TABLE OF CONTENTS
2 Specific Terms and Conditions of Use
3 Access to restricted content
4 Content submitted by Users
5 Links to third-party websites and applications
6 How our Websites and Applications should not be used
8 Intellectual property
9 Suspension of access
10 Governing law
2. SPECIFIC TERMS AND CONDITIONS OF USE
3. ACCESS TO RESTRICTED CONTENT
Some of our Websites and Applications have open content and restricted content areas. To access restricted content, it may be necessary for the User to register by providing some personal information to create a login and password.
Make sure the information provided is correct, as you are responsible for its accuracy. If there is any inconsistency, this may impact your access to the Site or Application.
How is my registration data used?
Can I share my login, password, and Security Device with third parties?
Only you can use your login, password and itoken, therefore sharing with third parties is forbidden. Please note that your access is personal and non-transferable, and you are entirely responsible for the safekeeping, secrecy and good use of your login, password, and itoken.
What is Touch ID, Face ID, and Fingerprint?
Touch ID and Fingerprint are fingerprint identity sensors, while Face ID is a facial recognition sensor. All three facilitate User authentication and recognition.
Can I use Touch ID, Face ID and Fingerprint authentication and recognition sensors to log in to Itaú Unibanco Applications?
These features are available for some Applications depending on your device and your device's operating system version. through them, you will be able to access your account by entering your login information, such as branch and account numbers or credit card details, for example, and use fingerprint or facial recognition instead of typing your electronic password, provided that one of these functionalities is registered and activated in your device's operating system. These features will not replace your card password or security device when using the other functions of the Applications. Please remember that anyone who has registered their fingerprint or face for use on your mobile phone or other device may have access to the logged-in section of Itaú Unibanco applications if you enable access with Touch ID, Face ID, or Fingerprint. You are responsible for the fingerprint or face registered on your cell phone or device, including enabling or disabling this function to access Itaú Unibanco Applications.
Can I disable Touch ID, Face ID and Fingerprint functions to log into Applications? How does it work?
4. CONTENT SUBMITTED BY USERS
Some of our Websites and Applications may allow Users to submit content such as comments, images, messages, photos, etc., for sharing in open content areas of the Websites and Applications. In such cases, the contents sent and the identification of your profile, if any, may be viewed by other Users, always complying with banking secrecy rules. It may also be possible for the User to send content, such as photos, documents, comments, and other messages for registration purposes, service, use of services available on the Websites and Applications, or other purposes. In such cases, the submitted content will not be available in open content areas of the Websites and Applications. We remind you that, in any case, the contents sent will be the responsibility of the person who sent them.
5. LINKS TO THIRD PARTY SITES AND APPLICATIONS
6. HOW OUR SITES AND APPLICATIONS SHOULD NOT BE USED
Please be aware of the following practices that go against our conditions of use:
· Practice any illicit act, violate the rights of Itaú Unibanco or third parties and violate current legislation;
· Uploading, sending, or transmitting any erotic, pornographic, obscene, libelous, defamatory, physical or moral violence content, advocacy of crime, drug use, consumption of alcoholic beverages or tobacco products, as well as promoting or inciting hatred, illegal activities, prejudice or any other form of discrimination for any reason;
· Use any automated system/application to carry out consultations, accesses or any other mass operation, for any purpose, without authorization from Itaú Unibanco;
· Practice harmful acts against any Website, Application, and equipment of Itaú Unibanco and other Users and third parties, including through viruses, trojans, malware, worm, bot, backdoor, spyware, rootkit, or any other means for this purpose.
As a User, you are responsible for:
· all your actions or omissions carried out on our Websites and Applications;
· the content you have sent and/or transmitted on the Websites and Applications; and
· repairing damages caused to Itaú Unibanco, third parties or other Users, from your access and use of our Websites and Applications.
