PT ENPrivacy Policy

Privacy Policy

BMG Financial Group ("Bmg" or "we") values excellence in its service, caring about your privacy and the security and protection of your Personal Data. For this reason, and to ensure greatertransparency, we present our Terms of Use and our Privacy Policy so that users and data subjects can be informed about the conditions of our services and how we process your personal data.

Therefore, we have prepared this document, called "Terms of Use and Privacy Policy" of the Bmg Financial Group ("Terms") to:

  • i) strengthen our commitment to the privacy and security of the processing of Personal Data;
  • ii) explain, in a simple, objective and transparent manner, which Personal Data is collected and processed by Bmg and for what purposes;
  • iii) indicate with whom Your Personal Data may be shared and what resources are available for You to manage Your Personal Data;
  • iv) present how we protect your Personal Data.


The topics covered in these Terms are:

For purposes of these Terms, capitalized words shall have the following meanings:
"Application(s)": means the application(s) of the Bmg Financial Group;
"Bmg" or "We": means the Bmg Financial Group;
"Digital Channels": means the Platform and the Application;
"Internet Banking (IB)": means digital platform used in the banking sector;
"Client(s)": means the natural or legal persons who have a relationship with Bmg;
"Controller": natural or legal person, of public or private law, who is responsible for decisions regarding the processing of Personal Data.
"Consent": means the free, informed and unequivocal manifestation by which the data subject agrees to the processing of his personal data for a specific purpose, being one of the legal hypotheses provided for by the LGPD to substantiate the processing of Personal Data;
"Personal Data": means all information about You or associated with You;
"Sensitive Personal Data": Personal data on racial or ethnic origin, religious belief, political opinion, membership of a trade union or organization of a religious, philosophical or political character, data  relating to health or sexual life, genetic or biometric data, when linked to a natural person.
"Bmg Financial Group": means the group composed of the companies indicated in item 1.3 of these Terms;
"INSS": means the National Institute of Social Security;
"LGPD": means the General Data Protection Law (Law 13.709/2018);
"License": means the free, limited, non-transferable, non-exclusive and revocable license to download, install, run and use the Digital Channels;
"Lojas Help": credit franchises of Help Franchising Participações Ltda., or help!, a company of Banco Bmg S.A., which offers financial solutions focused on retirees, INSS pensioners and public servants throughout Brazil.
"Platform": means the website of Bmg-;
"Policy" or "Privacy Policy": means these Terms of Use and Privacy Policy of Bmg Financial Group;
"Products": means the products made available by Bmg on the Application and on the Platform, such as, but not limited to: Payroll Loan, Payroll Credit Card, Digital Account, Personal Loan, Credit Card, Investments, Insurance;
"Services": means the services and Products available on the Application and the Platform;
"Bmg Investor Relations Site" ("IR Site"): website developed for interaction and communication of Banco Bmg S.A. Investors, through the link: 
"SMS": means text message;
"Terms": means these Terms of Use and Privacy Policy of Grupo Financeiro Bmg
"Owner": means a natural person to whom the personal data that are the subject of processing refer;
"Processing": means any operation carried out with personal data, such as those relating to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or extraction;
"Visitor(s)": means those who browse the Platform without registering;
"You": means the user of the Platform, RI Site and/or the Application;

For the purposes of these Terms, Grupo Financeiro Bmg, or simply Bmg, includes Banco Bmg S.A. and other affiliated, controlling or controlled companies, directly or indirectly, alone or jointly with third parties, by Banco Bmg S.A., in Brazil and abroad. Please visit this page for the updated list.

Section 1: Introduction and Acceptance

During your browsing of our websites ("Platform"), use of Internet Banking ("IB") and our applications ("Application"), it is necessary that we have access to certain information about You or associated with You ("Personal Data"), so that we can offer and provide our services and products available in the best way (collectively, "Services")."). If You are only browsing our Platform or IR (investor relation) Site and are not registered on the Platform or do not use the Services, these Terms also apply to You, but only with respect to Visitor data. We inform You of the data processed by Visitors.
Please note that it is not possible to offer and/or provide our Services without having access to your Personal Data. The processing of Personal Data is a condition for You to have access to our Services via Platform and Application. If you do not agree with all of the provisions herein, please do not access our Platforms, Internet Banking (IB) and Applications ("Digital Channels"), or use our Services.
It is important for You to know that we may, at our discretion, include and exclude Services through our Digital Channels. All operations You perform through the Digital Channels are subject to applicable law, the rules of the contracted products, these Terms and any terms or policies specific to each product, service or channel, if applicable.
In order for You to carry out transactions on the Digital Channels, we may request other means of authentication, such as biometrics, facial recognition, other passwords and/or dynamic password forwarded exclusively by Bmg to Customers via SMS to the mobile phone registered or generated via the Application or other electronic environment for this purpose.
We may, temporarily or permanently, modify or discontinue the Digital Channels, as well as terminate or suspend your access. Likewise, You may, at any time, exclude your user from the Digital Channels. In this case, You must use other channels available through Bmg if you wish to contact us, contract our Services or continue to use them.

