Privacy Policy

Policy updated on December 20th, 2024.

Inter Privacy Policy

At Inter, we aim to provide the best possible experience to ensure that you fully enjoy our products and services. For this reason, your privacy and the security of your Personal Information are and always will be very important to us.

We understand that ensuring privacy goes beyond compliance with legislation. It is about respecting Data Subjects, as well as honoring our pillars of transparency, partnership, security, simplicity, and positive user experience.

Thus, the Inter Privacy Policy (“Policy”) aims to:

(i) reinforce our commitment to privacy and security in the handling of information collected from our clients and other Data Subjects;

(ii) demonstrate in a simple and transparent manner which Personal Information (as defined below) is processed by Inter, the reasons for and how we collect, store, process, transfer, and consult such Personal Information;

(iii) show how we protect your Personal Information; and

(iv) define when and how you can control your privacy preferences, such as updating, requesting, and managing your information through our mobile application (“App”) and other communication channels.

The Inter Privacy Policy applies to all products and services, both banking and non-banking, offered by Inter that use Personal Information

1. Who are we?

The Controller of your Personal Information, that is, the company responsible for making decisions regarding the Processing of your Personal Information, will be Banco Inter S.A., registered under CNPJ nº 00.416.968/0001-01, headquartered at Av. Barbacena, 1219 – Santo Agostinho, Belo Horizonte, MG, Brazil - ZIP Code 30190-131, as well as other companies in the Inter Group, including affiliated companies, subsidiaries, associated companies, and both controlling and controlled companies, directly or indirectly, by Banco Inter (“Inter”).

The Inter Group consists of the companies listed below. You should consult the specific documents or terms and conditions of the products or services you have consulted, used, or contracted to verify the responsible company.

• Banco Inter S.A.
• Inter Distribuidora de Títulos e Valores Mobiliários Ltda.
• Inter Asset Gestão de Recursos Ltda.
• Inter Digital Corretora de Seguros Ltda.
• Inter Marketplace Intermediação de Negócios e Serviços Ltda.
• Inter Food S.A.

Contact

Data Protection Officer: Camila Wendling

Email: privacidade@inter.co

2. Definitions

Anonymization: the use of methods that are reasonable and technically available at the time of Processing, through which a data loses the possibility of association, directly or indirectly, with an individual.

Controller: the natural or legal person responsible for the decisions regarding the Personal Information Processing.

Cookies: files installed on a user's device that aim to serve various purposes that allow the collection of certain information, including, in some situations, Personal Information.

Data Protection Officer: person designated by the Controller and the Processor to act as a communication channel between the Controller, Data Subjects, and ANPD.

Data Subject: any identified or identifiable natural person related to the processed Personal Information. They are, for example, our customers, potential customers (prospect/ lead), account holders, employees, third parties, service providers, job applicants, among others.

Device: the device that can be used to access the services offered by Inter, such as computers, tablets, and smartphones.

General Data Protection Law (LGPD): Federal Law no. 13.709 published on August 14, 2018, that regulates the Personal Information Processing activities, including in digital media, by natural person or by legal entity under public or private law, with the objective of protecting the fundamental rights of freedom, privacy and the free personality development of the natural person.

Geolocation: feature that, when activated by the Data Subject, allows to define the approximated position of a Device, providing an estimate of its location and the time it was accessed.

IP Address: it is a number assigned to each Internet-connected Device, known as the Internet Protocol address (IP). Typically, these numbers are assigned in geographic blocks. An IP address can be used to identify, for example, where a Device is connecting to the Internet.

National Personal Data Protection Authority (ANPD): the Brazilian federal public administration agency responsible for safeguarding, implementing, and overseeing compliance with the LGPD throughout Brazil.

Personal Information/ Data: the concept in the LGPD refers to information related to an identified natural person or information that allows the identification of a natural person, such as name, address, CPF, RG, identification documents in general, telephone number, among others.

Processing: any operation carried out with Personal Information, in an automated or non-automated process. In other words, this is the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, storage, archiving, deletion, evaluation or control of information, modification, communication, transfer, dissemination or extraction.

Processing Agents: Controller and Processor.

Processor: the person or company that carries out the Personal Information Processing on behalf of the Controller, following its instructions.

Sensitive Information/ Data: the concept in the LGPD refers to the Personal Information on racial or ethnic origin, religious belief, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, Data related to health or sexual life, and genetic or biometric data when linked to a natural person.

3. How we collect your Personal Information

Different information is collected when you use our App or Website and they are classified into two categories:

Personal Information provided directly by the Data Subject - information you provide, including but is not limited to the following situations:

• when interacting and contacting us through our customer service channels;

• when requesting, contracting, or using any products or services provided by Inter;

• when filling out forms and registrations made available by Inter;

• when requesting quotations and other information about our products and services;

• when participating in surveys or promotional campaigns conducted by Inter;

• when requesting the opening of your account.

