Privacy and Personal Data Protection Policy
Please read this Privacy and Personal Data Protection Policy carefully to understand our policies and practices regarding your Personal Data and how the processing of this data is carried out.
This Policy applies to holders of personal data (natural persons) who interact with services of CORIS BRASIL TURISMO VIAGENS E ASSISTÊNCIA INTERNACIONAL LTDA (referred to in this policy as "You"). This Policy explains how your Personal Data is collected, used and disclosed by CORIS BRASIL TURISMO VIAGENS E ASSISTÊNCIA INTERNACIONAL LTDA (referred to in this policy as “ CORIS ”, “We”, “Us”). It also informs you how you can access and update your Personal Data and make certain choices about how your Personal Data is used.
This Policy covers our data collection activities both online and offline, covering Personal Data that We collect through our various channels, including – but not limited to – Websites, Applications, Third Party Social Networks, Customer Service, Points of Sale, Surveys and Events. Please note that We may aggregate Personal Data combined from different sources (e.g. our website and offline events). As part of this, We combine Personal Data that was originally collected by different CORIS entities or CORIS partners. You can refer to the section “About your rights regarding Personal Data” for more information on how to object to this.
In some specific cases, if You choose not to provide Us with Personal Data that we consider necessary (We will indicate when this is the case, for example by explicitly placing this information on our registration forms), We may not be able to provide You with our products and/or services.
Sources of Personal Data
We collect your Personal Data through the following sources:
- CORIS Websites: All of our websites may be used to collect personal data. This includes both websites that we operate directly through our domains and IP addresses, as well as websites or pages that We establish on third-party services, such as Facebook, Linkedin, and other third parties that offer this type of service.
- Electronic Mail (e-mail) and instant messaging systems: Services used to maintain electronic communications between You and CORIS, including those made available directly by Us, or third-party services such as WhatsApp, Telegram, SMS (short message service) and similar.
- CORIS Mobile Applications: Mobile applications provided directly by CORIS or through third party services such as Google or Apple.
- Customer service and sales center: Communications made with you through our customer service and sales centers.
- Advertisements, publicity and online forms: Interactions with any type of advertisements, publicity and online forms from CORIS.
- Offline records and physical documents: Records completed offline, distributed during events and other interactions with CORIS.
- Data received from third parties: Including, but not limited to, social networks and third party websites such as Facebook, Instagram, Linkedin, and similar, data aggregator services, CORIS partners, public sources and data received during acquisition of other companies.
What Personal Data we collect and how we collect it
During your interaction with CORIS, using one of the previously mentioned collection sources, we may collect various types of personal data about You, as set out below:
- Contact Information: Includes any type of information that may facilitate our contact with You, including your physical mailing address, telephone numbers, email addresses, websites and social media profiles.
- Login information: Includes information to identify and authenticate yourself to services provided by CORIS, including your registration name (login), password in unrecoverable (encrypted) format, and security questions.
- Demographic information and your interests: Any information that may describe your demographics, habits or behavioral characteristics, including items such as your birthday, date of birth, age or age range, gender, geographic location, favorite products, hobbies and pastimes, other interests and family or lifestyle information.
- Technical information about your computer equipment or mobile device: Details about your computer or other portable device that was used to access one of our websites, services or applications, including the IP address used to connect your computer or device to the internet, including your geographical location, operating system type and version and web browser type and version. If you access a CORIS website or application using a mobile device, such as a smartphone or tablet, the information collected will also include, where permitted, your phone’s unique device ID, geographical location and other similar mobile device data.
- Information about how you use our websites and services: During your interaction with our websites and services, we use automatic data collection technologies to collect information about the actions you take. This may include details such as which links you click on, which pages or content you view and for how long, and other similar information and statistics about your interactions, such as content response times, download errors and length of visits to certain pages. This information is collected through automated technologies such as cookies (browser cookies, Flash cookies and similar) and web beacons, and also via third party tracking. You are free to object to the use of such technologies, for details see the Section “About your rights regarding personal data”.
