Do you want to receive all our news and information?



At IMAFLORA, we are committed to protecting the personal data used in our activities. This Privacy Policy contains clear and transparent information about the processing of personal data and the ways in which we protect data and its holders in accordance with the General Law on Personal Data Protection (LGPD), Law no. 13709/2018.


To better understand what personal data is used in our business model, how it is collected and for what purpose, please look below at the option that best reflects your interaction with IMAFLORA:

What data is collected?

When you access the IMAFLORA web portal, the following data is collected:

Registration data: information voluntarily provided by the data subjects when filling out the registration form on our platform, such as full name, e-mail, organisation, municipality, state, country, telephone, CPF tax number and address.

Electronic records and User interaction data: information collected as a result of browsing (whether you are a visitor or a registered user) on our platform - such as the IP (Internet Protocol) address, Session ID (Identity/session token), data from mobile devices used to access the website (including operating system version, browser, connection and software installed), geo-location data, and other information related to user interaction, such as the date and time of access, items viewed, time spent on pages, areas visited, click logs and cookie identifiers.

Why is the data collected?

The personal data collected is mostly used for the provision of our projects and services to our audiences in the online environment. See below our purposes for collecting data in our operations:

  • ● Provision of services made available in the online environment, in compliance with the contractual obligations undertaken.
  • ● Registration maintenance for better communication with our audiences.
  • ● Provision of services associated with the products offered by us.
  • ● Identification and authentication of users in an appropriate way in the exclusive areas of our intranet to make it easier to answer requests and questions about projects and services.
  • ● Definition and analysis of patterns and consumption preferences of our audiences, including for the dissemination of content, news and information tailored to improving the relationship.
  • ● Conducting IMAFLORA's advertising campaigns, including through partnerships with the media and social networks.
  • ● Consolidation of indicators for the use of the services provided on our platform and actions for continuous improvement.
  • ● Customisation and browsing improvement;
  • ● Increase in physical and asset security mechanisms;
  • ● Reducing the risk of illegal activities and fighting fraud;
  • ● Compliance with legal or regulatory obligations and/or regular exercise of rights in legal, administrative and/or arbitration proceedings.


In addition to the data provided by the data subject when using the digital platforms, we make use of features such as cookies to improve the user’s browsing experience.

Cookies are small files that temporarily store certain preferences identified during visits to the domain, allowing data relating to the computer or other device used by the user to be stored with the aim of optimising interaction within the platform.

Certain cookies are essential for the functioning of the electronic platform, and they cannot be disabled without adversely affecting the browsing experience.

On the other hand, there are also the so-called non-essential cookies, which although not mandatory help to optimise the user experience by providing resources such as memorisation of preferences and search terms, for example, customising the browsing experience for the user. You can control the use of non-essential cookies through your browser settings, but this may affect the proper operation of our platforms.


The personal data used by IMAFLORA, within the limits of what is necessary, may be shared with some recipients, namely:

Partners/service providers, funders and suppliers: as many of the services provided depend on working with other organisations, we may share personal data with partners/service providers, suppliers and funders in order to perform data processing and/or storage tasks, which we do in strict compliance with the purposes informed to the data subjects.

External audits: personal data may be shared with external audit services of our operations, mainly for analysis regarding compliance with privacy and data protection and information security parameters.

Public authorities or official entities: in order to comply with legal obligations to which we are subject, we may have to share data with public authorities or official bodies, upon request or express legal provision.


IMAFLORA is an organisation that has partnerships with partners/service providers, suppliers and funders from other countries, therefore, to pursue its activities, it may transfer personal data internationally to its units and public bodies or entities within the jurisdictions where it operates.

In these cases, the appropriate technical, organisational, contractual and legal measures are observed to ensure that the personal data is treated in accordance with the laws of the countries involved.


IMAFLORA adopts market policies, mechanisms and security procedures to protect personal data from unauthorised access and accidental or illegal events of destruction, loss, alteration, communication or dissemination.

However, like all circumstances inherent to the architecture of the internet, security cannot be unrestrictedly assured against all threats in the online environment, and we are committed, to the best of our ability, to employ the available security measures to prevent incidents.

Furthermore, we direct our efforts towards making our employees aware of the importance of data protection, in order to keep them up to date with the best market practices and the importance of implementing internal flows such as access control and the duty of confidentiality.


