Privacy Policy
Privacy Policy
- About the Policy
- Definitions
- About the Information Processed by Inter
- Why Does Inter Collect and Process Personal Data?
- Personal Data Processing Duration
- Your Rights As the Subject of Personal Data
- Personal Data Sharing
- International Transfer of Personal Data
- Your Personal Data Security
- Service Channels for Privacy Matters
- General Provisions
- Applicable Law and Conflict Resolution
Policy updated on August 1st, 2023.
Inter Privacy Policy
At Inter (“Inter”), we work to provide the best possible experience to ensure that you get the most out of our products and services. And, to do so, your Personal Data privacy and security have always been very important to us.
We understand that ensuring privacy goes beyond the compliance with the law. It is to respect our customers and potential customers, as well as honoring our pillars of transparency, partnership, security, simplicity, and positive user experience.
Therefore, Inter Privacy Policy (“Policy”) aims to:
(i) strengthen our commitment to privacy and security in the Processing of the information collected from our customers and other Data Subjects;
(ii) demonstrate, in a transparent and simple manner, what Data is processed (as defined below) by Inter, the purpose, and how we collect, store, process, transfer and use such Data;
(iii) show how we protect your Data;
(iv) establish when and how you can control your privacy preferences, and also how to update, request and manage your information through our mobile app (“App”).
1. About the Policy
Inter Privacy Policy is applicable to all banking and non-banking services offered by Inter and that uses Personal Data (as defined below) from customers, potential customers, employees and/or third parties (“Data Subjects”).
For the purposes of this Policy, Inter, the Personal Data controller, is formed by the following companies:
(a) Inter Bank: Brazilian multiple bank, publicly traded, authorized by the Central Bank and listed on B3, which is characterized by being one of the first digital banks in the country and by the absence of fees on basic services. Inter Bank combines features of the banking and fintech segments, offering a complete solution to its customers.
(b) Inter DTVM: distributor of bonds and securities, authorized by the Central Bank, accredited by CVM (Securities and Exchange Commission of Brazil) and member of ANBIMA (Brazilian Financial and Capital Markets Association), which offers fixed and variable income products.
(c) Inter Shop: a company that operates in the intermediation of products sales and services in general, offering them through a platform that allows individuals and/or legal entities to make purchases in partner stores of various segments such as electronics, sports, departments, drugstores, among others.
(d) Inter Insurances: insurance, Brazilian consortium, and private pension broker that offers insurance to individuals and legal entities.
(e) Inter Asset: financial resources manager with expertise in managing third-party resources, investment funds, and private pension funds.
(f) Inter Food: a company that acts as an intermediary between partners and customers, with the
advantage of buying two main dishes and paying only one.
By accessing and using the financial or non-financial products or services offered by Inter, you fully agree to and accept the provisions of the Privacy Policy.
Policy in effective as of August 27, 2020.
2. Definitions
General Data Protection Law (LGPD): Federal Law no. 13.709 published on August 14, 2018 that regulates the Personal Data Processing activities, also in digital media, by natural person or by legal entity under public or private law, with the objective of protecting the fundamental rights of freedom and privacy and the free development of the natural person personality.
Processing Agents:those responsible for the Personal Data Processing, which are separated into two categories: Controller and Operator. The Controller is the person or company responsible for the decisions regarding the Personal Data Processing. The Operator, in turn, is the person or company that carries out the Personal Data Processing on behalf of the Controller, and following its instructions.
Anonymization: technique that makes Data lose the possibility of association, directly or indirectly, with an individual, so that later it is impossible to re-identify him even using technical solutions.
National Personal Data Protection Authority (ANPD): this is the federal public administration agency with powers related to the protection of Personal Data and privacy, including the LGPD enforcement.
Cookies: a small file that contains a string, created and sent by websites to your computer whenever you visit them. They help to remember your preferences and customize your access, making your browsing safer, faster, and more enjoyable. You can set your browser not to accept Cookies or warn you when a Cookie is sent, but without them some features or services of the website may be impaired and limited.
