Bonitour Logo

Política de Privacidade

Bonitour Privacy Area

Don't worry, you are protected here! Every citizen is entitled to privacy, and we, at BONITOUR, deeply care and respect our customers and/or partners.

We operate in accordance with the Lei Geral de Proteção de Dados (LGPD), a Brazilian law inspired by the  General Data Protection Regulation,  (GDPR. This law applies to this policy because the data collected is processed in brazilian territory and ensures that our efforts are directed towards ethical and legal action in all our sectors, following the main information security and governmental compliance guidelines.

We also train our employees to maintain a high-quality, efficient organizational structure, capable of delivering the best service and, at the same time, taking care of your personal data.


We hold personal information of some data subjects (data subjects are citizens/individuals): platform users, whether legal representatives of our partners, or travelers who register on the BONITOUR platform, therefore, becoming users of the platform. In addition, we hold the personal data of our employees and/or service providers.


Users interact with BONITOUR in different ways and we may need to collect personal data in some cases. For example, when signing contracts, registering on the platform, making payments, and when filling out forms created by us and shared in different locations, such as on websites and social media.


We need personal data to enable our relationship with our stakeholders. Personal data is required to sell trips/tours and packages, offer customers tour planning features through the "Check-in" tab, formalize contracts and payments, register and use the tools on our platform, in addition to sending advertising and promotions to those who agree to receiving it, as well as to respond and keep in contact when needed.


With BONITOUR your rights are fully guaranteed. According to the  Lei Geral de Proteção de Dados (LGPD), a Brazilian law inspired by General Data Protection Regulation  (GDPR), data subjects may require, in addition to other information, the following:

a. Confirmation of awareness of data processing and treatment;

b. Access to processed data;

c. Correction of information;

d. Exclusion of data (except when required for compliance with legal or regulatory obligation);

e. Withdrawal of consent.

To exercise your rights, you can contact us by email, to request information and other procedures.


Talking to a BONITOUR representative is very simple, just contact our DPO (Data Protection Officer) directly by email:


Your personal data ("data") is a valuable asset that must be safeguarded, and we will do everything in our power to protect it and maintain your trust.

Therefore, it’s essential that you know exactly how your information will be used. Precisely for this reason, we have created this Privacy Policy - our goal here is not to use unnecessary legal language, our approach will be hassle-free, objective, and efficient, just like our services.

BONITOUR (BONITOUR VIAGENS) is an ecotourism agency specialized in attractions in the regions of Bonito/MS, Fernando de Noronha and Serra Gaúcha in Brazil. Through our platform you can plan your trip in a smart, simple way, with the best accommodation and tour options in the destinations mentioned above.

To do this, we need to process some personal data on a daily basis, while making sure your privacy and data are protected! Therefore, it is very important that you read our Privacy Policy carefully, to make sure you understand how the collected data will be used and processed.

It’s important to keep in mind that:

- BONITOUR is a travel agency that aims to offer excellent tourism experiences, making each trip unique, by using technology combined with sustainability. In our nearly 30-year history, our goal has been focused on promoting ecotourism in an innovative way. The company was founded in Bonito/MS and currently, with the help of more than 100 employees, our services are also provided in Serra Gaúcha and Fernando de Noronha.

- Users must read and accept our Terms of Use in order to use the platform.

Description of the parties

- USERS: Anyone who wants to plan their trip with us and who register to access and use the platform.

- TRAVELERS: Those users who, upon confirmation of purchase, have access to the "Check-in" tab and become BONITOUR customers.

1. Personal Information we collect

1.1. All information mentioned here will be collected, processed, stored, treated, and will be available for access by BONITOUR, whenever relevant, or by permitted and necessary use, or upon request of the holder of the personal data to fulfill legal obligations.
1.2. User/traveler: with the principle of necessity in mind, we may collect some personal information for the provision of our services, namely: full name, gender, date of birth, nationality, place of birth, marital status, phone number, email, National ID, Zip or postal code, payment information such as credit card and bank details.
1.2.1 BONITOUR, for the purpose of fulfilling its obligations, needs to collect personal data not only from the person responsible for the purchase, but also from all travelers included in the reservation.

2. For what purpose do we use data

2.1. We collect some important information so that we can provide the most appropriate service and support to our users and customers, as well as to ensure security and transparency in accordance with the provisions of the Lei Geral de Proteção de Dados (LGPD), a Brazilian law inspired by General Data Protection Regulation  (GDPR), Brazilian Consumer Protection Code (CDC), and other legal provisions in Brazil.

2.2. We use personal data to enable registration on the platform, as well as to ensure the purchase and payment of the contracted service, which may be rendered by establishments, tours, activities, and transport services eventually contracted through BONITOUR.

2.3. We use personal data to send messages, communications, information, diagnoses, invitations, service offers from BONITOUR and/or its partners using various communication channels.

2.4. We have contractual provisions and demand from our partners the implementation of security, technical and administrative measures that are capable of protecting personal data from unauthorized access and from accidental or unlawful situations of exclusion, loss, alteration, communication, or any form of inappropriate or unlawful data treatment.

2.5. We maintain the security of operations (commercial, legal, marketing, internal, among others) to prevent fraud attempts within the scope of operations contracted through BONITOUR directly, or through third parties, when necessary.

2.6. The personal data collected will only be processed for as long as there is a purpose that justifies its treatment, and therefore, in order to use them for activities other than the ones mentioned in this policy, we will always ask for your consent.

