If you have any questions, please contact us through our support channels.
TABLE OF CONTENTS
2. Specific terms and conditions of use
3. Access to restricted content
4. Content sent by Users
5. Links to third parties’ websites and applications
6. How our Websites and Applications should not be used
8. Intellectual Property
9. Suspension of access
10. Applicable legislation
2. SPECIFIC TERMS AND CONDITIONS OF USE
3. ACCESS TO RESTRICTED CONTENT
Some of our Websites and Applications have an open content area and a restricted content area. To have access to the restricted content area, the User may be required to register by providing some personal information for the creation of a login and password.
Please make sure that the information supplied is correct because you are responsible for its veracity. Any inconsistency may affect your access to the Website and Application.
How is my registration data used?
May I share my login, password, and Security Device with third parties?
Only you can use your login, password and itoken; therefore, sharing them with third parties is forbidden. Note that your access is personal and non-transferable, and you are fully responsible for the safeguard, secrecy and good use of your login, password and itoken.
What are Touch ID, Face ID, and Fingerprint?
Touch ID and Fingerprint are identity sensors by digital fingerprint, whereas the Face ID is a facial recognition sensor. The three of them make the authentication and recognition of the User easier.
May I use the authentication and recognition sensors of the Touch ID, Face ID and Fingerprint to log in to the Applications of Itaú Unibanco?
These functionalities are available for some Applications, depending on your device and its operating system version. Through them, you may access your account by entering your login data, such as branch and account or credit card numbers, for example, and use the digital fingerprint or facial recognition instead of entering your electronic password, provided that one of these functionalities is registered and enabled in your device’s operating system. These resources will not replace the password of your card or the security device when using the other functions of the Applications.
Bear in mind that any person that has the digital fingerprint or the face registered in your mobile or device may have access to the logged in part of Itaú Unibanco’s Applications if you enable access to them through Touch ID, Face ID, or Fingerprint. You are responsible for the digital fingerprint or face registered on your mobile or device, including for enabling or disabling this function to access Itaú Unibanco’s Applications.
Can I disable the Touch ID, Face ID and Fingerprint functions to log in to the Applications? How does it work?
Yes, it is possible to disable login with the Touch ID, Face ID, or Fingerprint functions in the Application’s settings once logged in. settings. Meanwhile, changing the digital fingerprint or face registered must be done in your mobile or device’s operating system settings.
4. CONTENT SENT BY USERS
Some of our Websites and Applications may allow Users to send content such as comments, images, messages, pictures, etc. for disclosure in open content areas of the Websites and Applications. In these cases, the content sent and the identification of your profile, if any, may be viewed by other Users, always in accordance with bank secrecy rules.
The User may also be able to send content, such as pictures, documents, comments, and other messages for the purpose of registration, customer support, use of the services available on the Websites and Applications, or for other purposes. In these cases, the content sent will not be available in open content areas of the Websites and Applications.
We remind you that, in any case, the content sent will be the responsibility of the person who sent them.
5. LINKS TO THIRD PARTIES’ WEBSITES AND APPLICATIONS
6. HOW OUR WEBSITES AND APPLICATIONS SHOULD NOT BE USED
Pay attention to the following practices that are against our conditions of use:
· Practice of any illicit act, violation of Itaú Unibanco’s or third parties’ rights, and violation of the applicable legislation;
· Uploading, sharing or transmitting any erotic, pornographic, obscene, calumnious, or defamatory content, or of physical or moral violence, or content that condones crime, the use of drugs, the consumption of alcoholic beverages or of smoking products, or that promotes or incites hatred, illegal activities, prejudice or any other form of discrimination for any reason;
· Use of any automated system/application to make consultations, accesses or any other mass-market operation, for any purpose, without the authorization of Itaú Unibanco;
· Practice of acts that harm any Website, Application and equipment of Itaú Unibanco and of other Users and third parties, including the use of viruses, Trojans, malware, worm, bot, backdoor, spyware, rootkit or any other means with this purpose.
