GÁS NATURAL AÇU S.A. (“GNA”), in its capacity as Controller of your Personal Data, is committed to ensuring security and transparency in the Processing of Personal Data of all individuals involved in its activities, in compliance with the Brazilian General Data Protection Law (Law No. 13.709/2018 or “LGPD”) and regulations issued by the National Data Protection Authority (“ANPD”) (together, the “Applicable Data Protection Legislation”), including (i) clients, (ii) suppliers, (iii) individuals from civil society, (iv) individuals from institutions and public bodies, (v) visitors and (vi) applicants, to whom this Privacy Notice (“Notice”) is addressed. If you are an employee or contractor of GNA, this Notice shall not apply to you, as the processing of such data is regulated in specific internal documents provided to the parties involved.

For us, security, ethics and transparency are values that we cultivate daily at GNA and guidelines described in our Code of Ethical Conduct. For this reason, we share below the situations in which GNA collects and shares your Personal Data, as well as the rights that you, as a Data Subject, hold with regard to the Processing of your Personal Data.

By interacting with us, you entrust us with your information and declare that you have carefully read the provisions of this Notice.

GNA reserves the right to modify this Privacy Notice at any time, and you may view such update whenever you access our website. However, do not worry! Whenever we make significant changes to the content of this Notice, you will be notified. Furthermore, should any of these changes imply the need for us to obtain your prior and express authorization, we shall do so.

Capitalized terms used herein shall have the meaning attributed to them by the Applicable Data Protection Legislation and may be consulted in the ANPD Glossary.

For what purpose do we process your Personal Data?

GNA performs the Processing of Personal Data based on legitimate, explicit and specific purposes, and supported by one of the legal bases provided in the LGPD. The Personal Data we process are provided to us directly by you or by third parties who have legitimacy to share your Personal Data with us by e-mail, physical or digital forms, recordings at events, digital tools and/or by system integration.

We want you to know exactly how your Data are used by us. Therefore, we highlight below the purposes of the Processing of Personal Data carried out by GNA:

  • To identify and authenticate natural persons for access control, circulation and permanence in GNA’s operational, administrative, customs and port areas, through the issuance of credentials, photographic records, monitoring by surveillance cameras and control of entry of persons and vehicles.
  • To comply with legal and regulatory obligations before Federal, State and Municipal public organizations.
  • To carry out the screening, analysis and conduction of selection processes for job vacancies, internships and other opportunities at GNA.
  • To plan and implement social and community engagement programs in the surroundings of GNA’s operations.
  • To manage land surveys, which includes the storage of information related to ownership, possession and use of lands located in the area of GNA’s projects and of their respective occupants or owners.
  • To receive, analyze and handle internal or external complaints and incidents, conduct due diligence and internal investigations related to integrity, compliance and governance, adopting appropriate legal measures.
  • To organize, record and publicize institutional and corporate events promoted or supported by GNA, including the issuance of credentials, collection and use of participants’ data and images for internal metrics, communication and historical records.
  • To enable the celebration, execution and management of contracts with partners, suppliers and service providers; to carry out digitization and document organization; as well as to execute receivables and payables processes related to GNA’s activities.
  • To respond to requests received through GNA’s official communication channels, such as the “Contact Us” channel, as well as to interact with press representatives and other stakeholders, ensuring institutional transparency.
  • To enable the use of internal systems and operational transport and logistics services, including travel resources, when provided by GNA to partners, suppliers and other persons involved in GNA’s operations.
  • To manage cookies of users who access GNA’s digital channels, such as the institutional website, for the purposes of security and responding to requests received in those environments.
  • To attend to your rights as provided in the LGPD, or to comply with court orders or respond to requests from other public authorities, as provided by law.

GNA stores evidence of express consent (opt-in) when such consent is considered, by the applicable privacy legislations, indispensable for the Processing of your Personal Data. Likewise, in the event of revocation of consent, proof of such revocation is also stored.

More information about the purposes and legal bases for the collection and Processing of such Data can be found in the specific terms of each service.

For the performance of our activities, GNA may Process the following categories of Personal Data:

  • Registration and identification data, such as full name, signature, address, date and place of birth, marital status and parentage, naturalness, images and identification document numbers (Driver’s License – CNH, Passport, ID card – RG and/or CPF). In the case of minors, we request the RG and/or CPF of the Data Subject and the power of attorney of the legal representative;
  • Contact information, such as e-mail, mobile number and/or telephone (business or residential);
  • Professional information, such as position, professional registration, professional and academic background;
  • Sensitive Personal Data, such as health information, information concerning race and sexual orientation (only when necessary for compliance with legal or regulatory obligations);
  • Personal device identification information, such as the IP address of the mobile device, locator and geolocation;
  • Automotive vehicle data, such as license plate, model, color and other information contained in vehicle registration.

Remember that you are solely responsible for the accuracy and truthfulness of the Data you provide or for their becoming outdated. Please note that it is your responsibility to ensure their accuracy or to keep them updated.

Occasionally, GNA may process the Personal Data of persons under 18 (eighteen) years of age. In such cases, we ensure that the Processing shall always be carried out in the best interests of the minor, including, where necessary, through prior authorization from his/her respective parent or legal guardian, pursuant to the Applicable Data Protection Legislation.

