Home
Privacy & legal disclaimer

Privacy Policy

1. Scope

Establish the guidelines for the processing of personal data carried out by Almaviva Experience as a data Controller. In this way, Almaviva Experience, when acting as a data Processor, reiterates to the stakeholders targeted by the processing of personal data (“Data Subjects”) that the data related to an identified or identifiable natural person (“personal data”) processed in connection with its business partnerships, will be handled in accordance with the applicable legislation on personal data protection, and according to the proper guidance of its client (“Controller”), who will have more information regarding such processing in their privacy policy.

2. Application field

This policy applies to all employees, third parties, and suppliers who use the processing environment or access information belonging to Almaviva Experience.

3. References

Federal Law No. 13,709/2018 – LGPD (General Data Protection Law)
Federal Law No. 12,965/2014 – Civil Rights Framework for the Internet
NBR ISO/IEC 27001:2022 – Information security, cybersecurity and privacy protection — Information security management systems — Requirements
NBR ISO/IEC 27002:2022 – Information security, cybersecurity and privacy protection — Information security controls
NBR ISO/IEC 27701:2019 – Security techniques – Extension of ABNT NBR ISO/IEC 27002 for information privacy management — Requirements and guidelines
PSI-002 – Public Information Security Policy.

4. Definitions

Controller: a natural or legal person, of public or private law, who is responsible for decisions regarding the processing of personal data
Personal data: information related to an identified or identifiable natural person, such as: name, ID number, CPF, date of birth, photo, phone number, geolocation, among others
Sensitive personal data: category of personal data on racial or ethnic origin, religious belief, political opinion, membership in a union or organization of a religious, philosophical or political nature, data related to health or sex life, genetic or biometric data, when linked to a natural person
• Data Protection Officer (DPO): information related to an identified or identifiable natural person, such as: name, ID number, CPF, date of birth, photo, phone number, geolocation, among others
Personal Data Security Incident: any confirmed adverse event related to a personal data security incident, such as unauthorized, accidental, or unlawful access that results in the destruction, loss, alteration, leakage, or any form of inappropriate or unlawful data processing, which may pose a risk to the rights and freedoms of the data subjects
Operator: natural or legal person, of public or private law, who processes data according to the instructions of the Controller
Data subject: a natural person to whom the personal data being processed refers
Processing: any operation carried out with personal data, such as those related to collection, production, reception, handling, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination, or extraction
Technical measures: tthose related to technologies and controls that can be implemented regarding information security and improvements for an assertive and efficient execution of the principles of the General Data Protection Law
Organizational measures: measures related to policies, procedures, guides, manuals, awareness activities (such as training and communications), and documents in general, that guide the user regarding the directives of Privacy and Personal Data Protection.

5. Responsibilities

The Executive Board is responsible to:
• promote and approve the activities of the Information Security and Privacy Management System.

It is the responsibility of the Information Security and Privacy Committee to:
• conduct a periodic assessment on Data Protection and Privacy
• ensure the availability of resources necessary for effective management of privacy and personal data protection
• disseminate the culture of Information Security and Privacy
• align the strategic objectives of Information Security and Privacy with the business objectives of Almaviva Experience
• support and approve continuous improvement activities of the Information Security and Privacy Management System
• deliberate on the application of sanctions when non-compliance with this policy and other policies established by the Information Security and Privacy area is observed.

It is the responsibility of the Personal Data Officer (DPO) and the Privacy Committee to:
• promote and approve the strategy of the Privacy Program
• safeguard the interests of all data subjects with whom Almaviva Experience interacts
• encourage and promote mechanisms to guide Almaviva Experience employees and contractors regarding practices to be taken in relation to personal data protection
• carry out other duties determined by the Senior Management of Almaviva Experience or established in ANPD regulations, especially the activities described in art. 16 of the Regulation approved by Resolution CD/ANPD No. 18, of July 16, 2024
• promote the necessary structure to receive communications and updates from the ANPD to forward them internally, as well as maintain the relationship between the Parties.