You, as User, are responsible for:
· all your actions or omissions taken on our Websites and Applications;
· the content that you send and/or transmit on the Websites and Applications; and
· compensating for damages caused to Itaú Unibanco, third parties or other Users arising from your access to and use of our Websites and Applications.
Accordingly, we are not responsible for the items mentioned above or for the unavailability and technical failures of the Websites and Applications’ systems. Moreover, bear in mind that the content sent and/or transmitted by Users and/or third parties do not represent Itaú Unibanco’s opinions nor views.
8. INTELLECTUAL PROPERTY
The following items belong to Itaú Unibanco and may only be used upon its prior and express authorization:
· all software, applications or functionalities created, produced or hired by Itaú Unibanco for its Websites and Applications, as well as its visual identity and content;
· the names of companies, trademarks, patents, domain names, slogans, advertisements, or any signal used to distinguish what belongs to Itaú Unibanco that is on Websites and Applications.
9. SUSPENSION OF ACCESS
At any time, without prior or subsequent notice, Itaú Unibanco may suspend, cancel or interrupt the access to the Websites and Applications, including if the use of these channels conflicts with the provisions in this document.
10. APPLICABLE LEGISLATION
Privacy, protection of Personal Data and its processing in a transparent, ethical, safe, and responsible way are essential values to us.
2. Which information do we use and how do we collect it?
3. For what do we use your data?
4. Can the information be shared?
5. About Cookies
6. International data transfer
7. For how long do we keep your data?
8. Data security
9. Your rights
10. Data Protection Officer
2. WHICH INFORMATION DO WE USE AND HOW DO WE COLLECT IT?
We process the Personal Data of those who are or have been our clients or have had any relationship with us, people who were or are a representative, proxy, employee or partner of any client, company, or entity which we relate or associate with, people who have carried out a transaction with us or with our clients, and of people with whom we intend to relate or other data subjects.
The Personal Data that we process vary in accordance with the purposes of use, including those indicated in this Policy, and with the activities we perform. These Personal Data include registration, financial and transactional data, such as:
· Registration data: name, date of birth, gender, Identity Card (RG) No., Individual Taxpayer’s Registry (CPF) No. and/or other identification documents, such as driver’s license, picture, , home and commercial addresses, home, commercial and mobile phone numbers, email address, profession, occupation, marital status, nationality, place of birth, PEP – politically exposed person, among others.
· Sensitive Personal Data: biometric data, including facial and/or digital data, or other sensitive personal data, in accordance with the applicable legislation.
· Financial and transactional data: information on banking, financial and payment operations and transactions, on products and services that were contracted or are under an intention to be contracted and their use (including our financial, banking, credit, financing, foreign exchange, investment, insurance, pension, capitalization, consortium, credit card and payment service products, among others).
· Third parties’ personal data: parents’ names, representatives, representees, guarantor, counterparties, proxies, employees, partners or beneficiaries of products and services, such as of insurance policies, pension plans, credit card and payment.
· Device information: device information (such as Advertising ID and technical information, such as operating system, screen size), connection (such as date, time and IP address, network used), device identification and use. We may also collect, if you authorize us via our Applications, your geolocation, for us to use it to prevent fraud and other security purposes, as well as to protect credit, to indicate nearby branches and make offers of products and services to you.
· Information we access to provide you with a functionality: if you authorize, and in order to enable some functionalities of our Websites and Applications, such as when we treat your pictures and contact details for the creation and forwarding of payment receipts.
· Information on browsing habits: pages and functionalities accessed on our Websites and Applications, number of clicks, pages and applications that originated the access to our Websites and Applications (for example, if you access a website that has a link to our Websites and Applications, or if you access pages of third parties from the links on our Websites and Applications).
· Media and social platforms data: interactions that you might have with our social networks, such as Facebook, Twitter, Instagram, Linkedin and YouTube.
