Copastur Privacy Policy

 

Copastur reaffirms its commitment to privacy, data protection, and the ethical handling of personal information of users who interact with us through the website www.copastur.com.br. This policy explains how we collect, use, store, share, and protect your personal data in accordance with the Brazilian General Data Protection Law (LGPD – Law No. 13.709/2018), other applicable laws, and international best practices in information security.

Scope

This policy applies to all visitors and users of Copastur’s institutional website, as well as to data subjects whose information is collected through forms, online services, social media, cookies, and digital customer service channels.

Principles of Data Processing

Copastur processes personal data in accordance with the following LGPD principles:

  • Purpose: data is processed for legitimate and clearly informed purposes;
  • Adequacy: compatible with the context and relationship with the data subject;
  • Necessity: limited to the minimum data necessary;
  • Free access and transparency: clear and accessible information;
  • Security and prevention: protection against unauthorized access and incidents;
  • Non-discrimination: no unlawful or abusive use of data;
  • Accountability: demonstration of compliance and responsibility.

Collection of Personal Data

We collect personal data through the following channels:

  • Newsletter or event sign-ups;
  • Reservation requests and contact forms;
  • Customer service forms, feedback, or surveys;
  • Interactions via official social media channels;
  • Job application processes and resume submissions;
  • Participation in promotional campaigns;
  • Website navigation (via cookies and logs).

Collected data may include name, email, phone number, company, CPF (Brazilian tax ID), IP address, travel preferences, and other information necessary for the intended purpose.

Use of Personal Data

We use personal data for the following purposes:

  • To execute contracts and provide requested services;
  • To send institutional and promotional communications (with consent);
  • To comply with legal and regulatory obligations;
  • To enhance your experience on the website;
  • To promote targeted campaigns, based on legitimate interest;
  • To respond to inquiries, requests, and complaints;
  • To prevent fraud and ensure the security of our systems.

Legal Basis for Processing

We process personal data based on the legal grounds provided by the LGPD, such as:

  • The data subject’s consent;
  • Compliance with legal or regulatory obligations;
  • Performance of contracts or pre-contractual procedures;
  • Regular exercise of rights in legal proceedings;
  • Legitimate interest (with prior risk assessment).

Cookies and Tracking Technologies

We use essential and analytical cookies to improve navigation, personalize content, and provide services tailored to user preferences. Copastur does not intend to invade your privacy during your visit to our website. Please refer to our [Cookie Notice] for more information.

Data Sharing and International Transfers

Copastur may share your data with:

  • Companies within the Copastur economic group;
  • Business partners, service providers, and operators;
  • Technology platforms used to deliver services;
  • Public authorities, under legal or judicial obligation.

In the case of international data transfers, Copastur ensures LGPD compliance through contractual clauses, technical safeguards, and risk assessments.

Information Security

We adopt technical and administrative security measures compatible with the sensitivity level of the data, including:

  • Encryption and access control;
  • Authentication mechanisms;
  • Information security policies and employee training;
  • Periodic audits and vulnerability testing.

Data Retention and Deletion

Your data will be stored for as long as necessary to fulfill the purposes described, or as required by tax, labor, or regulatory laws.

Once processing is no longer necessary, data will be deleted or anonymized, except where retention is legally required, for example:

  • To comply with legal obligations;
  • To defend against legal or administrative claims;
  • For legitimate archival purposes by the data controller.

Data Subject Rights

As a data subject, you may exercise your rights under the LGPD at any time, including:

  • Confirmation of the existence of data processing;
  • Access to your personal data;
  • Correction of incomplete or outdated data;
  • Anonymization, blocking, or deletion of data;
  • Data portability (when applicable);
  • Information on data use and sharing;
  • Withdrawal of consent;
  • Objection to unlawful processing.

To exercise your rights, contact us at: dpo@copastur.com.br

Marketing Data Processing

Copastur may use your data for direct marketing purposes under legitimate interest, provided that:

  • There is a prior relationship with the data subject;
  • Only strictly necessary data is used;
  • The data subject’s expectations are respected;
  • An easy and accessible opt-out option is available.

You may object to this processing at any time.

Data Subject Support Channel

Our Data Protection Officer (DPO) is available to handle questions, requests, or complaints related to data privacy:

  • Email: dpo@copastur.com.br
  • DPO: João Carlos Franco de Barros Fornari
  • Deputy: Paula Marques Rodrigues

Policy Updates and Revisions

This policy may be updated periodically to reflect regulatory, technological, or institutional changes. The latest version will be published on the website and may be shared by email with registered data subjects.

Simplified Glossary

  • Personal Data: information that identifies or may identify a natural person.
  • Sensitive Personal Data: data concerning racial origin, religion, health, sexual life, etc.
  • Data Subject: the individual to whom the data refers.
  • Data Controller: the entity responsible for decisions about data processing.
  • Data Processor: the entity that processes data on behalf of the controller.
  • LGPD: Brazilian General Data Protection Law (Law No. 13.709/2018).
  • DPO: Data Protection Officer.
  • Cookies: small files stored in the user’s browser.