Personal Data: the concept in the LGPD is the information related to the identified natural person or the information that allows your identification, such as name, address, ITIN, ID, identification documents in general, telephone number, among others.
Sensitive Data: the concept in the LGPD is the Personal Data on racial or ethnic origin, religious belief, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, Data related to health or sexual life, and genetic or biometric data when linked to a natural person.
Device: the device that can be used to access the services offered by Inter, such as computers, tablets and smartphones.
Personal Data Protection Officer: responsible for ensuring that Inter complies with privacy laws and regulations, ensuring the Personal Data protection and the communication between ANPD and Data Subjects.
IP Address: the number assigned to each Internet-connected Device, known as the Internet Protocol address (IP). Typically, these numbers are assigned in geographic blocks. An IP address can be used to identify, for example, where a Device is connecting to the Internet.
Geolocation: feature that, when activated by the Data Subject, allows to define the precise or approximate position of a Device and brings information such as the country, state, city and street where that Device is, also providing the time it was accessed.
Data Subject: any identified or identifiable natural person related to the processed personal data. They are, for example, our customers, potential customers, account holders, employees, third parties, service providers, job seekers, among others.
Processing: any operation carried out with Personal Data in an automated or non-automated process. In other words, this is the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, storage, archiving, deletion, evaluation or control of information, modification, communication, transfer, dissemination or extraction.
3. About the Information Processed by Inter
We process your information to develop and improve our products, services and features. However, in some cases, you will be able to manage the information collected and/or used by Inter through one of the customer service channels for privacy matters listed in item 9 of this Policy, and also as you use our services.
Different information is collected when you use our App or Website and they are classified into three categories:
(a) Data provided by the Data Subject: are the information you provide when interacting, contracting or using any products or services provided by Inter, such as: name, email, telephone number, ITIN, address, profession, marital status, image of your official identification document, selfie, facial biometrics (face recognition technology, which allows individuals verification based on this face patterns characteristics) or any other Personal Data, including Sensitive Personal Data, provided to create or change your digital account, or to simulate, hire or cancel any product, service or feature provided by Inter.
Selfies/facial biometrics/images can be collected through the Device’s camera to ensure the authenticity of your identity when opening an account and during the use of certain App features, such as when resetting your password or when registering your account on a new Device, to ensure fraud prevention and your security.
The verification and confirmation of personal Data may, at Inter discretion, be done by third-party partner companies (Operators), which will comply with the same security and privacy criteria hereby defined.
You will be solely and exclusively liable for the quality and veracity of the Personal Data provided to Inter in your registration, quoting and/or contracting of any products or services. Inter is not liable for the provided Data veracity, or for any damages arising from the inaccurate and/or outdated data.
(b) Third-party data provided by you: Personal Data related to third parties necessary for the provision of services by Inter to you, such as, but not limited to, guarantors or beneficiaries (such as third party beneficiaries of payment transaction made by you). This is the Data provided by you to perform the contracted services, in common practices of the banking market.
(c) Data collected during the use of our services on the App or website (browsing): the information collected by Inter when you browse and/or use Inter services:
a. Browsing data: are the information we collect regarding your interactions with the App or website, such as: search history, browsing history, access dates and times, used features, how you use products and services, App issues, and other system activities. This information is important for the better performance of the features available on the website and App and to show relevant content for you.
In some cases, we may collect it through Cookies, important tools for the perfect use of our services. Therefore, you should be aware that if you choose to refuse or remove Cookies, you may have the availability and functionality of Inter services affected. To learn more, please see our Cookies Policy.
b. Devices: we also collect information about the Device you use to access the App and Website, such as: brand, operating system, IP address, network connection type (WI-FI, 3G, LTE, Bluetooth or others), network and Device performance, browser type, version, language, and App version. This information is necessary to ensure the compatibility of our services with the Device you use, and thereby enable a better experience.
c. Geolocation: are the estimated information we collect about your location and which allows us to: (i) ensure greater security for your transactions based on geographic location points (anti-fraud); (ii) improve your experience in the App by showing, for example, products, services and establishments, and also the banking terminals closer to you; and (iii) identify the source of a call received on our service channels.
