, whether an individual or legal entity, appointed by the data controller or processor to act as a point of contact between them, the data subjects, and the Brazilian National Data Protection Authority (ANPD).
Brazilian General Data Protection Law (LGPD): Brazilian Law No. 13,709/2018, inspired by European legislation, which aims to ensure the privacy and security of personal data, in observance of fundamental rights such as privacy, intimacy, freedom of expression, and access to information.
Processing of personal data: Any operation carried out with personal data, including collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination, or extraction.
Personal data subject: The individual to whom the personal data refers.
3. Personal data collection
Personal data is collected through the user’s registration to use one of the services offered by the company. Some of the data initially collected, in a non-exhaustive manner, to identify the user and their profile include:
Full name;
Email address;
Telephone number;
Nationality;
Full residential address;
Date of birth; and
Full name of the mother.
4. Hypotheses of personal data processing
Transfero processes personal data in order to provide and perform its services, continuously seeking to improve them and ensure user security in its operations. Transfero may also use the collected data to inform users about newly launched products.
The most frequent purposes for processing personal data are:
Resolution of questions and requests from users;
Contract execution;
Ensuring data security, especially against fraud;
Development of new products; and
Advertising.
For these purposes, Transfero bases its processing activities on the following legal bases:
Contract execution or preliminary procedures related to a contract;
Consent; and
Legitimate interest.
5. Processing of personal data of children
Transfero does not collect or process personal data of children and/or adolescents in the provision of its services, except in the legal situations provided for under the LGPD.
6. Storage and disposal of personal data
Transfero stores personal data only for the period necessary to fulfill the purposes defined at the time of consent. Some data may be retained when required to comply with legal or regulatory obligations, or for the regular exercise of rights in judicial, administrative, or arbitration proceedings.
7. Sharing of personal data
In order to conduct its activities, Transfero may share personal data with third parties, such as:
Operators: service providers that process personal data on our behalf, in accordance with our instructions; and
Public authorities: when required for the protection of rights or compliance with legal obligations.
Transfero carefully evaluates the processing carried out by operators, observing the principles and purposes of the LGPD, as well as secure data-sharing practices, ensuring privacy and data protection.
8. International transfer of personal data
Transfero and some of its partners are located in different countries, which may result in the international processing of personal data.
Such transfers occur only with companies that comply with the applicable local legislation of their respective countries, which must provide a level of protection equivalent to or more stringent than that required under Brazilian law.
9. Cookies
To provide users with a better experience on our website, cookies may be collected. The cookies used are classified as:
Strictly necessary; and
Analytics.
Transfero is not responsible for cookies added by third parties. We recommend that users regularly clear their browsing data. For more information, please refer to our Cookie Notice.
10. Data security
As a company that processes personal data, Transfero adopts effective technical and administrative measures to ensure information security and prevent unauthorized access, disclosure, alteration, or destruction of data.
The company has implemented measures to ensure the confidentiality, integrity, and availability of the data it processes, including internal policies, procedures, and employee training aimed at fostering a culture of personal data protection and preventing potential incidents.
In the event of suspected incidents or improper access to a user’s account, Transfero may terminate access at any time and without prior notice, in order to protect personal data.
Each user accesses the services through an individualized login and password. Users are advised to keep their credentials confidential, use strong passwords, and log out after using shared computers.
11. Rights of data subjects
Every individual is guaranteed rights regarding the processing of their personal data, preserving freedom, intimacy, and privacy. Therefore, anyone who maintains a relationship with Transfero may:
Confirm the existence of personal data processing;
Access their personal data;
Correct incomplete, inaccurate, or outdated personal data;
Request anonymization, blocking, or deletion of unnecessary or excessive data;
Request information about data sharing; and
Revoke consent.
When Transfero acts as a personal data processor, requests will be forwarded to the data controller within the applicable legal deadlines.
12. Information requests
To request information or exercise your rights regarding personal data, please contact our DPO by email at privacidade@transferobank.com.br.
For security purposes, additional documents or information may be required to confirm the identity of the data subject. The following response deadlines apply:
Immediately after the request, the DPO will contact the requester to confirm the existence and access to personal data. If immediate analysis is not possible, confirmation of the request opening will be provided in a simplified manner; and
Within fifteen (15) days from the request, a complete response will be provided, confirming the measures adopted.
All information will be provided electronically in a secure and reliable manner.
13. Amendments
Transfero continuously improves its data protection practices. To maintain transparency and security in the processing of personal data, this Privacy Notice may be updated annually or whenever necessary.
14. Governing law and jurisdiction
This Privacy Notice is governed by and interpreted in accordance with Brazilian privacy and personal data protection laws. It also applies to Transfero’s operations in other countries, subject to the applicable local laws of each jurisdiction.
Last updated: November 8, 2024.