Access your accountOpen account

Security Policy | Privacy Policy | Terms and Conditions of Use

OURIBANK GROUP INFORMATION SECURITY POLICY

The presentation of these Information Security Directives is intended to help you understand the main processes and controls that OURIBANK Banco Múplo S.A. (“OURIBANK”) and the other companies in the OURIBANK group establish for the protection of information and the treatment of risks and threats related to Information Security and Cyber Security. These processes and controls adhere to our Information Security Policy (“Policy”). Learn more about the Policy by clicking here.

  • Information Security Responsibilities and Objectives
    It establishes the guidelines, principles, and responsibilities in addition to guiding the execution of actions related to the treatment and protection of information and the appropriate use of OURIBANK assets.
  • Information Security Principles
    It is a guideline to develop and apply technological protection measures for assets against unauthorized access, modification, destruction, or disclosure by OURIBANK, to preserve the confidentiality, availability, and integrity of the information.
  • Management, access control and traceability
    OURIBANK manages access, grants privileges, and authenticates employees, interns, and service providers to OURIBANK systems and technologies, in addition to establishing standards for managing accounts and passwords.
  • Use of software and prevention against viruses, files, and malicious software
    OURIBANK has controls to prevent viruses and other types of malicious software from entering and spreading in information systems through non-approved files and software whose installation and use are prohibited.
  • Maintenance and backup copies
    OURIBANK has specific procedures to ensure the recovery of data and information when necessary.
  • Classification of data and information
    Defines the criteria for classifying information to ensure that OURIBANK information receives an adequate level of protection. It adopts some categories for the purpose of classifying information, including:
  • Public;
  • Internal;
  • Confidential;
  • Strategic;

  • Information Security Awareness
    It periodically conducts specific training for employees, with the objective of ensuring the confidentiality, integrity, and availability of information.
  • Cyber Security incident response, and business continuity
    OURIBANK monitors and acts to prevent threats of cyber origin. Every cybersecurity event undergoes an assessment, screening and, if so, is classified and has its corresponding response plan activated.
  • Business continuity management
    OURIBANK has a structured plan and mechanisms to activate business continuity in the event of disasters.
  • Adherence to the Policy

If conduct is identified that does not adhere to our Policy, or its non-compliance, OURIBANK will take the necessary legal, technological or disciplinary measures to maintain adherence to it.

TERMOS E CONDIÇÕES DE USO

Ao acessar este site e suas páginas, você concorda com seus termos e condições de uso.

  • Informações e Conteúdo
    As informações apresentadas no site são obtidas de fontes confiáveis, porém o OURIBANK não se responsabiliza pela atualização e precisão das mesmas. O conteúdo disponível é meramente informativo, não caracterizando, sob nenhuma circunstância, recomendações de qualquer tipo. Nenhuma informação das páginas do site foi elaborada com o intuito de embasar ou influenciar na tomada de decisões de investimentos.
    O OURIBANK se exime de responsabilidade em relação ao conteúdo apresentado pelos sites de terceiros, nos links externos relacionados em seu próprio site.
  • Produtos e Serviços
    Os produtos e serviços apresentados nas páginas do site podem sofrer alterações, cancelamento ou suspensão a qualquer momento, sem aviso prévio, mediante decisão do OURIBANK.
  • Direitos Autorais
    O OURIBANK permite a utilização de todos os dados disponíveis nas páginas do site unicamente para uso pessoal. Está vedada, sob pena de punição, a publicação, cópia, reprodução, distribuição, divulgação, comercialização e utilização de parte ou todo o conteúdo presente neste site, incluindo textos, logotipos e imagens, em qualquer meio, sem prévia autorização do OURIBANK.
    Qualquer tentativa de invasão e/ou adulteração deste site é passível de penalidade e será encaminhada às autoridades competentes e enquadrada de acordo com o Código Penal vigente.
  • security
    Considering the security of financial data, it is recommended that the password be kept in absolute secrecy and be changed periodically, be of good size and complexity. It is advisable to use reliable computers, avoiding accessing private data on public devices or shared by other people, which may contain viruses designed to capture passwords in order to carry out fraudulent actions. For all fixed or mobile devices that have internet access, it is necessary to constantly update all programs installed or used by them, such as: operating system, antivirus, browsers, applications for accessing banks, purchases and services, etc., among others. Program updates must be received from trusted sources or sites authorized by the device manufacturers or program maintainers. This action reduces the chances of equipment and programs being compromised by fraudsters.

