PRIVACY POLICY AND DATA PROTECTION 

A Abaeté Aviação presents its new Privacy Policy, structured to protect all individuals with whom it interacts.

We have as one of our values ​​the honesty and, acting in accordance with this principle, we review all activities in which we collect, process and share personal data of our customers, suppliers, service providers, travel agents or investors, with the purpose of preserving the privacy of the people who do will happen Abaeté Aviação there are more than 40 years. 

 The Privacy Policy is structured around the following topics: 

1.    What is this Policy and who is it for?  

2.    What is the General Data Protection Law? 

3.    What data do we collect and why do we need your data? 

4.    For what activities and with what LGPD authorizations can we process your personal data? 

5.    How long does your data last in our databases? 

6.    What else do we do with your data? 

7.    What data do we collect on the website?

8.    Other marketing activities

9.    Video monitoring

10You are a data subject and the LGPD guarantees rights. 

To help you understand this Policy, we have a glossary at the end. Check it out!  

If there are changes to this Policy, such changes will be published on our website www.voeabaete.com.br 

1. What is this Policy and who is it for?

If You are our Client in charter, hangaring, “Fractional jets” and airline services, or if You are our Supplier, Service Provider, Travel Agent, Investor or User of our website, this Policy was prepared with the purpose of to be transparent with what we do with your personal data. 

It was prepared after implementing our measures to adapt to the rules, based on the Brazilian General Data Protection Law, Law No. 13.709/2018. We published on 05/12/2023 in Salvador. 

The Privacy and Data Protection Policy is a public document of Abaeté Aviação, published for general public access and will be available on the website www.voeabaete.com.br. 

2. What is the General Data Protection Law?

Brazilian Law No. 13.709, published in 2018 – LGPD, created new rules for all companies when collecting and processing data from individuals with whom they have relationships.  

Therefore, the LGPD protects your personal data, requiring review and restricting what is collected as much as possible, so that only the data truly necessary for each business is collected, processed and supported for a purpose permitted by law.

 

3. What data do we collect and why do we need your data?

A Abaeté Aviação will always use the data to meet a specific purpose, for our products and services offered in the market: regular air transport, air taxi transport, air medical transport, provision of services in general, among others.   

Common data 

The personal data that we can process includes common data, much of which is registration data, such as ID, CPF, gender, bank details, telephone, address, zip code, e-mail, among others, mainly to comply with legal obligations or for the execution specific contract.   

Sensitive data 

Sensitive personal data refers to data such as race and ethnicity, sexual orientation, political and philosophical opinion, trade union membership. Here at Abaeté, we may process, in some cases, sensitive data of individuals with whom we interact, such as, for example, health data, in cases where air medical transport is contracted.  

Data on children and adolescents 

It is possible that the data of children and adolescents may be processed, especially when minors board a company aircraft. Abaeté Aviação, prevailing the obligation to communicate the list of passengers to the National Civil Aviation Agency – ANAC, for example. 

Data Controllers 

For the personal data we collect, in order to establish a contractual relationship or to comply with legal obligations, we will be the Controllers of this Data, that is, responsible for the collection and reliability of your data.  

Data Operators 

In other activities, we will only be Operators collecting your data at the behest of other data processing agents. 

For this last case, in which we will only be Data Operators, the responsibility will be that of the Controlling agent, to whom You may direct any requests or clarifications regarding your data.  

4. For what activities and with what LGPD authorizations can we process your personal data?

Among all the activities we carry out, whether to offer the contracted service, hire service providers, or due to compliance with legal obligations, personal data will be necessary and we will only collect it in accordance with the purpose for which the data will be used. These purposes are supported by the LGPD: 

Obligation of Law or Regulation  (art. 7, II and art. 11, II, of the LGPD)	As previously mentioned, all movement of people in airport areas is extremely regulated by ANAC or similar content standards. We must process your data to carry out mandatory activities such as release for boarding, or security-related procedures. Therefore, the Resolution No. 400, of December 13, 2016, requires, for example, the processing of the passenger's civil identification document. Furthermore, the   Resolution No. 295 of 13/09/2019, provides for the documents necessary for the national travel of children and adolescents, and Abaeté is responsible for complying with the provisions, collecting all the data informed in the authorization of the legal guardian.
Perform the service provided with excellence (art. 7, V of the LGPD)	There are other routines in which we will need to process your data to execute the contract itself, for example, to carry out a charter or offer a ticket on airlines.
Ensure security and prevent fraud (art. 11, II, g of the LGPD)	A Abaeté Aviação may collect your image through access control systems and/or CCTV systems in our environment.
Regular exercise of rights in judicial or administrative proceedings involving the Abaeté Aviação (art. 7, VI and art. 11, II, d of the LGPD)	Even after the end of the established contract, we may keep your data exclusively to defend ourselves in legal and administrative proceedings during the period of the process or for the statute of limitations of the respective right. Therefore, any request for deletion of personal data can only happen after this period.
Legitimate interest of the controller: activities necessary for the operation of Abaeté (art. 7, IX)	We may process your personal data for specific purposes of our legitimate interests involving our activities, such as, for example, when we send you promotions, campaigns and inform you of new travel destinations via email.
With your consent in some exceptional cases (art. 7, I and art. 11, I and art. 14, §1 of the LGPD)	It is possible that we will only be able to carry out other activities of interest to you if you have your consent. In this case, you will be consulted and informed in advance and may or may not authorize the use of your data.
Health protection (art. 7, VIII and art. 11, II, “f” of the LGPD)	In the air medical transport service, our healthcare team will process common and sensitive personal data to ensure safe transport.