To be sure that You are aware of these Terms, it is important that You carefully read this document and express Your acceptance and agreement to all provisions hereof.
By accessing and using the Services offered by Bmg, you fully agree to and accept the provisions of these Terms.
You are aware that:
i) Bmg may, in any case of discontinuity of the Services, store your Personal Data and your information on access to and use of the Digital Channels whose maintenance is necessary for compliance with regulatory and/or legal obligations, or when the storage can be justified by one of the legal bases provided for in the General Data Protection Law ("LGPD").
ii) the contracts and any documents to be signed with, or in favor of, any financial institution belonging to Bmg, in an electronic environment, by means of electronic signatures, including, without limitation, the signature captured on a touch screen that will be subjected to verification of compatibility with the biometric profiles of the Client previously captured and stored, are valid and enforceable; the contracting via the affixing of a previously registered password or of a dynamic nature, forwarded exclusively by Bmg to Customers via SMS to the mobile phone registered or generated via application or other electronic environment for this purpose, in the electronic fields indicated by Bmg to Customers, or any other valid means of electronic signature or acceptance, including the use of SMS, e-mail and other remote means of contact and interaction between the parties for such purpose, being certain that the electronic signature, by any means made available, will reproduce the free and spontaneous will and manifestation of the Customers as to the acceptance of the operation, transaction,  contracting, thus fulfilling all legal requirements, being considered valid and effective for all  purposes and effects of law, including before third parties, in accordance with the applicable legislation.


These Terms apply to all Services, banking and non-banking, offered by Bmg and that use Personal Data of Customers, potential customers, employees and/or third parties to fulfill the purposes stated in “TOPICS COVERED IN THESE TERMS”.

Section 2: Responsibilities

We do not guarantee that the Digital Channels will be free from loss, interruption, attack, virus, interference, piracy or other security intrusion and therefore we are not responsible for failures of this nature.
Therefore, we recommend that you back up your own device and perform the installation of na antivirus.
You will be solely responsible for all acts and omissions committed by your user on the Digital Channels, as well as for all content uploaded or sent to or from the Digital Channels.
We are not responsible for damages or losses incurred by You or third parties as a result of or related to: 
a) technical system failures or unavailability;
b) your use of or inability to use the Digital Channels, including, without limitation, corruption or loss of data, failure to transmit or receive data;
c) failures in the computer system or servers or in relation to internet connectivity in general, and You, at Your own expense, shall maintain the telecommunication line, modem, communication software, e-mail address and other resources necessary for communication with us and the use of the Digital Channels; and
d) use of unsecured or trusted networks.
You agree to defend, indemnify and hold Bmg harmless from and against any charges, actions or demands resulting from the eventual (i) misuse of the Digital Channels by You; and (ii) breach of the conditions agreed to in these Terms or provided for by law, and it is up to You to make good any and all damages suffered by us and/or third parties, including attorneys' fees. Likewise, the same right will be vested in You, if you have to demand compensation for damage caused by the exclusive responsibility of Bmg.

Section 3: Collection and Use of Personal Data


Bmg may process data of Customers – including those who have already had some commercial and legal relationship with Bmg – or potential Clients, as well as legal representatives, partners, administrators or employees of Bmg clients when legal entities, beneficiaries of Bmg services or products, those who transact using Bmg's products or services or who carry out transactions with Bmg's clients, of those who visit our platform ("Visitor") or who in any way communicate, interact or relate to Bmg. 

Bmg may receive or collect your Personal Data when: 
(1) You browse our IR Platform or Site without registering;
(2) You provide us with the information directly, either by registering or filling out forms; request for proposals or information about our Services; credit analysis; contracting our Services; participation in events, research and other activities, face-to-face or virtual, promoted by Bmg; contacts in our communication channels; among other means. On our Platform, these are the main channels for collecting Personal Data: 
• For You / BMG Card or Benefit Card; 
• For You / BMG Invest; 
• For You / Account Credit 
• Customer Service / Contact Us; 
• Customer Service / Complaint Channel 
• Campaigns in Bmg's digital channels. 
(3) You use our Platform, our Application and/or our Services; 
(4) You navigate our Platform and our Application as a Customer; 
(5) Third party companies, partners, suppliers, service providers and other legitimate sources provide, in accordance with the law, Personal Data to Bmg;
(6) You register for the "IR Alerts" or "Contact IR" available on the IR Site;
(7) We receive your Personal Data for the operation of transactions in which You carry out the operation/transaction or are the beneficiary;
(8) We receive your Personal Data when, despite not having a customer relationship with Bmg, You are a beneficiary of or participate in any way in any Bmg Service contracted by a Client of ours; 
(9) We receive your Personal Data from other entities of the Bmg economic group, through sharing, under the terms permitted by law.
(10) We receive your Personal Data from other institutions in the context of Open Finance for purposes determined by You. 
Third party data. The Personal Data of third parties is provided by other users/Customers about You or by You about other people (for example, when a user provides us with data and information of other persons benefiting from products and services contracted by the user or for the operationalization of transactions). 
Thus, the processing of Personal Data may be based on the following contexts: (a) Personal Data provided by You or by third parties related to You; (b) Personal Data collected by Bmg through other mechanismsand/or companies; and (c) Personal Data received from other institutions authorized by the Central Bank of Brazil and that are participants in Open Finance, or partners linked to them, as they choose during the sharing journey.

