1. OBJECTIVE
This document aims to standardize the Privacy of Portal Turismo Itaipu, presenting rules for the use of requested information, for the protection and privacy of personal data, for sending communications and advertising messages, as well as determining the user's obligations.

2. LEGAL OR DOCUMENTAL REFERENCE
The legal and documentary references that supported this standard were:

a) General Data Protection Law – LGPD (Law No. 13.709/2018).

b) Sales Standard for the Itaipu Tourist Complex;

c) Documentation Chain Standard of the PTI-BR Foundation.

3. DEFINITIONS
a) Customers: Those who use the products and/or services offered by Portal Turismo Itaipu, whether paid or not.

b) Cookie: text file sent by the Portal Turismo Itaipu server to the internet user's computer, with the purpose of identifying the computer, personalizing and obtaining access data, such as pages browsed or links clicked.

c) Cryptography: process of encoding information.

d) Firewall: physical and/or logical device on a computer network whose objective is to apply a security policy to a given network control point.

e) Individual identification: information that is not available to the general public and is attributed, personalized, to a specific customer/user. Examples of individual identification data include CPF or CNPJ numbers, contact information and billing data.

f) Internet user: Users of the Itaipu Tourism Portal.

g) opt-out: this is the possibility for your contacts to unsubscribe from your email list. In other words, if any contact in your database is no longer interested in receiving your emails, they can simply request that they be removed.

h) Portal Turismo Itaipu: website intended for e-commerce, whose domain is www.turismoitaipu.com.br.

i) User: is the person who visits, browses or otherwise uses the Itaipu Tourism Portal.

4. INFORMATION REQUESTED BY THE ITAIPU TURISMO PORTAL
The Itaipu Tourism Portal and Application, in accordance with the LGPD and the PTI-BR Foundation Guidelines, must be committed to keeping your personal information under the most complete confidentiality, linking it solely to your registration and using it only to:

a) Obtain generic statistics to identify the profile of our customers and develop our campaigns;

b) Data maintenance and customer relationship actions, as well as the continuous improvement of the service provided by Portal Turismo Itaipu;

c) Resolution of any legal issues related to the Portal.

The information requested from users on the Itaipu Tourism Portal and Application must achieve its main purpose, which is, to provide the consumer with the option of purchasing tickets for visits to the Itaipu Tourist Complex.

The user must guarantee the veracity and accuracy of the information and data provided to the Itaipu Tourism Portal, assuming the corresponding responsibility if they are not true, and undertakes to keep them updated.

The Itaipu Tourism Portal and Application does not assume any responsibility in the event of inaccuracy of the data provided.

The user who registers on the Itaipu Tourism Portal using third party data may incur crimes of false identity and embezzlement, both provided for in the Brazilian Penal Code, without prejudice to possible liability under specific legislation.

The user may, at any time, request changes and/or rectification of their data, simply by contacting Complexo Turístico Itaipu, via email at info@turismoitaipu.com.br or by post, sent to following address: Fundação PTI-BR, Avenida Tancredo Neves, 6731, JARDIM ITAIPU, FOZ DO IGUAÇU – PR, 85867-900.

The Itaipu Tourism Portal and Application, according to the Terms of Use, requires legal capacity from its users, therefore, under no circumstances will it be permitted to register individuals who have not yet reached the legal age of majority.

5. OBTAINING PERSONAL INFORMATION
Personal information capable of identifying users is collected when they:

a) Register on the Itaipu Tourism Portal;

b) Interact with the various tools on the Portal, providing information voluntarily;

c) Contact the Itaipu Tourism Portal through the “Contact Us” channel.

All personal data collected must be incorporated into the database of this Portal, and Fundação PTI-BR is responsible for storing and securing this data.

The Itaipu Tourist Complex may, at its sole discretion, suspend and/or cancel the user's registration, at any time, if it detects any inaccuracy in the information provided.

6. OBTAINING NAVIGATIONAL INFORMATION
The Itaipu Tourism Portal and Application automatically receives and stores information on its servers about the activities arising from the browser, including the Internet Protocol address and the page accessed, through cookies, however, they do not store any personal information.

The user may, at any time, reject or discard the cookie from their computer. However, this activity limits some functionalities of the Itaipu Tourism Portal.

7. USE OF INFORMATION
The user who declares to be aware of and agrees with the pre-established rules for using the Itaipu Tourism Portal may use the information collected to:

a) Enable interactivity between client users and administrator users;

b) Find out about new events;

c) Keep user registrations up to date for purposes of telephone contact, by email, via direct mail, SMS, WhatsApp or Applications and/or other means of communication;

d) Improve usability and interactive experience during user navigation on the Portal;

e) Prepare general statistics, without identifying users;

f) Respond to questions and requests from its users;

g) Carry out research and communication and relationship marketing campaigns, as well as publicize offers from partners.

8. DATA PROTECTION AND PRIVACY
The PTI-BR Foundation must maintain the privacy of its users' personal data stored in its database, committing to use technology that is suitable for data protection, and must maintain a safe environment, using appropriate tools, observing the state technician available.