The policy of retention of personal data by IMAFLORA abides by the following guidelines:

  • ● Only personal data that is strictly necessary for the fulfilment of the purposes of the processing are kept in our systems. Therefore, whenever applicable, we carry out the appropriate deletion of unnecessary or excessive personal data.
  • ● It should also be noted that, even with the purpose of deleting unnecessary data, we preserve the information required for compliance with legal and regulatory obligations or for the regular exercise of our rights in judicial, administrative or arbitration proceedings.


Under Brazilian law, we highlight below the following rights, which may be requested by the personal data subjects through the contact channels provided in this Policy, respecting the applicable limits:

Confirmation and access to data: anyone may request confirmation of the existence of processing and access to the data processed by IMAFLORA, as well as information on the possible sharing with third parties of their personal data.

However, to enable the exercise of this right, we may implement mechanisms to authenticate the identity of the requester, in order to ensure the security and protection of the information.

Revocation of consent: in situations whereby the performance of processing operations requires consent, consent may be revoked at any time by express manifestation of the data subject in a simple, free and readily available manner. Such may occur through the contact channels described in item 11.

Correction: in the event of incorrect, inaccurate or outdated personal data, the personal data subject may request the correction of such information or may carry out the correction in a quick and immediate fashion by updating the registration themselves.

Deletion or anonymisation: the data subject may request the deletion or anonymisation of the data provided in a specific situations - notably when the legal basis for the processing is consent - in particular when he or she believes that his or her data is being processed excessively, unnecessarily or in breach of the applicable law. However, it is entirely possible that, even after the request for deletion, some personal data will remain stored in order to comply with legal obligations or for the protection of our interests or those of third parties.

Opposition and Review: the data subject will be given the opportunity to oppose the processing of their personal data and to review automated decisions, subject to the limits and requirements provided by law.


ANONYMISATION. Use of reasonable and available technical means at the time of processing whereby data loses the possibility of association, directly or indirectly, with an individual.

CONSENT. Free, informed and unequivocal manifestation through which the data subject agrees with the processing of his/her personal data for a specific purpose.

CONTROLLER. An individual or legal entity, governed by public or private law, who is responsible for decisions concerning the processing of personal data.

COOKIES. Cookies are small files created while a user is browsing a website that are stored on the user's computer by the user’s web browser. These files contain information that identifies the visitor, either to personalise the page according to the profile or to make it easier to transport data among the pages.

PERSONAL DATA. All information related to an identified or identifiable natural person (individual); in other words, this concept encompasses direct information, such as name, RG, CPF numbers and address, as well as indirect information, such as location data and other electronic identifiers.

SENSITIVE PERSONAL DATA. Data related to racial or ethnic origin, religious belief, political opinion, membership of a trade union or religious, philosophical or political organisation, data concerning health or sex life, genetic or biometric data when linked to an individual.

DATA PROTECTION OFFICER (DPO). Person appointed by the controller and operator to act as a communication channel between the controller, the data subjects and the National Data Protection Authority (Autoridade Nacional de Proteção de Dados - ANPD).

OPERATOR. Individual or legal entity, either governed by public or private law, who carries out the processing of personal data on behalf of the controller.

DATA SUBJECT. Individual to whom the personal data which is the subject of the processing pertains to.

PROCESSING OF PERSONAL DATA. Any operation carried out with personal data, such as that related to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, elimination, assessment or control of information, modification, communication, transfer, dissemination or extraction.


This Privacy Policy may undergo updates and adjustments at any time in order to reflect IMAFLORA's practices on privacy and personal data protection.

If the update is substantial, we will use the means available to contact our customers to make them aware of the changes. In any case, the date of the last update will always appear at the end of the document, and it is recommended for the subject to remain attentive to the information provided.

We would like to remind you that it is your right, as a data subject, to lodge a complaint with the National Authority for Personal Data Protection (Autoridade Nacional de Proteção de Dados Pessoais - ANDP).


Should you have any doubts about this Policy or about matters related to the processing of the personal data performed by IMAFLORA, or even if you wish to exercise your rights, please contact us through our relationship centre.

If you prefer, you can also get in touch with us directly through the contacts:

E-mail: [email protected]

Phone: (+55) 19 3429 0800.

As a condition for exercising your rights, we will request proof of your legitimacy and your identity.