Download only from well-known sites and avoid leaving your computer connected with your password. It is also not recommended to allow your browser to save the passwords used on the OURIBANK websites.

OURIBANK is not responsible for losses caused by misuse of the system, viruses and other malware installed on computers, Internet provider failures, and incompatibility between the site and the user's files or browser. It also reserves the right to change, suspend, or cancel this site without prior notice.

PRIVACY POLICY

1. Intro

The presentation of these Privacy Directives is intended to help you understand what information is collected, for what reason we collect it, if we share it, and with whom. In addition, we wish to inform you of your rights relating to this information and how to exercise them with Ouribank.

Ouribank has a Personal Data Protection Policy (“Policy”), and whenever it deems necessary, this Policy may undergo changes that will be published on our Sites. These changes will be valid, effective, and binding after the new version is posted on our Sites or otherwise communicated to you. Learn more about our Personal Data Protection Policy by clicking here.

Ouribank respects the privacy of the Personal Data of its holders and values the correct, clear and secure use of the information it holds in its possession.

2. WHAT INFORMATION DO WE USE AND HOW DO WE COLLECT IT?

We process Personal Data about those who at any time searched for Ouribank data or products, are or were our customers or had a relationship with us, were or are representatives, attorneys, employees, partners of a client, company or entity with which we relate, carried out a transaction with us or with our clients, of people with whom we intend to relate or other holders of Personal Data, or underwent a curricular evaluation for hiring in one of the companies in the Ouribank group.

The Personal Data that we process varies according to the purposes of use, including those indicated here, and the activities we carry out. This Personal Data includes registration, financial, and transactional data, such as:

  • Registration data: name, date of birth, gender, ID, social security number and/or other identification documents, such as driver's license, photo, date of birth, residential and business address, home, business and cell phone numbers, e-mail, profession, occupation, marital status, nationality, nationality, nationality, nationality, nationality, nationality, nationality, and information if the person is a PEP (politically exposed person), among others.

  • Sensitive Personal Data: biometric data, including facial and/or digital or other sensitive personal data, in accordance with applicable legislation.

  • Financial and transactional data: information about banking, financial and payment transactions and transactions, products and services contracted or intended to be contracted and their use (including our financial, banking, credit, financing, exchange and investment products, among others that already exist or that may yet be offered).

  • Data about third parties: affiliation, representatives, representatives, guarantor, counterparties, attorneys, collaborators, partners or beneficiaries of products and services.

  • Information about your devices: information about your device (such as Advertising ID) and technical information, such as operating system, version, browser, screen size), connection (such as date, time and IP address, network used), device identification and model. We may also collect, if you authorize us through our Sites and Applications, your geolocation, to use for fraud prevention and security, credit protection, to indicate nearby offices, and to make offers of products and services to you.

  • Information that we access to provide you with functionality: if you authorize and to enable certain functionalities of our Sites and Applications, such as when we process your photos and contact details for the creation and sending of payment receipts.

  • Information about browsing habits: pages and features accessed on our Sites and Applications, number of clicks, pages and applications that originated access to our Sites and Applications (for example, if you access a site that has a link to our Sites and Applications, or if you access third-party pages from links on our Sites and Applications).

  • Data from media and social platforms: interactions that you may have with our social networks, such as Facebook, Twitter, Instagram, LinkedIn, and YouTube.