The Personal Data we process about You includes the following categories: 

5.3.1. Registration Information collected for the provision of Services and to reach potential customers

It is the information provided by You, directly or through access permission, in the completion of registrations and forms or by access to the areas, functionalities and Services of Bmg, as well as certain information obtained from You, through partnerships with other agents in the market, to offer Bmg products and services to You.
In the following table, we describe, in a non-exhaustive manner, the types of data that fall into this category:
• full name; 
• number and copy of the RG, issuing agency, UF, date of issue; 
• number and copy of the CPF;
• copy of identification document (be it CNH, voter ID, RNE, asylum application protocol, class documentation or any other document that, permitted by law, has been presented by the data subject); 
• e-mail address;
• telephone;
• full address (residential and, if any, business); 
• copy of proof of address; 
• Date of birth; 
• naturalness and nationality; 
• filiation; 
• income, bank details and financial information;
• nature of the occupation;
• profession; 
• marital status;
• gender;
• indicative of special needs;
• information about being a politically exposed person (PEP);
• biometric data (such as self-portrait, proof of life, fingerprint, voice, photo, image);
• access to the user's phone contact list;
• financial and credit profile data such as: income, salary, equity, payroll margin, contracted financial and banking products,investments, insurance, negative, positive registration data, data from the credit information system of the Central Bank of Brazil, credit score, among others;
• data necessary for the prevention of fraud and money laundering
• data necessary for the provision of the services provided by Bmg to You (such as guarantors, beneficiaries, etc.)

5.3.2. Transaction information
It is the information related to the transactions and operations carried out through the various Services available on the Platform and in the Application.
In the following table, we describe, in a non-exhaustive manner, the types of data that fall into this category:
• information on financial transactions;
• type of transaction performed;
• transaction values;
• characteristics of your expenses.

5.3.3. Device and navigation data 
This is the information about the device You use to access our Platform and/or our Application, as well as the data related to your browsing.
In the following table, we describe, in a non-exhaustive manner, the types of data that fall into this category:
• type of browser used; 
• pages visited; 
• date and time of visit; 
• precise and/or approximate location;
• IP (Internet Protocol) address and date/time of access and termination of access to the Platform; 
• geolocation and other real-time location information, if enabled on the user's device; 
• list of applications installed on the device; 
• make, model, version, IMEI and screen definition of the identifying device; 
• current version of the application to which a particular service is installed; 
• universally unique identifier (UUID);
• battery level available on the device; 
• date and time at which the data was captured;
• total and available physical RAM and physical memory of the device; 
• VPN usage information; 
• data connection type; 
• information about the use of PROXY; 
• information sent and received by SMS or similar technology; 
• Cookies;
• research history;
• browsing history.

5.3.4. Information obtained from partners 
It is the information we collect from credit bureaus (or databases), data bureaus, among other sources, such as the Central Bank of Brazil, the Brazilian Securities and Exchange Commission, Febraban, ABBC, institutions in the context of Open Finance (when duly authorized by You) and credit protection entities, for the confirmation of your data, credit analysis, fraud prevention and in the sending of special offers. 
Through them we receive additional data about You or validate the data You have sent us. 

5.3.5. Other information provided by You 
Other information voluntarily provided by You may be collected, for example in communications with Bmg or in comments on Services.
We recommend that You do not include Your Personal Data in comments and reviews of Services, in particular Personal Data on racial or ethnic origin, religious belief, political opinion, membership of a trade union or organization of a religious, philosophical or political character or data relating to health or sex life ("Sensitive Personal Data"). 

You are responsible for the veracity and accuracy of all the data that You inform to Bmg. The unauthorized registration of third-party data will be subject to sanctions related to false identity, embezzlement or other offenses provided for in the Brazilian Penal Code or other regulations as the case may be. 
Bmg has no responsibility for the veracity of the data provided by You, as well as for any damages arising from the inaccuracy and/or outdated and/or non-veracity of said information.

Bmg carries out the Processing of your Personal Data within the strict limits of the LGPD and other privacy and data protection legislation. Therefore, all processing of Personal Data is done based on one of the legal hypotheses provided for in the LGPD, always considering the nature of the data treated, which are:
i) upon the provision of consent by the data subject;
ii) for compliance with a legal or regulatory obligation;
iii) when necessary for the execution of a contract or preliminary procedures related to a contract to which the data subject is a party, at the request of the data subject;
iv) for the regular exercise of rights in judicial, administrative or arbitral proceedings, the latter under the terms of Law No. 9,307, of September 23, 1996 (Arbitration Law); 
v) for the protection of the life or physical safety of the data subject or third party;
vi) when necessary to meet the legitimate interests of BMG or a third party, except in the case of fundamental rights and freedoms of the data subject that require the protection of personal data; or
vii) for the protection of credit, including the provisions of the relevant legislation.

In the case of Sensitive Personal Data, Bmg may carry out the processing in the following legal cases:
i) when the data subject or his/her legal guardian consents, in a specific and prominent way, for specific purposes;
ii) without providing the consent of the data subject, in cases where it is indispensable for:
a) compliance with legal or regulatory obligation by the controller;
b) regular exercise of rights, including in contract and in judicial, administrative and arbitral proceedings, the latter under the terms of Law No. 9,307, of September 23, 1996 (Arbitration Law); 
c) protection of the life or physical safety of the data subject or third party;
d) guarantee of fraud prevention and security of the data subject, in the processes of identification and authentication of registration in electronic systems, safeguarding the rights of the data subjects and except in the case of prevailing fundamental rights and freedoms of the data subject that require the protection of personal data.