It is the responsibility of the Deputy Data Protection Officer (DPO) to:
• perform the functions of the Data Protection Officer in cases of absences, impediments, and vacancies.

It is the responsibility of the Information Security and Privacy area to:
• establish information security and privacy guidelines
• raise awareness among relevant stakeholders about information security and privacy
• identify and report risks related to Information Security and Privacy
• establish controls to mitigate risks
• maintain and continuously improve the information security management system.

It is the responsibility of Employees, Third Parties, Suppliers, and other relevant interested parties to:
• comply with the guidelines of this policy and other policies established by the Information Security and Privacy area
• ensure the security of the companies’ information, reporting any abnormalities noticed to the Information Security and Privacy area.

6. Guidelines
6.1 General information

Almaviva Experience Telemarketing and Informatics S.A., a private law legal entity, is one of the largest Contact Center companies and one of the main CRM BPO companies in the Country, having expertise in collection services (Debt Collection) and innovation through Almawave, a company belonging to the conglomerate.

The Company values the privacy and freedom of rights of all data subjects involved in its ecosystem, ensuring that the processing of their personal data is in accordance with the provisions of Federal Law No. 12,965 of April 23, 2014 (Brazilian Civil Rights Framework for the Internet), Federal Law No. 13,709 of August 14, 2018 (General Data Protection Law – LGPD), and other legislation applicable to the subject of privacy and data protection. In addition, Almaviva Experience adopts the best market practices for the implementation of technical and organizational measures, including specialized personnel, exclusively for the purpose of fulfilling its legal and contractual obligations.

This Privacy Policy sets out the guidelines for the processing of personal data carried out by Almaviva Experience as a Data Controller. Thus, Almaviva Experience, when acting as a Data Processor, reiterates to the interested parties targeted by the processing of personal data (“Data Subjects”) that the data concerning an identified or identifiable natural person (“personal data”) processed due to its business partnerships will be handled in accordance with the applicable legislation on personal data protection, and in accordance with the guidelines of its client (“Controller”), who will have more information regarding such processing in its privacy policy.

Additionally, the guidelines for the treatment of personal data of employees and dependents are disclosed through a specific internal notice.

If you have any questions about this Policy or other topics related to privacy and data protection, contact us via email: dpobr@almavivaexperience.com.br.

The Data Officer of Almaviva Experience Telemarketing e Informática S.A. is Luiz Monteiro Thinen.

6.2 Personal Data Involved

Almaviva Experience collects only the information provided by the Data Subjects. This information includes:

contact data: name, email, phone number, and address
professional data: company, market segment, position, academic and professional history
data necessary for compliance with legal and/or regulatory obligations
data necessary for the exercise of rights to prevent fraud and maintain the security of the data subject
data necessary to offer products, services, and provide the service requested by you
data necessary for fraud prevention, such as registration for access management to the company’s physical premises
data necessary for Employee and Team Management, which may involve information for occupational health and safety purposes, employee assistance, provision of benefits and partnerships, and maintenance of corporate security
other data necessary for the fulfilment of contractual obligations.

Almaviva Experience processes the personal data received for a period not exceeding what is necessary to fulfil the purposes set out in this Policy.

6.3 Cookies

Cookies are files used on websites to identify and store information about their visitors. Thus, during navigation on a website, the user may have certain personal data collected through such cookies.

Almaviva Experience website makes use of the Cookies described below, which can be consulted at any time by users in the cookie management center, through the icon available in the lower corner of this page.