We are able to determine your approximate location through GPS (for example when opening your account, tracking the origin of the call to our service channels, or searching for bank terminals); or via IP address (such as chat access).
The types of geolocation Data we collect depend on the Device and App settings. You can activate or deactivate your geolocation tracking in the Settings/Privacy options of your Device.
(d) Data collected from other sources: the information collected by Inter from third-party partner companies, suppliers and service providers, respecting the purposes set forth in this Policy. These companies may change depending on the services offered by Inter and the collected information.
Inter may use the provided or collected Data, as above, to send advertising by email or any other means of communication, compliant with items 6, 7 and 9 of this Policy.
4. Why Does Inter Collect and Process Personal Data?
All Personal Data collected pursuant to this Policy is used for the following purposes:
- comply with our contractual obligations, in particular the terms of your contract(s) with Inter;
- comply with applicable legal and/or regulatory requirements;
- provide you with our products, services and features;
- meet the legitimate interests of Inter or third parties, respecting the provisions of LGPD;
- reinforce our security and protection procedures, aiming to provide a safer and more effective service;
- frequently monitor, in a proactive and automated way, the operations carried out during the use of our products and services, in order to detect and prevent frauds;
- prevent money laundering and combat terrorist financing;
- perform internal operations, including service and support to customers and other Data Subjects, troubleshooting, satisfaction surveys, Data analysis, testing, research and statistics;
- improve, enhance and customize our services, products and features, ensuring they are presented in the most effective and personalized way to you;
- inform, through general or specific campaigns, about products, services and functionalities, as well as about content, promotions, and other relevant events promoted and/or provided by Inter;
- evaluate and/or understand the effectiveness of our advertising, aiming to provide you with relevant, assertive and personalized advertising;
- allow you to participate in interactive features of our services, when you choose to do so;
- manage the services and/or products we provide;
- allow you to participate in sweepstakes, promotions, campaigns and giveaways/gifts;
- to notify you of any changes in our products and services;
- produce evidence and assist in the conduction of legal, administrative or arbitration proceedings, as well as assist in complying with other legal requirements;
- make automated decisions regarding the use of our services;
- credit protection; and
- offer pre-approved credits.
Check our Privacy Center in the Super App and/or send an e-mail to “privacidade@inter.co” to confirm the possibility of determining your data processing preferences by Inter of some of your Personal Data.
Without prejudice to the purposes shown above, the table below informs, illustratively and non-exhaustively: (i) some of the Personal Data we process, (ii) the purpose and (iii) the legal basis for Processing:
| Product | Personal Data (Illustrative and non-exhaustive data) | Purpose | Legal Basis |
|---|---|---|---|
| Digital Account | E.g.: Full name, ITIN/CNPJ, address, phone number, Bank details, selfie, document photo, IP and MAC address. |
|
|
| Kids Account (up to 18 years old) | E.g.: Child/adolescent: full name, ITIN, ID, document photo, address, selfie. Legal guardian: full name, ITIN, ID/ driver’s license, selfie. IP e MAC address used. |
|
|
| MEI Account | E.g.: ITIN and CNPJ |
|
|
| Card | E.g.: Name, ID, ITIN, date of birth, nationality, place of birth, marital status, affiliation, address, telephone number and e-mail. |
|
|
| Investments | E.g.: Name, ID, ITIN, date of birth, nationality, place of birth, marital status, affiliation, spouse name and ITIN (if applicable), address, telephone number, email and income. |
|
|
| Insurances | E.g.: Name, ITIN, ID, telephone, email, address, name of dependents, Vehicle data, Real Estate data, Health data. |
|
|
| Loans | E.g.: Name, ID, ITIN, date of birth, nationality, place of birth, city, marital status, affiliation, address, telephone number, email, gender, education, income, contract, registration and Bank details. |
|
|
| Real Estate Financing | E.g.: Name, e-mail, ITIN, ID, driver's license, gender, telephone number, date of birth, affiliation, marital status, nationality, place of birth, profession, address, income, Health data and Spouse data. |
|
|
| Brazilian Consortium | E.g.: Name, ITIN, gender, education, profession, place of birth, date of Birth, age, marital status, nationality, address, email, telephone, income range and Banking data. |
|
|
| Currency Exchange | E.g.: Name, ITIN, date of birth, address, affiliation, nationality, Bank details, salary and equity value. |
|
|
| Shopping | E.g.: Name, ITIN, email, address, date of birth, Geolocation, IP, MAC Address, Bank details and Credit Card details. |
|
|
| Inter Mobile | E.g. Phone, Geolocation, IP and MAC address. |
|
|
All Data you actively provide us or those we collect are considered confidential. Therefore, we are committed to take all technical and administrative measures to protect your Personal Data by observing, for example, the guidelines on safety standards established in the current legislation.