It is important that You are aware that by voluntarily providing your Personal Data to Bmg, Bmg may process your data on the basis of the most pertinent legal hypothesis.

We emphasize that the Personal Data will be used for various purposes related to the execution of activities performed by Bmg, varying according to the relationship established by You with the Bmg Financial Group. 
For greater transparency, we present below, in a non-exhaustive way, some examples of purposes that direct the Treatment of your Personal Data:
• Realization of your registration and updating of your registration; 
• Realization of authentication and identification process;
• Opening and handling of accounts;
• Verification of authenticity of the information and documents provided; 
• Evaluation of requests for proposals for services, prior to the contracting of the Services; 
• Contracting of the Services and operationalization of the contracted services; 
• Provision and provision of our Services and availability of the Platform and Application; 
• Conducting the Know Your Client (KYC) process and Prevention of Money Laundering and AntiTerrorism measures; 
• Credit analysis and protection; 
• Anti-fraud verification, as a way to ensure greater security to Bmg, the user and the whole society, in the prevention of fraud in the financial system; 
• Monitoring of operations performed during the use of our Services, to detect and prevent fraud;
• Analysis, management and prevention of risks of the offer and contracting of the Services; 
• Compliance with contractual obligations; 
• Realization of collections, extrajudicial or judicial; 
• Communication and contact with You (by email, mail, SMS, instant messaging application, chat and/or telephone); 
• Notification of any changes and news to our Services;
• Clarification of doubts and complaints and management of communication channels; 
• Compliance with legal or regulatory obligations; 
• Compliance with judicial or other authority decisions to the extent determined by law;
• Marketing and sending communications about new products, promotions, targeted offers, relevant content and others; 
• Preparation of usage reports and other static information for marketing and communication campaigns; 
• Optimization of the usability of the Platform and the Application, customizing the contents displayed and implementing their preferences; 
• Analysis of the user's profile, including through the enrichment of information to provide you with more appropriate Services; 
• Verification that You have viewed Bmg advertising, including on third-party websites; 
• Improvements of internal processes, improvement of the Services and correction of problems in the use of the Platform, the Application and the IR Site; 
• Assess, maintain and improve the security of our websites and applications, including to identify and prevent potential information security threats and to develop and use anti-fraud tools; 
• Provision of support to users of Digital Channels and Customers; 
• Behavior mapping and visualization of the flow of use of the IR Platform and Site 
• Improvement of the products and services offered by Bmg, as well as the Platform and the Application, including through testing; 
• Development and improvement of new functionalities and Services, including through testing; 
• Investigation and investigation of judicial, administrative or arbitral proceedings to which we become a party; 
• Conducting internal and external audits and adopting other compliance measures;
• Make automated decisions regarding the use of our Services;
• Offer and contract financial products made available by companies of the Bmg Financial Group or other financial institutions;
• Detection of and action in relation to information security incidents;
• Development of studies and research on their behavior and interests;
• Development and training of Bmg artificial intelligence devices;
• Other situations in which the processing has legitimate, specific and compatible purposes with the performance of Bmg, such as in the case of support and promotion of Bmg's activities, including the development and offering of services and products that may be of interest to Customers and / or potential customers. 
In carrying out the activities necessary to achieve the purposes described above, Bmg may act in conjunction with duly approved third parties (business partners and/or suppliers), provided that the rules described in these Terms are observed and always respecting the fundamental rights and freedoms of Customers, potential customers and other data subjects.
Regarding potential customers, we highlight that Bmg performs the Processing of Personal Data always in accordance with the rules and guidelines of the LGPD.

Thus, we present, below, in a non-exhaustive and merely illustrative way, some of the main legal hypotheses and purposes considered in the Treatment of your data, if You are not yet a Customer:


Regarding the Products and Services, the table below informs in an illustrative and non-exhaustive way some Products and Services of Bmg:

Without prejudice to the purposes and the Products and Services set forth above, the table below informs, by way of example and not exhaustively: (i) some products/services offered by Bmg; (ii) some of the Personal Data we process; (iii) the purpose and (iv) the legal basis for Processing:


We may use certain technologies to monitor the activities carried out on the Platform and the Application. 
The information collected through such technologies is used to perform performance metrics of the Platform and the Application, identify problems in use, capture user behavior in general and collect content impression data. The technology we use for tracking is cookies. 
9.1. What are cookies? 
A cookie is a small text file, placed on your hard drive by a web server, with no ability to run programs or infect your computer with viruses. 
On our Platform, the use of cookies serves to personalize your online experience, saving you time and optimizing your browsing. 
Cookies have an expiration date. They can last for one session, i.e. be automatically removed when You close your browser or at the end of your session (session cookies), or they can be stored on your device until they expire or You manually clear them (persistent cookies).
In addition, cookies can be:
a) Owners: these are cookies set by the website you are currently accessing, either by us, or by a third party on our behalf;
b) From Third Parties: these are cookies set by a different party from the owner of the website You are accessing.

