Privacy Policy
1. PURPOSE
The purpose of this Policy is to provide information about the collection, use, sharing and general handling of personal data, whether in digital or physical media, in order to ensure greater transparency regarding how and for what purposes the data is used by GMT, in addition to disclosing how the data subjects can access and update their personal information, or exercise their rights in relation to such data.
In everything we do, we strive to protect our data and information. We know you feel the same way. Your personal data is a valuable asset that must be protected. That’s why you need to know exactly how it might be used. That’s precisely why we created this Privacy Policy.
We have prepared this External Data Privacy Policy, referred to herein as the Policy, whose main purpose is to inform you about the collection, use, sharing, and general processing of your personal data, whether in digital or physical media, in order to provide greater transparency on how and for what purposes your data is used by GMT. It also informs you how you can access and update your Personal Data, and exercise your rights related to it.
The objectives of this Privacy Policy are:
1. Establish GMT’s guidelines and responsibilities that ensure and reinforce the group’s commitment to compliance with applicable personal data protection laws.
2. Provide transparency to you, as the data subject, regarding (i) what personal data we process and the purpose of the processing; (ii) how we protect your data; (iii) how long we store your information; (iv) with whom we may share your data; and (v) what your rights are.
In any processing of personal data, GMT will observe the following principles of personal data protection:
1. Purpose: GMT will process your personal data only for legitimate, specific, explicit purposes informed by you, the holder of personal data, without the possibility of further processing in a manner incompatible with these purposes.
2. Adequacy: GMT will process your personal data in a manner compatible with the purposes informed by you as the data subject, and in accordance with the context of the processing.
3. Necessity: the processing of your personal data carried out by GMT will be limited to the minimum necessary to achieve its purposes, covering relevant, proportional and non-excessive data in relation to the purposes of the processing.
4. Free access: GMT will guarantee you, the holder of personal data, easy and free access to the form and duration of processing, as well as the completeness of your data.
5. Data quality: GMT will guarantee, to you, the holder of personal data, the accuracy, clarity, relevance and updating of the data, according to the need and to fulfill the purpose of its processing.
6. Transparency: GMT will guarantee you, the holder of personal data, clear, accurate and easily accessible information about the processing carried out and the respective personal data processing agents, observing commercial and industrial secrets.
7. Security: GMT will use technical and administrative measures capable of protecting your personal data from unauthorized access and accidental or unlawful destruction, loss, alteration, communication or dissemination.
8. Prevention: GMT will adopt measures to prevent the occurrence of damages due to the processing of your personal data.
9. Non-discrimination: GMT will ensure that your personal data cannot be processed for unlawful or abusive discriminatory purposes.
10. Accountability and accountability: GMT is committed to demonstrating the adoption of effective measures capable of proving compliance with and compliance with the rules for protecting your personal data, and the effectiveness of these measures.
Oh! Let us tell you right away that the controller of your personal data is GMT, to which you may or may not be directly linked.
WHO WE ARE
The Montesanto Tavares Group is a holding company with experience in all stages of the coffee chain, from coffee origination to the sale of blends abroad. In addition to coffee produced on its own farms, the company purchases beans from small producers, strengthening family farming and valuing coffee growers in Brazil. After origination, we have the machinery and expertise to store and process the beans. All of this is carried out by our own companies and partners, such as Armazéns Leste de Minas (storage and reprocessing). Today, the Montesanto Tavares Group owns two exporting companies, Atlantica Coffee and Cafebras, and one importing company, Ally Coffee, in the US, Europe, and Asia. These trading companies enable the group to trade and sell Brazilian coffee worldwide.
OUR COMMITMENT AND PURPOSE
The Montesanto Tavares Group establishes, in this Policy, the commitment it has always emphasized to transparency, confidentiality of its data, privacy and security of each of its suppliers, partners, third parties and all those involved in Administrative Management.
This Privacy Policy complies with the General Data Protection Law No. 13,709/2018 and other related regulations. It was developed to help you understand what information is collected about you, how it is used, stored, for what purpose, and when it is deleted.
Our main purpose is to safeguard the transparency that has always been assured, making you aware of what happens to your Personal Data shared with us, including during your visit to our website https://www.atlanticacoffee.com/
RULES
So that you have no doubts about the concepts used in this Policy, below is the definition of all terms and acronyms used:
“Anonymization”: A process and technique by which data loses the possibility of direct or indirect association with an individual. Anonymized data is not considered Personal Data.