4.1. Collection and Processing of Personal Data of Children and Adolescents
Inter may Process Personal Data of a child and/or adolescent when the digital account opening is requested for a child and/or adolescent.
In this circumstance, in order to ensure a greater security of children and/or adolescents Personal Data, Inter may request additional validations and approvals from at least one of the parents or legal guardian of the said Data Subject for using the digital account and the products and services available, and may also restrict such use.
Inter has internal procedures and technologies to assist in the verification of the legal guardian powers in order to confirm the consent validity, since it can only be provided by at least one parent or by the legal representative of the child and/or adolescent.
After a valid consent to open the digital account for a child or adolescent, the collection and processing of the children and/or adolescents Personal Data are done following the rules detailed in this Policy, with no prejudice to specific terms and conditions of the used products and services.
5. Personal Data Processing Duration
The Processing period of your Personal Data by Inter may vary according to:
- the types of products and services that are contracted/provided;
- the Processing purposes; and
- the relevant contractual and legal provisions.
For example: Personal Data used during account opening is subject to the Central Bank rules that require a minimum retention of 10 (ten) years after the contract termination. In addition, in case of any refusal of your proposal to hire a product or in the cases where you begin, but decide not to proceed with your registration with Inter, we will keep your Personal Data for the period necessary to comply with the purposes provided for by law and this Policy.
Inter will keep the information that allows:
- complying with applicable laws and regulations (e.g.: rules related to the prevention of money laundering and terrorist financing; for the opening, maintaining and closing of an account);
- keeping records of anyone who does not want to receive advertising and marketing from Inter;
- responding to any future claims and lawsuits about the services we provide;
- fraud monitoring.
Inter will retain your Personal Data after the termination of your relationship with us to comply with the purposes provided for in the LGPD, but don't worry! We will continue to protect your Personal Data and follow the practices and procedures provided for in this Policy as long as we retain your information.
6. Your Rights As the Subject of Personal Data
LGPD provides several rights to Data Subjects. Therefore, you, as Data Subject, can make requests to Inter, as detailed in the table below:
| Your Right | What This Means | |
|---|---|---|
| 1 |
Processing confirmation |
You may ask Inter to confirm if your Personal Data is processed and what Processing operations are performed. |
| 2 |
Access to your Personal Data |
VYou may ask Inter for information regarding the Personal Data we process. We will provide, by electronic or physical means, a copy of the Personal Data we keep about you. We cannot provide third party Personal Data. |
| 3 |
Rectification of your Personal Data |
You may change, request the correction or update of your Personal Data when it is wrong, incomplete or outdated. Before updating your Personal Data, we may request documents and/or information to confirm the new information you have provided in order to ensure the quality of the provided Data and its security. |
| 4 |
Request the Anonymization, blocking or erasure of your Personal Data |
You may request that your Personal Data is anonymized, blocked or deleted from Inter databases when it is unnecessary, excessive or processed in non-compliance with the provisions of the LGPD. You may request us to delete the Data when: (i) you believe that there is no reason for us to continue using them; (ii) you want to withdraw the consent (permission) you gave us at first; (iii) you oppose our use of the information; (iv) you consider that we use the information illegally; or (v) the law requires us to delete the information. We will not comply with your deletion request when Inter needs to store such Personal Data because of legal or regulatory obligations. |
| 5 |
Portability of your Personal Data |
You can request the migration of the information registered at Inter to another institution. The accomplishment of this request by Inter will consider the legal provisions in force, and when the Personal Data is transferred, it will be structured in a format commonly used and readable by the systems. We cannot share Personal Data that is confidential or a business secret. |
| 6 |
Information about your Personal Data sharing |
You can request information about the public and private entities that Inter has shared your Data. |