· Financial position data: we can access the data on your financial or credit position, such as income, equity, negative entries on credit reports, data in the Positive Credit Registry, including detailed data in the Positive Credit Registry or data of the Credit Information System of the Central Bank of Brazil, in accordance with applicable legislation.
The data may be supplied directly by you, be collected as a result of the provision of services or supply of products by Itaú Unibanco to you (or related to you), or they may be supplied by other companies of the Itaú Unibanco Conglomerate or by legitimate external sources, such as strategic partners, brokerages, including securities and insurance brokerages, suppliers, service providers, other institutions of the financial system, credit bureaus, public institutions, correspondent banks and companies or bodies which Itaú Unibanco or you have a connection or some type of direct or indirect relationship with. We may also obtain Personal Data and other information from public and/or publicly available data sources, such as the Internet, the media, social media and public records, and from other sources, as permitted by applicable legislation.
We present below some examples of these situations:
· Data may be supplied by you, for example, when filling out registration files, forms, proposals, and simulations or when adhering to, contracting, accessing, searching for or expressing interest in products and services.
· Data we generate on you arising from your relationship with Itaú Unibanco, such as information on the contracting and the use of products and services, or when you interact with us via our Websites, Applications, channels, establishments, centers, and points of service and customer support.
· Data received from third parties are those provided by third parties on you, even if you are not a client of Itaú Unibanco, including by companies or bodies which Itaú Unibanco or you have relationship with, as well as suppliers and partners. Some examples of the cases in which this occurs are:
· someone carries out a financial transaction with you, such as a bank transfer or payment of a slip;
· when you are the beneficiary or User of some product contracted by a third party, such as credit card, insurance or pension;
· the company or body you work for provides information on you for the supply of products and services to you, such as the payment of your salary by Itaú Unibanco, for the grant of credit or payroll loan or pension products;
· we pay benefits originating from public bodies;
· a client, a counterparty, a partner or a service provider appoints you as its partner, representative, employee, proxy or contact;
· a partner or a service provider provides us with information on you for the offering or contracting of products and services;
· we seek information on you or confirm information that you provide us with for our activities, such as creating or improving your registration file and your experience, preventing fraud and complying with other legal obligations.
3. FOR WHAT DO WE USE YOUR DATA?
Itaú Unibanco processes personal data in accordance with the legal bases provided in the Brazilian General Data Protection Law (LGPD), for example, to comply with legal and regulatory obligations; for the performance of a contract; for credit protection; to pursue the legitimate interests of Itaú Unibanco, our clients and third parties; to protect life or physical safety of the Owner or third party; in situations in which the consent of the Owner of the Personal Data is collected and for the regular exercise of rights.
We can treat Personal Data and other information for many purposes related to the performance of the activities of the Itaú Unibanco Conglomerate, in accordance with the examples described below:
- To carry out our activities, provide our services and supply our products in our relationship with you:
· create and maintain your registration file updated, verify your identity and any other information;
· comply with and carry out actions related to the performance of a contract, including steps prior to, during and after entering into a contract. Activities such as assessment of contract proposals, support in our channels and operational processes to ensure the best experience and service for our clients;
· serve our clients, potential clients and third parties, including solving questions, complaints, claims, requests and support demands through our service channels, allowing you to contact us whenever necessary, and vice-versa;
· send communications about products and services contracted by you that are necessary for the performance of a contract;
· assess and regularly exercise the rights necessary for the performance of the contracts, such as information on your health that is required for contracting certain products, such as insurance products, or also for the assessment of related claims;
· select and contract the employees of Itaú Unibanco.