5. How long does your data last in our databases?

We retain your personal data until the purpose for which the data was collected has been achieved, with a specific time frame for each activity carried out. 

Once the purpose has been achieved, your data will be kept and only stored for the regular exercise of our rights in processes, for 2, 5, 10 years depending on the nature and purpose. 

6. What else do we do with your data?

To achieve our Company's mission, we interact with multiple fronts, suppliers and partners, as well as customers, who, for some activities, may communicate with each other. But, rest assured, the sharing will be of data strictly necessary for the contracted activity.

The sharing of your data with these types of partners will follow rules established by us, already documented in our service provision contracts.  

Other cases of sharing are when we are obliged by Public Bodies and, eventually, we may be obliged to share your data with the Supervisory Authority.  

We can also, in limited circumstances, international transfer of your data such as cloud services, software with intelligence for processing and storing data with renowned companies that maintain the server in another country with whom we maintain contracts that guarantee the reliability of the data.

To ensure the reliability of your personal data, we are increasing the maturity of our Information security, adopting new and modern protection measures that encompass protection of our digital and physical databases.

7. What data do we collect on the website?

In our digital environment, on the web page, Abaeté Aviação – Linha Aérea (voeabaete.com.br), there will be collection of direct data, those filled out voluntarily by the User, and indirect data, those collected through technological tools known as cookies.

Here, valuing transparency, you know the data that can be collected when you browse and wish to share your personal data with us:

Utility of collection	Requested Data
Login to the Website	Access login with email and password for clients and partner agencies.
Registration to create a login	First and last name, company, address, city, country, zip code, telephone number, password, authorization to receive offers and news.
Communication channel with the company – “Contact”	Name, email, telephone, city, country, contact subject with a list of options (Press Office, Agencies, Ombudsman, Complaints and SAC) and an open field where you can share the content of the message.
Flight reservation	Departure date, return date, departure location, destination location, passenger data: gender, first and last name, telephone, email, nationality, date of birth. Optional collection: address, city, zip code, emergency contact, emergency number and registration to receive offers and news.
Reservation search	Reservation code and surname.
Contact for aircraft charter, runway and hangar service, aircraft sharing and air ICU contracting	Name, email, telephone, type of service (list of options: charter, FBO services, Fractional Jets services, Aeromedical).

8. Other marketing activities

To provide a better service and serve our customers more efficiently and conveniently, we carry out marketing activities in which we may process your personal data.

If You maintained a relationship with us by hiring or ordering one of our services, or if you expressed interest in receiving communications from us with advertisements and campaigns, You may receive communications/messages by email or telephone, always using the contact sent by You.

But, don't worry, if you do not wish to receive further communications, you can, at any time, simply and free of charge, unsubscribe your contacts from our databases.    

 

9. Video monitoring

Our headquarters are a “Controlled Area” environment, therefore, security is a non-negotiable value for Abaeté.

To contribute to security management, we carry out video monitoring of our spaces with image recording for a specified period of no more than 3 months.

  

10. You are a data subject and the LGPD guarantees rights.

As we reported, the LGPD created rules for companies and rights for individuals, also called holders. 

Here at Abaeté, we have created a communication channel for you, if you wish, to exercise your rights: privacy@voeabaete.com.br, being able to make your requests for: 

1. Confirmation and Access: request information and access to your personal data under our processing; 
2. Correction: request the update or change of your outdated, incomplete or incorrect personal data;  
3. Elimination:  request the deletion of your data from our database, except in the legal cases of storage by us for the regular exercise of rights in judicial or administrative proceedings; 
4. Sharing: request information about possible sharing of your data by us to third parties, for what purpose; 
5. Revocation of consent: request the revocation of consent to suspend the processing operation of data collected based on consent.   

 

 

GLOSSARY  

LEGAL BASE	Hypotheses of authorization by the LGPD for companies to process personal data. Legal bases provided for in art. 7th and 11 of the LGPD.
CONSENT	Free, informed and unequivocal expression by which the employee agrees to the processing of their personal data for a specific purpose.
PERSONAL DATA	Data that identifies or can identify a natural person.
COMMON PERSONAL DATA	By exclusion, personal data that is not sensitive or that of children and adolescents (example: name, CPF, email, salary, assets).
SENSITIVE PERSONAL DATA	Personal data on racial or ethnic origin, religious conviction, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data.
PERSONAL DATA OF CHILDREN AND ADOLESCENTS	Personal data of minors under 18, regardless of whether common or sensitive data.
PERSONAL REGISTRATION DATA	Objective personal data such as name, CPF, address, telephone, email, etc.
AUTOMATED DECISION	Decision made about the employee that does not have human participation.
PROCESSING OF PERSONAL DATA	Any action involving personal data, from collection, sharing, storage, access, crossing, etc.
PERSONAL DATA CONTROLLER	Company that processes personal data and is responsible for making decisions about processing. One of 2 types of personal data processing agent.
PERSONAL DATA OPERATOR	Company that processes personal data at the behest of another and in compliance with the rules of another. One of 2 types of personal data processing agent.
INTERNATIONAL TRANSFER	Sharing of data collected in Brazil with legal entities abroad.
USER	Person who accesses our digital environment.