Client Privacy Policy

This Policy applies to all individual clients of Régia Capital Ltda (“Régia Capital”) and, where applicable, to representatives and employees of corporate clients (“Clients”).

Régia Capital values transparency regarding personal data collected, used, stored, or otherwise processed in the context of its commercial and contractual relationships.
This Privacy Policy aims to provide clear and precise information about how Régia Capital processes personal data.
Personal data means any information capable of identifying an individual directly or indirectly.

The processing of personal data is conducted in accordance with Brazil’s General Data Protection Law (Law No. 13,709/18 — LGPD) and other applicable privacy laws.

For further information, contact Régia Capital’s DPO by phone at +55 (21) 3528-8255 or email dpo@regiacapital.com.br: dpo@regiacapital.com.br.

For the purposes of applicable law, the Controller is the person or entity responsible for decisions regarding the processing of personal data. Régia Capital is the controller of your personal data and uses it to achieve the purposes described in Section 4 of this Policy.

We collect and process personal data provided directly by our clients within the context of our commercial and/or contractual relationship. We may also obtain personal data indirectly during the course of our relationship. In this regard, personal data may also be collected through the recording of telephone calls and/or email exchanges.

In such cases, we will not routinely process personal data, but they may become necessary for other purposes in the future (such as investigations by regulatory authorities or compliance reviews under applicable rules).

Additionally, we process personal data about the Client obtained from public sources (such as the press, public websites, or public databases) or legitimately shared with us by third parties (such as service providers) for research purposes and to comply with applicable regulations.

Within the limits permitted by applicable law, Régia Capital may process the following types of personal data:

  • Identification, registration, and contact data, such as full name, date and place of birth, nationality, gender, full address, contact telephone numbers, and email address.
  • Identification documents: copies and/or numbers of ID documents such as ID card (RG), taxpayer number (CPF), driver’s license (CNH), passport, and professional licenses.
  • Financial information: source of income, assets, and shareholdings.
  • Relationship data with Régia Capital, such as client identifiers, account details, investment statements, and investment validation. Also, data regarding interactions with Régia Capital through websites, social media pages, meetings, calls, chats, emails, and phone conversations.
  • Family information: marital status, name and identification details of spouse, number of children or dependents.
  • Professional information: academic background and/or occupation.
  • Authentication data: signatures and passwords.
  • Monitoring data: video recordings and phone call recordings.
  • Judicial data: information related to lawsuits, protests, or arrest warrants, as required under applicable regulations.
  • PEP identification: information related to politically exposed person status, when applicable.
  • Preferences: data related to habits and preferences, dietary restrictions, and access limitations.

We use personal data for the purposes described in this Section 4, always in compliance with applicable law.

Legal Obligations

Régia Capital is subject to several legal and regulatory obligations, including but not limited to:
(i) regulations applicable to asset management companies issued by the Brazilian Securities and Exchange Commission (CVM), the Central Bank of Brazil, and other financial market regulators and self-regulatory bodies;
(ii) laws related to anti-money laundering and counter-terrorism financing; and
(iii) tax obligations.

Régia Capital is also subject to judicial and administrative orders. In this context, personal data may be processed for the following purposes:

  • Validate identity and prevent or detect fraud, financial crimes, and market abuse;
  • Comply with regulatory control and reporting obligations related to the financial market;
  • Meet requirements to maintain licenses and regulatory permissions;
  • Comply with investor protection regulations (e.g., investment profile assessments);
  • Maintain records required by law or regulation;
  • Assess and manage Régia Capital’s business risks in accordance with legal and regulatory requirements;
  • Comply with judicial or administrative orders;
  • Ensure Régia Capital’s business continuity, guaranteeing the security of clients and third parties, and fulfilling contractual obligations undertaken with third parties;
  • Defend Régia Capital’s interests in judicial, administrative, or arbitration proceedings.

Régia Capital conducts its activities seeking to:

  • Develop, enhance, and implement products and services;
  • Promote business development and client relationships, ensuring satisfaction of clients and other stakeholders;
  • Protect our business and the integrity of the financial market;
  • Manage risks and protect our systems, infrastructure, and facilities;
  • Defend our rights in judicial, administrative, and arbitration proceedings;
  • Exercise and defend our rights in foreign countries, including where Régia Capital’s investment vehicles operate, as well as comply with legal and regulatory obligations and cooperate with authorities and regulators.