However, considering that no security system is absolutely safe, the PTI-BR Foundation is exempt from any responsibility for possible damages and/or losses resulting from viruses, intrusions into the Itaipu Tourism Portal, its database and other related failures, except if there is intent or fault on the part of the PTI-BR Foundation.

PTI-BR Foundation professionals are aware of this rule and only qualified and authorized personnel are allowed to access users' personal data collected on the Portal, under penalty of suffering disciplinary sanctions in case of violation of the rules set out here.

The PTI-BR Foundation requires its partner companies and service providers to guarantee the protection and privacy of data guaranteed in this standard, when there is a need to share them.

9. SECURITY MEASURES
The Itaipu Tourism Portal and Application uses modern security measures to protect personal information, restricting access to authorized personnel only. To this end, the Itaipu Tourism Portal uses a modern coding security system for internet transactions, which makes it a secure point on the world wide web.

For each electronic transaction, a new encryption key is created between your computer and the Portal, making it impossible for other people to intercept the transaction through computer programs. Thus, during data sending, this information is transformed into symbols, through an encryption process, which are only decoded by the authorized server.

The Itaipu Tourism Portal also works with a firewall that prevents unauthorized users from entering.

Due to the use of such a security system, information processing may present problems if the Internet user is using an old browser, which in computer terms could represent very few years or even months. This means that the Internet user will be able to view pages, but, due to the security of their data, they will not be able to make a purchase due to the impossibility of obtaining a secure connection with our server.

10. SENDING RELEASES AND ADVERTISING MESSAGES
Fundação PTI-BR may send communications and advertising messages to its users registered on the Itaipu Tourism Portal and Application, or customers in general, making use of all types of technologies and means of communication available.

Communications, newsletters, offer notices and advertising messages sent by email must necessarily include an option to cancel the sending of that type of message by the Portal. The request will be fulfilled in the minimum time necessary to carry out this execution.

The opt-out must be done through the user's email, so users who have more than one registration may continue to receive communications or advertising messages in the email that was not unsubscribed.

Email sending services must be carried out by Portal Turismo Itaipu and Fundação PTI-BR or by a contracted company, which must use its own servers to carry out the sending.

The contracted company must not use, in any way and under any circumstances, the e-mails registered with the Portal Turismo Itaipu for any purpose other than sending messages from Fundação PTI-BR, in accordance with the preferences of each user, registered on the Itaipu Tourism Portal and with the provisions set out in this standard.

11. EXTERNAL LINKS
The Itaipu Tourism Portal and Application may have access to links to other external websites whose content and privacy policies are not its responsibility.

12. USER OBLIGATIONS
When using our services, the user must agree and accept the terms of the privacy standard in force on the date of access, as well as all notices that make reference to this regulatory instrument.

13. EXCLUSIVE OF THE ITAIPU TOURISM APPLICATION
13.1 AUTHORIZATION

In order for users to have access to the contents of each attraction where it is located, they must authorize receiving notifications and allowing their location and background location permission through the application itself. We also inform you that such permission will not be saved in any database or shared with third parties.

14. GENERAL PROVISIONS
This privacy rule is complemented by the Terms and Conditions of Use of the Itaipu Tourism Portal and Application.

Portal Turismo Itaipu reserves the right to change its privacy rules at any time, aiming for constant improvement and improvement.

15. JURISDICTION FOR DISPUTE RESOLUTION
For the resolution of disputes arising from this instrument, Brazilian law will be fully applied.

Any disputes must be presented in the court of the district in which the company's headquarters are located.

GLOSSARY
Portal Turismo Itaipu is the website intended for e-commerce, whose domain is www.turismoitaipu.com.br.

Fundação PTI-BR (www.pti.org.br) the company Fundação Parque Tecnológico Itaipu is responsible for the administration of the Itaipu Tourist Complex.

Internet users are all those who access the Itaipu Tourism Portal.

Customers are all people who use the products and/or services offered by Portal Turismo Itaipu, whether paid or not.

Individual identification is all information that is not available to the general public and is assigned, personalized, to a specific customer/user. Examples of individual identification data include CPF or CNPJ numbers, contact information and billing data.

A cookie is a text file sent by the Portal Turismo Itaipu server to the internet user's computer, with the purpose of identifying the computer, personalizing access and obtaining access data, such as pages browsed or links clicked. A cookie is assigned individually to each device (computer, smartphone, tablet, etc.), cannot be used to run programs, nor infect computers with malicious code of any kind, such as viruses, trojans, etc., and can be read only by the server that sent it.

Cryptography is the name given to the process of encoding information. The information is encoded (scrambled) at the source and decoded at the destination, making it difficult to decipher it during internet traffic.

Firewall is the name given to the physical and/or logical device of a computer network whose objective is to apply a security policy to a given network control point. Its function is to regulate data traffic between different networks and prevent the transmission and/or reception of harmful or unauthorized access from one network to another.