Privacy Policy

Last updated: 03/05/2026

JA Passeios Nauticos LTDA (Tax ID 57.236.685/0001-97) respects your privacy and is committed to protecting your personal data in accordance with the Brazilian General Data Protection Law — Law No. 13.709/2018 (LGPD). This Policy describes which data we collect, how we use it, and your rights as the data subject.

1. Who We Are

Data controller: JA Passeios Nauticos LTDA
Tax ID: 57.236.685/0001-97
Contact email: [email protected]
Address: Cabo Frio, Lakes Region – RJ, Brazil
Data Protection Officer (DPO): [email protected]

2. What Data We Collect

We collect only the data strictly necessary to provide the service:

  • Identification data: full name, email, phone, and tax ID (CPF/passport).
  • Booking data: chosen tour, date, time, number of people, and total amount.
  • Technical data: IP address, browser type, and operating system (collected automatically for security and diagnostic purposes).
  • Cookies: session cookies (CSRF) and language preference. We do not use third-party advertising tracking cookies.

3. Why We Collect — Legal Basis (LGPD)

  • Contract performance (art. 7, V): name, email, phone, booking data — required to confirm and carry out the contracted tour.
  • Legal obligation (art. 7, II): CPF — required for invoice issuance under Brazilian tax law.
  • Legitimate interest (art. 7, IX): technical data (IP, access log) — used for system security and fraud prevention.
  • Consent (art. 7, I): language preference cookie — stored only to improve your browsing experience.

4. How We Use Your Data

  • Booking confirmation and email with tour details.
  • Pre- and post-sale contact via WhatsApp or email for support.
  • Electronic invoice (NF-e) issuance when applicable.
  • Site security improvement (access log analysis).
  • Reply to messages submitted via the contact form.

5. Data Sharing

Your data is shared only with processors necessary for service operation, all under contractual obligation to protect your information:

  • Mercado Pago: payment processing (card, Pix, boleto). Data transmitted in accordance with Mercado Pago privacy policies.
  • Gmail SMTP (Google): delivery of confirmation and cancellation emails.
  • Twilio / SMS: SMS notifications (when enabled).

We do not sell, rent, or share your data for commercial purposes with third parties.

6. How Long We Store Data

  • Booking and invoice data: 5 years, as required by Brazilian tax law (Law No. 9.430/1996).
  • Contact form messages: up to 6 months after the reply, unless a dispute is pending.
  • Session cookies (CSRF): until the browser is closed or logout.
  • Language cookie: up to 1 year from the last setting.
  • Consent cookie (banner): 1 year.

7. Your Rights as Data Subject (art. 18 LGPD)

You have the following rights regarding your personal data. To exercise them, send a request to [email protected]:

  • Access: know which of your data we store.
  • Correction: request update of incomplete, inaccurate, or outdated data.
  • Anonymization, blocking, or deletion: of unnecessary or non-compliant data.
  • Portability: receive your data in a structured format for transfer to another provider.
  • Deletion: request the deletion of data processed under consent (does not apply to legally required data).
  • Sharing information: know with which entities your data was shared.
  • Objection: object to processing carried out in violation of the law.
  • Consent withdrawal: withdraw consent at any time, without affecting the legality of prior processing.

We will respond to requests within 15 business days. In some cases deletion may be partial if there is a legal retention obligation.

8. Cookies

We use only strictly necessary cookies for site operation:

  • PHPSESSID (session): identifies your browsing and protects against CSRF attacks. Expires when the browser closes.
  • lang (language): stores your language preference (pt, en, es). Expires in 1 year.
  • ja_cookies_consent (banner consent): records that you have seen and accepted this notice. Expires in 1 year.

You can configure your browser to block or delete cookies, but this may compromise parts of the site (for example, secure sessions). We do not use third-party tracking, advertising, or analytics cookies.

9. Security

We adopt technical and organizational measures to protect your data, including:

  • TLS/HTTPS: all communication between your browser and the server is encrypted.
  • Password hashing (Argon2id): admin panel passwords are stored with secure cryptographic hashes.
  • Rate limiting: protection against brute-force attacks and flood requests.
  • Access logs: activity records for auditing and anomaly detection, stored outside the public directory.
  • Access control: personal data accessible only to authorized personnel with protected credentials.

In case of a security incident likely to cause significant risk or harm to data subjects, we will notify the ANPD and affected parties within legal deadlines.

10. Data Protection Officer (DPO)

The Data Protection Officer of JA Passeios Nauticos can be reached at [email protected]. The DPO is responsible for handling communications from the ANPD and data subjects, guiding staff, and taking necessary measures regarding data protection.

11. Changes to this Policy

This Privacy Policy may be updated periodically to reflect operational, legal, or regulatory changes. Relevant changes will be communicated on this page with an updated effective date. Continued use of the site after publication implies awareness of the changes.

12. Jurisdiction

This Policy is governed by the laws of the Federative Republic of Brazil. The courts of Cabo Frio – RJ are elected to resolve any controversy arising from this Policy, waiving any other jurisdiction, however privileged.

13. Contact

To exercise your rights, ask questions, or report incidents related to privacy and data protection:

  • Email (DPO): [email protected]
  • WhatsApp: 5522992027292
  • Address: Cabo Frio, Lakes Region – RJ, Brazil
View tours WhatsApp