Tupi, in partnership with BYD DO BRASIL (“Tupi” or “we”), values the trust that its consumers, employees, suppliers, and partners place in it. Therefore, respect for confidentiality and the protection of personal data are priority topics for us. The purpose of this policy is to inform you about how your personal data is handled and your rights as a data subject.
By using our services, you understand that your personal information will be handled as described in this Policy, in compliance with Data Protection regulations (General Data Protection Law – LGPD | Federal Law 13.709/2018), the consumer protection provisions of Federal Law 8078/1990, and other applicable norms of the Brazilian legal system.
Thus, Tupi, registered under CNPJ/MF no. 32.724.713/0001-94, and BYD DO BRASIL, registered under CNPJ/MF no. 17.140.820/0002-62, as Co-Data Controllers, commit to the provisions of this Privacy Policy.
Personal data is information relating to an identified or identifiable natural person. For example, name, address, ID card, username, and email are potential personal data.
Sensitive personal data refers to information regarding racial or ethnic origin, religious beliefs, political opinions, membership in a union or organization of a religious, philosophical, or political nature, health or sexual life data, genetic or biometric data of the data subject.
Note that not all data are necessarily personal data. The data processed by Tupi and BYD may not reveal the specific identity of the natural person, such as when we collect information about the browser, operating system, platform, etc.
The Co-Data Controllers guarantee that, if eventually collected, the above-mentioned personal and sensitive data will not be disclosed. This practice is in compliance with Data Protection regulations (LGPD, Federal Law 13.709/2018), the provisions of the Consumer Protection Code (Federal Law 8078/1990), and other applicable norms of the Brazilian legal system.
Only the following User data will be collected and used:
All data collection and use mentioned above are carried out in compliance with Data Protection regulations (LGPD, Federal Law 13.709/2018), the provisions of the Consumer Protection Code (Federal Law 8078/1990), and other applicable norms of the Brazilian legal system. We guarantee that your information will be handled with the utmost care and confidentiality, and will not be disclosed to third parties without your consent, except when required by law.
Why do we request this information?
We need this information to improve your experience in our application and enable it to function effectively. By knowing your location, we can:
In accordance with the General Data Protection Law (LGPD), your data will only be collected, processed, and stored for the purposes outlined in item 2 above. By providing your data to Tupi and BYD do Brasil, you are aware of and consenting to the provisions of this Privacy Policy, as well as being aware of your rights and how to exercise them. You have the right to access information about your personal data that we store at any time.
We are committed to ensuring that your information is accurate and up-to-date, reflecting the information you have provided to us accurately. If you have any questions about the accuracy or completeness of the provided data, please contact us so we can take the necessary steps to correct or update the information according to your request.
Tupi and BYD do Brasil ensure all the rights of data subjects as provided in Article 18 of the General Data Protection Law. Therefore, you may, free of charge and at any time:
a) Confirm the existence of data processing, in a simplified manner or in a clear and complete format.
b) Access your data, and request a readable copy in printed or electronic, secure, and suitable format.
c) Correct your data by requesting editing, correction, or updating of these.
d) Limit your data when unnecessary, excessive, or processed in non-compliance with the legislation, through anonymization, blocking, or deletion.
e) Request the portability of your data through a report of the registration data that Tupi and BYD process about you.
f) Delete your data processed with your consent, except in cases provided by law. We are committed to ensuring that your privacy rights are respected and to providing the necessary means for you to exercise control over your personal data.
If you need more information or wish to exercise any of these rights, contact us via email at: [email protected]
To ensure your correct identification as the holder of the personal data subject to the request, we may request documents or other evidence that can prove your identity. In such cases, you will be informed in advance.
Your data collected by Tupi and BYD will be used and stored for the time necessary to fulfill legal and/or regulatory obligations; execution of the contract or preliminary procedures related to the contract of which the data subject is a part; for the regular exercise of rights in judicial, administrative, or arbitration proceedings; and, when necessary, to meet the legitimate interests of the controller or third parties; or, to achieve the purposes listed in this Privacy Policy, considering the rights of data subjects and controllers.
In general, your data will be kept as long as the contractual relationship between you and Tupi persists. After the personal data storage period ends, these will be deleted from our databases or anonymized, except for the cases legally provided in Article 16 of the General Data Protection Law (LGPD), namely:
I – Compliance with a legal or regulatory obligation by the controller;
II – Study by a research body, ensuring, whenever possible, the anonymization of personal data;
III – Transfer to a third party, provided the data processing requirements set forth in this Law are respected; or
IV – Exclusive use of the controller, provided that third-party access is prohibited, and the data is anonymized.
