Our goal is transparency and security for our customers and users.

The Privacy Policy of BANCO XCMG BRASIL S.A., a legal representative governed by private law, established in the city of Pouso Alegre/MG, at Rodovia Fernão Dias – BR 381 – S/N – KM 854 – Andar 2, CEP: 37.556-830, registered with the CNPJ under No. 36.658. 769/0001-49 and other companies in the group, which includes its parent companies and subsidiaries, directly or indirectly, as well as its affiliates and companies under common control in Brazil (“BANCO XCMG”) was created to show our commitment to always treat your personal data with security, privacy and transparency.

This Privacy Policy describes the personal data we collect, how it is used, stored and shared and your rights in relation to that data.

When you contract the services of BANCO XCMG, you provide us with your personal information so we can help you to better choose our products and services and also to give you the best possible experience. Privacy, security and transparency are fundamental values and we will always adopt the best practices to guarantee the confidentiality and integrity of your personal information.

By accepting the terms of this Privacy Policy, you are aware that the controller of your personal information, otherwise stated, the company responsible for making decisions about the processing of your personal data, will be BANCO XCMG BRASIL S.A., a legal representative governed by private law, established in the city of Pouso Alegre/MG, at Rodovia Fernão Dias – BR 381 – S/N – KM 854 – Andar 2, CEP: 37.556-830, registered with the CNPJ under No. 36.658.769/0001-49.

Depending on the services you have contracted, the company may be the controller of your data.

After reading this Privacy Policy, if you have any questions, complaints, wish to exercise your rights related to your personal information or communicate with Banco XCMG on this matter, you can contact us through our customer service channels or contact our Committee in Charge – LGPD on 0800-9405722.

Each time you read a term beginning with a capital letter in this Policy, it means that it is a term with a specifically defined meaning.

Whenever the terms “BANCO XCMG”, “we”, “us” or “our” are mentioned, we are referring to BANCO XCMG BRASIL S.A.; likewise, whenever the terms “you”, “your”, “yours” are mentioned, we are referring to You.

This Privacy Policy applies to all Banco XCMG clients in Brazil. We collect your personal information whenever you:

• Contact us through our service channels;
• Participate in surveys or promotions.

This Privacy Policy applies specifically to:

XCMG Bank customers: individuals who actually contract, utilize or access one or more services or products (either for yourself or for your legal entity).

XCMG Bank prospects: individuals who have been prospected or who have already requested to contract one of the services or products, but who have not become a client for any reason.

This Privacy Policy also applies to other forms of data collection that enable us to provide or improve our services. For example, we may collect information through partners or relating to our technologies. All forms of collection and uses of your personal data are described in this Privacy Policy.

The practices described in this Privacy Policy only apply to the processing of your personal data in Brazil and are subject to applicable local laws, in particular Law No. 13,709/2018 (General Personal Data Protection Law, or “LGPD”).

When requesting, contracting or using our products or services, you provide us with, and we collect, certain personal information related to you.

In addition, we also receive some personal information sent by partners we have contracted for specific purposes (such as to strengthen our fraud control), so that we can comply with legal obligations or applicable regulations and others that will be detailed later.

By accepting the terms of this Privacy Policy, you expressly agree to provide only true, current and accurate personal information and not to change your identity or your personal information in any way when accessing and using our products or services. You are solely responsible for any false, outdated or inaccurate information you provide.

Banco XCMG uses your personal information to provide you with a high quality service and to offer you the best products. We detail below the purposes for which we use your personal information:

This is your personal information processed by XCMG Bank, divided into categories:

Personal information provided by the owner through our preliminary registrations.

Personal information processed:

Contact details, name, telephone number and e-mail address.

Purposes:

• Providing the contracted services and products;
• Answering requests and questions;
• Contact by telephone, e-mail, SMS, WhatsApp, or other means of communication, including sending notifications;
• Marketing, prospecting, market research, opinion polls and promotion of our products and services, or those of our partners, including making offers and sending information about products, services, news, features, content, news and other events relevant to maintaining the relationship with you;
• Compliance with a legal or regulatory obligation.