“Consent”: Free, informed and unequivocal expression by which the Holder agrees to the Processing of his/her Personal Data for a specific purpose.
“Controller”: Legal entity, under public or private law, responsible for decisions regarding the Processing of Personal Data.
“Personal Data”: Any information relating to an identified or identifiable natural person, who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Sensitive Personal Data”: Personal data about racial or ethnic origin, religious belief, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data, when linked to a natural person.
“Data Protection Officer” or “Data Protection Officer (“DPO”)”: The individual designated as the formal/official data protection officer, as provided for in data protection laws, such as the LGPD, for a given territory. The DPO may be an employee or a third-party.
“LGPD”: Brazilian legislation no. 13,709/2018, commonly known as the General Personal Data Protection Law, which regulates Personal Data Processing activities and also amends articles 7 and 16 of the Internet Civil Rights Framework.
“Policy”: this GMT Privacy Policy.
“Operator”: Natural or legal person, under public or private law, that carries out the Processing of Personal Data on behalf of the Controller.
“Data Subject”: Identified or identifiable natural person to whom specific Personal Data refers.
“Personal Data Processing” or “Processing”: Any operation or set of operations performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, erasure or destruction.
“National Data Protection Authority (ANPD)”: public administration body responsible for overseeing, implementing and monitoring compliance with the General Personal Data Protection Law throughout the national territory.
“Cookies”: files sent by our server to the computer, cell phone, tablet or any other device used by You and responsible for collecting access data to Our Environments, personalizing your navigation.
“Automated Decision”: decision made without human intervention using algorithms.
“IP”: Abbreviation for “Internet Protocol.” It is the set of numbers and letters that identifies the device you use to access Our Environments.
Now that you know the meanings and concepts used in this Policy, we will inform you which data we use, the time for which we store it, with whom we share it, the security measures used, the legal bases used and permitted by law to justify the processing of your personal data according to each purpose and your rights as a data subject.
WHAT PERSONAL DATA DO WE PROCESS?
The data collected and processed by us at GMT, according to the existing categories, are common personal data, of an eminently registration nature, such as name, CPF, profession, address, in short, data necessary for the preparation, management and fulfillment of service provision contracts, granting of benefits to dependents of our employees, contracting of suppliers, service providers, customers, producers, brokers and third parties.
Oh! Remember, you will always be responsible for keeping your data updated in our database.
WHAT IS THE PURPOSE OF THE DATA COLLECTED AND PROCESSED?
We only process personal data that is necessary and appropriate for the purposes for which it was collected, always observing the legal bases for processing.
The purposes for which your data will be processed will vary depending on your relationship with GMT and will be used, for example, to (i) enable the payment of bills/invoices; (ii) receive funds from the sale of products and services; (iii) manage supplier purchases; (iv) purchase coffee and maintain relationships with suppliers and new producers; (v) foster customer acquisition; (vi) enable management and defense in legal and administrative proceedings; (vii) comply with the requirements for the regular exercise of rights; (viii) serve our legitimate interests; (iv) ensure the security of our operations.
The personal data collected is not subject to artificial intelligence analysis that generates or may generate biased or discriminatory treatment. Among the personal data processing operations, there is no automated decision-making with the personal data of any of the related parties.
GMT does not engage in SPAM practices and therefore does not send commercial emails that have not been previously requested or authorized by the user. Consequently, in all communications you receive from the provider, you have the option to withdraw your express consent to receive our communications.
We will not process your personal data for any purpose other than those described, except by legal obligation or compliance with court orders.
LEGAL BASES USED
The entire data processing chain, which will be operated by us, will be supported by one of the bases provided for in the General Data Protection Law, such as, for example, for the execution of the contract for the provision of coffee sales services or preliminary measures for the execution of this contract.
We may also use your data exclusively to comply with legal obligations, such as informing tax authorities about the issuance of invoices. We may also store your data exclusively to exercise our right to defend ourselves in legal or administrative proceedings.
WITH WHOM AND FOR WHAT WE SHARE YOUR DATA
Regardless of who our partners are, with whom we may share your data, they will all be joint data processors or controllers.
We require that everyone with whom we eventually share your personal data comply with our data protection rules and the provisions of the LGPD, including disposal, compliance with data subject rights, confidentiality obligations, information security rules, etc.
Under no circumstances do we sell or exchange your data with other individuals or legal entities.
