Privacy

CAIXA Cartões’s Risk Management and Information Security Policy establishes guidelines to protect and regulate the use of information assets owned or held by the Company, aiming at ensuring their security, availability, integrity, confidentiality and authenticity.

Pursuant to the applicable regulations concerning personal data processing, the Company respects and ensures that Data Subjects may request for information under the terms of article 18 of Law 13,709/18, the Brazilian General Data Protection Law (LGPD).

Cristiano Aparecido Firmino Vieira, the Company’s Chief Governance, Integrity and Risk Officer, is the Person in Charge of the Processing of Personal Data at CAIXA Cartões. To talk with the Data Protection Officer of CAIXA Cartões about privacy, data protection and personal data processing, please send an email to lgpd.caixacartoes@caixa.gov.br, or select the Privacy option in the form and fill in the necessary fields.

Note: To validate the ownership and legitimacy of your request, we need to collect your personal data and documents, which will help us during the authentication process. As result, upon submitting your request, by email or form, you must include the following:

Data Subject: State the personal data and submit the following documents (photo or scanned copy):

• Identification document with photo (driver’s license, identity card or passport).
• Proof of address (utility, internet or telephone bill). If the proof of address is not in the name of the data subject, you must submit the available document and justify the reason in the request.

Third-Parties' Right: To exercise the right on the behalf of someone else, you must state the personal data of the requester and the data subject and submit the following documents (photo or scanned copy):

• Identification document with photo of the requester and the data subject (driver’s license, identity card or passport).
• Proof of address of the requester and the data subject (utility, internet or telephone bill). If any of the aforementioned documents are in the name of someone else, you must submit the available document and justify the reason in the request.
• Proxy appointment or other official document proving your responsibility/representation.

We reiterate that our mail system supports up to 10 MB per email sent.

Submitted data will be exclusively stored for legal and regulatory purposes, proving that the request was made and dealt with, in line with the provisions of the LGPD.

The Company will make every reasonable effort to respond to requests made by Data Subjects as soon as possible. Nevertheless, justifiable reasons may delay or prevent us from quickly responding to your request. In case of delay, the pertinent reasons will be explained to Data Subjects.

Finally, Data Subjects must be aware that their requests may be legally rejected, either due to formal (for example, failure to prove identity) or legal reasons (for example, data requested for erasure is part of the Company’s right to freely maintain it). All in all, should any request be rejected, the pertinent reasons will be presented to the Requester.

To learn more, consult our Privacy Notice.