Your Personal Data may be shared based on an appropriate legal basis, respecting the principles regulated by the LGPD, and may be accessible to:

  • Partners and service providers, such as legal consulting and services, platform and audit providers, communications companies, information security, logistics, travel agencies, insurance brokers and engineering firms. These partners will be allowed to access only the information necessary to properly provide the service, and we require that they contractually commit to a high standard of data protection and privacy;
  • Federal, State and Municipal public bodies and competent authorities for the purposes of (i) complying with legal or regulatory obligations, court or administrative orders, (ii) investigating possible violations of rights; (iii) ensuring the safety of Data Subjects and third parties; and (iv) safeguarding rights and preventing liabilities of GNA;
  • Other companies within the GNA Group;
  • In addition, in the event GNA undergoes any corporate restructuring transaction, your Personal Data may be shared with the persons involved in the context of such transaction.

The Data Subject has the following rights regarding their Data, as provided in the Applicable Data Protection Legislation:

  • To receive clear and complete information about the Processing of their Personal Data, including the circumstances of any sharing;
  • To request access to their Personal Data and/or confirmation of the existence of Personal Data Processing;
  • To request the rectification of any inaccurate, incomplete or outdated Personal Data;
  • To object to Processing activities, to request anonymization, blocking or deletion of Personal Data that are unnecessary, excessive or processed in non-compliance with the LGPD;
  • To request the portability of their Personal Data to another service or product provider;
  • To revoke consent at any time, where GNA processes their Personal Data on the basis of consent;
  • To request review of automated decisions that may affect their interests;
  • To petition regarding Personal Data against the Controller before the ANPD; and
  • To request information about the entities with which GNA has performed shared use of Personal Data.

You may request your rights by contacting our Data Protection Officer, Mr. Fernando Landau, and the privacy team by e-mail at Privacy Portal and dpo@gna.com.br.

To ensure that Personal Data are not disclosed to any person who is not entitled to receive them, we inform you that for verification of the authenticity of the Data Subject, the following will be required:

  • Data Subject: Copy of ID card (RG) or Driver’s License (CNH);
  • Legal Representative: Copy of ID card or Driver’s License (Data Subject + legal representative) and Power of Attorney.

We ask that you do not hesitate to contact us before filing any complaint with the ANPD, so that we may try to resolve your inquiry or complaint directly.

GNA uses appropriate technical and administrative measures to protect your Personal Data against unauthorized or unlawful Processing and against accidental loss, destruction, alteration, disclosure or any other situations that could cause damage to Data Subjects, ensuring the integrity, authenticity, security and confidentiality of the Personal Data Processed.

Your Personal Data are stored securely on protected equipment. GNA is committed to best cybersecurity practices and, as such, has well-defined guidelines for physical security protection, internal network protection, remote access, security zones in networks, workstation protection, data security, education and awareness, backup and recovery, monitoring and response. In addition, it continuously requires its business partners to adopt conduct aligned with these guidelines.

However, please know that no method of transmission or storage of electronic Personal Data is completely secure and may be subject to external attacks. In view of this, we shall not be liable for damages arising from acts of third parties who use improper, fraudulent or illegal means to access information stored on the servers or in the Personal Data databases used.

Personal Data may be stored only for the period necessary to fulfill the Processing purposes for which the Personal Data were collected, as indicated in this Notice. Thus, we will retain your data (i) for the time required by law; (ii) until the termination of Personal Data Processing, as mentioned below; or (iii) for the time necessary to preserve the legitimate interest of GNA, as the case may be.

The termination of Personal Data Processing shall occur in the following cases:

  • When the Personal Data collected have achieved their purpose, or when the Data cease to be necessary or relevant to the scope of such purpose;
  • When the Data Subject is entitled to request the termination of the Processing and deletion of their Personal Data and so requests; and/or
  • When there is a legal determination to that effect, including by the ANPD.

In these cases of termination of Personal Data Processing, subject to the hypotheses established by applicable law, such Data will be eliminated immediately.

Your Personal Data may be stored on servers outside the Brazilian territory. In such case, we will perform the international transfer of your Personal Data in a secure manner and in compliance with the Applicable Data Protection Legislation.

When you visit our website, it may store or collect information in your browser, mainly in the form of cookies. Such information may be about the Data Subject, their preferences or information identifying their device and are used mainly to make the website operate as expected. The information normally does not directly identify you, but may offer a more personalized web experience. As we respect your right to privacy, you may choose not to allow certain types of cookies, except for the necessary cookies.

Click here to review the settings and manage your cookie preferences.

It is worth noting that different browsers provide different methods to block and delete cookies used by websites. The Data Subject may change their browser settings to block/delete cookies. Below are links to support documents on how to manage and delete cookies for the main web browsers:

If you are using any other web browser, you should visit the browser’s official support documents.

If you have any questions, do not hesitate to contact GNA’s Data Protection Officer, Mr. Fernando Landau, and the privacy team by e-mail at Privacy Portal and dpo@gna.com.br.

The information contained in this Privacy Notice may be modified or updated periodically, with the aim of more accurately reflecting our ongoing commitment to privacy and the protection of personal data. We recommend that you consult this Notice regularly to stay informed about the most recent practices adopted.

Communication channel

You may contact the Data Protection Officer, Mr. Fernando Landau, and the privacy team directly by e-mail at Privacy Portal and dpo@gna.com.br.