Privacy Policy

The purpose of this Privacy Policy is to inform CTA CONTINENTAL TOBACCOS ALLIANCE S/A's (hereinafter referred to as “CTA-Continental”) commitment with your personal data protection. Your privacy is very important to us, and we understand how important it is to you. Our objective is to be as clear and open as possible about what we do and why we do it. We are committed to personal data privacy and protection of all individuals who interact with CTA-Continental.

Our Privacy Policy informs you about the type of information we collect and process, what we do with it, what we do to keep your information secure, your rights and how to contact us. The only personal information we will have is that which you voluntarily provide to us.

CTA-Continental acquires a variety of information about people with whom it interacts in the normal course of its business activities, and may use it in the ways described in this Privacy Policy. We, at CTA, reiterate our commitment to you and our concern for the privacy and protection of your personal data. If you have any questions about this Privacy Policy, please contact us through the channels indicated at the end of this document.

Our Privacy Policy seeks to clarify how information will be collected, used, shared, stored, deleted and protected. It is valid for all our employees, customers, participants in selection processes, users, service and product suppliers.

This Privacy Policy provides information about how we treat your personal data, such as:

Important information for reading this policy

“Personal data” is information relating to an identified or identifiable natural person, such as name, Social Security number, email, telephone, among others.

“Sensitive personal data” is data about racial or ethnic origin, religious conviction, political views, membership of a trade union or organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data when linked to a natural person.

“Personal data processing” means any operation carried out with personal data, such as access, storage, archiving, evaluation, classification, collection, communication, control, dissemination, distribution, elimination, extraction, modification, processing, production, reception, reproduction, transfer, transmission, and use.

How we collect your information

Your information may be collected by filling out the contact form contained on this website, search engines used by Google Analytics cookies , posts on Facebook and Instagram, as well as website's user functionality and preferences cookies, for a better user experience to access it.

This website ( is operated by CTA-Continental for your information, education and communication. You can visit it without telling us who you are and without providing any personal information. It is important to highlight that our website does not use cookies, does not have registration forms, “Contact Us” or “Work With Us” forms.

However, when you contact us by email, we may directly and indirectly collect and process certain information provided by you in this contact.

Our profiles on social networks may collect data from information that you spontaneously provide to us by inserting references about yourself in any context, by filling out forms or sending private messages on our profiles.

Personal Data and processing purposes

This document was prepared based on the General Data Protection Law (GDPL), Federal Law 13,709/2018.

The GDPL regulates how the company handles personal information, especially on the internet, via forms. Within this context, the GDPL reinforces the need to process personal data.

For all personal data collection, CTA-Continental will follow these rules:

  • only information that is essential for the provision of services will be collected;
  • in certain occasions, if there is a need to collect personal data that has not been previously informed, you will be notified about this need so that we can collect authorization when required by law, that is, when CTA requires the processing of personal data and the law requires consent of the holder, this will be communicated to the holder and carried out in advance, if applicable;
  • all data collection will include the specific reason for its need and the purpose for which it is intended.

Some purposes of data processing are presented below:

Examples of activities carried out by CTA-Continental

  • Employee selection processes
  • Database lookups such as Serasa/SPC
  • Management of judicial and/or administrative actions

Objective and justification

  • Assessment and selection of candidates for job openings at CTA-Continental
  • Registration approval and credit analysis
  • Regular exercise of rights

Information we collect about you

For the thorough development of the company's activities to comply with contractual and legal obligations, it is essential to process some information. CTA-Continental may collect personal data from employees, customers, participants in selection processes, product and service suppliers, as described below.

We may collect your information in several ways:

  • you may provide information directly, for example, by entering into a contract, filling out a form or contacting us by phone;
  • we may obtain information from third parties, for example your employer, or from publicly available sources such as a company website, internet searches or social networks such as Facebook, Twitter, Instagram and LinkedIn.

Above, we refer to all the methods by which you have contact with us, whether at physical points of contact, such as at our headquarters or in our branches, as well as digital means such as applications, social networks and websites. We stress that we take measures to keep personal information confidential. Regardless, CTA-Continental recommends that holders refrain from providing information that should be kept confidential.

We may collect information provided directly by you. Typically, this will occur when you:

  • enter into a contract to provide products or services to us;
  • establish an employment contract;
  • contact us by email, social media profiles, telephone or in person.

We may collect your information automatically, normally when you:

  • visit our business units, for example, through video recordings (CCTV) and/or access records;
  • use systems or devices owned by CTA-Continental, such as a notebook, tablet, cell phone or smartphone.

Other activities, for example, carried out by CTA-Continental may be:


  • Selection of receptionists for trade shows and/or corporate events
  • Payment to supplier
  • Payment to producer (farmer/grower)
  • Inclusion/exclusion of producer name in Credit Bureau

Personal Data

  • Name, Social Sec. No. and age
  • Name/Company name, Social Sec. No. and bank details
  • Name, Social Sec. No. and bank details
  • Social Sec. No., address, e-mail and phone no.

We clarify that it is not CTA-Continental's responsibility to provide security on customers' and users' personal devices, however we recommend that these devices follow good security practices, including, but not limited to, the operating system updated with correction packages provided by the manufacturer, appropriate and up-to-date security software. It is strongly suggested to use security passwords on devices. Never reveal your password to third parties.

Possibility of data sharing

In specific situations, for the full functioning of products and services offered by CTA-Continental or in specific contracts, it will be necessary to share personal data.

Some example situations are presented below:

  • with authorities, government entities or other third parties, to protect CTA-Continental's interests, in conflicts, legal actions or proceedings;
  • with external suppliers such as credit analysis or debt collection agencies that help us check your credit status or collect overdue bills;
  • situations where corporate changes occur involving CTA-Continental, in which case the transfer will be necessary for the course of services;
  • upon court order or by authorities that have legal competence to make a request.

Personal data storage and protection

Technical and organizational measures have been implemented to protect personal data against disclosure, use or modification.

In certain situations, according to our analysis, we may use encryption and other technologies to protect the information you provided to us. Personal data will be used by authorized professionals qualified to perform their functions. Our service providers are also required to comply with the GDPL.

We store your personal data in operating environments that use security measures to prevent unauthorized access. We follow protocols to protect personal data.

This data will be stored for the period necessary to carry out the purposes for which the information was collected and for the necessary legal period.

The data will be deleted when it is no longer necessary for the purpose for which it was collected, or when the holder requests its deletion, except when there is a need to comply with a legal/regulatory obligation.

We continually monitor our security measures, which are reviewed in accordance with technology advancements, market standards and the most current organizational resources.

Holders' rights

You may have some or all of the rights regarding your personal information.

CTA-Continental, as a controller of personal data, respects and guarantees the following rights:

  • confirmation of the existence of personal data processing;
  • request for access to personal data;
  • correction of incomplete, inaccurate or outdated information;
  • anonymization, restriction or deletion of unnecessary, excessive or processed data that does not comply with the law;
  • deletion of processed data, with the consent of the customer and/or user;
  • obtaining information about public or private entities with which CTA-Continental shares your personal data;
  • information about the possibility of the holder not providing consent, as well as being informed about the consequences in case of refusal;
  • withdrawal of consent.

To exercise their rights, holders must send the corresponding request to the Data Protection Officer (DPO), to the email address or by telephone +55 (51) 3793-2200.

General provisions

CTA-Continental, at its sole discretion, may modify the terms and conditions contained in this Privacy Policy, including, but not limited to, hypotheses arising from compliance with legislation, changes to services, among others.

Any updates will be made available to concerned parties on the company's website.

This Privacy Policy was last amended and published on this website in April 2021.