top of page

Privacy Policy

At the Association for Support and Study of Ticketing and Collection in Public Services of Collective Passenger Transport of the State of São Paulo - ABASP ("ABASP"), privacy and security are priorities and we are committed to the transparency of the treatment of personal data of our users. /customers. Therefore, this Privacy Policy sets out how the collection, use and transfer of information from customers or other people who access or use our website is carried out.

By using our services, you understand that we will collect and use your personal information in the ways described in this Policy, under the rules of the Federal Constitution of 1988 (Article 5, LXXIX; and Article 22, XXX - included by EC 115/2022) , Data Protection rules (LGPD, Federal Law 13.709/2018), consumer provisions of Federal Law 8078/1990 and other applicable Brazilian legal system rules.

Thus, the Association for Support and Study of Ticketing and Collection in Public Services of Collective Passenger Transport of the State of São Paulo - ABASP, hereinafter referred to simply as "ABASP", registered with the CNPJ/MF under No. 35.300.908/0001 -03, in the role of Data Controller, is bound by the provisions of this Privacy Policy.

1. What data do we collect about you and for what purpose?

We receive, collect and archive the information you add to our website or otherwise provide to us. In addition, we collect the IP address used to connect your computer to the Internet; login data; email address; password; computer and internet information. We may use tools to measure and collect browsing information, including page response time, total time spent on certain pages, page interaction information and the methods used to leave the page.

Data is collected for the purpose of:

- To be able to contact our visitors and users with general or personalized notices related to services and promotional messages;
- To create aggregated statistical data and other aggregated and/or inferred non-personal information, which may be used by us or our business partners to provide and improve our respective services;
- To comply with any applicable laws and regulations.
2. How do we collect your data?

When you access the website and with your consent.

3. What are your rights?
ABASP assures its users/clients their rights as holder provided for in article 18 of the General Data Protection Law. That way, you can, free of charge and at any time:

Confirm the existence of data processing, in a simplified way or in a clear and complete format.
Access your data, being able to request them in a legible copy in printed form or by electronic means, safe and suitable.
Correct your data, when requesting the edition, correction or update of these.
Limit your data when unnecessary, excessive or treated in breach of legislation through anonymization, blocking or elimination.
Delete your data processed from your consent, except in cases provided for by law.
Revoke your consent, disallowing the processing of your data.
Inform yourself about the possibility of not providing your consent and about the consequences of denial.
4. How can you exercise your proprietary rights?
To exercise your proprietary rights, you must contact (simplified corporate name) through the following available means:

 Contact means
means of contact
In order to ensure your correct identification as the holder of the personal data object of the request, we may request documents or other evidence that can prove your identity. In this case, you will be informed in advance.

5. How and for how long will your data be stored?
Your personal data collected by (simplified business name) will be used and stored for the time necessary for the provision of the service or for the purposes listed in this Privacy Policy to be achieved, considering the rights of data subjects and controllers.

In general, your data will be kept as long as the contractual relationship between you and (simplified business name) continues. At the end of the period of storage of personal data, they will be deleted from our databases or anonymized, except for the cases legally provided for in article 16 general data protection law, namely:

I – compliance with a legal or regulatory obligation by the controller;

II – study by a research body, guaranteeing, whenever possible, the anonymization of personal data;

III – transfer to a third party, provided that the data processing requirements set forth in this Law are complied with; or

IV – exclusive use of the controller, its access by a third party being prohibited, and provided that the data is anonymized.

That is, personal information about you that is essential for the fulfillment of legal, judicial and administrative determinations and/or for the exercise of the right of defense in judicial and administrative proceedings will be kept, despite the exclusion of other data._cc781905-5cde- 3194-bb3b-136bad5cf58d_

The storage of data collected by (simplified corporate name) reflects our commitment to the security and privacy of your data. We employ technical protection measures and solutions capable of guaranteeing the confidentiality, integrity and inviolability of your data. In addition, we also have risk-appropriate security measures and access control to stored information.

6. What do we do to keep your data safe?
To keep your personal information secure, we use physical, electronic and managerial tools aimed at protecting your privacy.

We apply these tools taking into account the nature of the personal data collected, the context and purpose of the treatment and the risks that any violations would generate for the rights and freedoms of the data subject collected and processed.

Among the measures we have adopted, we highlight the following:

Only authorized persons have access to your personal data
Access to your personal data is made only after the confidentiality commitment
Your personal data is stored in a safe and suitable environment.
In the event of security incidents that may generate relevant risk or damage for you or any of our users/clients, we will communicate to those affected and the National Data Protection Authority about what happened, in line with the provisions of the General Data Protection Law. Data.

7. With whom can your data be shared?
In order to preserve your privacy, ABASP will not share your personal data with any unauthorized third parties. 

8. Cookies or browsing data
ABASP makes use of Cookies, which are text files sent by the platform to your computer and stored there, which contain information related to website navigation. In short, Cookies are used to improve the user experience.

By accessing our website and consenting to the use of Cookies, you declare that you know and accept the use of a navigation data collection system with the use of Cookies on your device.

You can, at any time and at no cost, change the permissions, block or refuse Cookies. However, revocation of consent for certain Cookies may make it impossible for some features of the platform to function correctly.

To manage your browser's cookies, just do it directly in the browser settings, in the Cookies management area.

9. Amendment of this Privacy Policy
The current version of the Privacy Policy was formulated and last updated on: 09/19/2022.

We reserve the right to modify this Privacy Policy at any time, mainly depending on the adequacy of any changes made to our website or in the legislative scope. We recommend that you review it frequently.

Any changes will take effect as of their publication on our website and we will always notify you of the changes.

By using our services and providing your personal data after such modifications, you consent to them. 

10. Responsibility
ABASP provides for the liability of agents who act in the data processing processes, in accordance with articles 42 to 45 of the General Data Protection Law.

We undertake to keep this Privacy Policy updated, observing its provisions and ensuring compliance.

In addition, we are also committed to seeking technical and organizational conditions that are safely able to protect the entire data processing process.

If the National Data Protection Authority requires the adoption of measures in relation to the processing of data carried out by (simplified business name), we undertake to follow them. 

10.1 Disclaimer
As mentioned in Topic 6, although we adopt high security standards in order to avoid incidents, there is no virtual page that is entirely risk-free. In this sense, (simplified corporate name) is not responsible for:

I – Any consequences arising from the negligence, recklessness or malpractice of users in relation to their individual data. We guarantee and are only responsible for the security of the data processing processes and the fulfillment of the purposes described in this instrument.

We emphasize that the responsibility regarding the confidentiality of the access data lies with the user.

II – Malicious actions by third parties, such as hacker attacks, unless proven culpable or deliberate conduct by (simplified corporate name).

We emphasize that in the event of security incidents that may generate relevant risk or damage to you or any of our users/customers, we will communicate to those affected and the National Data Protection Authority about what happened and we will comply with the necessary measures.

III – Inaccuracy of the information entered by the user/client in the records necessary for the use of the services of (simplified corporate name); any consequences arising from false information or entered in bad faith are the sole responsibility of the user/customer.

bottom of page