We may share your data with competent judicial, administrative or governmental authorities, regulatory agencies, whenever there is a legal determination, request, requisition or court order.
We may possibly share your data with professionals delegated by us and necessary to fulfill the scope of the contract entered into between us, such as lawyers, accountants, and auditors.
INTERNATIONAL DATA TRANSFER
To better perform its activities, GMT may, in some circumstances and when necessary, share your personal data with other companies within its economic group. Furthermore, your data may be shared with partners and suppliers based in other countries, always in compliance with applicable legislation and the relevant contractual clauses.
Don’t worry, GMT does not authorize contracted third parties to carry out any data transfer without your consent and validation.
DATA RETENTION AND DISPOSAL TIME
Personal Data is stored for legal retention periods or for as long as necessary to fulfill the purposes for which it was collected, unless there is any other reason for its retention, such as compliance with any legal, regulatory, contractual obligations, among others, provided that they are based on a legal basis.
Once the processing purposes have been achieved, we may keep your data based on the regular exercise of rights in processes, for the legal term, counting from the end of our legal relationship.
You should know that as long as we keep your data in our databases, we will guarantee complete integrity and security.
DATA COLLECTED ON OUR WEBSITE (COOKIES)
On our website (https://www.atlanticacoffee.com/) data is collected indirectly, exclusively related to your browsing.
This data is collected via cookies by the website developer, www.google.com, www.facebook.com, www.doubleclick.net, and www.mailchimp.com, exclusively to improve our website’s navigation and content. However, this data collected automatically through your browsing activity on the website does not identify you. We receive this anonymized information exclusively for general and global analysis (e.g., Google Analytics, Facebook Analytics, Google Ads, Mailchimp, and Google Recaptcha).
Cookies are also used:
Essential cookies
Used to ensure the website functions properly. This category of cookies does not collect information for marketing purposes or store browsing information on other websites.
| Cookie | Source | Purpose | Type | Duration |
|---|---|---|---|---|
| _abck | Mailchimp | To provide protection against hackers. | HTTP | 1 year |
| _grecaptcha | Google Recaptcha | Distinguish between human and bot visitors. Prevent spam sent by bots on website forms. | HTML | Persistent |
| _GRECAPTCHA | Google Recaptcha | Distinguish between human and bot visitors. Prevent spam sent by bots on website forms. | HTTP | 179 days |
| ak_bmsc | Mailchimp | Distinguir visitantes entre humanos e robôs. Evitar inscrições feitas por robôs no formulário de newsletter. | HTTP | 1 day |
| bm_sv | Mailchimp | Distinguir visitantes entre humanos e robôs. Evitar inscrições feitas por robôs no formulário de newsletter. | HTTP | Session |
| bm_sz | Mailchimp | Distinguir visitantes entre humanos e robôs. Evitar inscrições feitas por robôs no formulário de newsletter. | HTTP | 1 day |
| et_pb_ab_view_page_* | DIVI WordPress Plugin Owner | DIVI design template session cookie. Record whether a specific page was viewed by the website visitor. | HTTP | Session |
| et_pb_ab_read_page_* | DIVI WordPress Plugin Owner | DIVI design template session cookie. Record whether a particular page has been read by the website visitor. | HTTP | Session |
| MCPopupClosed | Mailchimp | Store whether the newsletter subscription popup, displayed on any page when accessing the website, has been closed, preventing the popup from appearing all the time for the user. | HTTP | 1 year |
| popupsmart_* | Own Site Popupsmart Plugin | Record whether popups on the site were closed or clicked. No popups are activated by the plugin, but since the plugin is installed, it generates cookies in the browser. | HTTP | Session |
| rc::* | Google Recaptcha | Distinguish between human and bot visitors. Prevent spam sent by bots on website forms. | HTML | Persistente |
| test_cookie | Google Tag Manager | Test whether the user's browser supports cookies. | HTTP | 1 day |
Traffic analysis cookies
They collect information about how the website is used, through aggregated data and statistics that allow us to identify usage patterns and, consequently, improve our services and features.
| Cookie | Source | Purpose | Type | Duration |
|---|---|---|---|---|
| _ga | Google Analytics | Used by Google to store and count page views, providing website visit statistics. | HTTP | 2 years |
| _gat _gat_* | Google Analytics | Used by Google to store and count page views, providing website visit statistics. | HTTP | 1 minute |
| _gid | Google Analytics | Used by Google to store and count page views, providing website visit statistics. | HTTP | 1 day |
Cookies for marketing purposes
They collect browsing information for marketing purposes, based on the analysis of users’ preferences and desires. They may collect data such as name, website pages and digital channels visited, other websites visited, etc. The information collected is used to evaluate the effectiveness of marketing campaigns or to provide better marketing targeting.
