Privacy Policy

Privacy Policy – Rio de Janeiro by Cariocas Travel

Last updated: November 2025

Rio de Janeiro by Cariocas Travel (“we,” “us,” “our”) is committed to protecting your privacy and handling your personal data with security, transparency, and responsibility. This Privacy Policy explains how we collect, use, process, store, and share your personal information when you visit our website, make a booking, or interact with our services.

This Policy complies with:

  • LGPD (Brazil – Law No. 13.709/2018)

  • GDPR (European Union – Regulation 2016/679)

  • CCPA/CPRA (California Consumer Privacy Act)

  • Other applicable privacy laws depending on your country of residence

By accessing our website or using our services, you agree to the practices described in this Privacy Policy.

1. Who We Are

Rio de Janeiro by Cariocas Travel is a licensed travel agency and inbound tour operator based in Rio de Janeiro, Brazil.

Website: riodejaneirobycariocas.com
Email for privacy inquiries: info@riodejaneirobycariocas.com

2. Information We Collect

We only collect personal information that is necessary to provide our services, comply with legal obligations, and improve your experience.

2.1. Information you provide directly

  • Name

  • Email address

  • Phone number

  • Country and city of residence

  • Travel details (dates, number of travelers, preferences, etc.)

  • Information submitted through contact forms, booking inquiries, WhatsApp conversations, or email

  • Information required to process reservations and payments

2.2. Information collected automatically

  • IP address

  • Device and browser type

  • Pages visited and time spent on the website

  • Cookies essential for website functionality

  • Analytics data (e.g., Google Analytics)

2.3. Payment information

Payments are securely processed through Stripe.
Stripe may collect:

  • Billing name

  • Email address

  • Billing address

  • Last digits of your card

  • Country of card issuance

We do not store any credit card information on our servers.

2.4. Comments and forms

When you submit a form or comment, we may collect:

  • Your name

  • Email address

  • Form content

  • IP address (for fraud and security protection)

3. How We Use Your Data

We use your personal data for the following purposes:

3.1. Service delivery

  • Responding to your inquiries

  • Preparing itineraries, quotes, and bookings

  • Managing and executing tours and travel services

3.2. Communication

  • Sending booking confirmations and pre-tour information

  • Providing customer support

  • Sending newsletters (only with explicit consent)

3.3. Security and fraud prevention

  • Detecting suspicious or malicious activity

  • Ensuring the integrity of our website and services

3.4. Improvement of our website and services

  • Analyzing website performance

  • Improving user experience, design, and content

3.5. Legal compliance

  • Issuing invoices

  • Complying with legal, fiscal, and regulatory obligations

4. Legal Basis for Processing

We process personal data based on the following legal grounds:

  • Performance of a contract

  • Consent (newsletter, cookies, marketing communications, image usage)

  • Legitimate interest (security, analytics, and fraud prevention)

  • Compliance with legal obligations

  • Protection of credit and fraud prevention

This complies with LGPD, GDPR, and CCPA/CPRA.

5. Sharing Your Information

We share your information only when necessary, and never for advertising sales or unrelated marketing.

5.1. Third-party service providers

  • Local guides and drivers

  • Tour partners (hotels, attractions, restaurants)

  • Payment processors (Stripe)

  • Website hosting and analytics providers

We do NOT sell your personal data.

We do NOT share data with third parties for independent marketing purposes.

Data sharing always occurs under strict confidentiality and purpose limitation.

6. International Data Transfers

Because we work with international clients and global platforms, your data may be transferred to servers located outside your country of residence, including the United States and the European Union.

We ensure adequate protection through:

  • Standard Contractual Clauses

  • Encryption and secure processing

  • Minimization of data collected

7. Cookies

We use cookies to ensure website functionality, improve performance, and understand visitor interactions.

Types of cookies

  • Essential cookies – required for the website to function

  • Analytics cookies – used to analyze traffic and performance

  • Functional cookies – for embedded content (YouTube, Instagram, Google Maps)

You may disable cookies in your browser settings, but some features of the website may not function correctly.

8. Data Retention

We keep personal data only for as long as necessary:

  • Comments: indefinitely (for historical and moderation purposes)

  • Booking-related data: up to 5 years (legal/fiscal obligations)

  • Messages and inquiries: until service conclusion or request for deletion

  • Analytics: per Google’s retention policies

After these periods, data is deleted or anonymized.

9. Your Rights

Depending on the laws of your country of residence (LGPD, GDPR, CCPA/CPRA), you may have the right to:

  • Access your personal data

  • Correct inaccurate or incomplete data

  • Request deletion

  • Request data portability

  • Withdraw consent

  • Object to certain types of processing

  • Receive information about how and why your data is used

  • Opt-out of data sale (not applicable here, as we do not sell data)

To exercise your rights, contact us at:
📧 info@riodejaneirobycariocas.com

We respond within:

  • 15 days (Brazil – LGPD)

  • 30 days (EU/US)

10. Data Security

We use industry-standard security measures including:

  • SSL/TLS encryption

  • Secure servers and firewalls

  • Access control and role-based permissions

  • Continuous monitoring

  • Fraud prevention tools

Although we follow best practices, no system is completely risk-free. If a data breach occurs, you will be notified in accordance with applicable laws.

11. Embedded Media and External Links

Our website may include embedded content from third-party platforms (e.g., YouTube, Instagram, Google Maps).

These third parties may collect data about your interaction with their content.
We encourage you to review their privacy policies.

12. Payments

Payments are processed through Stripe, which complies with PCI-DSS security standards.

We do not store credit card numbers or sensitive payment information.

13. Image Use

We only use photos or videos of customers for marketing or promotional purposes with explicit, prior consent — in compliance with GDPR and LGPD requirements.

14. Updates to This Policy

We may update this Privacy Policy periodically.
The “Last updated” date at the top of this page reflects the most recent version.

If material changes affect your rights, we will notify you directly and request new consent when legally required.

15. Contact Information

For privacy-related questions, requests, or complaints, please contact:

📧 info@riodejaneirobycariocas.com
🌐 https://riodejaneirobycariocas.com