More specifically, and without limitation, to achieve the objectives above, Régia Capital may process personal data, within legal limits, to:

  • Maintain commercial relationships with clients and third parties;
  • Provide services to clients;
  • Organize and promote events of interest to clients;
  • Conduct due diligence in transactions involving Régia Capital and/or other companies within the same economic group;
  • Exercise rights and defend itself in court proceedings in Brazil;
  • Comply with laws, regulations, and judicial orders in Brazil or abroad;
  • Follow regulatory guidance, best practices, and internal controls associated with the financial market;
  • Handle client complaints;
  • Store information in a single jurisdiction, within legal limits, to coordinate Régia Capital’s business operations and meet administrative needs within the group;
  • Facilitate operational actions related to our business relationships;
  • Consult credit agencies to assess solvency and credit risk;
  • Ensure IT system security and operational stability;
  • Conduct “know your client” (KYC) checks and politically exposed person verifications;
  • Implement video surveillance and security measures to ensure the physical and property safety of individuals and Régia Capital’s facilities (e.g., access control).

Contractual Obligations

We process personal data to maintain our commercial relationship with clients and suppliers under the terms of contractual arrangements. This processing aims to:

  • Take necessary pre-contractual steps to enter into a contract or take measures at the client’s request before entering into a contract;
  • Fulfill obligations or exercise rights established under the contract between Régia Capital and the client;
  • Terminate the contractual relationship, upon request or at Régia Capital’s discretion.

Given the diversity of products and services offered by Régia Capital, the level and nature of personal data processing will depend on the specific product or service contracted. Clients may contact our DPO for more details on contractual purposes related to their data.

Client Consent

Finally, we process data in certain situations based on client consent. In specific circumstances, we may request consent to process personal data.
The client may withdraw consent at any time by contacting the DPO, whose contact details are provided in the preamble of this Policy.
Withdrawal of consent does not affect the lawfulness of processing carried out prior to its withdrawal.

When necessary to achieve the purposes described in Section 4, Régia Capital may share personal data as described below.

Régia Capital may share client data with affiliated companies in order to:

  • Ensure the provision of a service or product dependent on another affiliated company, stock exchange, organized over-the-counter market, financial and non-financial intermediaries, or financial institutions in Brazil and abroad;
  • Facilitate business operations and service delivery to clients;
  • Manage internal risk and business operations, including cases requiring internal approval from another group company;
  • Share information with other group members related to services that may interest the client or their organization;
  • Prepare financial or regulatory reports;
  • Fulfill Régia Capital’s legitimate interests in compliance with LGPD requirements.

Régia Capital may also share personal data with:

  • Public administration bodies and government agencies;
  • Associations, administrative entities, and self-regulatory organizations;
  • Other financial institutions and credit service providers, depending on contractual arrangements (e.g., correspondent banks, custodians, brokers, stock exchanges, or credit rating agencies);
  • Any natural or legal person, public authority, or regulator to whom the client has consented to transfer data;
  • Professional advisors, including law firms, accountants, auditors, and tax consultants;
  • Insurance companies;
  • Service providers and partners contracted by Régia Capital, particularly for IT, logistics, printing, telecommunications, advisory, consulting, sales, marketing, and translation services;
  • In the event of a merger, acquisition, or incorporation involving Régia Capital, personal data may be shared during due diligence or later transferred to the acquiring entity.

As mentioned in this Policy, in certain circumstances we may transfer clients’ data to other countries.
Clients may contact our DPO at any time to clarify questions about the specific safeguards applied to international data sharing. DPO contact details are provided in this Policy.

We store and retain information:
(i) for as long as required by law;
(ii) until the end of personal data processing, as stated below;
(iii) for the time necessary to preserve Régia Capital’s legitimate interests;
(iv) for the period required to exercise Régia Capital’s legal rights in judicial, administrative, or arbitration proceedings;
(v) for tax and regulatory purposes.

Data processing ends in the following cases:

  • When the purpose for which the client’s personal data was collected has been achieved and/or the data is no longer necessary or relevant;

  • When the client exercises their right to request data deletion;

  • When required by law.

Upon termination of processing, and except as required by applicable law or this Policy, personal data will be deleted.

Clients have various rights concerning their personal data, including but not limited to:

  • Receive clear and complete information about the processing of their data, including details about sharing with third parties;

  • Request access to or confirmation of the processing of their data by Régia Capital;

  • Request correction of inaccurate, incomplete, or outdated data;

  • Object to processing, request anonymization, or deletion of data in specific cases;

  • Withdraw consent at any time when processing is based on consent (noting that withdrawal may affect service provision by Régia Capital);

  • File a complaint against the controller before the National Data Protection Authority (ANPD).

Certain legal circumstances may prevent the exercise of some rights or where disclosure could reveal Régia Capital’s trade secrets. Clients may exercise their rights by contacting the DPO using the contact information provided in this Policy.

Inscreva-se e saiba mais

Tipo de Investidor *

Ao se cadastrar, você declara estar ciente dos nossos Termos de Uso e Política de Privacidade.