Therefore, we are not responsible for the items mentioned above, nor for unavailability and technical failures of the Websites and Applications system. Please consider also that content sent and/or transmitted by Users and/or third parties does not represent the opinion or vision of Itaú Unibanco.
8. INTELLECTUAL PROPERTY
The following items belong to Itaú Unibanco and may only be used with its prior and express authorization:
· all software, applications or functionalities created, produced or contracted by Itaú Unibanco for the Websites and Applications, as well as their visual identity and content;
· the names of companies, brands, patents, domain names, slogans, advertisements or any sign used to distinguish what belongs to Itaú Unibanco inserted in the Websites and Applications.
9. SUSPENSION OF ACCESS
At any time, without prior or subsequent notice, Itaú Unibanco may suspend, cancel, or interrupt access to the Websites and Applications, if the use of these channels is contrary to the provisions of this document.
10. GOVERNING LAW
TABLE OF CONTENTS
- What information do we use and how do we collect it?
- What do we use your data for?
- Can the information be shared?
- About cookies
- International data transfer
- How long do we keep your data?
- Data security
- Your rights
- Data Protection Officer
2. WHAT INFORMATION DO WE USE AND HOW DO WE COLLECT IT?
We treat Personal Data of anyone who is or was our client or had any relationship with us, was or is a representative, attorney, employee, partner of any customer, company or entity with which we have a relationship, carried out any transaction with us or with our customers, people with whom we intend to have a relationship or other holders of Personal Data. The Personal Data we treat varies according to the purposes of use, including those indicated in this Policy, and the activities we carry out. This Personal Data includes registration, financial and transactional data, such as:
. Registration data: name, date of birth, gender, ID number, taxpayer number, and/or other identification documents, such as driver's license, photo, home and business address, home, business, and cell phone numbers, e-mail, profession, occupation, marital status, nationality, place of birth, PEP – politically exposed person, among others;
. Sensitive Personal Data: biometric data, including facial and/or fingerprint data, or other sensitive personal data, in accordance with applicable legislation. We receive information about biometric validation from third parties that provide authentication and identity validation services, for fraud prevention and security purposes;
. Financial and transactional data: information on banking, financial ,and payment operations and transactions, products and services contracted or intended to be contracted and their use (including financial, banking, credit, financing, exchange, investment, insurance, pension, capitalization, consortium, credit card, and payment services, among others; ours or from other financial institutions);
. Data about third parties: affiliation, representatives, principals, guarantor, counterparties, attorneys-in-fact, collaborators, partners, or beneficiaries of products and services, such as insurance, pension, credit and payment cards;
. Information about your devices: information about your device (such as Advertising ID and technical information such as operating system, screen size), connection (such as date, time and IP address, network used), device ID, device usage . We may also collect, if you authorize us through our Applications, your geolocation, to use for fraud prevention and security, credit protection, indicate nearby facilities and make offers of products and services to you;
. Information we access to deliver a feature to you: if you authorize and to enable certain features of our Websites and Applications, such as when we process your photos and contact data to create and send payment receipts;
. Information about browsing habits: pages and functionalities accessed on our Websites and Applications, number of clicks, pages and applications that originated access to our Websites and Applications (for example, if you access a site that has a link to our Websites and Applications, or if you access third-party pages from links on our Websites and Applications);
. Data from social media and platforms: interactions you may have with our social networks, such as Facebook, Twitter, Instagram, LinkedIn and YouTube, if Itaú is mentioned or used on these platforms;
. Data related to financial situation: we can access data about your financial or credit situation, such as income, assets, negative information, positive registration data, including detailed positive registration data or data from the Central Bank's Credit Information System, in accordance with applicable law;
. Application Information: We use your application information installed on your device to ensure your security and fraud protection;
The data may be provided directly by you, collected as a result of Itaú Unibanco providing services or products to you (or related to you), or may be provided by other companies of the Itaú Unibanco Conglomerate or by legitimate external sources, as strategic partners, brokerage houses, including stock and insurance brokers, suppliers, service providers, other financial system institutions, credit bureaus, public bodies, correspondents and companies or bodies with which Itaú Unibanco or you have ties or any type of direct or indirect relationship.
We may also obtain Personal Data and other information from public and/or publicly accessible sources, such as the Internet, mass media, social media, and public records, and from other sources as permitted under applicable law.
Below are some examples of these situations.
· Data may be provided by you, for example, when completing registrations, forms, proposals, simulations, adhesions, hiring, access, demand, or expression of interest in products and services;
· Data that we generate about you as a result of your relationship with Itaú Unibanco, such as information about contracting and using products and services or when you interact with us through our Websites, Applications, channels, branches, service centers and points;
· Data received from third parties are those provided by third parties about you, even if you are not a customer of Itaú Unibanco, including by companies or bodies with which Itaú Unibanco or you have any a relationship, as well as suppliers and partners. Some examples of cases where this occurs are:
· Someone performs a financial transaction with you, such as a bank transfer or bill payment;
· When you are a beneficiary or User of a product contracted by a third party, such as a card, insurance or pension plan;
· The company or agency where you work provides us with information about you for the provision of products and services to you, such as for the payment of your salary by Itaú Unibanco, for the granting or consignment of credit or pension products;
· We make the payment of benefits originating from public bodies;
· A customer, counterpart, partner, or service provider appoints you as their partner, agent, employee, proxy, or contact;
· A partner or service provider provides us with information about you to offer or hire products and services;
· Partners share information about your buying habits for credit analysis to enable the offering and/or contracting of products and services;
· We seek information about you or confirm information you provide to us for our activities, such as performing or improving your registration and experience, preventing fraud and complying with other legal obligations;
· When you authorize us to access and use your data provided by other institutions through Open Finance, such as registration, financial, insurance, and pension data.
3. WHAT DO WE USE YOUR DATA FOR?
Itaú Unibanco treats personal data in accordance with the legal bases provided for in the General Data Protection Law (LGPD), such as, for example, to comply with legal and regulatory obligations; contract performance; credit protection; to serve the legitimate interests of Itaú Unibanco, our customers and third parties; protection of life or physical integrity of the Holder or third parties; in situations where the consent of the Data Subject is collected and for the regular exercise of rights.
We may process Personal Data and other information for various purposes related to the performance of Itaú Unibanco Conglomerate activities, as per the examples described below:
· Carry out our activities, provide our services and provide our products in our relationship with you:
· Perform and keep your registration up to date, verify your identity and any other information;
· Enforce and perform actions related to the contract, including steps prior to contracting, during and after contracting. Activities such as evaluation of hiring proposals, service in our channels and operational processes to ensure the best experience and service for our customers;
· Serve our customers, potential customers and third parties, including dealing with questions, complaints, claims, requests, and support through our service channels, enabling their contact with us whenever necessary, and the opposite as well;
· Sending communications about products and services contracted by you needed for the fulfillment of the contract;
· Evaluations and regular exercise of rights needed for the execution of contracts, such as, for example, information about your health necessary for the contracting of products such as insurance, or for the evaluation of related claims;
· Selection and hiring of Itaú Unibanco employees.
· Understanding our customers and offering products best suited to their needs and profile:
· Evaluate the profile, identify opportunities, and offering and hiring products, services, initiatives and benefits from Itaú Unibanco Conglomerate and/or strategic partners best suited to the profile, interests and needs, for current, potential, and third-party customers, including through email marketing or other communications. You can manage the means by which you prefer to receive our offers or choose not to receive them in our service channels;
· Analyze Users' demographic information and interests, through analytics tools such as Google Analytics and Facebook Ads, to understand the target audience of advertising campaigns;
· Evaluate the browsing behavior and profile of Users and customers, to understand whether the User arrived at the Websites and Applications through direct access, links or own or third-party cookies, for example;
· Carry out marketing campaigns and use information technologies and online advertising solutions;
· Carry out surveys with the public to improve our products, services, customer service, and initiatives.