9.2. Why do we use cookies?
We use cookies to collect browsing data automatically, including information such as type of device (mobile phone or computer, for example), browser, pages accessed, search terms, among others. We use cookies to identify general characteristics of our audience (profile) and to be able to adapt our Services to offer you a better experience.
Cookies help us provide you with a better and more personalized website according to your habits and preferences. It is worth remembering that it is possible to disable the use of cookies in the configuration of your browser or device, however, some functionalities of the Platform may no longer work properly if this is your choice.
In your navigation on the Platform, the following types of cookies may be used:
a. Strictly necessary cookies: these cookies are necessary for our Website and Application to function, allowing You to navigate and use its functionalities, enabling minimum resources for the provision of the services requested by You. These cookies do not collect and do not store information about You. This category of cookies cannot be disabled, as without them we will not be able to provide the services or products that You request from us.
b. Advertising Cookies: These cookies may be set through our Site by our advertising partners. They may be used by these companies to build a profile about your interests and show You relevant advertisements on other websites. They do not directly store personal information, but are based on the unique identification of your browser and internet device. If you do not allow these cookies, you will have less targeted advertising.
c. Social media cookies: These cookies are set by a number of social media services that we have added to the Site to allow You to share our content with Your contacts. They are able to track your browsing through other websites and create a profile about your interests. This may affect the content and messages You see on other websites You visit. If you do not allow these cookies, you may not be able to use or view these sharing tools.
d. Performance cookies: These cookies allow us to count visits and traffic sources, so that we can measure and improve the performance of our Site. They help us to know which pages are the most and least popular and to see how the habits of the users of the Site. All information collected by these cookies is aggregated and therefore anonymous. If You do not allow these cookies, We will not know when You have visited our Site.
Functionality cookies: These cookies allow the website to provide improved functionality and personalization. They may be established by us or by external vendors whose services we add to our pages. If you do not allow these cookies, some or all of these features may not work properly.

f. Security Cookies: enable security features of the Platform or Application to assist in the monitoring and/or detection of malicious activity or prohibited by these Terms, and to protect user information from access by unauthorized third parties.

9.3. Managing Cookies
You can choose whether to accept some of the cookies from us or not. However, cookies are an important 
part of the proper functioning of our services. Therefore, the refusal or deletion of cookies may affect the 
availability and functionality of the services and products we offer to You.
To personalize your cookie preferences, we make available a specific area on our Site, which will record 
when You consent to cookies. Remember that strictly necessary cookies cannot be disabled.

Section 4: Services and Data Management  

Once registered in our Digital Channels, you will have access, among others, to the following services:

10.1. Current account for demand deposits ("digital account")
This service involves the possibility of:
i) open a Digital Account, through which the depositor's resources will be available for the execution of various transactions (except in cases of compliance with court orders blocking and/or transfer of values), as described below, after registration by the Client and approval of this by Banco Bmg S.A.;
ii) move the Digital Account through TEDs (Available Electronic Transfers) and DOCs (Credit Order Documents), PIX to accounts of the same or other Securities, as well as schedule and cancel movement transactions;
iii) effectuate payment of bills, schedule and cancel bill payment transactions, register bank details of favored and access proof of transactions;
iv) consult statement and balance of the Digital Account;
v) Include and exclude reminders for effecting payment transactions.
vi) consultation of the table of rates and portfolio of available products;
vii) contracting of Banco Bmg S.A. products that are available in Digital Channels;
viii) access to general information about the products contracted with Banco Bmg S.A., such as statements of contracted loans.

10.2. Payroll loan
This service involves the possibility of:
i) contract the modalities of payroll loan by retirees and pensioners of the INSS (including 
children and adolescents through their legal representatives)/public servants/employees of 
private companies with an employment contract governed by the CLT, agreed to the Bmg: 
new contracts; refinancing and portability;
ii) perform simulations of new payroll loan agreements by retirees and pensioners of the INSS;
iii) carry out the cancellation of payroll loan proposals by retirees and pensioners of the INSS. After the registration effected and credit granted, the cancellation by the platform will no longer be applied. The request for cancellation of the loan will be handled in the service channels of Banco Bmg; 
iv) carry out the consultation of the situation of payroll loan proposals by retirees and pensioners of the INSS; consult the data (value, date of contracting and number of installments) of proposals made for new payroll loan agreements by retirees and pensioners of the INSS.

10.3. Personal loan
This service involves the possibility of:
i) Contract the modalities of personal loan by retirees and pensioners of the INSS, (including children and adolescents through their legal representatives)/public servants: new contracts; refinancing and portability.

10.4. Investment Products
This service involves the possibility of:
i) make investments in fixed income products distributed by Banco Bmg S.A. through the Digital Channels or other channels made available for this purpose, as well as other investment products, if available, provided that the Client agrees with the conditions presented by Banco Bmg S.A. for this, electronically signing the necessary documentation;
ii) carry out investment simulations with the products available in the Digital Canes;
iii) make investments and redemptions of funds in investment products offered by Banco Bmg S.A.; iv) make and cancel schedules for the execution of transactions, observing the schedule established by Banco Bmg S.A.;
v) Check the balance of your apps.

