Our terms of use and privacy policy have been updated. X

COPERSUCAR S.A., a company duly constituted with its principal place of business at Avenida das Nações Unidas, No. 14261, Wing A-1, 12th floor, room 09, Postal Code: 04794-000, enrolled with the National Corporate Taxpayers Register of the Ministry of Finance (CNPJ/ME) under number 10.265.949/0001-77 (“Copersucar”), under this Personal Data Privacy Policy (“Privacy Policy” or “Policy”) makes a commitment to the security and protection of Personal Data (as defined below), complying at all times with the legislation covering information security, privacy and protection of Personal Data observing, to the extent applicable, the Brazilian General Data Protection Law, the Brazilian Civil Rights Framework for the Internet and other related legislation.

In addition, this Policy aims to inform the owners about how Copersucar collects, uses, shares and protects Personal Data.

This Policy comes into effect on November 26, 2020.


Copersucar is a global exporter of sugar and ethanol using integrated logistics throughout its entire business chain, operational excellence and the sustainable creation of value.

I – Which Personal Data is collected and for what purpose is it treated?

Copersucar treats Personal Data, understood to be data that enable an individual to be identified or to become identifiable (“Personal Data” or “Data”).

Copersucar collects and treats Data on its various interfaces in the normal course of its business.

Thus, it collects the Personal Data of employees, customer representatives, partners, service providers, and suppliers etc. The list of data collected may include: Identification data, contact data, browsing data (cookies, IP addresses), geolocalization, devices, health data (this is considered sensitive Personal Data), biometric data and other data required from time to time for undertaking transactions under Copersucar’s responsibility. The list of data collected may vary according to the relationship existing between Copersucar and the owners.

II – Method and duration of the treatment

Most of the Personal Data that Copersucar processes provided directly by the owners for one of the following reasons:

  • Making contact in the course of some business relationship (customers’ representatives, partners and suppliers);
  • Secure browsing on our sites and applications;
  • Filling out some registration form at Copersucar;
  • So that we can provide our services, receive and make payments and provide assistance; and/or
  • In their relationships with the employees to defend those employees’ interests and/or fulfill contracts.


All Personal Data collected is treated and stored for as long as necessary for complying with the purposes described in this Policy, as well as complying with the legal or regulatory obligations, also bearing in mind the occasional need to use it in legal, administrative or arbitration proceedings.

This, therefore, justifies the retention of Personal Data on our bases, under the same security and protection mechanisms employed in the case of Copersucar information.

III – Parent Company Contact Information

Additional Information, doubts or requests about this Policy can be clarified by the party in charge of protecting Personal Data, using the form available at e-mail address: https://privacy-central.securiti.ai/#/dsr/a176f0d7-3d78-443e-926c-4c304bd8618d or by sending an e-mail to dpo@copersucar.com.br, or a letter to the following address: Avenida das Nações Unidas, No. 14261, Wing A-1, 12th floor, room 09, Postal Code: 04794-000 (care of Copersucar S.A.).

The party responsible for Copersucar is Certsys Tecnologia da Informação Ltda, a duly constituted company with its principal place of business at Rua Doutor Rafael de Barros, 209, Suite 132, Paraíso, São Paulo/SP Postal Code, enrolled with National Corporate Taxpayers Register (CNPJ) under no. 08.821.745/0001-23.

IV – Information about the shared use of data by the parent company and the purpose

Copersucar can share Personal Data with its subsidiary companies and suppliers, if necessary, when conducting its operations and/or meeting its obligations. This sharing involves establishing the parties’ rights and duties, so as to prevent Personal Data being used in a manner other than that stipulated by Copersucar and/or that violates the applicable privacy legislation.

In certain circumstances, at all times with due regard for prevailing legislation, Copersucar may be legally obligated to share Personal Data in response issues raised or legitimate requests.

V – Responsibility of the agents responsible for treatment

In treating Personal Data, Copersucar implements security measures considered sufficient for protecting it, such as:

  • Access to the data base restricted to the companies and authorized professionals. • Monitoring the accesses to Copersucar’s internal systems. • Adoption of preventive procedures against information security incidents, as well as remediation and crisis management techniques.