  • Data related to financial situation: we can access data about your financial or credit situation, such as income, equity, denial, positive registration data, including detailed positive registration data or Central Bank Credit Information System data, in accordance with applicable legislation.

In general, we may process the data at different times and processes where this information is duly sent by the holder of the Personal Data as a result of the provision of services or products by Ouribank to you (or related to you), or it may be provided by other companies in the Ouribank group or by legitimate external sources, such as strategic partners, brokers, including securities and insurance companies, suppliers, service providers, other institutions in the financial system, credit bureaus, public agencies, correspondents and companies or bodies with which Ouribank or you have links or any type of direct or indirect relationship. We may also obtain Personal Data and other information from public and/or publicly accessible sources, such as the Internet, communication media, social media, and public records, and from other sources, as permitted by applicable law. Another time in which we may process the data occurs when they are registered on Servers, Sites and Applications managed or owned by Ouribank for the purposes of LOG, auditing, identification and information security.

The following are some examples of these situations:

  • Data may be provided by you, for example, when filling out registrations, forms, proposals, simulations, memberships, contracts, accesses, searches or expressions of interest in products and services.

  • Data we generate about you: resulting from your relationship with Ouribank, such as information about contracting and using products and services or when you interact with us through our Sites, channels, establishments, centers and service centers.

  • Data received from third parties: are those provided by third parties about you, even if you are not a customer of Ouribank, including by companies or bodies with which Ouribank or you have a relationship, as well as suppliers and partners. Some examples of cases where this occurs are:

    • someone carries out a financial transaction with you, resulting from and necessary to carry out one of the services offered by Ouribank;
    • when you are the beneficiary or user of a product contracted by a third party, such as foreign exchange, trade finance (financing of commercial operations), real estate financing, investment fund management;
    • a client, counterparty, partner, or service provider indicates you as their partner, representative, employee, attorney, or contact;
    • a partner or service provider provides us with information about you to offer or contract products and services;
    • we seek information about you or confirm information that you provide to us, for our activities, such as carrying out or improving your registration and experience, preventing fraud, and complying with other legal obligations.

3. WHAT DO WE USE YOUR DATA FOR?

Ouribank processes personal data in accordance with the legal bases provided for in the General Data Protection Law (LGPD), such as for compliance with legal and regulatory obligations; contract execution; credit protection; to meet the legitimate interests of Ouribank, our customers and third parties; in situations where the consent of the Personal Data Subject is collected and for the regular exercise of rights.

We may process Personal Data and other information for various purposes related to the performance of the activities of the Ouribank group, as examples described below:

  • Carry out our activities, provide our services and provide our products in our relationship with you:

    • carry out and keep your registration up to date, verify your identity and any other information;

    • comply with and carry out actions related to the contract, including steps prior to hiring, during and after hiring. Activities such as evaluation of hiring proposals, service on our channels, and operational processes to ensure the best experience and service for our clients;

    • serve our customers, potential customers and third parties, including dealing with questions, complaints, requests and support through our service channels, allowing you to contact us whenever necessary, and the opposite as well;

    • sending communications about products and services contracted by you, necessary for the fulfillment of the contract;

    • evaluations and regular exercise of rights necessary for the execution of contracts, such as: verifying a basic profile of the contracted product, confirming heirs in the event of a transfer of assets, etc.;

    • selection and hiring of Ouribank employees.

  • Understand our customers and offer products more suited to their needs and profile:

    • evaluate the profile, identify opportunities, and offer and contract products, services, initiatives and benefits of the Ouribank group and/or strategic partners most suited to the profile, interests and needs, to current, potential and third parties, including through e-mail marketing or other communications. You can manage our channels through which you prefer to receive our offers or choose to stop receiving them on our channels;

    • evaluate the browsing behavior and the profile of Users and customers, including to understand whether the User reached the Sites and Applications through direct access, own links or cookies or those of third parties, for example;

    • carry out marketing campaigns and use information technologies and online advertising solutions;

    • conduct research with the public to improve our products, services, service and initiatives.