Public information

Personal information processed:

• We may collect information about you that is publically available or that has been made public by you;
• Information about mentions of or interactions with our institution;
• Testimonials regarding XCMG Bank posted on social media profiles and pages, along with your name and image (including profile pictures).

  Purposes:

• Disclosure of the products and services provided by Banco XCMG on social networks, websites, applications or institutional and advertising materials.
• Exercise of rights in a regular manners;
• Compliance with legal and/or regulatory obligations imposed on our institution, including Know Your Customer rules, Prevention of Money Laundering and Terrorist Financing and others.

Personal information originated from the use of our products and services

Purpose:

• Providing the contracted services and products;
• Development of new products and services to be offer and generate knowledge for innovation or development of new products;
• Tests to improve models and services and products;
• Marketing, prospecting, market research, opinion polls and promotion of our products and services, or those of our partners, including making offers and sending information about products, services, news, features, content, news and other events relevant to maintaining the relationship with you;
• Regular exercise of XCMG Bank’s rights, including submitting documents in judicial and administrative proceedings, if necessary;
• Collaboration with or compliance with a court order, competent authority or regulatory.;
• Compliance with a legal or regulatory obligation;
• Credit analysis;

XCMG Bank may share your data if you request it. Your data may also be shared with authorities and regulatory bodies for different purposes, when necessary. Whenever done, the sharing of data will be carried out within the limits and purposes of our business and in accordance with what is authorized by the applicable legislation.

Below we have prepared a summary divided into categories with the types of suppliers with whom we normally share your personal data:

Other group companies
Purposes of sharing

• Providing services and offering the contracted products to the client;
• Operating and offering new services and products;
• Marketing, prospecting, market research, opinion polls and promotion of our products and services;
• Prevention and resolution of technical or security problems;
• Investigations and measures to prevent and combat illicit activities, fraud, financial crimes and guarantee the security of clients and the financial system;
• Exercise rights at regular basis;
• Compliance with a legal or regulatory obligation;
• Credit analysis;

Business partners, service providers and other third parties
Such as: providers of information technology services, customer service, communication, statistical services, research, marketing, financial services and means of payment; partners who manufacture, personalize and deliver our credit and/or debit cards, collection, credit and fraud prevention agencies, banks, financial institutions and other third parties.

Purposes of sharing:

• Improving our services, website and application and implementing new products or services;

• Contact by phone, e-mail, SMS, WhatsApp or other means of communication

• Helping to develop and offer our financial products;

• Debt collection;

• Verification of your identity and eligibility to contract the services and periodic reassessments, enabling any proactive invitation to prospects;

• Marketing, prospecting, market research, opinion polls and promotion of our products and services;

• Prevention and resolution of technical or security problems;

• Investigations and measures to prevent and combat illicit activities, fraud, financial crimes and guarantee the safety of clients of the financial system;

• Regularly exercise of XCMG Bank’s rights;

• Compliance with a court order, competent authority or supervisory body;

• Compliance with a legal or regulatory obligation;

• Credit analysis;

Authorities and regulatory bodies
Purposes of sharing:

* Investigations and measures to prevent and combat illicit activities, fraud, financial crimes and guarantee the safety of clients of the financial system;
* regular exercise of rights, including presenting documents in judicial and administrative proceedings, if necessary;
* Compliance with a court order, fulfillment of a request from a competent authority or supervisory body;
* Compliance with a legal or regulatory obligation.

At your request:

Purposes of sharing:
* Ensuring transparency in our relationship with you;
* Sending non-mandatory notifications by email, WhatsApp and SMS.

For as long as you are a Client or Prospect of XCMG Bank, during the use of our products and services and for as long as the institution stores your personal data, it will be kept in a secure and controlled environment.

When applicable, and even after canceling the account or other services or products, we may store your personal data for an additional period of time for auditing purposes, compliance with legal or regulatory obligations, for the regular exercise of rights or also for the period necessary according to the legal basis justifying the retention of the data. For example, we may store your data to comply with obligations imposed by the Central Bank of Brazil and also to preserve our rights in legal proceedings.

Since the LGPD came into force, you, as information owner, can exercise your rights against the controllers of your personal data. We have provided the mechanisms detailed below so that you understand clearly and transparently how to exercise your rights and our team will be ready to respond to any requests.

