Tupi, in partnership with BYD DO BRASIL (“Tupi” or “we”), values the trust that its consumers, employees, suppliers, and partners place in it. Therefore, respect for confidentiality and the protection of personal data are priority topics for us. The purpose of this policy is to inform you about how your personal data is handled and your rights as a data subject.

By using our services, you understand that your personal information will be handled as described in this Policy, in compliance with Data Protection regulations (General Data Protection Law – LGPD | Federal Law 13.709/2018), the consumer protection provisions of Federal Law 8078/1990, and other applicable norms of the Brazilian legal system.

Thus, Tupi, registered under CNPJ/MF no. 32.724.713/0001-94, and BYD DO BRASIL, registered under CNPJ/MF no. 17.140.820/0002-62, as Co-Data Controllers, commit to the provisions of this Privacy Policy.

1. What is personal data?

Personal data is information relating to an identified or identifiable natural person. For example, name, address, ID card, username, and email are potential personal data.

Sensitive personal data refers to information regarding racial or ethnic origin, religious beliefs, political opinions, membership in a union or organization of a religious, philosophical, or political nature, health or sexual life data, genetic or biometric data of the data subject.

Note that not all data are necessarily personal data. The data processed by Tupi and BYD may not reveal the specific identity of the natural person, such as when we collect information about the browser, operating system, platform, etc.

The Co-Data Controllers guarantee that, if eventually collected, the above-mentioned personal and sensitive data will not be disclosed. This practice is in compliance with Data Protection regulations (LGPD, Federal Law 13.709/2018), the provisions of the Consumer Protection Code (Federal Law 8078/1990), and other applicable norms of the Brazilian legal system.

2. What data do we collect about you and for what purpose?

Only the following User data will be collected and used:

  • Location: We collect location data to provide personalized services, such as identifying nearby electric vehicle charging stations, which helps us improve the efficiency and convenience of our services by providing more accurate information. To offer these features, you need to allow access to your location when requested.
  • IP Address: The IP address is collected to ensure the security and integrity of our systems, as well as to help prevent fraud and analyze usage patterns. This data is also used to personalize the user experience by adjusting content and services according to the geographical region.

All data collection and use mentioned above are carried out in compliance with Data Protection regulations (LGPD, Federal Law 13.709/2018), the provisions of the Consumer Protection Code (Federal Law 8078/1990), and other applicable norms of the Brazilian legal system. We guarantee that your information will be handled with the utmost care and confidentiality, and will not be disclosed to third parties without your consent, except when required by law.


Why do we request this information?

We need this information to improve your experience in our application and enable it to function effectively. By knowing your location, we can:

  • Identify and show nearby charging stations, facilitating the search and use of these services.
  • Personalize recommendations and services based on your current location, making navigation more intuitive and efficient.
  • Ensure that you receive real-time information about the availability and status of charging stations in your area.
  • Increase the security and accuracy of our services by adjusting data and functionalities according to your location.

3. With Your Consent

In accordance with the General Data Protection Law (LGPD), your data will only be collected, processed, and stored for the purposes outlined in item 2 above. By providing your data to Tupi and BYD do Brasil, you are aware of and consenting to the provisions of this Privacy Policy, as well as being aware of your rights and how to exercise them. You have the right to access information about your personal data that we store at any time.

We are committed to ensuring that your information is accurate and up-to-date, reflecting the information you have provided to us accurately. If you have any questions about the accuracy or completeness of the provided data, please contact us so we can take the necessary steps to correct or update the information according to your request.

4. What Are Your Rights?

Tupi and BYD do Brasil ensure all the rights of data subjects as provided in Article 18 of the General Data Protection Law. Therefore, you may, free of charge and at any time:

a) Confirm the existence of data processing, in a simplified manner or in a clear and complete format.

b) Access your data, and request a readable copy in printed or electronic, secure, and suitable format.

c) Correct your data by requesting editing, correction, or updating of these.

d) Limit your data when unnecessary, excessive, or processed in non-compliance with the legislation, through anonymization, blocking, or deletion.

e) Request the portability of your data through a report of the registration data that Tupi and BYD process about you.

f) Delete your data processed with your consent, except in cases provided by law. We are committed to ensuring that your privacy rights are respected and to providing the necessary means for you to exercise control over your personal data.

If you need more information or wish to exercise any of these rights, contact us via email at: [email protected]

To ensure your correct identification as the holder of the personal data subject to the request, we may request documents or other evidence that can prove your identity. In such cases, you will be informed in advance.

5. How and For How Long Will Your Data Be Stored?

Your data collected by Tupi and BYD will be used and stored for the time necessary to fulfill legal and/or regulatory obligations; execution of the contract or preliminary procedures related to the contract of which the data subject is a part; for the regular exercise of rights in judicial, administrative, or arbitration proceedings; and, when necessary, to meet the legitimate interests of the controller or third parties; or, to achieve the purposes listed in this Privacy Policy, considering the rights of data subjects and controllers.