· Carry out strategic analyses of products and services contracted from other financial institutions for the evolution of our own products and services and to offer products and services that are more suited to your profile.
· Security and risk:
· Identify, prevent, and manage possible security risks, whether physical or cybernetic, for you, Itaú Unibanco or third parties;
· Prevent fraud and ensure security, including the use of your biometrics (facial, fingerprint or other), as well as your geolocation, on any Itaú Unibanco products, services, Websites and Applications, for identification processes and/or authentication for our own electronic systems, or for third parties which may also be Personal Data Controllers, including through the development and/or use of anti-fraud tools;
· Analyze profile, identify, manage, and deal with potential risks in offering and hiring products and/or services and in other Itaú Unibanco activities, including but not limited to credit risks, operational risks, reputational risks, and market risks. By monitoring these risks, we are also looking after the safety of our customers;
· Activities related to credit protection, such as credit risk assessment and management, assessment of the financial situation and assets, collection, credit assignment, activities related to information and consultation with credit protection entities and positive registration, among others.
· Compliance with legal and regulatory obligations:
· Comply with legal, regulatory and self-regulation obligations, such as: internal audit and compliance activities, prevention of money laundering and terrorist financing crimes and other illicit activities, know your client activities - KYC and other risk management activities, reports to the Federal Revenue bureau, fraud prevention actions, provision of information to the Central Bank and other competent bodies, in Brazil and abroad, for compliance with regulations, communication of suspicious operations to Coaf, proof of life of INSS beneficiary, evaluation of legal representatives and business partners, among other activities;
· Comply with court, administrative, and arbitration orders and decisions.
· Protect your rights and those of Itaú Unibanco and third parties:
· For the regular exercise of rights, including contracts and judicial, extrajudicial, administrative, or arbitration proceedings.
· Maintain, create, and improve our activities:
· Analyze, create and improve our products, services, activities, whether internal or external, initiatives, projects, resources and functionalities of our platforms, Websites and Applications, including improving your access and use and providing the best experience for you;
· Measure and understand the interaction of Users and customers with us, including on social networks and though our channels, as well as the use of our products, services, activities, initiatives, Websites and Applications, and the satisfaction of Users and customers. This way we can create, maintain and improve our products, services, and our service channels;
· Execution of business processes, internal and managerial management. We treat your data for our activities and to help us make better decisions about our operations, business, services, products, activities, and initiatives;
· Activities related to hiring and relationship with suppliers, service providers, and other third parties.
· Other treatment situations based on legitimate purposes, such as supporting and promoting Itaú Unibanco's activities or providing services that benefit our customers.
· Promote events, carry out sponsorships and other activities and initiatives.
4. CAN INFORMATION BE SHARED?
Examples of sharing situations are:
· Between Itaú Unibanco Conglomerate companies and with a foundation or entity that has any of these companies as a sponsor or which in any way is managed by or linked to the Itaú Unibanco Conglomerate, including for the development of our activities, offering and providing services and supplying products, risk management, compliance with legal obligations, and other purposes set forth in this Policy;
· With strategic partners, including for offering, hiring, and using their products and services, or even developed jointly or that may be of benefit to you;
· With service providers, suppliers, brokers, including securities and insurance, and correspondents hired by Itaú Unibanco for the development of our activities;
· With regulatory bodies, other public entities, institutions of the financial system and third parties, including for compliance and enforcement of legal, regulatory, and contractual obligations and for the protection and regular exercise of rights;
· For compliance with requisitions, requests, and decisions of judicial, administrative or arbitration authorities;
· For the identification, prevention and investigation of possible violations or illegal acts (including fraud, money laundering, and financing of terrorism);
· To prevent risks, fraud and ensure security, including the use of your biometrics (facial, fingerprint or other) in identification and/or authentication processes in our own electronic systems or those of third parties which are also Personal Data Controllers;
· Situations in which sharing is relevant or necessary for the creation, offer, maintenance, operation and improvement of our Websites and Applications, as well as the activities, initiatives, and products and services of the Itaú Unibanco Conglomerate and strategic partners;
· With credit bureaus, including in accordance with the provisions of the applicable legislation, such as compliance with the positive registration legislation, in cases of negative credit, among others;
· With other financial institutions including, when necessary, for the processing of any transaction or other contract performance activities;
· Sharing of anonymized, bundled information, from cookies or other information or forms that do not allow the personal identification of Data Holders;
· In cases of acquisition, merger or other corporate reorganizations;
. Data sharing with collection and credit recovery providers, so that they can act, with autonomy and their own strategies, in the Conglomerate's recovery portfolios, including the recovery of defaulting vehicles;
· Situations where your consent may be required and, if so, we will request your consent in due course.