- To understand our clients and offer products that are better suited to their needs and profile:
· assess the profile, identify opportunities, and offer products, services, initiatives and benefits of the Itaú Unibanco Conglomerate and/or strategic partners to be contracted that are more adequate to the profile, interests and needs ofcurrent clients and potential clients, as well as third parties, even through email marketing or other means. You can manage your communications preferences or choose to no longer receive them through our support channels;
· analyze data on Users’ demographics and interests, with analytics tools such as Google Analytics and Facebook Ads, to better understand the audience for marketing campaigns;
· analyze the browsing behavior and the profile of Users and clients, including to understand if the User accessed the Websites and Applications via direct access, links or our own or third-party cookies, for example;
· carry out marketing campaigns and use information technologies and online advertising solutions;
· carry out surveys with the public in general so as to improve our products, services and initiatives.
- Security and risk:
· identify, prevent and manage any security risks, both physical and cybernetic, to you, Itaú Unibanco or third parties;
· prevent fraud and ensure security, including with the use of your biometric data (facial, digital or other), as well as your geolocation, in any products, services, Websites and Applications of Itaú Unibanco, for identification and/or authentication processes in Itau’s or third parties’ electronic systems, which may also be Controllers of Personal Data, including through the development and/or use of antifraud tools;
· analyze the profile, identify, manage and treat potential risks in the offer and contracting of products and/or services and in the other activities of Itaú Unibanco, such as the credit, operating, reputational and market risks, among others. By monitoring these risks we are also taking care of our clients’ security;
· activities related to credit protection, such as credit risk assessment and management, assessment of the financial position, collection, credit assignment, activities related to informing and consulting credit protection entities and the Positive Credit Registry, among others.
- Compliance with legal and regulatory obligations:
· comply with legal, regulatory and self-regulatory obligations, such as: internal audit and compliance activities, prevention of money laundering and terrorism financing crimes and other illicit acts, Know Your Client – KYC activities and other risk management activities, reporting to the Federal Revenue Service, fraud prevention measures, provision of information to the Central Bank of Brazil and other proper bodies in Brazil and abroad, for compliance with rules, communication of suspicious operations to the Council for Financial Activities Control (COAF), proof of life of the National Social Security Institute’s (INSS) beneficiaries, assessment of legal representatives and partners of companies, among other activities;
· comply with court orders and administrative and arbitration decisions.
- To protect your rights and those of Itaú Unibanco and third parties:
· for the regular exercise of rights, including in contracts and lawsuits, and in extrajudicial, administrative or arbitral proceedings.
- To maintain, create and improve our activities:
· analyze, create, and improve our products, services, activities, whether internal or external, initiatives, projects, resources and functionalities of our platforms, Websites and Applications, including to improve your access and use and offer you a better experience;
· measure and understand the interaction of Users and clients with us, including in social networks and in our channels, as well as the use of our products, services, activities, initiatives, Websites and Applications and the satisfaction of Users and clients. This way we can create, maintain and improve our products, services and support channels;
· carry out business, internal management and managerial processes. We treat your data for our activities and to help us make better decisions for our operations, business, services, products, activities and initiatives;
· activities related to contracting and relationship with suppliers, service providers and other third parties.
- Other treatment situations based on legitimate purposes, such as the support and promotion of Itaú Unibanco’s or the provision of services that benefit our clients.
- To promote events, provide sponsorships and other activities and initiatives.