Copersucar makes an effort to protect the Personal Data it handles, but there is no guarantee that this data is immune to improper access by unscrupulous persons.

Copersucar is not accountable for acts by third parties other than its traders or employees going about their work.

When accessing the Copersucar web site where there are fields for user login and password, the user is responsible for keeping their passwords and logins confidential. Copersucar is entitled to assume that aby person accessing the site using a login and password attributed to a user has the right to do so. Usually will be totally responsible for the activities of any person accessing the site using a password attributed to them, even if that person is not in fact authorized to do so by the user. Whenever there is reason to suspect that their password is being used without authorization, the user should change the password immediately.

In this respect, users are recommended to take the necessary precautions surrounding the confidentiality of their Personal Data when using the site and the internet as a whole.

The function of the user’s password is to protect their account against it being used by third parties and, therefore, Copersucar always suggests: (i) that users use strong passwords that are solely for accessing the digital environments of Copersucar, (ii) that this password is never shared with third parties, limiting access to their computer and browser, and (iii) that users log off from their accounts after using the services.

VI – Owner’s rights

The owner of the Personal Data enjoys the following rights in regard to their data, insofar as those rights are recognized under the applicable laws:

  • Confirmation of the existence of treatment: confirmation of the of treatment of the data held by Copersucar;
  • Access to the data: access to the data collected by Copersucar, with the exception of cases protection of commercial and industrial secrets;
  • Correcting data: requests to correct data that is incomplete, out of date our incorrect;
  • Anonymizing, blocking or eliminating: anonymizing, blocking or eliminating data that is unnecessary, excessive or treated in a manner that does not comply with applicable legislation provisions. Anonymization will take place bearing in mind the use of reasonable technical methods available when the data is being treated;
  • Portability: portability of Personal Data under an express request, according to the regulations of the national authority, with due regard for commercial and industrial secrets.
  • Elimination of data: elimination of Personal Data treated with the owner’s consent, except in those cases provided for in the prevailing legislation; in this regard, subject to local legal requirements, Copersucar can retain the Personal Data in case: (i) it is legally obligated to keep it, (ii) to comply with the and/or regulations that so stipulate; (iii) it needs the Data to submit, exercise or defend legal claims; and (iii) [sic] it needs to retain control of the Data for public health reasons.
  • Information about data sharing: receiving notification about Personal Data shared with public and private entities.
  • Revocation of consent: revocation, at any time, of the consent given against the owner’s express request. The revocation procedure will always be free of charge and facilitated;

It is possible to exercise these rights by contacting us by sending a request to the following address: dpo@copersucar.com.br

VII – Data of Minors

We do not deliberately collect Personal Data of children under the age of 13 (thirteen) years or those under the applicable age limit (“Age Limit”). If you are under the Age Limit, do not use the Copersucar services and do not provide any Personal Data.
If you are the parent of a minor and you discover that your child has provided Personal Data to Copersucar, contact us using the available at the e-mail address or via the e-mail account dpo@copersucar.com.br.

If we become aware that we have collected the Personal Data of someone under the age of 13 (thirteen), we will take reasonable measures to remove their Personal Data.

VIII – Contact information

In case of any additional doubts, please e-mail us at: dpo@copersucar.com.br.

IX – Amendments to this Policy

We may occasionally amend this Policy. When we make material changes to this Policy, you will be duly notified, according to the circumstances, for example, by displaying a notice on the main page of https://www.copersucar.com.br or by sending an e-mail to contacts registered in our services.

X – Final provisions

Copersucar, at its sole discretion, may modify the terms and conditions in this Notice, including, but not limited to, situations arising from compliance with legislation, alterations to the products and services, or by the rollout of new technological tools. For greater security and within the principle of transparency, any updates to the Privacy Notice will be made known to the owners on the Copersucar site (www.copersucar.com.br). Copersucar takes no responsibility for problems arising from delays, interruptions or blockages in the transmission of information sent to its e-mail address.

This Policy was last updated on November 26, 2020.