  • Safety and risk:

    • identify, prevent, and manage possible physical or cyber security risks, yours, Ouribank, or third parties;

    • prevent fraud and ensure security, including the use of your biometrics (facial, digital or other), as well as your geolocation, in any Ouribank products, services, Sites and Applications, for identification and/or authentication processes in own or third-party electronic systems, who may also be Personal Data Controllers, including through the development and/or use of anti-fraud tools;

    • analyze the profile, identify, manage and treat potential risks in the offer and contracting of products and/or services and in the other activities of Ouribank, such as credit risks, socio-environmental risks, operational risks, reputational risks, market risks, among other risks. By monitoring these risks, we are also taking care of the safety of our customers;

    • activities related to credit protection, such as assessment and management of credit risk, assessment of financial and asset situation, collection, assignment of credit, activities related to information and consultation with credit protection entities and positive registration, among others.

  • Compliance with legal and regulatory obligations:

    • comply with legal, regulatory and self-regulatory obligations, such as: internal auditing and compliance activities, prevention of money laundering and terrorist financing crimes and other illegal acts, Know Your Client (KYC) activities and other risk management activities, reports to the Federal Revenue Service, fraud prevention measures, provision of information to the Central Bank and other competent bodies, in Brazil and abroad, to comply with regulations, reporting suspicious transactions to the Intelligence Unit Financial (formerly COAF), proof of life as an INSS beneficiary, assessment of legal representatives and business partners, among other activities;

    • comply with judicial, administrative, and arbitral orders and decisions, including before the BACEN, CNJ and other existing systems.

  • Protect your rights, those of Ouribank and third parties:

    • for the regular exercise of rights, including in contracts and judicial, extrajudicial, administrative or arbitral proceedings.

  • Maintain, create, and improve our activities:

    • analyze, create and improve our products, services, activities, whether internal or external, initiatives, projects, resources and functionalities of our platforms, Sites and Applications, including to improve your access and use and provide the best experience for you;

    • measure and understand the interaction of Users and customers with us, including on social networks and on our channels, as well as the use of our products, services, activities, initiatives, Sites and Applications and the satisfaction of Users and customers. This way we can create, maintain and improve our products, services and our service channels;

    • execution of business processes, internal and managerial management. We process your data for our activities and to help us make better decisions about our operations, businesses, services, products, activities, and initiatives;

    • activities related to hiring and relationships with suppliers, service providers, and other third parties.

  • Other Treatment situations based on legitimate purposes, such as the support and promotion of Ouribank activities or for the provision of services that benefit our clients.

  • Promote events, carry out sponsorships, and other activities and initiatives.

4. CAN INFORMATION BE SHARED?

  • Ouribank only shares your information when it is necessary or pertinent, for the purposes set out in the contracts with our clients and in its Personal Data Protection Policy, within strict security standards, always seeking the confidentiality of your information and following the rules of bank secrecy and other data protection and privacy regulations. Examples of sharing situations are:

  • between the companies of the Ouribank group or entity that has any of these companies as a maintainer or that in any way is managed or linked to Ouribank, including for the development of our activities, offering and providing services and providing products, managing risks, complying with legal obligations and other purposes set out in its policy;

  • with regulatory bodies, other public entities, financial system institutions, and third parties, including for compliance and execution of legal, regulatory, and contractual obligations and for the protection and regular exercise of rights;

  • to comply with requests, requests, and decisions of judicial, administrative, or arbitral authorities;

  • for the identification, prevention, and investigation of possible infractions or unlawful acts (including fraud, money laundering, and terrorist financing);