10.5. Services related to credit card
For the purposes of this item, services related to conventional credit cards and consigned cards (Bmg Card or Benefit Card) are considered. Without prejudice to the provisions of the respective contracting instrument and product-specific regulation, these services involve the possibility of:
i) check total and available limits of credit cards;
ii) consult consolidated credit card invoice, including minimum amount and amount discounted 
in sheet, the latter only in the case of Customer holding the Bmg Card or Benefit Card;
iii) issue barcode for payment of the invoice;
iv) make withdrawals by using the limit of the credit card, Bmg Card or Benefit Card, if this service is available to the Customer;
v) Perform the query of status of purchases made;
vi) consult the status of consigned credit card proposals (Bmg Card or Benefit Card) by retirees and pensioners of the INSS and other bodies affiliated with Banco Bmg S.A.;
vii) make the payment, the automatic debit schedule and the generation of duplicate of the current invoice of the credit card, the Bmg Card or the Benefit Card;
viii) carry out the temporary or permanent blocking of the credit card, the Bmg Card or the Benefit Card; 
ix) create the virtual card linked to the credit card and the Customer's active payroll credit card, if available;
x) access the Customer Service (Customer Service), and may even choose to receive the response to the query made through SMS or e-mail;
xi) carry out the evaluation of Digital Channels;
xii) access to the "frequently asked questions" channel and the "questions and answers" section 
to obtain guidance on the functionalities of the Digital Channels;
xiii) access to the telephone contact list of Banco Bmg S.A.; and
xiv) access the chat available on the Digital Channels to streamline access to its functionalities and obtain general guidelines of the Application.

Automated decision-making occurs when an electronic system, using Personal Data, makes a decision without human intervention that affects it in any way. Part of our processes use automated decisionmaking mechanisms and, therefore, we guarantee the exercise of your right to review any decisions made solely on the basis of automated processing, in accordance with the law. 
You may request that decisions made solely on the basis of automated Processing of Personal Data that affect your interests be reviewed, respecting commercial and industrial secrets.

We structure our Platform, our Application and our operations so that your Personal Data is not kept in an identified manner for longer than necessary. We keep Personal Data only in the following cases:
i) during the period in which it is necessary for the provision of the Services; 
ii) to fulfill the purposes described in these Terms; 
iii) to comply with legal or regulatory obligations (for example: rules related to the prevention of money laundering and terrorist financing; account opening, maintenance and closure);  
iv) if necessary, for the regular exercise of law in judicial, administrative or arbitral proceedings; 
v) fraud monitoring; 
vi) keep records of any person who does not wish to receive advertising and marketing from Bmg; or vii) if we have some other legitimate reason to keep them.
In addition, we may keep, for longer periods, some data in an anonymised manner, that is, without such data being or being related, directly or indirectly, to You.
Personal Data is discarded in accordance with the retention policy of the Bmg Financial Group, which provides for the procedures and deadlines for storage and disposal of the data, which may vary according to the nature of the information.

We may, from time to time, share your Personal Data with third parties and/or business partners in accordance with the purposes described below.
The sharing is done strictly to the extent necessary and following strict standards of security and confidentiality, always respecting and making sure that third parties respect the confidentiality of your information.
Whenever we share Personal Data, we make every effort to ensure that the institutions receiving your Personal Data:
(i) receive only the information that is strictly necessary; 
(ii) comply with applicable legislation on privacy and protection of Personal Data and 
(iii) have at least the same level of protection of Personal Data as adopted by us.

We may share your registration data, device data and/or financial history information (including biometric data, where applicable and in accordance with the appropriate legal basis) with business partners and service providers contracted by Bmg, including bank correspondents, credit bureaus, credit banks, bureaus of data and other data agencies, as well as access to the Credit Information System of the Central Bank of Brazil - SCR, to, in a non-exhaustive and illustrative way, carry out the following activities:
• Offering the Services, including through SMS, WhatsApp, emails and social media;
• Intermediation of the contracting of the Services, including the performance of credit analysis, risk and fraud prevention activities; 
• Execute a contract or operational agreement entered into between Bmg and partners;
• Compliance with legal and regulatory obligations;
• Verification of the veracity of the user's information and the documents provided; 
• Know-your-client (KYC) procedures and internal control measures related to AML/FT;
• Credit risk analysis; 
• Analysis and management of operational, strategic and financial risks; 
• Prevention of fraud and acts of an illicit nature, such as money laundering and terrorist financing;
• Identification, qualification and authentication procedures; 
• Improvement of the service related to the Services offered and provided; 
• Decision regarding request and/or proposal for contracting any Services; 
• Enrichment of user information for profile analysis; 
• Income and behavioral profile analysis; 
• Sending advertising campaigns and offers of Services; 
• Realization of online marketing; 
• Support, management, improvements and maintenance of the Platform and the Application;
• Provision or contracting of software, anti-fraud systems and/or customer base management tools;
• Execution of charges related to the commitments assumed by the data subject with Bmg;
• Carrying out compliance activities related to anti-corruption, money laundering prevention, business continuity, operational risks, preservation of the image and reputation of Bmg's business;
• Hiring of legal, accounting, tax and other types of consulting services necessary for the operation of Bmg's business;
• Conducting studies, research, online and face-to-face events and any other face-to-face or virtual activity aimed at promoting, strengthening and disseminating the brand and the Bmg Services.

Any sharing of information is done strictly to the extent necessary and following strict standards of security and confidentiality, as well as the rules of banking secrecy and other laws and standards of protection of privacy, always respecting and making the third parties respect the confidentiality of your information and only for the purposes provided for in the respective contracts formalized with Bmg.
If business partners and service providers process the Personal Data shared by Bmg for purposes other than those described above or those established in the contract, they assume all responsibility for the protection and security of your Personal Data to the exact extent of the new Processing activities, including for the purpose of exercising your rights as a Data Subject.
You are aware, from the outset, that the credit risk analysis will also be done by credit agencies, credit bureaus and other agencies that have the technical capacity for the assessment of credit risk. 