- Market research and consumer feedback: This is information that you voluntarily share with CORIS about your experience using our products and services.
- Consumer Generated Content: This includes any content that You create and share with CORIS on third party social networks or by uploading it to one of our websites, applications and other online and offline services, including through the use of third party social networking applications such as Facebook, Instagram, LinkedIn and similar. This data includes text, comments, articles, photos, videos, personal stories or other similar content and media. Where permitted, We collect and publish consumer generated content in connection with a variety of activities, including marketing of CORIS products and services, contests, giveaways and other promotions, website community features, consumer engagement and third party social networks.
- Third-Party Social Network Information: This is any data that You share publicly on a third-party social network or information that is part of Your profile on a third-party social network (such as Facebook, Instagram, Linkedin and similar) and that You allow the third-party social network to share with Us. This data may include details such as Your basic account information (name, email address, gender, date of birth, current city, profile picture, user ID, friends list and similar information) and any other additional information or activities that You allow the third-party social network to share with Us. We receive Your third-party social network profile information (or parts thereof) whenever You download an item or interact with a CORIS application or web service on a third-party social network, whenever You use a social network feature that is integrated into a CORIS website or whenever You interact with Us through a third party social network. To learn more about how your information from a third party social network is obtained by CORIS or to opt out of sharing such social network information, please visit the website of the specific third party social network.
- Financial and Payment Information: Any data that CORIS needs to fulfill an order, or that You use to make a purchase, such as your debit or credit card details (cardholder name, card number, expiration date, etc.) or other payment methods used. CORIS or our payment processing service providers handle your financial and payment information in compliance with applicable laws, regulations and security standards, such as the PCI DSS (“Payment Card Industry Security Standards Council”).
- Contacts with our Customer Service and Sales Center: Your interactions with our Customer Service and Sales Center may be recorded or listened to, in accordance with applicable laws, for CORIS 's operational needs. Financial and payment details are not recorded. Where required by law, you will be informed of such recording at the beginning of your call.
- Sensitive Personal Data: CORIS does not normally handle Personal Data considered sensitive under applicable law. Accordingly, we do not intend to collect or process data of this nature in the normal course of your interactions with our products or services. Where it is necessary to process your sensitive personal data for any reason, we will provide specific purposes and obtain your prior, express and formal consent for any processing that is voluntary. If we process your sensitive personal data for other purposes, we rely on the following legal bases: (i) detection and prevention of crime, (ii) performance of a contract or (iii) compliance with applicable law.
About Personal Data of Children and Adolescents
CORIS does not knowingly request, collect, process, store or share personal data of children and adolescents under the age of majority, except in cases where there is a legal provision, or explicit consent from one of their parents or legal guardians, in accordance with current legislation.
If we discover that any type of processing of this type of personal data has occurred unintentionally, we will remove the personal data of that child or adolescent from our records quickly, securely and with a record of this processing.
About the use of Cookies, log files and similar
Cookies are small text files that may be placed on your computer or portable device by websites or web services that you use. They are used to ensure the proper functioning of websites and other online services, as well as to provide information to the owners of the website or online service.
CORIS websites and other compatible web services and to better understand how our visitors use our websites and online services, as well as the tools and services they offer. Cookies make it easier for us to adapt CORIS websites to your personal needs, making their use easier whenever possible, and to receive feedback on the satisfaction of our consumers.
CORIS uses the following types of Cookies on its websites and compatible services:
- Session Cookies: These are temporary cookies that are deleted when you close your browser. When you restart your browser and return to the website that created the cookie, that website treats you as a new visitor.
- Persistent Cookies: These are Cookies that remain in your browser until you manually delete them or until your browser deletes them according to the duration period established by the cookie. These Cookies will recognize your return as a visitor to a CORIS website or service.
- Necessary Cookies: These are Cookies that are strictly necessary for the operation of a CORIS website or compatible service. They enable You to move around the website and use our features.
- Cookies that send us information about You: We place these types of Cookies on a CORIS compatible website or service and these types of Cookies can only be read by our compatible websites and services.
- Cookies in CORIS advertisements: We place Cookies in advertisements and ads that appear on third-party websites and compatible services. We obtain information through these Cookies when you click on or interact with the advertisement or ad. In this case, CORIS is placing a “third-party” cookie. We may use this data obtained by third-party Cookies to send you other advertisements that we believe are relevant or of interest to you based on your previous behavior.
- Cookies that share your information with third parties: These are Cookies placed on a CORIS website by our partner companies, such as online advertising services. They may use the data collected by these Cookies to anonymously send you targeted advertisements on other websites, based on your visit to CORIS-supported websites or services.
CORIS websites and compatible services may also use other tracking technologies similar to Cookies, which may collect information such as IP addresses, log files, and web beacons, among others. This data is also used to help us tailor CORIS websites and other compatible services to your personal needs.
See more details below:
- IP Addresses: An IP address is a number used on the Internet or a network to identify your computer. Every time you connect to the Internet, your computer is assigned an IP address by your Internet Service Provider. We may log IP addresses for the following purposes:
- Handling technical problems;
- Maintaining the protection and security of our websites and other online services;
- Gain a better understanding of how our websites and other online services are used;
- Adapt our content to your needs, depending on your geographic location;
- Log Files: CORIS or a third party working on our behalf may collect information in the form of log files that detail website activity and gather statistics about users’ browsing habits. These logs are typically generated anonymously and help us understand details such as:
- The type of browser and operating system used by users of our websites or online services;
- Details about your user session, including the referring URL, date, time and which pages you visited on our websites and supported services and how long you spent on them;
- Other navigational or click count details including site traffic reports, unique visitor counts, and similar data.
- Web Beacons: We may use web beacons (or clear GIFs) on CORIS websites. Web beacons (also known as webbugs or web beacons) are small strings of code that allow the delivery of a graphic image on a web page for the purpose of transferring data back to us. We use the information from web beacons for a variety of purposes, including:
- Understand how a user responds to email campaigns;
- Traffic reports for our websites and compatible services;
- Perform unique visitor counting, advertising and email auditing and reporting, and personalization on our websites and other compatible services;
It is important to remember that it is up to You to ensure that the settings on Your computer or portable device reflect whether You consent to accept Cookies or not.
Most browsers allow you to set rules to warn you before accepting Cookies or to simply refuse them. You do not need to have Cookies enabled to use or browse most CORIS websites and online services, however we cannot guarantee that you will be able to access all of their features. We recommend that you look at the “help” button on your browser to find out how to configure this type of setting. Please remember that if you use different browsers, or even computers and/or portable devices in different locations, you will need to ensure that each device and browser is adjusted to your personal Cookie preferences. Because our web beacons may be part of a web page, you cannot “opt out ” of this type of feature, but you can make it completely non- functional by enabling the “opt out” feature for the Cookies placed by that beacon.
About the use of your Personal Data
The following describes the purposes for which CORIS collects your Personal Data, and the different types of Personal Data we collect for each purpose. Please note that not all of the uses below will be relevant to all individuals and may only apply to specific situations.
- Consumer Services: Your Personal Data is used for the purpose of providing consumer services, including responding to your queries, questions and suggestions. This usually requires certain personal contact information and information about the reason for your query, question or suggestion, for example, what your order was, whether there is a technical problem, a product issue or complaint, or a general query.
Reason for using your personal data in this situation :
- Fulfill contractual obligations;
- Comply with legal obligations;
- Our legitimate interests.
Our legitimate interests in this situation :
- Continuously improve CORIS products and services;
- Continuously improve the effectiveness of our customer service.
- Conducting contests, promotions and other marketing activities: With your consent (where required by applicable law), CORIS uses your Personal Data to provide you with information about products or services, such as marketing communications, advertising campaigns or promotions. This may be done through various means of communication, including email, advertisements, sending SMS messages, telephone calls and postal mail (as permitted by applicable law), as well as through our own websites and/or third-party websites and social networks. In this case, the use of your Personal Data is completely voluntary, which means that you can object, or even withdraw your consent at any time, to the processing of your Personal Data for these purposes. For more details on how to change your preferences regarding marketing communications, see the “About your rights regarding Personal Data” section of this policy. For more information about our contests and other Promotions, see the rules or details posted about each contest/promotion.
Reason for using your personal data in this situation :
- Fulfill contractual obligations;
- Our legitimate interests;
- We have obtained your consent (where required).
Our legitimate interests in this situation :
- Understand which of our products and services may be of interest to You and provide information about them;
- Define consumers for new products or services.
- Social Networks and Third-Party Websites: We use your Personal Data when You interact with social network and third-party website functions, such as “likes”, to provide advertisements and interact with You on third-party social networks. How these interactions work, the profile data that CORIS obtains about You, and how to cancel them (“opt - out”) can be understood by reviewing the privacy policies directly on the respective social networks and third-party websites.
Reason for using your personal data in this situation :
- Our legitimate interests;
- We have obtained your consent (where required).
Our legitimate interests in this situation :
- Understand which of our products and services may be of interest to You and provide information about them;
- Define consumers for new products or services.
- Personalization (offline and online): Based on your consent (where required under applicable law), CORIS uses your Personal Data (i) to understand your preferences and habits, (ii) to anticipate your needs, based on our understanding of your profile, (iii) to improve and personalize your experience on our websites and applications; (iv) to ensure that the content of our websites and applications is optimized for You and for your computer or device; (v) to send You targeted advertising and content, and (vi) to allow You to participate in interactive features, whenever You choose to do so. In this situation, the use of your Personal Data is completely voluntary, which means that You can object, or even withdraw Your consent at any time, to the processing of your Personal Data for these purposes. For more details, see the section “About your rights regarding Personal Data” in this policy.
Reason for using your personal data in this situation :
- Our legitimate interests;
- We have obtained your consent (where required).
Our legitimate interests in this situation :
- Understand which of our products and services may be of interest to You and provide information about them;
- Define consumers for new products or services.
- Fulfilling your orders: We use your Personal Data to process and ship your orders, as well as to inform you about the status of your orders, correct addresses, and conduct identity verification and other fraud prevention activities. This involves the use of certain Personal Data and, in certain situations, payment information.
Reason for using your personal data in this situation :
- Fulfill contractual obligations;
- Legal obligations;
- Our legitimate interests;
- We have obtained your consent (where required).
Our legitimate interests in this situation :
- Improve and develop new products and services;
- Be more efficient in responding to your requests;
- Protect our systems, networks and employees;
- Fully comply with legal obligations.
- Legal reasons or merger/acquisition: If CORIS or its assets are acquired by, or merged with, another company, including as a result of bankruptcy, we will share your Personal Data with our legal successors, in accordance with the requirements of applicable law. We will also disclose your Personal Data to third parties (i) when required by applicable law; (ii) in response to legal proceedings; (iii) in response to a request from a competent legal authority; (iv) to protect our rights, privacy, safety or property; or (v) to enforce the terms of any agreement or the terms of our website, products and services, in accordance with applicable law.
Reason for using your personal data in this situation:
- Legal obligations;
- Our legitimate interests ;
Our legitimate interests in this situation:
- Fully comply with legal obligations;
- Protect our systems, assets and employees.
- Other purposes and situations in general: In accordance with applicable law, CORIS uses your Personal Data for other general business purposes, such as maintaining your account, conducting internal or market research and measuring the effectiveness of our advertising campaigns. We reserve the right, if you have CORIS accounts, to integrate these accounts into a single account. We also use your Personal Data for the management and operation of our communications, IT and security and data protection systems.
Reason for using your personal data in this situation :
- Fulfill contractual obligations;
- Legal obligations;
- Our legitimate interests;
- We have obtained your consent (where required).
Our legitimate interests in this situation :
- Improve and develop new products and services;
- Be more efficient in responding to your requests;
- Protect our systems, networks and employees;
- Fully comply with legal obligations.
About the disclosure of your Personal Data
In addition to the entities that are part of CORIS , we may share your Personal Data with the following types of third-party organizations:
- Service Providers: These include external companies that are used by CORIS to help operate our business. Service Providers and their selected employees are only authorized to access your Personal Data on CORIS behalf for the specific tasks that are requested of them based on our direct instructions. Our service providers are contractually obligated to keep your Personal Data confidential and secure, and in cases of breach they are jointly liable in accordance with applicable law.
- Credit reporting, debt collection and financial services agencies: As permitted by applicable law, credit reporting and/or debt collection agencies are third-party companies that CORIS may use to help us verify your credit status or collect past-due payments.
- Third-party companies using Personal Data for their own marketing purposes: Except where you have given your specific consent, CORIS does not license or sell your Personal Data to third-party companies for their own marketing purposes. In cases where such sharing occurs, the identity of these third-party companies will be disclosed prior to obtaining your consent.
- Third parties using your Personal Data for legal reasons or due to merger/acquisition: We will disclose your Personal Data to third parties for legal reasons or in the context of a merger or acquisition within CORIS .
About the retention and termination of the processing of your Personal Data
In accordance with current legislation, CORIS uses your Personal Data for as long as necessary to satisfy the purposes for which your Personal Data was collected, as described in this policy, or to comply with applicable legal requirements.
Personal Data used to provide a personalized experience to You will be kept exclusively for the time permitted, in accordance with current legislation.
You can obtain further details about the retention of your Personal Data through the communication channels detailed in this policy.
When the processing of your Personal Data is complete, it will be eliminated within the scope and technical limits of the activities, with conservation authorized in the situations provided for in current legislation.
About the disclosure, storage or transfer of your Personal Data
CORIS takes appropriate measures to ensure that your Personal Data is kept confidential and secure. However, these protections do not apply to information that You have chosen to share in public areas, such as third-party social networks .
- Persons who may access your Personal Data: Your Personal Data will be processed by our authorized employees or agents, provided that they need to have access to such information, depending on the specific purposes for which your Personal Data has been collected.
- Measures taken in operating environments: We store your Personal Data in operating environments that use reasonable security measures, both technical and administrative, to prevent any type of unauthorized access. We follow reasonable protocols to protect Personal Data.
- Steps CORIS expects You to take: It is important that You also play a role in keeping your Personal Data secure. When you create an online account, please ensure that you choose a password that is strong enough to prevent unauthorized parties from guessing it. We recommend that You never disclose or share your password with anyone else. You are solely responsible for keeping this password confidential and for any actions taken through your account on CORIS websites and supported services .
If you use a shared or public computer, never choose to have your login name, email address or password remembered, and make sure you log out of your account whenever you leave your computer. You should also make use of any privacy settings or controls that CORIS provides on our website, services or applications, including those that are considered optional.
- Transfer of your Personal Data: Given the nature of our business, we may have to transfer your Personal Data stored within CORIS to third parties, in accordance with the purposes set out in this Privacy Policy. For this reason, we may transfer your Personal Data to other countries, provided that these have laws and regulations compatible with those in force in Brazil.
About your rights regarding Personal Data
You have the right to confirm the existence, access, review, modify and/or request an electronic copy of the information of your Personal Data that is processed by CORIS .
You also have the right to request details about the origin of your Personal Data or the sharing of this data with third parties.
At any time, you may also limit the use and disclosure, or revoke consent to any of our processing activities of your Personal Data, except in situations provided for in current legislation.
These rights can be exercised through the communication channels detailed in this policy, requiring validation of your identity by providing a copy of your ID or equivalent means of identification, in accordance with current legislation.
Whenever a request is submitted without providing the necessary evidence to prove the legitimacy of the data subject, the request will be automatically rejected. We emphasize that any identifying information provided to CORIS will only be processed in accordance with, and to the extent permitted by, applicable laws.
Please note that in certain cases, we may not be able to delete your Personal Data without also deleting your user account. Additionally, some situations require us to retain your Personal Data after you request its deletion in order to satisfy legal or contractual obligations.
Where available, our websites, applications and online services may have a dedicated function where you can review and edit your Personal Data. Please note that CORIS requests validation of your identity using, for example, a password login system or similar feature, before allowing access to or modification of your Personal Data, thus ensuring that there is no unauthorized access to your account and associated personal data.
CORIS will do its utmost to address any concerns You may have about the way in which we process your Personal Data. However, if You have unresolved concerns, You have the right to complain to the competent data protection authorities .
What choices do you have about how we use and disclose your Personal Data?
CORIS does its utmost to give You freedom of choice over the Personal Data You provide to us. The following mechanisms give You control over the processing of Your Personal Data:
- Cookies/Similar Technologies: You can manage your consent using:
- Our consent management solutions;
- Your browser settings to refuse some or all Cookies and similar technologies, or to alert you when they are being used.
- Advertising, marketing and promotions: You may consent to your Personal Data being used by CORIS to promote our products or services by checking boxes located on the registration forms or by answering questions presented by our representatives.
If you decide that you no longer wish to receive such communications, you may unsubscribe from receiving marketing-related communications at any time by following the instructions provided in such communications.
To unsubscribe from marketing communications sent by any means, including third party social networks, you may opt out at any time by unsubscribing through the links provided in our communications, by logging into our websites, applications, compatible online services or third party social networks and adjusting your user preferences or by calling our customer service directly.
It is important to remember that even if you unsubscribe from our marketing communications, you will continue to receive administrative communications from CORIS , such as order and transaction confirmations, notifications about your account activities on our websites and supported services, and other important non-marketing related announcements.
- Personalization (offline and online): Where permitted by law, if You would like Your Personal Data to be used by CORIS to provide You with a personalized experience or targeted advertising and content, You can indicate this by ticking the relevant boxes located on the registration form or by answering questions presented by our representatives.
If you decide that you no longer wish to benefit from this personalization, you may opt out at any time by logging into our supported websites, applications and services and selecting your user preferences in your account profile or by calling our customer service directly.
- Targeted Advertising: CORIS may partner with ad networks and other advertising service providers that serve advertisements and other services on our behalf or on behalf of other companies not affiliated with CORIS . Some of these advertisements may be tailored to your interests based on information collected on CORIS websites and other supported services or on websites of organizations not affiliated with CORIS .
You can contact us using the communication channels detailed in this policy for more information on how to manage or opt-out of targeted advertising.
Changes to our Privacy Policy
Whenever CORIS decides to change the way we process your Personal Data, this Policy will be updated. We reserve the right to make changes to our practices and this Policy at any time, as long as we maintain compliance with current legislation.
We recommend that you visit it frequently, or whenever you have questions, to see any updates or changes to our Privacy Policy.
How to get in touch
You can contact us at:
- Ask questions or make comments about this Policy and our privacy and Personal Data protection practices;
- Make a complaint;
- Confirmation of the existence of processing of your Personal Data;
- Obtain information on how to access your Personal Data;
- Correct incomplete, inaccurate or outdated personal data;
- Obtain information about the anonymization, blocking or deletion of unnecessary, excessive data or data processed in non-compliance with the provisions of current legislation;
- Obtain information about the portability of your personal data to another service or product provider, upon express request, in accordance with current legislation;
- Request the deletion of personal data processed with your consent, except in cases provided for in current legislation;
- Request details of the public and private entities with which we share your Personal Data;
- Obtain information about the possibility of not providing consent and the consequences of such refusal;
- Revoke consent for the processing of your Personal Data, except in cases provided for in current legislation;
- Other rights of the holder of personal data, in accordance with current legislation.
Do so, we ask that you contact us using the exclusive service channel: [email protected]
DPO: Rebeca Valerio
Email: [email protected]
CORIS will receive, investigate and respond, within a reasonable period of time, to any request or complaint about the way in which We process your Personal Data, including complaints about disrespect for your rights under applicable privacy and Personal Data protection laws.