Personal Information provided indirectly by the Data Subject: we may collect personal information in

an indirect manner, when:

• information you provide about third parties: Personal Information related to third parties that

are necessary for the provision of services provided by Inter to you, such as, but not limited

to, guarantors or beneficiaries. This refers to Personal Information provided by you for us to

execute the contracted services, in common practices in the banking market;

• automatically collected data, such as Personal Information collected during the use of our

services in the App or website (browsing): information collected by Inter when you browse

and/or use Inter's services, including through Cookies; and

• personal information collected from other sources: refers to the information collected by Inter

from its internal systems, from credit bureaus, as well as from partner third parties, suppliers,

service providers, public entities, affiliated agencies, and information made publicly available

or disclosed by you, always respecting the purposes outlined in this Policy. These companies

may change according to the services offered by Inter and the information collected.

Inter may use the Personal Information provided indirectly by the Data Subject, as described above, to send advertising and promotions by email or any other means of communication, respecting the provisions of this Policy and the LGPD.

4. Which Personal Information categories are processed by Inter?

Below, we hereby provide an illustrative list of the the main categories of Personal Information that we collect and process:

• registration and identification data: full name, CPF, RG, CNH, profession, marital status, image/photo of your official identity documents, photo, date of birth, nationality, place of birth, parental information, gender, education level, among others;
• contact information: phone number, address (street, neighborhood, number, city, state, country, postal code), email;
• financial information and credit history: banking data (bank, agency and account number), PIX, financial transactions, income, transactions, card data, data on financial restrictions, scores generated by credit bureaus, credit operation information;
• sensitive personal information: facial biometrics (face recognition technology that allows the verification of individuals based on characteristic patterns of the face) or fingerprints, among other Sensitive Personal Information;
• browsing data: information we collect about your interactions with the App or website, such as: search history, browsing history, dates and times of access, resources used, how you use the products and services, App issues, and other system activities;
• device data: information about the Device you use to access the App and website, such as: brand, operating system, IP Address, MAC Address, type of network connection (WI-FI, 3G, LTE, Bluetooth, or others), network and Device performance, browser type, version, language, and App version;
• geolocation: we can determine your approximate location through GPS or IP Address. The types of location data we collect depend partly on the Device and the App settings. You can enable or disable location tracking by accessing the settings/privacy option on your Device;
• information about dependents, spouses, legal representatives, guarantors, or beneficiaries.

The Personal Information mentioned above may belong to clients, potential clients (prospects/leads), former clients, third parties who have conducted any transactions with us or with any of our clients, representatives, attorneys, tutors, curators, employees, or partners of any client or company with which Inter has a relationship (“Data Subjects”).

5. Why does Inter process Personal Information?

The Personal Information collected pursuant to this Policy is used for the following purposes:

• fulfill our contractual obligations, especially in executing the terms of your contract(s) with Inter;
• comply with applicable legal and/or regulatory requirements;
• provide our products, services, and features to you;
• validate and authenticate Personal Information of parents or legal guardians, necessary for confirming the opening of accounts for children and/or adolescents and providing related services and products;
• authenticate financial transactions;
• create investor profiles to tailor financial services;
• improve the performance of functionalities available on the website and App, as well as ensure the compatibility of our services with the Device you use, allowing a better user experience;
• serve the legitimate interests of Inter or third parties, respecting the provisions of the LGPD;
• reinforce our security and protection procedures, aiming for a safer and more efficient service;
• proactively and automatically monitor the operations conducted during the use of our products and services to detect and prevent fraud, financial crimes, and ensure the safety of customers and the national financial system;
• prevent money laundering and combat the financing of terrorism;
• conduct internal operations, including customer service and support, troubleshooting, data analysis, testing, research, and statistics;
• enhance, refine, and personalize our services, products, and functionalities, ensuring they are presented to you in the most effective and tailored manner;
• inform our customers and prospects about news and information regarding products, services, and functionalities through general or specific campaigns, as well as send information about promotions, news, and other relevant events promoted and/or provided by Inter;
• evaluate and/or analyse the effectiveness of the advertising we send, aiming to deliver relevant, accurate, and personalized advertisements to you;
• allow you to participate in interactive features of our services when you choose to do so;
• manage our provision of services and/or delivery of products and services;
• allow you to participate in sweepstakes, promotions, campaigns, and prize/gift deliveries;
• notify you of any changes in our products and services;
• produce evidence and assist in conducting legal, administrative, or arbitral proceedings, as well as assist in meeting other legal requirements;
• make decisions with the support of systems, software, and technologies regarding the use of our services;
• conduct activities related to credit protection, such as collections, credit assignment, financial risk analysis, and credit information inquiries;
• offer pre-approved credit;
• conduct Processing activities permitted by you in specific situations, through your free, informed, specific, and highlighted consent; and
• analyze your resume, verifying your skills and curricular information to determine if you meet the specific requirements for the position you applied for.