List of Cookies used on our website
A cookie is a small piece of data (text file) that a website—when visited by a user—requests your browser to store on your device to remember information about you, such as your language preference or login information. These cookies are set by us and are called first-party cookies. We also use third-party cookies—which are cookies from a domain different from the domain of the site you are visiting—for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

a) Strictly necessary cookies
These cookies are necessary for the website to function and cannot be turned off in our systems. They are usually only set in response to actions you take that correspond to a service request, such as setting your privacy preferences, logging in, or filling out forms. You can set your browser to block or alert you about these cookies, but some parts of the website will not function. These cookies do not store any personally identifiable information.

b) Performance Cookies
These cookies allow us to count visits and traffic sources so that we can measure and improve the performance of our website. They help us understand which pages are more and less popular and see how visitors move around the website. All information collected by these cookies is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you visited our site.

c) Advertising cookies
These cookies may be set through our site by our advertising or marketing partners. They may be used by these companies to build a profile about your interests and show you relevant ads on other websites. They do not directly store personal information, but are based on the unique identification of your browser and internet device. If you do not allow these cookies, you will have less targeted advertising.

d) Functional cookies
These cookies are essential and strictly necessary for the operation of our websites in the best possible way. They are temporarily stored containing data such as login information, and are session cookies that expire as soon as the browser is closed. This category cannot be disabled; however, if you are interested, it is possible to configure blocking through your browser.

e) Analytical cookies
They are performance monitoring cookies, enabling the analysis of patterns in visitor behavior and resource usage. This is a non-invasive data processing, using anonymized data to establish metrics of views and interactions with website resources, for example. If you are interested, it is possible to configure blocking through your browser. Cookie settings can be consulted through the icon available in the lower left corner of the page.

6.4 Purpose of processing personal data

The personal data processed by Almaviva Experience can be used for:

6.4.1. Compliance with legal obligations or execution of contractual clauses

Almaviva Experience, when acting as an Operator, processes personal data for the purpose of executing contracts on behalf of large companies from various sectors such as healthcare, finance, telecommunications, retail, among others, which are considered clients.

The companies in the Group may also process personal data, in the position of controller, to execute contracts, such as employment contracts, supplier contracts, and similar, depending on the specific case. The Company also, due to Brazilian legal regulations, processes personal data to comply with legal obligations, for the period stipulated by the applicable legislation in civil, labor, tax, corporate, and other areas.

6.4.2 Communication with holders
Almaviva Experience maintains a contact list (containing email addresses and other contact information provided by the Data Subjects via email or by filling out the specific form available on the portal) to allow communication with those who have expressed interest in its services (hereinafter “services”). Almaviva Experience may also contact the Data Subjects to respond to their requests and meet any other needs expressed by them.

6.4.3 Commercial purposes

Almaviva Experience may also contact the Holders, who have previously shown interest, for the sending of commercial communications related to its services, including through remote communication techniques, such as e-mail messages and text messages.

Furthermore, we may collect your information to comply with each of our activities and obligations. Thus, we use your data to manage business relationships; prevent and detect fraud; ensure market intelligence mechanisms; and enable effective and proper customer service.

In this regard, part of the data processing activities is carried out to comply with our legitimate interest in providing an effective and secure service, always within the limits of your expectations, and never to the detriment of your interests, rights, and fundamental freedoms.

In addition, Almaviva Experience may also use personal data to fulfil our services, respecting the purposes explained to the Data Subjects and any authorizations previously granted by such Data Subjects, when there is a legal requirement to collect it.

6.4.4 Recruiting and selection
Almaviva Experience, through its digital channels, receives the registration of candidates for job openings at the Company, which are stored in approved tools for a predetermined period sufficient to achieve the purpose of collecting the data in question.

6.4.5 Corporate security and fraud prevention
Almaviva Experience, through its security systems and channels, collects and records only the information strictly necessary for the prevention, detection, and investigation of security incidents and fraud (e.g., access logs, transaction records, incident reports, monitoring images when applicable), which are stored in approved tools, protected by access controls and adequate security measures, and retained for a predetermined period sufficient for the execution of the purpose, compliance with legal obligations, and support for internal investigations.

6.4.6 Offering corporate benefits and promoting corporate actions
Almaviva Experience, through its HR channels and institutional communication, collects the necessary data for corporate benefits management and promotion of actions (e.g., registration for events, internal campaigns, climate surveys, incentive programs), which are stored in approved tools, used exclusively for the informed purpose, shared only with the involved areas and suppliers under appropriate legal bases, and retained for a predetermined period sufficient for the execution of the purpose; when applicable, the consent mechanism and the right of revocation by the data subjects will be observed.