4. CAN THE INFORMATION BE SHARED?
· between companies of the Itaú Unibanco Conglomerate and with the foundation or entity that has any of these companies as a sponsor or is otherwise managed or linked to the Itaú Unibanco Conglomerate, including for the development of our activities, to offer and provide services and supply products, to manage risk, to comply with legal obligations and other purposes provided for in this Policy;
· with strategic partners, including to offer, contract and use of their products and services, or products and services jointly developed that may benefit you;
· with service providers, suppliers, brokerages, including insurance brokerages, and correspondent banks contracted by Itaú Unibanco for the development of our activities;
· with regulatory bodies, other public entities, institutions of the financial system and third parties, including to comply with and carry out legal, regulatory and contractual obligations and for the protection of and the regular exercise of rights;
· for compliance with requisitions, requests and decisions of judicial, administrative or arbitral authorities;
· to identify, prevent and investigate possible infractions or illicit acts (including fraud, money laundering and terrorism financing);
· to preventrisks and fraud and to ensure security, including with the use of your biometric data (facial, digital or other) in identification and/or authentication procedures in our own electronic systems, or those of third parties, which are also Personal Data Controllers;
· in situations which the sharing is relevant or necessary for the creation, offer, maintenance, operation and improvement of our Websites and Applications and of the activities, initiatives and products and services of the Itaú Unibanco Conglomerate and strategic partners;
· with credit bureaus, including in accordance with the provision in applicable legislation, such as for compliance with the Positive Credit Registry (“Cadastro Positivo”)legislation, in the cases of negative entries on credit reports, among others;
· with other financial institutions, including, when necessary, for the processing of any transaction or other activities for the performance of the contract;
· sharing anonymized, grouped, or cookies information, or other information or types of data that do not allow the personal identification of the Data Subjects;
· in cases of acquisition, merger or other corporate restructuring processes;
· situations in which your consent may be necessary and, if it is, we will request your consent in a timely manner.
5. ABOUT COOKIES
Cookies allow the collection of browsing-related data depending on the type of device used, on the authorizations granted by you through your device’s settings and on the functionalities used in each application. We can use our own or third-party cookies on our Websites and Applications.
What are cookies?
They are small text files that may or may not be added to the device’s browser. These files store and recognize data that ensure the proper
of the Websites and Applications and help us identify your preferences and improve your experiences.
Types of cookies and their purposes
Cookies may collect data for different purposes related to the functionalities of our Websites and Applications. Please, see below the types we use:
· operation: to ensure the correct access to and operation of applications;
· authentication: to recognize the User, allowing their access, including to restricted access areas and also used to offer content, offers and/or services of strategic partners;
· security: to help in the monitoring and detection of unauthorized activities, in the prevention of fraud and in the protection of Users’, Itaú Unibanco Conglomerate’s, third parties’ and your information;
· research, analysis and performance: to verify, measure and analyze the audience, the performance and the use of the applications by Users;
· advertising: to present the relevant advertisements of the Itaú Unibanco Conglomerate and partners in accordance with the User’s profile and to find out whether the Users viewed them, both in our environments and on partners’ websites and applications. They may also be used to remember any searches performed by Users and, based on the result of these searches, show advertisements or offer products, services and initiatives of their interest.
May I disable the cookies and the other forms of information collection?
You may disable or delete the cookies, as well as other data collection technologies, in your browser’s settings and in your device’s operational system settings, except for the operational cookies, which, if disabled, will prevent the use of the Websites and Applications.
We just remind you that if some cookies are disabled, the Websites or Applications or some of their resources or functionalities may not work properly.
For example, the data may be transferred overseas if it is necessary for the performance of a contract (such as credit card transactions carried out abroad, or transactions with foreign cards carried out in Brazil, foreign exchange transactions or other banking, financial, insurance and investment transactions with other companies of the Itaú Unibanco Conglomerate abroad or other financial institutions); for compliance with Itaú Unibanco’s legal and regulatory obligations; for the regular exercise of rights in administrative, judicial or arbitral proceedings or for the investigation of crimes and other illicit acts. Also, the international data transfer may take place for the development of Itaú Unibanco’s activities, with the adoption of Personal Data protection measures.
7. FOR HOW LONG DO WE KEEP YOUR DATA?
8. DATA SECURITY
The security and protection of personal data and information of Itaú Unibanco is a priority for us. Itaú Unibanco establishes processes and controls for preventing, detecting, and responding to security risks, including cybernetic, and developing a robust security foundation.
We consider that the information must be protected regardless of where it is, whether with a service provider or an international unit, or with a partner, for its entire life cycle, from the time it is collected to its processing, transmission, storage, analysis and disposal.