These rights are listed below:

• Confirmation that personal data is being processed  
• Access to personal information:

You can request that XCMG Bank informs you and provides you with the personal information that belongs to you.

• Correction of incomplete, inaccurate or outdated personal data:

If you find that your personal data is incomplete, inaccurate or out of date, you can ask XCMG Bank to correct or update it. To do this, if it is not possible to make the change through the channels you have chosen, you will need to send a document proving that your personal information that is correct and up-to-date.

• Anonymization, blocking or deletion of unnecessary, excessive or processed data that does not comply with the LGPD:

If any personal information is processed unnecessarily, in excess of the purpose for which it is intended or in non-compliance with the LGPD, you can request that we block or delete this information, provided that the excess, lack of necessity or non-compliance with the law is effectively established.

• Eliminating personal data processed with consent:

If you have given your consent to the processing of your personal data for specific purposes (and not necessary for the provision of our services or delivery of our products), you may request the deletion of this personal information, such as personal data obtained from your geolocation to indicate where your purchases were made.

• Information from companies that XCMG Bank has shared or received your personal data from:

You can request information about which third parties have shared or received your personal data. 

• Information about the possibility of not giving consent and the consequences of not giving consent:

If your consent is required to access or use a certain product or service, you can ask XCMG Bank to clarify whether it is possible to provide that product or service without your consent to the processing of your personal data, or what the consequences are of not providing consent in this case.

• Revocation of consent:

If you have given your consent to the processing of your personal information, you can request that this consent to be revoked. The revocation of consent may result in the impossibility of using some functionalities of our products and services, or even in the termination of the services provided, but does not prevent the use of (I) anonymized data; and (II) data whose processing is based on another legal hypothesis provided for in the LGPD, such as contractual and/or legal obligations.

• Automated decision-making:

You may request a review of decisions made solely on the basis of automated processing of personal data affecting your interests and an indication of the criteria used for such decisions. For reasons of business secrecy, protection of confidential information and preservation of competition, Banco XCMG does not disclose how these automated systems work. It is important to note that Banco XCMG does not guarantee a different outcome from the first decision, but we can guarantee that our technological models are consistent and based on legal and ethical principles.

• Portability and right of petition:

When the right of portability is regulated by the National Data Protection Authority (ANPD), you will be able to ask XCMG Bank to transfer your personal data to another service provider. In addition, with the establishment of the ANPD, you will also have the right to petition the national authority in relation to your data.

If you wish to exercise any of these rights, please contact us directly through the channel with our Committee in Charge on 0800-9405722. In order to exercise your rights, we may request proof of your identity as a security and fraud prevention measure. 

We may record the activities you carry out when using our website by creating, where possible and applicable, logs (records of activities carried out on the websites and applications and services) which will contain: the IP address, access and actions carried out by you on the service made available, the date and time of each action carried out and information about the device used, such as the operating system version, browser and geolocation.

We may also use certain technologies, either our own or those of third parties, to monitor the activities carried out, such as: 

Analytics tools: These tools can collect information such as how you visit a website, including which pages and when you visit those pages, as well as other websites that have been visited before, among others.

All technologies used by us will always respect the terms of this Privacy Policy.

Some or all of your personal data may be transferred abroad, for example when it is stored by Banco XCMG on cloud computing servers located outside Brazil. To this end, Banco XCMG observes all the requirements established by current legislation and adopts the best security and privacy practices to guarantee the integrity and confidentiality of your personal data.

XCMG Bank uses various types of security measures to ensure the integrity of your personal data, such as information security standards practiced by the industry when collecting and storing personal information.

Personal information may also be stored using cloud computing technology and other technologies that may emerge in the future, with the aim of always improving and enhancing our services and security.

We treat the security of your personal information with the utmost care, using the standards and best practices adopted in the market. We have a robust, highly qualified team responsible for ensuring that XCMG Bank adopts the best security practices:

• Encryption for data at rest, in transit and in use, to guarantee the integrity of information;
• Continuous monitoring of the environment;
• Ongoing information security analysis and testing of our systems by internal and external teams;
• Periodic audits.

 

• About Us
• Our Partners
• Privacy Policy
• Contact Us