It also acknowledges that the credit scoring assigned to the user by such agencies will take into account various data previously kept in the database and chosen at the sole discretion of these agencies, so that Bmg has no responsibility or interference with the criteria adopted by the agencies for the purpose of assigning credit scores.

We may share your registration data, financial history information and other Customer information with third parties, such as, but not limited to, credit protection entities and collection agencies, to: 
• Realization of collections in case of default of the obligations assumed by You with Bmg; 
• Registration in the register of bad payers;
• Validation of biometric data. 

We may share your registration data, your device and financial history information with judicial, police, regulatory, governmental or any other third party with whom Bmg is required to share the data by law, regulatory bodies, judicial, administrative or arbitral decisions, to the extent permitted by law, to: 
• Comply with legal or regulatory obligations; 
• Compliance with the judicial, administrative, arbitral or regulatory body order, such as the Central Bank of Brazil and the Brazilian Securities and Exchange Commission, SUSEP, which is addressed in the face of the Bmg; 
• Prevent or take action against illegal activities, or in cases of suspected fraud or in situations involving potential threats to the physical safety of any person.

We may give access to your Personal Data to audit firms only to:
• Conducting audits in Bmg operations;
• Compliance with legal or regulatory obligations.

We may share your Personal Data with companies involved in corporate transactions, such as mergers and acquisitions, to:
• Conducting of due diligence processes and other necessary procedures in case of sale or transfer 
of part or all of Bmg's commercial activity, business or operation;
• Continuity of the services offered and fulfillment of contracts or agreements with You 
• Compliance with current legislation;
• Protection of Bmg's interests in cases of demands and conflicts, including in judicial, administrative and arbitration proceedings;
• By court order, arbitration or by request of competent administrative authorities that have 
the legal competence for its request;
• Financial risk assessment; and
• Performing collections from customers and insolvent Data Subjects and/or debt recovery.

We may share your Personal Data with other companies of the Bmg Financial Group, to:
• Offer and provide Services of your interest;
• Enhance or develop functionalities of the Platform and the Application;
• Support and promote the development and improvement of new Services;
• Analyze the performance and quality of Digital Channels and Services; 
• Evaluate users' browsing habits, as well as identify their profiles and needs; 
• Carry out the survey of statistical data; 
• Develop anti-fraud measures; 
• Promote communication between Customers and Bmg to disseminate information related to the 
Applications, products, services, promotions and news of the Bmg Financial Group.

We may receive or share your Personal Data with institutions participating in Open Finance and their linked partners, when duly authorized by You, for the purposes specified, including:
• Enable the Services offered by Bmg;
• Facilitate account opening;
• To know your profile better and offer personalized Services; and
• Proceed with credit analysis or enable dispute resolutions among Open Finance participants.
For more information about Open Finance, visit

For the purposes described in these Terms, Bmg may share your Personal Data with business partners; service providers, including cloud service providers; suppliers and subcontractors that are located in other countries. 
Some cases in which there may be international transfer of data are to:
• Perform internal operations;
• Store and analyze data on trusted and secure cloud networks.

Rest assured, Bmg will carry out the international transfer of data within the strict limits authorized by the LGPD and will only share your Personal Data with third parties that are located in countries that provide the degree of protection of Personal Data provided for in the LGPD.
If your Personal Data is transferred to another country by Bmg or third parties authorized by Bmg to do so, during the provision of the Services or operation of Bmg, we (and the third parties, where applicable) will take the measures required by applicable law and/or regulation; contractual, technical and information security measures; as well as appropriate and proportionate measures to ensure that your Personal Data remains adequately protected.

Section 5: Rights and Security

You, as a data subject, have the following rights provided for in the LGPD:
i. confirmation that we have processed your Personal Data; 
ii. access to your Personal Data; 
iii. correction of Personal Data that is incomplete, inaccurate or outdated; 
iv. the anonymization, blocking or deletion of unnecessary, excessive or processed Personal Data in non-compliance with the provisions of the LGPD; 
v. the portability of your Personal Data to another service or product provider, upon express request, in accordance with the regulations of the National Data Protection Authority (ANPD), observing commercial and industrial secrets; 
vi. the deletion of Personal Data processed on the basis of your Consent, except in the cases of retention of Personal Data provided for in article 16 of the LGPD; 
vii. the information of the public and private entities with which we carry out the shared use of data; viii. information about the possibility of not providing your Consent and the consequences;
ix. the revocation of your Consent to the processing of your Personal Data, where the Personal Data is processed on the basis of your Consent;
You may exercise any of your rights through (i) our website (ii) any of our Digital Channels; or (iii) any of our Help Stores. If we cannot, for technical or legal reasons, comply with your request, we will inform you of the reasons that prevent us. When exercising your rights, remember to identify yourself correctly!

For security reasons, we can only comply with your request if we are sure of your identity. Therefore, please be aware that we may request additional data or information to confirm the identity and authenticity of therequester.
If there is any information security incident that may entail high risk or material damage to your Personal Data, Bmg, within the strict limits of the LGPD, will communicate to the ANPD and the Data Subject.

