This Privacy Policy describes how Capueira Cachaça collects, uses, shares, and protects personal data on its website cachacacapueira.com.br, in compliance with the General Data Protection Law (Law No. 13,709/2018 – LGPD).

By using the website, the data subject acknowledges this Policy and, when applicable, consents to the processing of their data for the purposes described herein, in compliance with the legal provisions of the LGPD.

1. Controller and Data Protection Officer (DPO)

Controller: Fazenda Pires Aguiar | Capueira Beverages (Capueira Cachaça).

Contact channel for the controller/DPO: will be provided in the website footer and/or on the contact page, for the exercise of data subjects’ rights in accordance with Article 18 of the LGPD.

2. Data We Collect

Data provided by the data subject: name, email, phone number, address, order and billing information (when there are contact forms, registration, quotes, newsletter subscription, or purchases).

Dados coletados automaticamente: endereço IP, data e hora de acesso, páginas visitadas, identificadores de dispositivo, dados de cookies e tecnologias semelhantes para funcionalidades, estatísticas e segurança.

Dados sensíveis: não buscamos coletar dados sensíveis; caso necessários e pertinentes, serão tratados apenas com base legal adequada e com medidas reforçadas de segurança.

3. Purposes and Legal Bases

We process personal data for the following purposes, in accordance with the legal grounds provided by the LGPD:

Responding to inquiries, quotes, support requests, and customer relationship management (performance of a contract or preliminary procedures; legitimate interest where applicable).

Processing orders, billing, delivery, and after-sales service (performance of a contract; compliance with legal/tax obligations).

Sending marketing communications, news, and promotions, based on consent and with the option to opt out at any time.

Analyzing website performance, preventing fraud, and maintaining security (legitimate interest and compliance with security obligations).

Complying with legal and regulatory obligations, including those related to alcohol and taxation (legal obligation).

4. Cookies and Similar Technologies

We use essential cookies (functionality and security), analytics cookies (usage statistics), and, when applicable, marketing cookies.

How to manage: the data subject can adjust preferences in the cookie banner (when available) and/or in the browser; some cookies are essential and cannot be disabled.

Legal basis: consent for non-essential cookies, and legitimate interest/contract performance for strictly necessary cookies.

5. Data Sharing

We may share data with:

Hosting, email, analytics, payment processing, logistics providers, and other companies that assist us in operating the website and services, acting as processors under contracts with confidentiality and security obligations.

Public authorities when required by law or legal order.

Any international transfer will follow LGPD requirements, such as appropriate contractual clauses and protection safeguards.

6. Retention and Disposal

Data is kept only for as long as necessary to fulfill the purposes, contracts, and legal obligations (e.g., tax deadlines), and is deleted or anonymized at the end, in accordance with internal retention policies and the LGPD.

7. Data Subject Rights

Under Article 18 of the LGPD, data subjects may request: confirmation of processing, access, correction, anonymization, blocking or deletion, portability, information about data sharing, withdrawal of consent, and objection where applicable.

How to exercise: through the DPO channel indicated in this Policy; we will respond within the legal deadlines and may request proof of identity.

8. Information Security

We adopt technical and administrative measures to protect data against unauthorized access, incidents, and misuse, as well as policies and controls based on security and privacy best practices. In the event of a relevant incident, we will notify the ANPD and the data subjects, when required by law.

10. Age Requirement and Responsibility

The sale of alcoholic beverages is prohibited to individuals under 18 years of age; age verification mechanisms and notices are implemented on the website and sales channels, in accordance with applicable law.

10. Third-Party Links

Our website may contain links to third-party websites; we are not responsible for the privacy practices of these websites and recommend reviewing their policies before providing data.

11. Changes to this Policy

This Policy may be updated to reflect changes in processes, laws, or technologies; the current version will be published on the website with the update date indicated and, when appropriate, data subjects will be notified of relevant changes.

12. Additional Information on LGPD Compliance

Principles: good faith, purpose, adequacy, necessity, free access, quality, transparency, security, prevention, non-discrimination, and accountability.

Governance: data mapping, processing records, contracts with processors, training, and periodic reviews are recommended practices for compliance.

13. Data Protection Officer (DPO) Contact

For questions, requests, or the exercise of rights, use the DPO channel indicated on the website or contact us via the corporate email provided on the contact page; messages will be handled in accordance with the LGPD and our internal guidelines.