We take care of data following strict security and confidentiality standards, to provide our users and clients with a safe and reliable environment. We use tools and technologies to maintain the integrity and confidentiality of information and protect it from unauthorized accesses.
Additionally, we restrict the access to data as necessary, with strict confidentiality and secrecy obligations as well as with the adoption of security criteria.
The data protection guidelines of the organization, clients and the public in general are formalized in the Corporate Information Security and Cyber Security Policy.
The LGPD ensures Data Subject rights. As a Data Subject, you may require from us the following:
· access to and confirmation of the existence of personal data processing;
· portability of data, provided that the applicable rules and commercial and industrial secrets are observed;
· information on public and private entities with which the Controller shared the use of data;
· revocation of consent that may be done at any time and at no charge by means of an express request;
· request for the elimination of the Personal data processed with consent, except for the situations where maintaining the data is necessary or allowed by legislation;
· oppose to data processing based on other legal bases, in case of non-compliance with the LGPD, noting that there may be situations where we can continue to carry out the processing and deny your opposition request;
· request for the review of decisions made exclusively based on automated Treatment of Personal Data that affect you, such as credit decisions;
· request for the cancellation of the forwarding of directed offers of products and services of Itaú Unibanco through our channels.
To exercise your rights over your Personal Data, you may use our customer support channels. Please see on www.itau.com.br/seguranca/privacidade which is the most appropriate channel according to your relationship.
We note that we may maintain some data and/or continue to carry out the processing even in the case of an opposition to the processing and in the case of data deletion, blocking or anonymization requests, in order to comply with legal, contractual and regulatory obligations, to safeguard and exercise the rights of Itaú Unibanco, Users and clients, to prevent illicit acts and to use in judicial, administrative and arbitral proceedings, including due to third-party questioning regarding Itaú Unbanco’s activities and in other situations provided for in legislation.
For further information on the Policy or how we process your personal data, you may contact us through the email email@example.com using the heading “To the care of the DPO”.
· Itaú Unibanco Conglomerate or simply Itaú Unibanco: includes Itaú Unibanco Holding S.A., Itaú Unibanco S.A., and the other controlling companies or companies controlled, directly or indirectly, separately or jointly with third parties, by these companies and associates, in Brazil or abroad, which include, for example, Banco Itaucard S.A., Banco Itaú BBA S.A., Banco Itaú Consignado S.A., Itaú Administradora de Consórcios Ltda., Itaú Seguros S.A., Itaú Corretora de Seguros S.A., Itaú Vida e Previdência S.A., Financeira Itaú CBD S.A. Crédito, Financiamento e Investimento, Luizacred S.A. Sociedade de Crédito, Financiamento e Investimento, Hipercard Banco Múltiplo S.A., Itaú Corretora de Valores S.A., Itaú Distribuidora de Títulos e Valores Mobiliários S.A., Microinvest S.A. Sociedade de Crédito a Microempreendedor, Redecard S.A.
· Controller: natural person or legal entity of either public or private law in charge of making the decisions regarding the processing of personal data.
· Personal Data: information regarding an identified or identifiable natural person.
· Sensitive Personal Data: personal data concerning racial or ethnic origin, religious belief, political opinion, trade union or religious, philosophical or political organization membership, data concerning health or sex life, genetic or biometric data, when related to a natural person.
· Internet Protocol Address (IP Address): code given to a network terminal to allow its identification, defined in accordance with international standards.
· Websites and Applications: websites and applications of the Itaú Unibanco Conglomerate that may be accessed by Users.
· Data Subject: a natural person to whom the personal data that are the object of processing refer to.
· Processing: any operation carried out with personal data, such as collection, production, receipt, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, evaluation or control of the information, modification, communication, transfer, dissemination, or extraction.
· Users: all people who visit and access the Websites and Applications. We may also refer to the User and the Data Subject as “you”.
Update: March 2021.