Personal Data
Protection and Privacy

We strive to ensure the transparent, ethical and secure treatment of the personal data we process. Our activities in this area are carried out fairly and lawfully, based on laws, internal standards and market best practices.

Learn more about our governance and the actions we take to protect the privacy and safeguard personal data of everyone who interacts with us.

Personal data protection and privacy governance program

Personal data processing guidelines are enforced through a governance program based on three pillars: guidance, oversight and execution.

Guidance

1. Mapping of activities involving personal data

2. Personal data protection and privacy notices (“DP&P Notices”)

Oversight

3. Consent management

4. Third party management

5. Data protection and privacy incident management

Execution

6. Data subject rights

7. Minimization, retention and deletion of personal data

8. Education and training

Our principles

We follow seven principles to keep personal data safe:

1

Data minimization and need

We only collect data that is necessary and useful for each purpose.

2

Purpose

We always have a reason that justifies the collection of personal data.

3

Quality

We keep data up to date and accurate.

4

Transparency

This page and our DP&P Notices detail our reasons for processing data.

5

Security

We implement best practices in information security and privacy.

6

Non-discrimination

Personal data will never be used to discriminate against anyone.

7

Free access

Users are free to contact us to understand how we process their personal data or manage their preferences.

Glossary

Understand some important terms

Personal data
Sensitive personal information
Personal data subject
Data treatment
Data controller
Data operator
Autoridade Nacional de Proteção de Dados – ANPD (“National Data Protection Authority”
Data Protection Officer (DPO)
Legal bases
Consent
International data transfer

Your rights

Know your rights as the owner of your personal data

1
Confirmation of treatment and access

Right to know whether or not Suzano processes your personal data and to have access to what type of data is processed.

2
Information about data sharing

Right to know what personal data is shared, with whom and how.

3
Do not consent or revoke consent

You do not need to allow your personal data to be processed and you can revoke your consent whenever you want, as long as the legal basis for processing your data is Consent.

4
Correction and deletion

Right to have your personal data corrected, updated or deleted.

5
Anonymization and restricting processing

Right to have your personal data anonymized or restrict its processing.

6
Data portability

Right to request that your personal data be shared with other institutions.

What personal data does Suzano use?

At Suzano, we only use information that is necessary to carry out our activities and for the express purposes defined for each situation.

Personal data we use include:

CPF
E-mail
Job title
Bank information
Address
Religion
Political opinion
Health information
Biometric information
Race/ethnicity

Frequently asked questions

How long does Suzano keep personal data?
Where is personal data stored?
How does Suzano obtain personal data?
Who owns the personal data obtained by Suzano?
How does Suzano process personal data of minors?
How does Suzano protect personal data?

Personal Data Protection notices

These documents show the data we collect in different situations. To learn more, download the PDFs.

Talk to DPO

Would you like to exercise your rights as a personal data subject, learn more about our practices in this area, or report a security incident involving personal data? Fill out the DP&P Form to speak to the Privacy and Personal Data Protection Officer (DPO).

Can we help?

Search for answers to your questions in our Frequently Asked Questions section.
 If you prefer, get in touch via the Contact Us section.