Privacy Policy

Privacy Policy


Lumina Capital Management Ltda. (Controller), as Controller of personal data for the purposes of Law No. 13,709/18 (General Data Protection Law – LGPD), formalizes this policy as a way of demonstrating its commitment and transparency to all data subjects personal data, in the search for the adequate treatment of the data of natural persons who may have access in the scope of their activities and responsibilities.

In this way, based on the Controller’s internal policies and guidelines and the current data protection legislation, the personal data of natural persons that may be provided to the Controller will be subject to adequate internal treatment subject to the confidentiality and security policy of the Controller. information and cybernetics of the Controller that must already be observed by all its employees.


For the purposes of this policy, the terms below shall be interpreted as follows:

  • Controller”: the natural or legal person responsible for decisions regarding the Processing of Personal Data;
  • “Operator”: the natural or legal person who processes Personal Data on behalf of the Controller, following its instructions;
  • “Processing agents”: the controller and the operator;
  • “Holder”: natural person to whom the personal data subject to processing refer;
  • “Personal Data”: information related to the identified or identifiable natural person;“Anonymized data”: data relating to a holder who cannot be identified, considering the use of reasonable technical means available at the time of processing;
  • “Processing”: any operation carried out with personal data, such as those referring to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or extraction;
  • “Anonymization”: use of reasonable technical means available at the time of processing, through which data loses the possibility of direct or indirect association with an individual;
  • “Consent”: free, informed and unequivocal statement by which the holder agrees with the processing of his personal data for a specific purpose;
  • “In charge”: person appointed by the controller and operator to act as a communication channel between the controller, data subjects and the National Data Protection Authority (ANPD)
  • “User”: natural person who accesses the Controller’s website.


Cookies are small files that are stored on the website user’s computer and, through them, it is possible to obtain information about the user’s navigation. The Controller’s website contains cookies whose purpose is to improve the experience of those who access it. The cookies used collect statistical information about how users use this website, allowing the Controller to improve its operation and improve the experience of those who access it. Such information, however, does not directly identify the user. The Controller’s website may, however, contain links to third party websites, for which the Controller has no responsibility. It is possible for the user to deactivate the cookies on his computer by means of a specific configuration in his browser, which, however, may impair the user’s browsing experience on the Controller’s website. To find out how to deactivate this function, the user can access the help options of his browser.


For data collection purposes, this policy has two categories:

  1. Third party data;
  2. Controller employee data.

In relation to item a) the Controller may eventually have access to the following personal data of holders:
– Name
– email
– date of birth
– ID
– spouse
– residence
– profession

Regarding item b), the Controller may collect the following personal data from holders:
– Name
– Date of birth
– Name of the parents
– ID
– driving license
– voter ID
– Image
– Marital status
– Level of education or schooling
– Profession
– Professional resume
– Home address
– Telephone
– Email
– Biometry
– Bank data


The personal data of third parties may be used to send e-mails disclosing the Controller. In addition, in exceptional situations, they may also be used when appropriate in the operational context in which the Controller’s service is inserted. In relation to the personal data of employees, these will be used within the purpose that the employment or corporate relationship established between employees and the Controller demands and the context of the regulated market in which the Controller operates. In this way, the purpose of processing personal data of employees is intended to enable both due compliance with the Controller’s internal policies, as well as commercial demands, due diligences of commercial partners and also compliance with labor, corporate, regulatory accounting rules, among others. , to which the Controller is subject


As a rule, the Controller does not share the Owner’s personal data with third parties that are not authorized by the Owner or in the context of its services.
Any transfer of unauthorized data is restricted to the cases provided for in current data protection legislation, and both the Controller and the Operator undertake to fully comply with the legal requirements established in the data processing legislation.


The Controller is responsible for maintaining security, technical and administrative measures capable of protecting personal data from unauthorized access and accidental or unlawful situations of destruction, loss, alteration, communication or any form of inappropriate or unlawful treatment.

Each Collaborator of the Controller, within the scope of their activity, must ensure the security of the personal data of holders who may have access under the terms of this policy and Law No. 13,709/18.

Pursuant to art. 48 of Law No. 13.709/18, the Controller will notify the Holder and the National Data Protection Authority (ANPD) of the occurrence of a security incident that may pose a risk or relevant damage to the Holder.


The Controller may keep and process the Holder’s personal data for as long as they are relevant to the purposes listed in this Policy.

Anonymized personal data, without the possibility of association with the individual, may be kept for an indefinite period.

The Holder may request via email (, at any time, that their non-anonymized personal data be deleted.


The holder of the personal data has the right to obtain from the Controller, in relation to the data of the holder processed by him, at any time and upon request:

I – confirmation of the existence of treatment;
II – access to data;
III – correction of incomplete, inaccurate or outdated data;
IV – anonymization, blocking or deletion of data that is unnecessary, excessive or treated in violation of Law No. 13,709/18;
V – deletion of personal data processed with the consent of the holder, except in the hypotheses provided for in art. 16 of Law No. 13,709/18;
VI – information from public and private entities with which the Controller carried out shared use of data;
VII – information on the possibility of not providing consent and on the consequences of the refusal;
VIII – revocation of consent, when applicable under the terms of § 5 of art. 8 of Law No. 13,709/18.

The Holder of personal data may exercise these rights by contacting the Controller by email:

The Administrators of the Controller (Messrs. Daniel Goldberg and Ana Luiza Tesser are the Data Protection Officer – DPO) for the purposes of the general data protection law.


This Privacy Policy applies to the aforementioned circumstances throughout the period in which the Controller stores the Holder’s personal data.


The Controller reserves the right to change this privacy policy at any time by publishing the updated version on its website.