Concerned about the security and privacy of your Personal Data, Bmg observes and complies with the rules, principles and guidelines of the laws of privacy and data protection and banking secrecy.
We store your Personal Data securely in places of restricted access, for the period provided for in the applicable legislation and in accordance with the Personal Data retention policy prepared by the Bmg Financial Group.
We observe the best market practices to ensure the security and privacy of your Personal Data, adopting technical, administrative, preventive and cyber risk management measures to protect the Personal Data processed by Bmg against unauthorized access, destruction, loss, alteration, communication or any form of inappropriate or unlawful Treatment.
Important: Despite all the measures applied, it is possible that third parties, which are beyond our control, intercept or have access to transmissions or Personal Data in an unlawful manner, given that no process is 100% (one hundred percent) secure. In all cases, we make every effort to ensure the confidentiality and security of your information by encrypting and storing it in a secure format. 
To further enhance the security of your Personal Data and prevent fraud and improper access to your Digital Account, we recommend that You:
i) Do not share your Personal Data and passwords to access the Digital Channels, the Digital Account, and the Bmg Services;
ii) Register in the Bmg Digital Channels and in the channels for access to the Services a strong and exclusive password;
iii) Always exit the Application after accessing it.

If You have any concern or suspicion that Your Personal Data is at risk, such as, but not limited to, in the event of suspicion or certainty that someone has had access to Your password, to Your Digital Account, please contact us immediately with our call center.

In order to ensure your maximum security and the privacy and protection of your data, we reinforce that your access password is personal and non-transferable. It is important that You know this and protect Your password, as well as limit the use and access of it exclusively to Your computer and your devices, preventing the occurrence of any unauthorized access to Your Digital Account or Application account.

It is your sole responsibility to keep your access password in a secure and restricted access location. 
To do so, it is necessary that your password is not obvious, such as birthdays or words found in dictionaries. 
It is important that the password is composed of special and alphanumeric characters and that it is changed periodically or in case of suspected unauthorized access. 
If You, for any reason, believe or suspect that Your password or account has been improperly accessed, we ask that You contact our call center immediately. 
Bmg does not use your e-mail address for any purpose other than to send institutional newsletters and advertising content. If you no longer wish to receive this type of email, simply click on the "opt out" link or the unsubscribe of the email.
If you receive any suspicious emails on our behalf, please forward them to the for us to review and follow up appropriately.
Our Platform may contain links to other websites that are not owned or controlled by us. Please be aware that Bmg is not responsible for the privacy policies of these other websites. We encourage You to be aware when you leave our Platform and to read the privacy statements of each website that collects identifying information from you. These Terms apply only to information processed by us.
You must register your user in the Digital Channels, to create login and password. You are solely responsible for the veracity and validity of the information you provide, being aware that the inconsistency of the data filled in may make it impossible for you to access the Digital Channels. For this reason, keep your registration always updated.
For authentication purposes, You acknowledge that Bmg may consult your Personal Data, including Sensitive Personal Data, such as your biometric profile (fingerprint, voice, image, etc.), available in other public or private databases.
The login and password created for access to the Digital Channels will be confidential and solely your responsibility. It is important that You know this and protect your password, as well as limit the use and access of this exclusively to your computer and personal devices, preventing the occurrence of any unauthorized access to your account. If You, for any reason, believe or suspect that Your password or login has been improperly accessed, we ask that You immediately contact our call center. 
It is forbidden to share your credentials to access the Digital Channels with other applications or web services.

We collect and process Personal Data from children and teenagers in their best interest, with specific and prominent consent given by at least one parent or legal guardian, to:
• Opening of a minor's account for investment, through their legal representative;
• Opening of a minor's account to receive INSS benefits, through their legal representative; and
• Contracting of credit operations, through your legal representative.

We will make all reasonable efforts to verify that consent has been given by the parent of the child or adolescent, by requesting pertinent documents and using available technologies.

Section 6: Changes and Quest 

These Terms may be modified at any time due to changes in legislation or in our Products and Services, as a result of the update of technological tools or, where necessary, at our discretion. Accordingly, we reserve the right to modify this document at any time. But don't worry. If this happens, the data subjects will be communicated by means of notice in the Application, Platform, e-mail or by any other means of communication made available by Bmg. Be sure to carefully read any notice of this nature. All modifications will take effect immediately and, once disclosed, the use of the Digital Channels will represent your acceptance of the new provisions.
Each time we materially change these Terms, those changes will be valid, effective and binding after:

(1) they are disclosed on our IR Platform, Application and Website; or
(2) be sent to You by email; or
(3) be otherwise communicated to You.
You should check the updated version of these Terms each time you visit our Platform, Application and/or IR Site.
In the event that changes to these Terms imply changes to our Personal Data Processing practices that depend on Your Consent, You will be asked to consent to the new terms after the change, so that You can continue to use the Platform and Application and receive the Services.

If, after reading these Terms, You still have any questions, or for any reason, need to communicate with us regarding matters involving the privacy of Your Personal Data, You may contact us through our service channels below: 

  • • Data Protection Officer 
  • Eduardo Mazon
  • • SAC – 24h every day of the week 
  • 0800 979 9099 
  • (complaints, cancellation, suspicions or reports of fraud and general information) 
  • • Hearing or speech impaired – 24 hours every day of the week 
  • 0800 979 7333 
  • TDD special phone calls
  • • Ombudsman – 2nd to 6th, from 9am to 6pm 
  • 0800 723 2044 
  • (Mobile and landline calls)