| 7 |
Possibility of non-consent |
If you refuse to provide Inter with the consent to access or process your Personal Data, we will inform you the consequences of this refusal that, in some situations, may make the provision of our services impossible. |
| 8 |
Cancellation of consents |
If you have consented the Processing of your Personal Data, you may cancel such consent at any time. We emphasize that it will be lawful to use your Personal Data until the consent cancellation, and it will be lawful to archive such Personal Data for a period longer than the Processing, whenever necessary for the compliance with a legal or regulatory obligation on behalf of Inter. When the Data Processing is legally based on consent, if the Processing purpose is changed, you will be informed in advance by Inter and may cancel your consent if you disagree with the change. |
| 9 |
Opposition to the processing of your Personal Data |
You may opposite the Processing of your Personal Data when it is in disagreement or non-compliant with any provision of the LGPD. |
| 10 |
Automated decision review |
You may request that decisions made solely on the basis of automated processing of Personal Data affecting your interests are reviewed, respecting trade and industrial secrets. |
To exercise any of your rights provided for above, and also to determine your preferences in Inter Processing and use of some of your Personal Data, you may access the Privacy Center in the Super App and/or send an email to "privacidade@inter.co". You will receive a response within a maximum of 15 (fifteen) days from the date of your request.
For security reasons, we can only accomplish your request if we are sure of your identification. Therefore, we may request additional data or information to confirm the identification and authenticity of the applicant.
Inter will notify the Data Subject and the National Data Protection Authority (ANPD) in the event of a security incident that may result in relevant risk or damage to your personal rights and freedoms.
7. Personal Data Sharing
Inter ensures the privacy of your Data and, in compliance with data protection and bank secrecy rules, only shares your information for the purposes set forth in this Privacy Policy.
We may share your information with the third parties listed below, which may be considered Personal Data Operators:
- among Inter companies;
- with business partners, service providers, suppliers and subcontractors for the perfect and correct execution of contracts concluded with them or with you;
- with advertising and marketing companies to select and disclose ads that are relevant to you, as authorized;
- with legal offices to act in legal proceedings; and
- with search engine and analytics providers to assist in improvements and optimizations of our App and website.
We may also share your personal information with third parties:
- in case of transactions and corporate changes involving any Inter company, and in this case the Data transfer will be necessary for the continuity of the services hereby offered;
- in compliance with current legislation;
- in compliance with Contracts or other agreements with our Data Subjects;
- to ensure greater security in your transactions and contracts, preventing any attempts of fraud, money laundering and other crimes, reducing credit risk and protecting your rights and property, and also those of Inter and other Data Subjects of Inter. For this purpose, Inter may validate your information, identification, qualification and, if applicable, your representatives or related third parties, in order to check and confirm the authenticity of the provided information, also confronting this information with those available in public or private databases, owned by companies providing services to Inter;
- for the protection of Inter interests in cases of claims and conflicts, including judicial, administrative and arbitration proceedings;
- because of court order or request of competent administrative authorities that have legal jurisdiction for the request;
- for financial risk assessment; and
- make collections from customers and Data Subjects that are in default and/or to recover debts.
But don’t worry, all information sharing is done strictly to the extent necessary and following strict standards of security and confidentiality, banking secrecy standards and other privacy protection laws and regulations, always respecting and making third parties respect the confidentiality of your data.
If Operators process the Personal Data shared by Inter for purposes other than those described above, they assume the position of Controllers and become liable for the protection and security of your Personal Data to the exact extent of the new Processing activities, also for the purposes of exercising your rights as the Data Subject.
