Compliance

Privacy Policy.

How Entre Rios handles personal data, in compliance with Brazil's General Data Protection Law (LGPD, Law 13.709/2018).

Last updated: 14 May 2026.

1. Who we are

This policy is maintained by Entre Rios Villas & Resorts Ltda., a private legal entity registered under CNPJ no. 04.376.016/0001-54, with registered office at Rua da Chegada, 9849, Fazenda Dunas de Sauípe, Subaúma District, Massarandupió, Municipality of Entre Rios, Bahia, Brazil, postcode 48.180-000 (the "Company", "we", or "controller").

We act as the controller of personal data collected through this site (entreriosvr.com.br) and the institutional channels referenced on it.

2. Data we collect

This site is institutional and does not require any account. Personal data we may receive is typically provided voluntarily by you, in one of the following situations:

  • Contact by email or telephone. When you write to entreriosvr@gmail.com or call the published numbers, we receive whatever data you choose to share — typically: name, organisation, email, telephone, and the content of your message.
  • Technical browsing. The server hosting this site (Hostinger) logs technical data required for the page to function — IP address, browser user-agent, page accessed, date and time. These logs are kept by the provider for security and diagnostic purposes.
  • Strictly necessary cookies. We use only session and functional cookies. We do not run profiling, advertising or cross-site tracking cookies.

We do not collect sensitive data (health, biometrics, racial origin, religious belief, political opinion, union affiliation, sexual life). We do not collect data from minors.

3. Purposes

We process your data only for the following purposes:

  • To reply to your communication and follow up on any conversation you initiate.
  • To conduct institutional relationships with investors, partners, press, authorities and community.
  • To comply with legal and regulatory obligations applicable to the Company.
  • To ensure the technical security of the site (fraud, abuse, and attack prevention).

4. Legal basis

As a rule, we process your data on one of the legal bases of Article 7 of the LGPD:

  • Consent — when you contact us voluntarily.
  • Execution of contract or pre-contractual steps — in dealings with investors, partners or suppliers.
  • Compliance with a legal or regulatory obligation — where applicable.
  • Legitimate interest — for technical server logs needed for site security, with due regard for data-subject rights.

5. Sharing

We do not sell, rent, or assign your data to third parties for commercial purposes.

Your data may be shared, strictly to the extent necessary, with:

  • Infrastructure providers required to operate the site and receive email (currently Hostinger International Ltd., acting as processor).
  • Legal, accounting and technical advisors of the Company, in the context of specific institutional relationships.
  • Public authorities, where required by law, court order, or legitimate request from a competent authority.

There is no routine international transfer of personal data. Where it occurs, it will be limited to what is necessary and will observe the safeguards of Article 33 of the LGPD.

6. Retention

We retain your data only for as long as necessary for the stated purposes, or as required by legal or regulatory obligation. Institutional communications may be retained for up to 5 years after the last contact, to preserve the history of the relationship. Server-side technical data follows the provider's retention policy.

7. Your rights

Under Article 18 of the LGPD, you have the right to:

  • Confirm the existence of processing;
  • Access your data;
  • Correct incomplete, inaccurate or outdated data;
  • Anonymise, block or delete data that is unnecessary or processed unlawfully;
  • Data portability, subject to trade and industrial secrecy;
  • Delete data processed on the basis of your consent;
  • Information about the public and private entities with which we share data;
  • Information on the possibility of withholding consent and the consequences of doing so;
  • Withdraw consent at any time;
  • Object to processing carried out on one of the legal bases that dispense with consent, in case of LGPD non-compliance.

To exercise any of these rights, write to entreriosvr@gmail.com with the subject "[LGPD] Data subject rights". We will respond within 15 business days.

8. Security

We adopt reasonable technical and administrative measures to protect personal data against unauthorised access, destruction, loss, alteration, communication or improper disclosure. In the event of a material security incident, we will notify the Brazilian Data Protection Authority (ANPD) and affected data subjects, pursuant to Article 48 of the LGPD.

9. Data Protection Officer (DPO)

Entre Rios' Data Protection Officer may be contacted at:

entreriosvr@gmail.com — subject "[DPO] Privacy".

10. Cookies

We use only technically necessary cookies (for example, to record your choice in the banner notice). We do not use advertising, profiling or cross-site tracking cookies. If we ever introduce analytics tools, we will choose cookieless and LGPD-compliant solutions, and update this policy beforehand.

11. Changes

This policy may be updated at any time to reflect regulatory or operational changes. The last-updated date is shown at the top of this page. Substantive changes will be notified on this site.

12. Jurisdiction

This policy is governed by Brazilian law. The Courts of the District of Entre Rios, State of Bahia, are elected to settle disputes, without prejudice to the powers of the ANPD.

Contact. Entre Rios Villas & Resorts Ltda. — CNPJ 04.376.016/0001-54 — entreriosvr@gmail.com.