Additionally, we clarify that:

• selfies/facial biometrics/images may be used by Inter to ensure the authenticity of your identity at the time of account opening and during the use of certain functionalities of the App, for example, during password reset or account registration on a new Device, aiming to prevent fraud and to ensure your security;
• the verification and confirmation of Personal Information may, at Inter's discretion, be conducted by partner third-party companies (Operators) that will comply with the same security and privacy standards set forth herein;
• the information we collect about your location is approximate and allows us to: (i) enhance the security of your transactions based on geographical location points (anti-fraud); (ii) improve your experience on the App by showing, for instance, products, services, and establishments, as well as the nearest bank terminals to you; and (iii) identify the source of a call received through our customer service channels.

Without prejudice to the purposes stated above, the table below provides, for illustrative and non-exhaustive purposes: (i) some of the Personal Information we process, (ii) the purpose, and (iii) the legal basis for processing:

We emphasize that you will be the sole and exclusive responsible for the quality and accuracy of the Personal Information provided during your registration, quotation, and/or contracting of any products or services.

Inter has no responsibility for the accuracy of the Personal Information provided, as well as for any damages arising from inaccuracies and/or outdated information.

To check the possibility of determining your preferences regarding the Processing and use of some of your Personal Information by Inter, please consult our Privacy Center in the Super App and/or send an email to “privacidade@inter.co”.

5.1. Collection and Processing of Personal Data of Children and Adolescents

Inter may process personal information of a child and/or adolescent when the digital account opening is requested for a child and/or adolescent.

To ensure greater security for the Personal Information of children and/or adolescents, Inter may request additional validations and approvals from at least one parent or the legal guardian of the respective Data Subject for using the digital account and the products and services available, and may also restrict such use.

Inter has internal procedures and technologies to assist in the verification of the legal guardian powers.

The collection and Processing of Personal Information of children and/or adolescents are carried out in accordance with their best interests, observing the rules detailed in this Policy and the LGPD, without prejudice to specific terms and conditions of the products and services used.

6. Cookies

Cookies are small files that contain a sequence of characters, created and sent that can be stored on your electronic devices or browser.

They are important tools for the proper functioning of our services, as well as helping to remember your preferences and personalize your access, making your browsing safer, faster, and more enjoyable.

You should be aware that if you choose to decline or remove Cookies, the availability and functionality of Inter's services may be affected. To learn more, please refer to our Cookies Policy.

7. Personal Information Sharing

When necessary, we may share your information with the third parties listed below:

• among Inter companies;
• with business partners, service providers, suppliers and subcontractors for the perfect and correct execution of contracts concluded with them or with you;
• with authorities and regulatory bodies;
• with advertising and marketing companies to select and disclose ads that are relevant to you, as authorized;
• with legal offices to act in legal proceedings; and
• with search engine and analytics providers to assist in improvements and optimizations of our App and website.

The purposes already presented in this Policy may justify the sharing of Personal Information, but we may also share your personal information with third parties:

• in case of transactions and corporate changes involving any Inter company, in which case the transfer of Personal Information will be necessary for the continuity of the services currently offered;
• in compliance with current legislation;
• in compliance with Contracts or other agreements with our Data Subjects;
• to ensure greater security in your transactions and contracts, preventing attempts of fraud, money laundering, and other crimes, reducing credit risk and protecting your rights and properties, as well as those of Inter and other Data Subjects. For this reason, Inter may validate your information, identity, qualifications, and, when applicable, those of your representatives or related third parties, in order to verify and confirm the authenticity of the provided information, including by cross-referencing this information with that available in public or private databases owned by service providers of Inter;
• for the protection of Inter interests in cases of claims and conflicts, including judicial, administrative and arbitration proceedings;
• by court order or at the request of competent administrative authorities that have the legal authority to require it;
• for financial risk assessment; and
• to collect from insolvent customers and Data Subjects and/or recover debts.

Do not worry, any sharing of information is done strictly to the extent necessary and following strict standards of security and confidentiality, as well as banking secrecy regulations and other privacy protection laws and regulations, always respecting and ensuring that third parties respect the confidentiality of your information.

If third parties process the Personal Information shared by Inter for different purposes than those described above, they assume the role of Controllers and become liable for the protection and security of your Personal Information to the exact extent of the new Processing activities, including for the exercise of your rights as a Data Subject.