In general, your data will be kept as long as the contractual relationship between you and Tupi persists. After the personal data storage period ends, these will be deleted from our databases or anonymized, except for the cases legally provided in Article 16 of the General Data Protection Law (LGPD), namely:

I – Compliance with a legal or regulatory obligation by the controller;

II – Study by a research body, ensuring, whenever possible, the anonymization of personal data;

III – Transfer to a third party, provided the data processing requirements set forth in this Law are respected; or

IV – Exclusive use of the controller, provided that third-party access is prohibited, and the data is anonymized.

That is, information that is essential for compliance with legal, judicial, and administrative determinations and/or for the exercise of the right of defense in judicial and administrative proceedings will be maintained, despite the deletion of other data.

The storage of data collected by Tupi reflects our commitment to the security and privacy of your data. We employ technical protection measures and solutions to ensure the confidentiality, integrity, and inviolability of your data. Additionally, we have security measures appropriate to the risks and access control to the stored information.

6. What We Do to Keep Your Data Secure?

To ensure the security of your information, we employ a variety of physical, electronic, and managerial tools designed specifically to protect your privacy. These measures include physical security systems, such as restricted access control to sensitive areas, as well as advanced encryption technologies to protect data transmitted over the internet. We apply these tools considering the nature of the collected data, the context and purpose of the processing, and the risks that any breaches would pose to the rights and freedoms of the data subjects.

Tupi and BYD do Brasil are committed to adopting the best practices to prevent security incidents. However, it is necessary to highlight that no webpage and/or virtual platform is entirely secure and free from risks. It is possible that, despite all our security protocols, problems solely caused by third parties may occur, such as cyberattacks by hackers, or also due to the negligence or recklessness of the user/client themselves.

In case of security incidents that may generate relevant risk or harm to data subjects, we will notify the affected parties and the National Data Protection Authority about the occurrence, in accordance with the provisions of the General Data Protection Law (LGPD).

7. With Whom Your Data Can Be Shared?

In order to preserve your privacy, Tupi and BYD do not share data with any unauthorized third parties. Data will be shared with BYD, which will act as a Data Co-Controller, observing all the precepts established in the General Data Protection Law (LGPD). Your data may be shared with our affiliated companies. They will receive your data only to the extent necessary for the purposes already related in item 2 above, and all our contracts are guided by the data protection norms of the Brazilian legal system.

Additionally, there are other situations in which your data may be shared, which are:

I – Legal determination, request, requisition, or court order, with competent judicial, administrative, or governmental authorities;

II – Cases of corporate transactions, such as mergers, acquisitions, and incorporations, automatically; and

III – Protection of the rights of Tupi or BYD in any kind of conflict, including those of a judicial nature.

8. International Data Transfer

Whenever necessary for the international transfer of personal data, Tupi and BYD will observe the legal provisions and regulations issued by the competent authorities related to the international transfer of personal data.

9. Monitoring Tools

While browsing the Tupi application, some tools may be used to monitor the user experience, with the purpose of improving the service and navigation through the application.

10. Amendment of this Privacy Policy

The current version of the Privacy Policy was formulated and last updated on 22/05/2024. We reserve the right to modify this Privacy Policy at any time, especially to adapt to any changes made in our application or legislative scope. We recommend that you review it frequently. Any changes will take effect upon their public disclosure, and we will always notify you of the changes that have occurred.

11. Responsibility

Tupi and BYD ensure the provision and proper application of the responsibilities assigned to the agents participating in the data processing processes, as established in articles 42 to 45 of the General Data Protection Law.

We commit to keeping this Privacy Policy updated, observing its provisions, and ensuring compliance with it diligently and responsibly, guaranteeing that it is always aligned with the best data protection practices and in compliance with applicable regulatory standards. In case of requirement by the National Data Protection Authority related to the data processing conducted by Tupi and BYD, we undertake to take the recommended measures and to fully cooperate with regulatory authorities, following their guidelines and ensuring total transparency and compliance in our practices.

12. Security Measures and Disclaimer

We employ technical and organizational measures to protect our website against loss, destruction, unauthorized access, modification, or distribution of your data. Our security measures are constantly being improved in line with technological advancements.

While we uphold high security standards to prevent incidents, there is no database entirely free from risks. We acknowledge the importance of constantly enhancing our security measures to mitigate these risks, but it is essential to highlight that we cannot guarantee the complete invulnerability of our systems. Therefore, Tupi is not liable for:

I – Malicious actions by third parties, such as hacker attacks, except in cases of proven negligent or deliberate conduct by Tupi. We emphasize that in the event of security incidents that may pose a relevant risk or damage to you or any of our users/clients, we will notify the affected parties and the National Data Protection Authority about the occurrence and comply with the necessary measures.

II – Falsity of information provided by the data subject, and any consequences arising from false information or inserted in bad faith are entirely the responsibility of the data subject.

Data Protection Officer

If you have any questions about this Privacy Policy or the personal data we process, you can contact us to clarify doubts through the following emails:

[email protected]

You can contact our Data Protection Officer through the following channels to exercise your rights as a data subject:

[email protected]