5. ABOUT COOKIES
Cookies allow the collection of navigation-related data depending on the type of device used, the authorizations granted by you through your device settings and the functionalities used in each application. We may use our own or third-party cookies on our Websites and Applications.
What are cookies?
They are small text files that may or may not be added to the device's browser. These files store and recognize data that guarantee the correct functioning of the Websites and Applications and help us to identify your preferences and improve your experiences.
Types of cookies and their purposes
Cookies can collect data for different purposes related to the functionality of our Websites and Applications. Check out the types we use below:
· Functioning: to guarantee the correct access and functioning of the applications;
· Authentication: to recognize the User, enabling their access, including restricted access areas, and also to suggest content, offers and/or services from strategic partners;
· Security: to assist in the monitoring and detection of unauthorized activities, in the prevention of fraud and in the protection of information of Users, yourself, Itaú Unibanco Conglomerate, and third parties;
· Research, analysis, and performance: to verify, measure and analyze the audience, the performance, and the use of applications by Users;
· Advertising: to display relevant advertising from the Itaú Unibanco Conglomerate and partners according to the User's profile and to find out whether Users have viewed it, both in our environments and on partner websites and applications.
They can also be used to remember any searches carried out by Users, and based on the results of these searches, show advertisements or offers of products, services and initiatives of interest to them.
Can I disable cookies and other forms of information collection?
You can disable or delete cookies, as well as other data collection technologies, in your browser settings and in your device's operating system settings, with the exception of operating cookies which, if disabled, will not allow you to use the Sites and Applications. Please bear in mind that if certain cookies are disabled, the Sites or Applications or some of their features or functionalities may not work properly.
6. INTERNATIONAL DATA TRANSFER
For example, data may be transferred abroad if this is necessary for the performance of a contract (such as credit card transactions carried out abroad or foreign card transactions carried out in Brazil, foreign exchange and other banking, financial, insurance, and investment operations with other companies of the Itaú Unibanco Conglomerate abroad, or other financial institutions); for compliance with Itaú Unibanco’s legal and regulatory obligations; for the regular exercise of rights in administrative, judicial or arbitration proceedings, or for the investigation of crimes and other illicit acts. Also, the international transfer of data may occur for the development of Itaú Unibanco's activities, through the adoption of measures to protect Personal Data.
7. HOW LONG DO WE KEEP YOUR DATA?
8. DATA SECURITY
The security and protection of personal data and Itaú Unibanco information is a priority for us. Itaú Unibanco establishes processes and controls to prevent, detect and respond to incidents, and to protect your data from unauthorized access and use, ensuring security risk management, including cybersecurity, and building a strong security foundation:
We consider that information must be protected regardless of where it is, whether at a service provider or an international unit, or at a partner, throughout its entire life cycle, from the moment it is collected, through processing, transmission , storage, analysis and disposal.
We take care of data following strict security and confidentiality standards, to provide our users and customers with a safe and reliable environment. We use tools and technologies to keep the integrity and confidentiality of information and protect it from unauthorized access.
Additionally, we restrict access to data to the extent necessary, with strict confidentiality and secrecy obligations and through the adoption of security criteria.
The data protection guidelines of the organization, customers and the general public are formalized in the Corporate Information Security and Cybersecurity Policy.
9. YOUR RIGHTS
The LGPD guarantees rights to Data Holders. As the Holder of your Personal Data, you can make the following requests to us:
· Access and confirmation of the existence of treatment of personal data;
· Updates and corrections of incomplete, inaccurate or outdated data
· Anonymization, blocking, or deletion of data that is unnecessary, excessive, or treated in violation of LGPD provisions;
· Data portability, subject to applicable regulations, and commercial and industrial secrets;
· Information on public and private entities with which the Controller carried out shared use of data
· Information on the possibility of not providing consent and on the consequences of refusal;
· Revocation of consent that may be carried out at any time and free of charge, upon express request;
· Request the deletion of Personal Data treated with consent, except in cases where keeping the data is necessary or permitted by law;
· Opposition to Processing based on other legal bases, in case of non-compliance with the LGPD, emphasizing that there may be situations in which we can continue to carry out the treatment and refuse your opposition request;
· Request the review of decisions taken solely on the basis of Automated Processing of Personal Data that affect you, such as credit decisions;
· Request the cancellation of the sending of targeted offers for Itaú Unibanco products and services through our channels.
To exercise your rights over your Personal Data, you can activate our service channels. Consult at https://www.itau.com.br/privacidade which is the most appropriate according to your relationship.
We reinforce that we may keep some data and/or continue to treat them, even in the event of a request for deletion, opposition, blocking, or anonymization, in some circumstances, such as to comply with legal, contractual, and regulatory obligations, to protect and exercise the rights of Itaú Unibanco, Users and customers, for the prevention of unlawful acts, and in judicial, administrative, and arbitration proceedings, including by questioning third parties about their activities and in other hypotheses provided for by law.
10. DATA PROTECTION OFFICER
For more information about the Policy or about how we treat your personal data, you can contact us by email at email@example.com with the subject “To the attention of Data Protection Officer”.
· Itaú Unibanco Conglomerate or just Itaú Unibanco: includes Itaú Unibanco Holding SA, Itaú Unibanco SA, and the other parent companies or subsidiaries, directly or indirectly, alone or jointly with third parties, by such companies and affiliates, in Brazil and abroad , which include, for example, Banco Itaucard SA, Banco Itaú BBA SA, Banco Itaú Consignado SA, Itaú Administração de Consórcios Ltda., Itaú Seguros SA, Itaú Corretora de Seguros SA, Itaú Vida e Previdência SA, Financeira Itaú CBD SA Crédito, Financiamento e Investimento, Luizacred S.A. Sociedade de Crédito, Financiamento e Investimento, Hipercard Banco Múltiplo SA, Itaú Corretora de Valores SA, Itaú Distribuidora de Títulos e Valores Mobiliários SA, Microinvest SA Sociedade de Crédito a Microempreendedor, Redecard S.A.
· Controller: natural or legal person, public or private, who is responsible for decisions regarding of Personal Data.
· Personal Data: information relating to an identified or identifiable natural person.
· Sensitive Personal Data: personal information about racial or ethnic origin, religious conviction, political opinion, affiliation to an union or organization of a religious, philosophical or political nature, data referring to health or sexual life, genetic or biometric data, when linked to a natural person.
· Internet Protocol Address (IP Address): a code assigned to a terminal on a network to allow its identification, defined according to international parameters.
· Websites and Applications: Itaú Unibanco Conglomerate websites and applications that can be accessed by Users.
· Data Subject: natural person to whom the personal data subject to treatment refer.
· Processing: all operations carried out with Personal Data, such as those referring to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, sharing, or extraction.
· Users: all individuals who visit and access the Websites and Applications. We may also refer to the User and the “you”.
Update: February 2023.