| Cookie | Source | Purpose | Type | Duration |
|---|---|---|---|---|
| _fbp | Store and track website visits. Used by Facebook to display ads within its platforms. | HTTP | 90 days | |
| _gcl_au | Google AdSense | Used by Google to track conversions on the website, whether it's form submissions, calls made through the website, etc. This is what the Google Ads manager has defined in the conversion settings. | HTTP | 90 days |
| _mcid | Mailchimp | Record visitor data. Optimize ad delivery through MailChimp. | HTTP | 1 year |
| ads/ga-audiences | Google Ads | To store information for remarketing, delivering advertisements to the user based on pages on the website and websites they have visited. | Pixel | Session |
| pagead/1p-user-list/# | Google Analytics | Tracks whether the user has shown interest in specific products or events across multiple websites and detects how the user navigates between websites. | Pixel | Session |
| tr | Store and track website visits. Used by Facebook to display ads within its platforms. | Pixel | Session |
The browser you used to access our website (Chrome, Internet Explorer, Microsoft Edge, Firefox, etc.) likely uses cookies that capture your data. It’s important to check the Privacy Policy of your chosen browser and what you authorize.
WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?
In your interest and to exercise your rights under the LGPD, you may request to exercise your rights before GMT by sending a letter to the postal address provided at the beginning of this privacy policy or by sending an email to dpo@montesantotavares.com.br, indicating as the subject: “MY RIGHTS” or through our communication channels available on our website or in person at our unit.
These are your rights:
(i) Access – the right to be informed and have access to your personal data under our processing.
(ii) Correction and updating – the right to request the updating or modification of your outdated, incomplete or incorrect personal data.
(iii) Deletion – the right to have your personal data deleted from our databases, except in the case of legal storage hypotheses.
(v) Anonymization or blocking – the right to request that excessive personal data be anonymized or that this excessive processing be suspended by us.
(iv) Portability – the right to request that the personal data under our processing be transferred to another service provider indicated by you.
(vi) Revocation of consent – if your data was collected based on your consent, you have the right to revoke it.
INFORMATION SECURITY MEASURES
GMT adopts appropriate administrative and technical security measures to keep employees’ personal data safe and protected from unauthorized access and accidental or unlawful destruction, loss, alteration, communication, or any form of inappropriate or unlawful processing, including, but not limited to: (i) establishing strict control over the processing of personal data; (ii) individualizing logins and passwords, with an express prohibition on sharing passwords; (iii) storing documents in locked files with access restricted to employees who need to know them.
The security of personal data is a serious matter and a right of all data subjects. Therefore, GMT has technical and administrative measures in place to protect data against accidental or unlawful distribution, loss, alteration, communication, dissemination, or unauthorized access. It also ensures that the environment (physical or digital) used for data processing is structured to meet security requirements, best practice and governance standards, and the general principles established by law.
DATA PROTECTION OFFICER (DPO)
The DPO appointed by the Montesanto Tavares Group is responsible for the communication channel between the holding company, personal data holders (suppliers, customers, third parties, managers and agents), interested parties and the ANPD, and may provide the necessary clarifications on this Policy and its application, exceptional cases and good practices to be adopted permanently.
Any and all communications and requests relating to the processing of personal data may be sent by data subjects directly to the DPO, who can be contacted at the following email address: dpo@montesantotavares.com.br.
OTHER RULES
Stay tuned!
We do not send emails, text messages, letters, or any other means of communication requesting data confirmation. If it’s in our name, it’s a scam. We suggest you don’t reply, click on links, or download files. Our emails end with @atlanticacoffee.com, @cafebras.com, @gmtfarms.com.br, or @montesantotavares.com.br.
Any matter that needs to be discussed in court regarding this Privacy Policy will be in Belo Horizonte.
This Policy was prepared based on the Brazilian General Data Protection Law, Law No. 13,709/2018.
UPDATE OF THIS POLICY
Just as our business changes constantly, this Policy may also change. Therefore, whenever this Policy is updated, we will take appropriate measures to inform you of such changes.
To access the Data Subject Request Processing Form, click here.