  • analisar perfil, identificar, gerenciar e tratar potenciais riscos na oferta e contratação de produtos e/ou serviços e nas demais atividades do Ouribank, como os riscos de crédito, riscos socioambientais, riscos operacionais, riscos reputacionais, riscos de mercado, entre outros riscos. Monitorando esses riscos também estamos cuidando da segurança dos nossos clientes;

  • to prevent risks, fraud and ensure security, including the use of your biometrics (facial, digital or other) in identification and/or authentication processes in own electronic systems or those of third parties, who are also Personal Data Controllers;

  • situations in which sharing is relevant or necessary for the creation, offering, maintenance, operation and improvement of our Sites, as well as of the activities, initiatives, and products and services of the Ouribank group and strategic partners;

  • with credit bureaus, including in accordance with the provisions of applicable law, such as to comply with positive registration legislation, in cases of denial, among others;

  • with other financial institutions, including when necessary, for the processing of a transaction or other activities for the execution of a contract;

  • in the event of an acquisition, merger or other corporate reorganization;

  • situations in which your consent may be necessary and, if so, we will request your consent in a timely manner.

5. ABOUT COOKIES

Cookies allow the collection of data related to navigation depending on the type of device used, the authorizations granted by you through the settings of your device and the functionalities used in each application. We may use our own or third-party cookies on our Sites and Apps.

What are cookies?

These are small text files that may or may not be added to the device's browser. These files store and recognize data that ensure the proper functioning of the Sites and help us identify your preferences and improve your experiences.

Types of cookies and their purposes

Cookies can collect data for different purposes related to the functionalities of our Sites. The following are the types that we can use:

  • operation: to ensure the correct access and operation of the applications;

  • authentication: to recognize the User, allowing them to access, including restricted access areas and also used to offer content, offers and/or services from strategic partners;

  • security: to assist in the monitoring and detection of unauthorized activities, in the prevention of fraud, and in the protection of Users' information, yours, Ouribank and third parties;

  • research, analysis, and performance: to verify, measure, and analyze the audience, performance, and use of applications by users;

  • advertising: to present relevant advertising from Ouribank and partners and according to the User's profile and to find out if Users viewed it, both in our environments and on partner sites and apps. They can also be used to remember any searches carried out by Users, and based on the result of those searches, to show advertisements or offers of products, services and initiatives of interest to them.

Can I disable cookies and other forms of information collection?

You can disable or delete cookies, as well as collection technologies, in your browser settings and in the settings of your device's operating system, with the exception of functional cookies that, if deactivated, will not allow the use of the Sites and Applications.

We just remind you that if certain cookies are disabled, the Sites or Apps or some of their features or functionality may not work properly.

6. INTERNATIONAL DATA TRANSFER

Your Personal Data may be transferred and processed in other countries, in accordance with the hypotheses provided for in the LGPD and applicable legislation, for the purposes set out in these Directives in our Policy.

For example, data may be transferred abroad if necessary for the execution of contracts (such as exchange transactions and other banking, financial, insurance and investment transactions with other companies abroad or other financial institutions); for the fulfillment of Ouribank's legal and regulatory obligations; for the regular exercise of rights in administrative, judicial or arbitral proceedings or for the investigation of crimes and other wrongful acts. In addition, the international transfer of data may take place for the development of Ouribank's activities, through the adoption of measures to protect Personal Data.

7. HOW LONG DO WE KEEP YOUR DATA?

The period for which Ouribank keeps the Personal Data collected depends on the purpose and nature of the data processing. We will process your data for the period necessary to comply with legal, regulatory and contractual obligations, to continue to provide and improve our products and services, for risk management, for the regular exercise of law in administrative, judicial and arbitral proceedings, and for the other purposes set out in the Ouribank Policy.

8. DATA SECURITY

The security and protection of personal data and Ouribank information is a priority for us. Ouribank establishes processes and controls for preventing, detecting, and responding to incidents and protecting your data from unauthorized access and use, ensuring the management of security risk, including cybersecurity, and the construction of a robust security foundation.