8. International Transfer of Personal Data
Inter may share your Personal Data with the Group companies, business partners, service providers, suppliers and subcontractors located in other countries for the purposes described in this Policy, such as:
- perform internal operations, including the support to our Data Subjects;
- troubleshooting;
- Data storage and analysis;
- tests;
- research and statistical analysis;
- marketing operations and campaigns, as authorized;
- to comply with our contractual obligations, in particular the compliance with the terms of your contract with Inter and the provision of our products and services.
We will only share Data with third parties that are in countries that provide the level of data protection provided for in the LGPD.
Inter will ensure that the transmission of your Personal Data is carried out pursuant to the applicable privacy laws and, in particular, if appropriate contractual, technical and organizational measures are observed, ensuring a greater security of your Personal Data.
9. Your Personal Data Security
We ensure the security and privacy of your Data, observing and complying not only with the rules, principles and guidelines of Data Protection, but also with those in force for the bank secrecy related to the Data Processing.
We adopt technical, administrative and preventive measures regarding the offered products and services, protecting information and information technology assets against unauthorized access and Processing, complying with the laws and standards that regulate our market, determining the cyber risk management mechanisms, in addition to the implementation of information security policies.
We emphasize the importance of not sharing Personal Data and access passwords with third parties in order to prevent fraud and improper access to your account. In addition, we suggest that you use a strong password that is unique and always exit the Inter App after accessing and using your account.
Do you want to learn more? Please visit our webpage.
10. Service Channels for Privacy Matters
For privacy-related matters, you can:
- In the Super App, access the Privacy Center available in your profile from your account home menu.
If this option is not available, you can:
- Send an email to "privacidade@inter.co".
- If you are not satisfied with the presented solution, please contact the Ombudsman on 0800 940 7772 available from Monday to Friday, from 9am to 6pm (except on holidays); and
- To report any suspicious attitude and/or a conduct of our employees, partners and customers that is considered unethical, which violates the Code of Conduct and Ethics of Inter and/or the legislation in force, you can use the https://canaldedenuncia.bancointer.com.br/ channel or call 0800 887 0077, available 24 hours, 365 days a year.
11. General Provisions
The terms of this Policy may be modified at any time due to changes in the legislation, products or services we provide, due to the updating of technological tools or, where necessary, at our discretion, because of the new products or services offer.
When we make relevant changes, Data Subjects will be informed by a notice in our App, Website, email or any other means of communication available at the discretion of Inter. Be sure to carefully read all notifications of this nature.
Your information will always be processed according to this Policy. We will never reduce your rights provided for in this Policy without your explicit consent, or in non-compliance with the Data Protection Act.
All provisions or conditions of this Policy, which, for any reason, shall be considered null or ineffective by any court or judgment or tribunal, shall not affect the validity of the other provisions of this Policy, which shall remain fully valid and enforceable, and generating effects to its maximum extent.
Inter failure to claim any rights or provisions of this Policy shall not be considered a waiver, and Inter may regularly exercise its right within the legal time limits.
This Policy is exclusively governed by the laws of the Federative Republic of Brazil, and Inter is also liable for any claims arising from the violation of these Terms.
All questions about this Policy can be discussed with our Personal Data Protection Officer, Camila Wendling, by the e-mail "privacidade@inter.co".
We emphasize that we treat the Personal Data of our Data Subjects compliant with the General Data Protection Act and we invite you to visit our Privacy webpage.
The use of our services, banking or non-banking, will require the express acceptance of the terms and conditions of the Privacy Policy in force on the use date. For Data Subjects who do not agree with the current Privacy Policy, we recommend that you do not use our products or services. The non-acceptance or refusal to make the requested information available may prevent the provision of such products or services.
12. Applicable Law and Conflict Resolution
Any controversy arising from the terms provided for in this Privacy Policy shall be resolved pursuant to the Brazilian law, and the court of the city of Belo Horizonte (State of Minas Gerais) shall be competent for it, with the exclusion of any other, as privileged as it may be.
The services use and/or orders requested out of the Brazilian territory, if applicable, or those arising from operations started abroad may also be subject to the legislation and jurisdiction of the authorities of the countries where they are requested or started.
Inter address: Av. Barbacena, 1219 – Santo Agostinho, Belo Horizonte, MG, Brazil - ZIP 30190-131
