Privacy Notice

Your privacy is important to us. The personal data is yours and we will explain how they are used by CAIXA.

Remembering that this Notice applies only to CAIXA. The other companies from the CAIXA Conglomerate have their own privacy policies, adequate to their products and services.

1. What Is This Privacy Notice?

It is where we explain to you, client, user, social programs beneficiary or person that has a relationship with CAIXA, how we process your personal data.

We present below the main concepts so you can better understand this Notice:

General Data Protection Law (GDPL)

It is the law especially related to provide to you protection and control over your personal data.

GDPL tells you what your rights are, while holder of personal data, and what CAIXA’s duties are when carrying out the treatment of your data.

Treatment of Personal Data

It consists of the activities we carry out with your personal data, such as: collecting, accessing, using, storing, or sharing.

Personal Data

Is it the information related to you, such as your name, your ID number, social security number (CPF) or address.

In addition to that, personal data is also information that can identify you, such as location data from your cellphone or computer (geolocation) and your computer of cellphone’s internet identification address (IP address)

Sensible Person Data

It is the personal data that demand more caution in the treatment, such as your racial origin, data referring to your health, data about your religion, among others.


Is it the person to whom the personal data refers to.

LGPD applies to individuals’ personal data treatment and to those who perform a professional activity on their own behalf – MEI (Individual Microentrepreneur) and EI (Individual Entrepreneur).

2. How CAIXA obtains your personal data

CAIXA obtains your personal data in some ways, such as the following described:

Directly from you:

• When you open an account or hire a product from the bank;
• When you use our service channels (for instance: branches, ATM machines, lottery outlets and banking correspondents);
• When you register in a CAIXA application;
• When you access a CAIXA application or website that need a login;
• When you simulate a mortgage financing or fill out a form, registration or use simulators from other CAIXA products and services.

From other sources:

• From Credit Bureaus (agencies and offices or credit services), Brazilian Federal Revenue Office, and Central Bank of Brazil (BACEN), with the purpose of validating or complementing already existing data in the clients’ registers;
• From Public Administration Bodies to execute services and Public Policies, such as Auxílio Brasil and Unemployment Insurance.

From your digital devices (cellphone or computer):

• When you navigate on our website;
• When you use our applications or a CAIXA website that need a login.

We use digital marketing technologies

Digital marketing technologies serve to improve your experience with our services, your navigation on our websites and applications or to send special offers to you. For this, cookies and other tracking technologies are used.

What are cookies?

Cookies are small files that are stored in your computer or cellphone. They serve, among other things, to improve your navigation in sites and applications, according to your preferences. Lean more in our Cookies Notice.

3. For what purposes CAIXA uses your personal data

CAIXA uses your personal data with a very simple objective: to make available a set of products and services for you and keep them in constant evolution.

CAIXA is committed in observing the GDPL principles and treat your personal data only according to the hypothesis provided for in the law.

Below are some of the most common purposes for which we process your personal data:

• Carry out the contracts that we have with you, as well as doing a prior analysis of your personal data when you wish to acquire any other product or service;
• Respond to your questions, requests, complaints, or compliments;
• Send messages about contracts or terms and conditions of some product, in addition to offers and other information that can be of your interest and adequate to you;
• Conduct market researches to subsidize, for instance, the launching of new products and the improvement of banking services to you;
• Execute services and Public Policies like, for instance, Auxílio Brasil and Unemployment Insurance;
• Verify your identity to prevent and combat fraud, illegal or non-authorized activities;
• Guarantee the safety of our clients, employees, contractors, from the financial system and from CAIXA;
• Develop new channels, services or products and make improvements to those you already use;
• Fix problems, analyze trends, measure audiences, and improve usage of your website and applications;
• Make legal analysis and meet legal decisions;
• Meet legal obligations and audits;
• Meet legal and regulatory requirements.

To know more details about the treatment purposes of your personal data, you can request a complete declaration in your service channels.

4. How CAIXA protects your personal data

CAIXA is committed in protecting your personal data.

Your personal information has restricted access and all the contracts we keep comply with strict confidentiality rules.

We constantly monitor our protection systems against unauthorized access, ensuring secrecy to your personal data.

We use the most advanced tools and security resources to prevent alteration, fraud, disclosure, or destruction of the information under our responsibility.

We follow the rules and best practices of information security.

In addition to that, CAIXA has specific guidelines of data governance, information security, privacy, response to security incidents with personal data and business continuity plan.

Our Security and Information Policy is periodically revised and can be consulted here.