We consider that information must be protected regardless of where it is located, whether at a service provider or at an international unit, or at a partner, throughout its life cycle, from the moment it is collected, through processing, transmission, storage, analysis and its disposal.

We take care of the data, following strict security and confidentiality standards, to provide our users and customers with a safe and reliable environment. We use tools and technologies to maintain the integrity and confidentiality of information and protect it from unauthorized access.

Additionally, we restrict access to data to the extent necessary, with strict confidentiality and confidentiality obligations and subject to the adoption of security criteria.

The data protection guidelines of the organization, customers, and the general public are formalized in the Information Security Directives of the Ouribank Group and its security policies.

9. EXTERNAL LINKS

The pages of the Ouribank website contain links to external websites of regulatory bodies, B3 and self-regulatory bodies, whose content, privacy policies, and data capture methods are not at your expense, exempting you from any responsibilities related to the information collected and entering passwords outside their pages. The site also does not keep or provide access records to the links listed on it.

10. YOUR RIGHTS

The LGPD guarantees rights to Data Subjects. As the Holder of your Personal Data, you can make the following requests to us:

  • access and confirmation of the existence of data processing;

  • updating, correcting incomplete, inaccurate, or outdated data;

  • anonymization, blocking or elimination of unnecessary, excessive or treated data in non-compliance with the provisions of the LGPD;

  • data portability, subject to applicable regulations and commercial and industrial secrets;

  • information from the public and private entities with which the Controller made shared use of data;

  • information about the possibility of not providing consent and about the consequences of the refusal;

  • revocation of consent that can be carried out at any time and free of charge, upon express expression;

  • request the deletion of Personal Data Processed with consent, except in cases where data maintenance is necessary or permitted by law;

  • opposition to Treatment carried out based on other legal bases, in case of non-compliance with the LGPD, stressing that there may be situations in which we may continue to carry out the Treatment and refuse your request for opposition;

  • request the review of decisions taken solely based on automated Processing of Personal Data that affect you, such as credit decisions;

  • request the cancellation of the sending of targeted offers for Ouribank products and services through our channels.

To exercise your rights over your Personal Data, you can activate our service channels, through the email address: protecao.dados@ouribank.com

We emphasize that we may keep some data and/or continue to carry out the Treatment, even in the case of a request for deletion, opposition, blocking or anonymization, in some circumstances, such as to comply with legal, contractual and regulatory obligations, to protect and exercise the rights of Ouribank, Users and customers, for the prevention of unlawful acts and in judicial, administrative and arbitral proceedings, including by questioning third parties about their activities and in other cases provided for by law.

11. DATA PROTECTION OFFICER

For more information about the Policy or how we treat your personal data, you can contact our Data Protection Officer, Mr. Allan Reisler, by e-mail protecao.dados@ouribank.com In the “subject” field of the e-mail, write the text: “For the care of the person in charge”.

GLOSSARY

The terms below are used in our Personal Data Protection Policy.

  • Ouribank Group or just Ouribank :

  • Controller: natural or legal person, governed by public or private law, who is responsible for decisions regarding the Processing of Personal Data.

  • Personal Data: any information related to a natural person, directly or indirectly, identified or identifiable.

  • Sensitive Personal Data special category of Personal Data relating to racial or ethnic origin, religious conviction, political opinion, membership in a religious, philosophical or political union or organization, relating to health or sexual life, genetic or biometric data relating to the natural person.

  • Internet Protocol Address (IP Address): code assigned to a network terminal to allow its identification, defined according to international parameters.

  • Sites: Ouribank websites that can be accessed by Users.

  • Personal Data Subject: natural person to whom the personal data that are being processed refer.

  • Treatment: any operation performed with Personal Data, such as those relating to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or extraction.

  • Users: all people who visit and access the Sites and Applications. We may also refer to the User and the Personal Data Subject as “you”.