6.5 Rights of holders

Data subjects may exercise at any time their right of access, rectification, integration, opposition, deletion, limitation, and portability of their personal data by filling out the form on the page Data Subject Rights.

6.6 Responsibilities

Almaviva Experience strives to ensure organizational and technological controls as a way to protect the personal data it processes, as well as to mitigate information security and privacy risks and threats that may impact its business.

Such responsibility extends to partners, subcontractors, and third parties through compliance with regulations, legislation, and contractual terms agreed upon by the parties involved. However, there are no absolute guarantees regarding the protection of this information against threats such as malware, hackers, and other digital threats.

Almaviva Experience reserves the right to modify the content of websites and this legal information at any time without any prior notice.

6.7 Access to linked external websites

Almaviva Experience does not assume responsibility regarding third-party websites and their respective content and operation, regardless of whether it is possible to access them through the links provided on this site. Anyone visiting a website through a link on Almaviva Experience website is responsible for taking all necessary measures against viruses or other destructive elements, and Almaviva Experience is not liable for any risks resulting from this access. Linking to other websites does not imply any affiliation of Almaviva Experience with any of these websites.

6.8 Intellectual property

All content (texts, graphics, files, tables, images, and information of any kind), as well as the products and brands mentioned on this site, are protected under current regulations regarding intellectual and industrial property.

Reproduction, by any means, of the published materials may only be carried out if expressly permitted and for exclusively personal use, without profit and without direct or indirect commercial purposes.

6.9 Data sharing

As part of the service provision, Almaviva Experience may share data with third parties. These will be evaluated based on Privacy and Personal Data Protection criteria to ensure that your information is secure.

Almaviva Experience can also share the personal data received with other companies, partners in the Direct Marketing process. Other processing is handled by internal teams, for responding to requests made on the Portal or for its management.

All information received through the email addresses indicated on the portal or sent through the portal (for example, requests, suggestions, ideas, information, documents) will not be considered confidential information. It is your responsibility to ensure that the information sent does not violate the rights of third parties and that it is accurate and true. In any case, Almaviva Experience cannot be held responsible for the content of the messages it receives through its channels.

6.10 International data storage and transfer

The personal data held by Almaviva Experience is retained within the national territory, as a rule.

However, in exceptional situations, with risk assessment and authorization from the board of directors, there may be international transfer from Brazil to other countries. In such cases, the applicable and current legislation and regulations will be observed, with the adoption of appropriate safeguard measures, including, but not limited to, adequacy decisions from the regulatory body, standard contractual clauses, equivalent standard clauses, specific contractual clauses, and global corporate standards.

6.11 Storage period

We will retain your Personal Data for as long as necessary to fulfil the purposes for which we collected it, including for the provision of services and compliance with any legal, contractual, accountability, or regulatory requirements. To determine the appropriate retention period for Personal Data, we consider the nature of the data, the purpose for which we process it, and the potential risk of its storage. It is worth noting that if the Data Subject requests the Interested Party to delete their personal data, they must make a formal request for deletion through the communication channels identified in this policy, as stated in the section on Data Subject Rights above.

6.12 Policy update

This Privacy Policy may be updated due to potential regulatory updates, changes in the processing of personal data, or as a result of the continuous improvement of our management systems carried out by Almaviva Experience, which is why you are invited to periodically check this section.

6.13 Continuous improvement

The continuous improvement of the Information Security and Privacy Management System is a commitment of everyone at Almaviva Experience and interested parties.

6.14 Legislation and Court

This Privacy Policy is governed in accordance with Brazilian law. Any disputes or controversies arising from any acts carried out within the scope of the use of the Site, including regarding the breach of this Privacy Policy or the violation of Almaviva Experience’s rights, including intellectual property, confidentiality, and personality rights, will be processed in the District of the Capital of the State of São Paulo.

Policy reviewed on 03/03/2026