top of page

Privacy Policy (GDPR & LGPD)

Controller / Website Owner

VICANO Holdings Brasil Ltda.
Avenida Nossa Senhora de Copacabana 605, sala 901
Copacabana, CEP 22050-002, Rio de Janeiro – RJ, Brazil
Email: info@vicano.ch

​

Applies to: visitors of our websites/landing pages, prospects/investors, B2B contacts, suppliers and job applicants who interact with BRAVIVA/VICANO online or via our forms and contact channels.

​

If you are in the EU/EEA/UK: this notice implements the EU/UK GDPR.


If you are in Brazil: this notice implements the LGPD.

1) What data we process

  • Identification & contact data: name, company, role, email, phone, address.

  • Communication data: messages, meeting notes, call details.

  • Marketing & preference data: newsletter opt-ins, areas of interest, event attendance.

  • Device/usage data: IP address, identifiers, log files, pages viewed, timestamps, basic geolocation (country/city), cookies (see Section 7).

  • Investor/KYC data (only if you submit relevant forms): ID information, sanctions/PEP screening results, and documentation required for AML/KYC checks as permitted by law.

  • Recruitment data (if you apply): CV/resume, qualifications, references.

 

We do not intentionally collect sensitive data (LGPD “special categories”; GDPR Art. 9) via the website. If a process requires such data, we will tell you and apply heightened safeguards.

2) Why we process your data (purposes) and legal bases

image.png

3) Where your data comes from

  • Directly from you (forms, email, calls, events).

  • Automatically (cookies, pixels, server logs).

  • From third parties (lead sources, public company registers, AML providers), where lawful.

4) Sharing and processors

We use service providers (hosting, analytics, CRM, email, KYC/AML tools, customer support). They act under contracts that restrict processing to our instructions and implement security measures. We may also share data with professional advisers, payment providers, and authorities where legally required or to establish/exercise/defend legal claims.

5) International data transfers

We may store/process data in Brazil, the EU/EEA/UK, Switzerland, and other countries where our providers operate.

​

  • EU/EEA/UK → outside EEA/UK: we use Standard Contractual Clauses and supplementary measures, or other GDPR-compliant mechanisms (e.g., adequacy decisions) for such transfers.

  • Brazil → other countries: we rely on mechanisms permitted by the LGPD and ANPD Resolution CD/ANPD No. 19/2024, including ANPD Standard Contractual Clauses, adequacy decisions, specific/approved clauses, or Binding Corporate Rules, as applicable.

 

We assess transfer risks and apply technical/organizational safeguards appropriate to the data and destination.

6) Retention

We keep personal data only as long as necessary for the purposes above, including:

​

  • while we have an ongoing relationship with you;

  • for legal/accounting/AML record-keeping; and

  • for applicable limitation periods to establish or defend claims.
    When no longer needed, we delete or irreversibly anonymize data.

7) Cookies & similar technologies

We use:

​

  • Essential cookies (required to run the site);

  • Analytics/measurement cookies (to improve content and performance);

  • Marketing cookies (to measure campaigns and show relevant content).

 

Consent & controls. In the EU/EEA and Brazil, we obtain consent for non-essential cookies and provide granular controls (accept/reject/manage by category). You can also use your browser settings to block cookies; some features may then not work. Our banner and preference center are designed in line with ANPD’s Cookie Guide and EU best practices. 

​

See our separate Cookie Notice for detailed categories, purposes, lifetimes, and providers.

8) Security & incident response

We implement administrative, technical, and physical safeguards (access controls, encryption, network security, backup, staff training, vendor due diligence). If a security incident occurs:

  • GDPR: we will notify the competent supervisory authority within 72 hours of becoming aware, where required, and affected individuals when there is a high risk to their rights and freedoms. EUR-Lex

  • LGPD: we will notify the ANPD and affected individuals within three business days where the incident may result in relevant risk or harm, following CD/ANPD No. 15/2024 parameters.

9) Your rights

You can, subject to legal conditions and exceptions, request:

​

  • Access to your data and portability;

  • Rectification (correction) and erasure;

  • Restriction or objection to processing (including direct marketing);

  • Withdrawal of consent (where processing is based on consent);

  • Information about automated decisions, if any, and human review.

 

Under the LGPD, you also have rights such as confirmation of processing, anonymization/blocking, and to petition the ANPD regarding your data. Under the GDPR, you may lodge a complaint with your local supervisory authority.

10) How to exercise your rights

Email info@vicano.ch with the subject “Privacy Request.”


We may ask for information to verify your identity and will respond within the deadlines set by the GDPR/LGPD. If we cannot fully comply (e.g., legal retention obligations), we will explain why.

11) Children

Our services are not directed to children. If we learn we have collected personal data from a child contrary to applicable law, we will take reasonable steps to delete it.

12) EU/UK representative & Brazil DPO (Encarregado)

  • EU/UK Representative (GDPR Art. 27): Franc Dorfer

  • Brazil Data Protection Officer (LGPD “Encarregado”): Kaio Pessanha de Araujo

 

Please use info@vicano.ch for all privacy matters.

​

(ANPD has issued guidance on DPO responsibilities; we follow these practices.)

13) Changes to this Policy

We may update this Policy to reflect legal, technical, or business developments. The “Last updated” date shows the latest revision. Significant changes will be highlighted on this page.

 

​Last updated: 23 August 2025​​

bottom of page