2.7. BONITOUR uses the data to carry out the provision of contracted services EXCLUSIVELY, with no intention to gain financial advantage, sell, or take any other actions rather than the ones described in this Privacy Policy.

2.7.1 The data collected by BONITOUR will only be sent to Partners who have also had services contracted by our Travelers.

3. Understand your rights

3.1. Our customers and partners may exercise their rights provided in Article 18 of the Brazilian Law No. 13.709 of 2018, upon request or direct access, as long as proof of identity is provided. To do this, contact us at

3.2. We note that BONITOUR may request some additional information for the purpose of guaranteeing proof of your identity, in order to prevent fraud attempts.

3.3. Some requests may not be answered immediately and BONITOUR will not always fulfill all requests made by data subjects, in view of its legal obligations and the need to maintain specific information required by law and/other provisions of the Lei Geral de Proteção de Dados (LGPD), a Brazilian law inspired by General Data Protection Regulation (GDPR).

4. How we use personal information

4.1. You already know that we use personal data to provide our best services, but we also use data to talk to you, personalize your experience, fulfill our legal obligations, and ensure your security.

4.2. We may collect personal data in different ways, but the main ones are: when you sign contracts and hire any of our services, and through campaigns that include forms applied on websites and social media owned by BONITOUR or third parties.

4.3. By hiring our services, Travelers can also hire services from partner companies, and thus, to provide our services efficiently and safely, BONITOUR shares personal data with third parties such as tourist attractions, airline, and accounting companies, management software, hotels/inns, credit card operators, insurance companies, car rental companies, among others.

4.3.1. The legal bases considered are: Consent and legitimate interest (e.g. advertising and application forms); Credit protection (e.g. making reservations, purchases, and payments); Contractual relationship (e.g.: contracting and provision of services); Legal or regulatory obligation (e.g. situations in which the legislation requires the maintenance of data); For the regular exercise of individual rights in legal proceedings (data required for claims related to the provision of services).

4.4. We may share data with public bodies, especially those at regional levels, respecting the appropriate local regulations.

4.5. BONITOUR stresses that it can send or process information outside the national territory, especially through the use of platforms, software, and cloud storage systems.

4.5.1. In cases of sending or processing information outside the Brazilian territory, BONITOUR guarantees that such countries have and comply with data protection measures, at least at the same level as the country of origin.

4.6 When working with our partners, we may, with all due respect to necessity and purpose, share personal data with them as reasonably necessary according to the purposes stated in this policy or in compliance with legal obligations. Especially in the following situations:

4.6.1. Legal proceedings, in progress or in potential;

4.6.2. To exercise, defend or establish our or third parties’ rights;

4.6.3. In case of compliance with an order issued by an official authority.

5. Information security

5.1. Users shall declare that the information provided by them is true and accurate, taking responsibility in case of any unlawful acts committed by providing false and/or unauthorized information.

5.2.BONITOUR will put its best efforts into respecting and protecting data and personal information against loss, theft, or any type of misuse, as well as against unauthorized access, disclosure, alteration, and destruction.

5.2.1. BONITOUR's employees and/or outsourced parties are strictly prohibited from reproducing and/or sharing any content held by BONITOUR, by any means of communication and/or reproduction, without its authorization.

5.3. All information or personal data entered in the digital environment or converted from in-person to the digital environment will, when necessary, be encrypted by  BONITOUR.

5.4. BONITOUR is not liable for any data leakage, disclosure, or mishandling of information that is not under its direct or indirect responsibility.

5.5. BONITOUR guarantees that, for its part, only employees and/or third parties that need to handle certain data and/or information have received credentials for handling such.

5.6. BONITOUR guarantees that, in instances where the operation is not impaired, personal data may be anonymized for data processing carried out directly by  BONITOUR.

5.7. Those who have access credentials to the personal data and information that this policy deals with and/or treated as confidential, will be responsible for the correct use of their access credentials, and may be held personally liable for the misuse of their credentials.

5.8. Personal data, and other information processed for any of the purposes described in this policy, will not be kept longer than strictly necessary for the completion of the purposes for which they are intended, unless when duly anonymized, according to Articles 12 and 16 of the LGPD.

5.8.1. Data and electronic documents containing personal data may be retained for longer than necessary for their initial purposes, if and only if, these cases: legal obligation, mitigation of fraud risk, full exercise of the inherent right of defense.

6. About the Privacy Policy

6.1. BONITOUR is constantly looking into optimizing its system to ensure quality services and protections, therefore, this Privacy Policy may be, eventually,  unilaterally updated or changed by BONITOUR.

6.1.1. We are always improving our Policy and changes will be reflected on this page. So, before using one of our services, be sure to check this page carefully. When changes are made to the Policy, we will update the date to reflect the publication of any changes made. Keep in mind: by continuing to access the Services after such changes take effect, you are agreeing to the new version of the Policy.

6.2. This Privacy Policy comes into effect from the moment the User uses any BONITOUR service and agrees with the terms of this policy.

6.3. This Privacy Policy is valid for an indefinite period, coming into effect for the duration of the contractual relationship between the parties and the obligations arising therefrom.

7. Talk to BONITOUR!

7.1. If you have any questions or need any help with requests or suggestions regarding this Policy or other privacy issues, we will always be at your disposal. Just contact our call center or talk directly to our Data Protection Officer at:

Bonito/MS, Brazil, 10, 26, 2021.

Subscribe to our newsletter to receive travel tips and offers directly in your inbox 💜
Selo Cielo