8. International Transfer of Personal Information

Inter may share your Personal Information with the Group companies, business partners, service providers, suppliers and subcontractors located in other countries for the purposes described in this Policy, such as:

• perform internal operations, including the support to our Data Subjects;
• troubleshooting;
• data storage and analysis;
• tests;
• research and statistical analysis;
• marketing operations and campaigns, as authorized; and
• to comply with our contractual obligations, in particular the compliance with the terms of your contract with Inter and the provision of our products and services.

We will only share data with third parties located in countries that provide the level of data protection outlined in the LGPD.

Inter will ensure that the transmission of your Personal Information is carried out pursuant to the applicable privacy laws and, in particular, that appropriate contractual, technical, and organizational measures are observed, ensuring greater security for your Personal Information.

9. Personal Information Processing Duration

The processing period of your Personal Information by Inter will vary according to:

• the types of products and services that are contracted/provided;
• the processing purposes;
• the relevant contractual and legal provisions.

For example: Personal Information used during account opening is subject to the Brazilian Central Bank rules that require a minimum retention of 10 (ten) years after the contract termination.

In addition, in case of any refusal of your proposal to contract any product or in cases where you start but decide not to proceed with your registration at Inter, we will retain your Personal Information for the necessary period to comply with the purposes provided for by law and in this Policy.

Inter will keep the information that allows:

• to comply with applicable laws and regulations (e.g., standards related to the prevention of money laundering and financing of terrorism; account opening, maintenance, and closure);
• to keep records of any person who does not wish to receive advertising and marketing from Inter;
• to respond to any future claims and lawsuits regarding the services we provide;
• fraud monitoring.

Inter will retain your Personal Information after the termination of your relationship with us to comply with the purposes provided for in the LGPD, but do not worry, as we will continue to protect your Personal Information and follow the practices and procedures set forth in this Policy while we retain your information.

10. Your Personal Information Security

We prioritize the security and privacy of the data you actively provide to us or that we collect, observing and complying with not only the norms, principles, and guidelines for data protection but also the existing banking secrecy regulations for Processing.

We adopt technical, administrative, and preventive measures regarding the offered products and services, protecting information and information technology assets against unauthorized access and Processing, complying with the laws and regulations governing our market, establishing mechanisms for managing cyber risks, in addition to implementing information security policies.

We emphasize the importance of not sharing Personal Information and access passwords with third parties to prevent fraud and improper access to your account. In addition, we suggest that you use a strong, unique password and always log out of the Inter app after accessing and using your account.

Do you want to learn more? Please visit our Security page.

11. Your Rights as the Subject of Personal Information

LGPD provides several rights to Data Subjects. Therefore, you, as Data Subject, can make requests to Inter, as detailed in the table below:

To exercise any of your rights established above, as well as to determine your preferences regarding the Processing and use of some of your Personal Information by Inter, you can access the Privacy Center in the Super App at any time and for free, and/or send an email to "privacidade@inter.co". You will receive a response within a maximum of 15 (fifteen) days from the date of your request.

If you are not satisfied with the solution provided, please contact the Ombudsman at 0800 940 7772, available from Monday to Friday, from 9am to 6pm (except holidays); and to report any suspicious activity and/or to communicate behaviors considered unethical that violate Inter's Code of Conduct and Ethics and/or applicable legislation by our employees, partners, and clients, you can use the channel https://canaldedenuncia.bancointer.com.br/ or call 0800 887 0077, available 24 hours, 365 days a year.

For security reasons, we can only assist you with your request if we are certain of your identity. Therefore, we may request additional data or information to confirm the identity and authenticity of the requester.

12. Updates and Questions

Your information will always be treated in accordance with the LGPD and this Policy, which may be modified at any time due to legislative changes or changes in the products or services we provide, because of updates to technological tools, or when necessary, at our discretion.

When we make relevant changes, the Data Subjects will be notified through a notice in our App, website, email, or any other available means of communication, at Inter's discretion. Be sure to read any notice of this nature carefully.

Any clause or condition of this Policy that is considered null or ineffective for any reason by any court or tribunal will not affect the validity of the other provisions of this Policy, which will remain fully valid and binding, generating effects to the fullest extent.

Inter's failure to enforce any rights or provisions of this Policy shall not constitute a waiver, and it may regularly exercise its rights within the legal deadlines.

Any questions about this Policy can be addressed to our Data Protection Officer, Camila Wendling, via email at ''privacidade@inter.co'', and for further information, we invite you to visit our Privacy Page.

13. Applicable Law and Conflict Resolution

Any controversies arising from the terms set forth in this Privacy Policy will be resolved in accordance with Brazilian law.

The use of services and/or orders placed outside Brazilian territory, if applicable, or arising from operations initiated abroad may also be subject to the legislation and jurisdiction of the authorities of the countries where they are placed or initiated.