That is, information that is essential for compliance with legal, judicial, and administrative determinations and/or for the exercise of the right of defense in judicial and administrative proceedings will be maintained, despite the deletion of other data.
The storage of data collected by Tupi reflects our commitment to the security and privacy of your data. We employ technical protection measures and solutions to ensure the confidentiality, integrity, and inviolability of your data. Additionally, we have security measures appropriate to the risks and access control to the stored information.
To ensure the security of your information, we employ a variety of physical, electronic, and managerial tools designed specifically to protect your privacy. These measures include physical security systems, such as restricted access control to sensitive areas, as well as advanced encryption technologies to protect data transmitted over the internet. We apply these tools considering the nature of the collected data, the context and purpose of the processing, and the risks that any breaches would pose to the rights and freedoms of the data subjects.
Tupi and BYD do Brasil are committed to adopting the best practices to prevent security incidents. However, it is necessary to highlight that no webpage and/or virtual platform is entirely secure and free from risks. It is possible that, despite all our security protocols, problems solely caused by third parties may occur, such as cyberattacks by hackers, or also due to the negligence or recklessness of the user/client themselves.
In case of security incidents that may generate relevant risk or harm to data subjects, we will notify the affected parties and the National Data Protection Authority about the occurrence, in accordance with the provisions of the General Data Protection Law (LGPD).
In order to preserve your privacy, Tupi and BYD do not share data with any unauthorized third parties. Data will be shared with BYD, which will act as a Data Co-Controller, observing all the precepts established in the General Data Protection Law (LGPD). Your data may be shared with our affiliated companies. They will receive your data only to the extent necessary for the purposes already related in item 2 above, and all our contracts are guided by the data protection norms of the Brazilian legal system.
Additionally, there are other situations in which your data may be shared, which are:
I – Legal determination, request, requisition, or court order, with competent judicial, administrative, or governmental authorities;
II – Cases of corporate transactions, such as mergers, acquisitions, and incorporations, automatically; and
III – Protection of the rights of Tupi or BYD in any kind of conflict, including those of a judicial nature.
Whenever necessary for the international transfer of personal data, Tupi and BYD will observe the legal provisions and regulations issued by the competent authorities related to the international transfer of personal data.
While browsing the Tupi application, some tools may be used to monitor the user experience, with the purpose of improving the service and navigation through the application.
The current version of the Privacy Policy was formulated and last updated on 22/05/2024. We reserve the right to modify this Privacy Policy at any time, especially to adapt to any changes made in our application or legislative scope. We recommend that you review it frequently. Any changes will take effect upon their public disclosure, and we will always notify you of the changes that have occurred.
Tupi and BYD ensure the provision and proper application of the responsibilities assigned to the agents participating in the data processing processes, as established in articles 42 to 45 of the General Data Protection Law.
We commit to keeping this Privacy Policy updated, observing its provisions, and ensuring compliance with it diligently and responsibly, guaranteeing that it is always aligned with the best data protection practices and in compliance with applicable regulatory standards. In case of requirement by the National Data Protection Authority related to the data processing conducted by Tupi and BYD, we undertake to take the recommended measures and to fully cooperate with regulatory authorities, following their guidelines and ensuring total transparency and compliance in our practices.
We employ technical and organizational measures to protect our website against loss, destruction, unauthorized access, modification, or distribution of your data. Our security measures are constantly being improved in line with technological advancements.
While we uphold high security standards to prevent incidents, there is no database entirely free from risks. We acknowledge the importance of constantly enhancing our security measures to mitigate these risks, but it is essential to highlight that we cannot guarantee the complete invulnerability of our systems. Therefore, Tupi is not liable for:
I – Malicious actions by third parties, such as hacker attacks, except in cases of proven negligent or deliberate conduct by Tupi. We emphasize that in the event of security incidents that may pose a relevant risk or damage to you or any of our users/clients, we will notify the affected parties and the National Data Protection Authority about the occurrence and comply with the necessary measures.
II – Falsity of information provided by the data subject, and any consequences arising from false information or inserted in bad faith are entirely the responsibility of the data subject.
Data Protection Officer
If you have any questions about this Privacy Policy or the personal data we process, you can contact us to clarify doubts through the following emails:
You can contact our Data Protection Officer through the following channels to exercise your rights as a data subject: