1. General information

This Privacy Policy contains information about how we process, in whole or in part, automated or not, the personal data of users who access our website. Its objective is to clarify the interested parties about the types of data that are collected, the reasons for the collection and the way in which the user can update, manage or delete this information.

This Privacy Policy has been prepared in accordance with Federal Law no. 12,965 of April 23, 2014 (Marco Civil da Internet), with Federal Law no. 13,709, of August 14, 2018 (Personal Data Protection Law) and with EU Regulation n. 2016/679 of April 27, 2016 (European General Personal Data Protection Regulation - RGDP).

This Privacy Policy may be updated as a result of any regulatory update, which is why the user is invited to periodically consult this section.

2. User rights

The site is committed to complying with the rules set out in the GDPR, in compliance with the following principles:

• The user's personal data will be processed in a lawful, fair and transparent manner (lawfulness, loyalty and transparency);
• The user's personal data will only be collected for specified, explicit and legitimate purposes and cannot be further processed in a way that is incompatible with these purposes (limitation of purposes);
• The user's personal data will be collected in an appropriate, relevant and limited way to the needs of the purpose for which they are processed (data minimization);
• The user's personal data will be accurate and updated whenever necessary, so that inaccurate data will be deleted or rectified where possible (accuracy);
• The user's personal data will be kept in a way that allows the identification of the data subjects only for the period necessary for the purposes for which they are processed (retention limitation);
• The user's personal data will be treated securely, protected from unauthorized or unlawful treatment and against accidental loss, destruction or damage, adopting the appropriate technical or organizational measures (integrity and confidentiality ). The website user has the following rights, granted by the Personal Data Protection Law and the GDPR:
• Right of confirmation and access: this is the user's right to obtain confirmation from the website that personal data concerning him or her are being processed and, if that is the case, the right to access your personal data;
• Right of rectification: is the user's right to obtain from the website, without undue delay, the rectification of inaccurate personal data concerning him;
• Right to data erasure (right to be forgotten): it is the user's right to have their data erased from the website;
• Right to limit the processing of data: it is the user's right to limit the processing of their personal data, being able to obtain it when they contest the accuracy of the data, when the treatment is unlawful, when the website no longer needs the data for the proposed purposes and when it has objected to the processing of data and in case of processing of unnecessary data;
• Right of opposition: it is the right of the user to, at any time, oppose for reasons related to his particular situation, the processing of personal data concerning him, being able to oppose the use of your personal data to define your marketing profile (profiling);
• Right to data portability: is the user's right to receive the personal data concerning him/her and which he/she has provided to the website, in a structured, commonly used and machine-readable format, and the right to transmit this data to another website;
• Right not to be subjected to automated decisions: it is the user's right not to be subject to any decision made solely on the basis of automated processing, including profiling, that produces effects on its legal sphere or that significantly affects it in a similar way. The user may exercise their rights by means of a written communication sent to the website with the subject "RGPD-https://www.flycartour.com.br", specifying:
  
  Full name or corporate name, CPF (Individual Taxpayer Registry, Brazilian Federal Revenue Service) or CNPJ (National Legal Entity Taxpayer Registry of Brazil) number and email address of the user and, if applicable , of its representative;
  Right you wish to exercise with the website;
  Date of order and user signature;
  Any document that can demonstrate or justify the exercise of your right.
  The request must be sent to the email: incoming@flycartour.com.br, or by mail, to the following address:
  
  Fly Car Tour
  Avenida Brasil, 250
  Foz do Iguaçu
  PR
  CEP 85851000
  
  The user will be informed in case of rectification or deletion of their data

3. Duty not to provide third-party data

During the use of the site, in order to protect and protect the rights of third parties, the user of the site must only provide his/her personal data, and not those of third parties.

4. Information Collected

The collection of user data will be in accordance with the provisions of this Privacy Policy and will depend on the user's consent, which is dispensable only in the cases provided for in art. 11, item II, of the Personal Data Protection Law.

4.1. Types of data collected

4.1.1. User identification data for registration

The use by the user of certain features of the site will depend on registration, and in these cases, the following user data will be collected and stored:

• name
• date of birth
• email address
• postal address
• social network details
• phone number
• CPF number
• CNPJ number

4.1.2. Data provided in the contact form

The data eventually informed by the user who uses the contact form available on the site, including the content of the message sent, will be collected and stored.

4.1.3. Data related to the execution of contracts signed with the user

For the execution of the purchase and sale contract or the provision of services eventually signed between the website and the user, other data related to or necessary for its execution may be collected and stored, including the content of any communications with the user. .

4.1.4. Access logs

In compliance with the provisions of art. 15, caput and paragraphs, of Federal Law no. 12.965/2014 (Marco Civil da Internet), user access logs will be collected and stored for at least six months.

4.1.5. Newsletter

The email address registered by the user who chooses to subscribe to our Newsletter will be collected and stored until the user requests his/her unsubscribe.

4.1.6. Sensitive data

Sensitive data from users will not be collected, meaning those defined in arts. 9 and 10 of the GDPR and in arts. 11 and following of the Personal Data Protection Act. Thus, among others, the following data will not be collected:

• data revealing the user's racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership;
• genetic data;
• biometric data to uniquely identify a person;
• data relating to the user's sex life or sexual orientation;
• data relating to criminal convictions or offenses or related security measures.
• data relating to user health;

4.1.7. Collection of data not expressly provided for

Occasionally, other types of data not expressly provided for in this Privacy Policy may be collected, provided they are provided with the user's consent, or even if the collection is permitted or required by law.

4.2. Legal basis for the processing of personal data

By using the services of the site, the user is consenting to this Privacy Policy.

The user has the right to withdraw his consent at any time, not compromising the lawfulness of the processing of his personal data before the withdrawal. Withdrawal of consent can be done by email: incoming@flycartour.com.br, or by mail sent to the following address:

Fly Car Tour
Avenida Brasil, 250
Foz do Iguaçu
PR
CEP 85851000

The consent of the relatively or absolutely incapacitated, especially children under 16 (sixteen) years of age, can only be given, respectively, if they are duly assisted or represented.

Personal data necessary for the execution and fulfillment of the services contracted by the user on the site may also be collected.

The processing of personal data without the user's consent will only be carried out due to legitimate interest or for the cases provided for by law, that is, among others, the following:

• for compliance with a legal or regulatory obligation by the controller;
• for carrying out studies by a research body, guaranteeing, whenever possible, the anonymization of personal data;
• when necessary for the performance of a contract or preliminary procedures related to a contract to which the user is a party, at the request of the data subject;
• for the regular exercise of rights in judicial, administrative or arbitration proceedings, the latter pursuant to Law No. 9,307 of September 23, 1996 (Arbitration Law);
• to protect the life or physical safety of the data subject or a third party;
• for the protection of health, in a procedure performed by health professionals or health entities;
• when necessary to meet the legitimate interests of the controller or a third party, except where fundamental rights and freedoms of the data subject that require the protection of personal data prevail;
• for credit protection, including the provisions of relevant legislation.

4.3. Purposes of processing personal data

The user's personal data collected by the website is intended to facilitate, expedite and fulfill the commitments established with the user and to enforce the requests made by filling out forms.

Personal data may also be used for commercial purposes, to personalize the content offered to the user, as well as to support the website to improve the quality and operation of its services.

The website collects user data for profiling, that is, automated processing of personal data that consists of using this data to evaluate certain personal aspects of the user, mainly to analyze or predict related characteristics to your professional performance, your economic situation, health, personal preferences, interests, reliability, behavior, location or displacement.

The registration data will be used to allow the user access to certain contents of the site, exclusive to registered users.

The collection of data related to or necessary for the execution of a purchase and sale or service agreement eventually signed with the user will have the purpose of providing the parties with legal certainty, in addition to facilitating and enabling the conclusion of the business.< /p>

The processing of personal data for purposes not provided for in this Privacy Policy will only occur upon prior notice to the user, and, in any case, the rights and obligations set forth herein will remain applicable.

4.4. Period of retention of personal data

The user's personal data will be kept for a maximum period of: 5 years, unless the user requests its deletion before the end of this period.

Users' personal data can only be kept after the end of their treatment in the following cases:

• for compliance with a legal or regulatory obligation by the controller;
• for study by a research body, guaranteeing, whenever possible, the anonymization of personal data;
• for transfer to a third party, provided that the data processing requirements laid down in the legislation are respected;
• for the exclusive use of the controller, its access by a third party is prohibited, and provided that the data is anonymized.

4.5. Recipients and transfer of personal data

The user's personal data will not be shared with third parties. They will therefore only be handled by this site.

5. Processing of personal data

5.1. Data controller (data controller)

The controller, responsible for the processing of the user's personal data, is the natural or legal person, public authority, agency or other body that, individually or jointly with others, determines the purposes and means of data processing personal.

On this site, the person responsible for processing the personal data collected is Fly Car Tour, represented by the Technical Team, which can be contacted by e-mail: incoming@flycartour.com.br or at the address:
Fly Car Tour
Avenida Brasil, 250
Foz do Iguaçu
PR
CEP 85851000

The data controller will be directly responsible for processing the user's personal data.

5.2. Data protection officer

The data protection officer is the professional responsible for informing, advising and controlling the data controller, as well as the workers who process the data, regarding the website's obligations under the GDPR , the Personal Data Protection Law and other data protection provisions present in national and international legislation, in cooperation with the competent control authority.

On this site, the data protection officer is the Technical Team, which can be contacted by email: incoming@flycartour.com.br.

6. Security in the treatment of the user's personal data

The site undertakes to apply the technical and organizational measures capable of protecting personal data from unauthorized access and from situations of destruction, loss, alteration, communication or dissemination of such data.

To guarantee safety, solutions will be adopted that take into account: adequate techniques; application costs; the nature, scope, context and purposes of the processing; and risks to the user's rights and freedoms.

The website uses an SSL (Secure Socket Layer) certificate that guarantees that personal data are transmitted in a secure and confidential way, so that the transmission of data between the server and the user, and in feedback, occurs in a fully encrypted way. or encrypted.

However, the site disclaims liability for the sole fault of a third party, such as in the case of an attack by hackers or crackers, or the sole fault of the user, as in the case where he himself transfers his data to a third party. The website also undertakes to notify the user within an adequate period of time in the event of any type of breach of the security of their personal data that may cause them a high risk to their personal rights and freedoms.

Breach of personal data is a breach of security that causes, accidentally or unlawfully, the destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, preserved or subject to any other type of treatment.

Finally, the site undertakes to treat the user's personal data with confidentiality, within legal limits.

7. Browsing data (cookies)

Cookies are small text files sent by the website to the user's computer and stored there, with information related to website navigation.

Through cookies, small amounts of information are stored by the user's browser so that our server can read them later. For example, data about the device used by the user, as well as their location and time of access to the website, may be stored.

Cookies do not allow any file or information to be extracted from the user's hard drive, and it is also not possible that, through them, access to personal information that has not come from the user or the way in which the site resources.

It is important to note that not every cookie contains information that allows the user to be identified, and certain types of cookies may be used simply to ensure that the website loads correctly or that its features work as expected.

The information eventually stored in cookies that allow the identification of a user is considered personal data. Therefore, all the rules set forth in this Privacy Policy are also applicable to them.

7.1. Website Cookies

Site cookies are those sent to the user's and administrator's computer or device exclusively by the site.

The information collected through these cookies is used to improve and personalize the user experience, and some cookies may, for example, be used to remember user preferences and choices, as well as to offer personalized content.

These browsing data may also be shared with any partners on the site, seeking to improve the products and services offered to the user.

7.2. Social media cookies

The site uses social networking plugins, which allow accessing them from the site. Thus, in doing so, the cookies used by them may be stored in the user's browser.

Each social network has its own privacy and personal data protection policy, and the individuals or legal entities that hold them responsible for the data collected and for the privacy practices adopted.

Users can search through social networks for information on how their personal data is handled. For information purposes, we provide the following links, from which the privacy and cookie policies adopted by some of the main social networks can be consulted:

Facebook: https://www.facebook.com/policies/cookies/
Twitter: https://twitter.com/en/privacy
Instagram: https://help.instagram.com/1896641480634370?ref=ig
Youtube: https://policies.google.com/privacy?hl=pt-BR&gl=en

7.3. Management of cookies and browser settings

The user may oppose the registration of cookies by the website, simply by deactivating this option in their own browser or device.

Disabling cookies, however, may affect the availability of some tools and features on the website, compromising their correct and expected functioning. Another possible consequence is the removal of user preferences that may have been saved, harming your experience.

The following are some links to the help and support pages of the most used browsers, which can be accessed by users interested in obtaining more information about managing cookies in their browser:

Internet Explorer:

https://support.microsoft.com/en -br/help/17442/windows-internet-explorer-delete-manage-cookies

Safari:

https://support.apple.com/en-us/guide/safari/sfri11471 /mac

Google Chrome:

https://support.google.com/chrome/answer/95647?hl =en-BR&hlrm=en

Mozilla Firefox:

https://support.mozilla .org/en-US/kb/enable-and-disable-the-cookies-that-sites-use

Opera:

https://www.opera.com/help/tutorials/security/privacy/

8. Complaint to a Control Authority

Without prejudice to any other administrative or judicial remedy, all data subjects have the right to file a complaint with a supervisory authority. The complaint can be made to the authority of the site's headquarters, the user's country of habitual residence, his place of work or the place where the infringement was allegedly committed.

9. Of the changes

This version of this Privacy Policy was last updated on: 7/22/2021.

The editor reserves the right to modify, at any time and without any prior notice, the site the present rules, especially to adapt them to the evolutions of the Fly Car Tour site, either by making new functionalities available or by deleting or modification of existing ones.

In this way, the user is invited to periodically consult this page to check for updates.

By using the service after any modifications, the user demonstrates his agreement with the new rules. If you disagree with any of the changes, you must immediately request the cancellation of your account and submit your reservation to the customer service, if you wish.

10. Applicable law and jurisdiction

For the settlement of disputes arising from this instrument, Brazilian law will be fully applied.

Any disputes must be filed in the court of the district where the site editor's headquarters are located.