Pay attention to e-mails. CAIXA only sends messages when:

• You register to be informed about our products and services;
• Customer Service (SAC) or Ombudsman answer your requests;
• We execute services requested by you or demands of your interest;
• We execute services necessary to operate your contracts with CAIXA.

We do not send spam! In case you suspect of an e-mail or cellphone message, contact us on 0800 726 0101 or

Do your part:

It is important that you also take some precautions to protect your personal data:

• To contact CAIXA, always use our official channels;
• Be aware of the origin of messages sent on behalf of CAIXA (SMS or e-mail) and disregard any suspicious message;
• Remember to use antivirus and keep Internet browsers up to date;

See here our other security tips.

5. How long CAIXA keeps your personal data

Each product or service from CAIXA has a determined period for the custody of your personal data, complying with legislations and specific regulations.

So, don’t worry! Your personal data will be safely deleted after the custody period is finished.

6. When and who CAIXA shares your personal data with

CAIXA shares your personal data only based in the treatment hypothesis provided for in the GPDL like, for instance, when it is necessary to meet the purposes described in this Notice.

Next, we highlight the most common cases of personal data sharing:

• Providers of means of payment services, collection services, authentication, printing, card issuance and document mailing, to execute activities complementary to our business;
• Customer service centers, lottery outlets and banking correspondents, to better serve you;
• Infrastructure, logistics, technology, and security providers, as well as outsourced engineering companies for the appraisal of real estate or construction projects so that CAIXA’s products and services are provided with quality and efficiency;
• Authorities, government bodies, supervisory and regulation bodies when necessary to comply with laws and regulations;
• Other Public Administration bodies for the execution of Public Policies such as Auxílio Brasil and Unemployment Insurance;
• Credit bureaus, according to the applicable legislation;
• Companies from the CAIXA Conglomerate, aiming to improve services or products that meet your requests;
• Other financial institutions that are part of the Central Bank of Brazil’s Open Finance, only through consent operation executed by you or through the interface of the institution chosen by you;
• Our service providers and business partners;

CAIXA executes international transfer only when necessary and meeting the directions of the current legislation like, for instance, with other banks and financial institutions, for exchange operations and payments overseas.

We only share personal data when strictly necessary, always valuing information security and following the rules of bank secrecy and privacy and data protection legislation.

To learn more details about the sharing of your personal data, you can request a complete declaration.

7. What your rights as Holder of Personal Data are

GPDL grants rights to the Holders of Personal Data, which we list below:

Processing confirmation

You can request CAIXA to confirm if it processes your personal data.


You can have access to your personal data in two ways:

• Simple declaration: it shows what personal data we have about you. The submission of this declaration is immediate;
• Complete declaration: besides showing what personal data we have about you, we inform to what purposes the data treatments are executed and to who we share your personal data, among other relevant information. This declaration is submitted within 15 (fifteen) days;


You can ask CAIXA to correct your personal data in case they are incomplete, incorrect, or outdated.

In addition to the service channels listed in this Notice, you can use the Internet Banking CAIXA to correct your register data, like e-mail, telephone number, address and income, accessing: Minha Conta -> Meus dados -> Atualizar Cadastro

Elimination of treated data with your consent

You can ask for the elimination of your personal data that you authorized CAIXA to treat.

Information about sharing

You can ask the list of companies and public bodies to which CAIXA shares your personal data.


You can direct your personal data, stored by CAIXA, to other companies and institutions.


When your consent is requested (authorization) for the treatment of your personal data you have the right to be informed about the consequences in case you do not give consent. If you prefer, you can deny consent.

You can also revoke the previously given consent for the treatment of your data.

Automated decisions

You can ask for the revision of decisions made exclusively by technological means (without human involvement) like, for instance, your classification, score, approval, or rejection.

Data treatment revision

You can exert this right in case you understand CAIXA is treating unnecessary, excessive, or treated in disagreement with the GPDL. Your request will be analyzed and answered.


You can ask CAIXA not to treat your data anymore, if you feel we are in disagreement with the GPDL. Your request will be analyzed and answered.

You can exercise all these rights by contacting us:

• On our website: (at “Faça sua Solicitação“);
• On WhatsApp: 0800 104 0104;
• At CAIXA branches;
• On our Customer Service: 0800 726 0101;
• On our Ombudsman: 0800 726 7474.

8. Doubts on the Privacy Note

You can contact our Person in Charge of the Processing of Personal Data, Jardel Luis Carpes, by e-mail:

Privacy Notice Revision Date: 07/06/2021

Cookie warning

Learn more about what cookies are, how they work and what they are for in our Cookie Notice.


Privacy Notice Publication Date: 05/09/2023