Privacy Policy and Data Protection


Privacy Policy

Attention, passengers flying to Privacy, authorized boarding! Ícone de avião
 

We invite you to board a flight through our way of taking care of your personal data, starting with check-in!

We are GOL Linhas Aéreas (“GOL”) and we present here our Privacy Policy.
In 2021, Smiles Fidelidade S.A., manager of the Smiles Program, was incorporated into GOL being part of GOL brands such as GOLLOG, AEROTECH and VoeBiz.

From now on you will be called “Data Subject” and we will explain how your personal data is processed and your rights under the Brazilian General Data Protection Law (LGPD), the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Our privacy practices may vary from country to country depending on local requirements. Some of our products and services offered abroad may be subject to specific privacy notices to meet compliance requirements that are not covered by this policy.

Now that we have checked you in, we recommend that you settle into your seat, fasten your seat belt and have a good trip!


CONTROLLER OF PERSONAL DATA: GOL LINHAS AÉREAS ("GOL") 
Gol Linhas Aéreas S.A.

Company Registration Number (CNPJ): 07.575.651/0001-59

Address: Praça Senador Salgado Filho, s/nº, Santos Dumont Airport,
Ground Floor, public area, between Axes 46-48/O-P,
Sala de Gerência – Back Office, city and state of Rio de Janeiro – Brazil.
Postal Code: 20021-340

GOL operates in the European Union through the following establishments,
which you may contact in relation to the processing of your personal data:

  • France branch: Rue de Stockholm, 75008 Paris

  • Portugal branch: Rua de Júlio Dinis, 204, 2nd floor, Room 218, 4050-318 Porto

  • São Paulo Branch: Rua Verbo Divino, 1661, Chácara Santo Antônio Neighborhood,
    São Paulo – SP, ZIP Code 04719-002, Brazil.

Contact with the Data Protection Officer (DPO): privacidade@voegol.com.br

To exercise your rights as a Data Subject, click here.

To visit our business units in other countries, click here.


What types of Data Subjects are covered by this policy?

  • Customers;

  • Potential Customers;

  • Suppliers;

  • Partners;

  • Job applicants

  • Visitors; and

  • Collaborators’ guests.


What personal data do we handle?

  • Identification: name, identity documents, gender, civil state, nationality, social name, birth date, passport, Smiles number, Customer class, signature. 

  • Personal contact: telephone number, cellphone number, login, email address, post code, home address;

  • Collected while using GOL's platforms: information about the Data Subjec's device (operating system version, device model, etc.); geolocation data, internet application access logs; browser type; clicks; usage time; duration of access; Cookies and other technical information that may be accessible while using our platforms; preferences actions; browsing data (IP; date and time of access, etc.)

  • Collected during selection processes carried out by candidates: Name, age, marital status, nationality, birthplace, residential address, telephone, e-mail, professional history, professional licenses and associations, academic history, gender, social media, occupational health certificate, identity documents.

  • Finance: bank branch; credit card; checking account; transaction history; histories of operations carried out by the Data Subject in benefit programs during the consumption of products and services provided by GOL;

  • Interactions with GOL: transactions and data related to trips; NSU number; number of miles; voice data; content of complaints; Image; data collected during the consumption of products and/or services provided by GOL and/or by GOL's Partners;

  • Sensible data: biometric data, health related data;


How do we process children and teenagers’ data?

We may occasionally process data of children (under 12 years of age) and teenagers (under 16 years of age) in order to provide services related to the travel of the minor, to the apprentice program, and to comply with legal obligations. The personal data of minors will only be processed in the cases permitted by law and in their best interests.


What do we process personal data for?

  • Carry out registrations, identification and authentication of our Data Subjects, whenever applicable;

  • Deliver the services and products hired;

  • Share with our partners for the provision and execution of services, products and benefits contracted by the Data Subject;

  • Manage the requests arising from some of our services/products contracted by the Data Subject;

  • Respond to requests and questions through our contact channels;

  • Manage our relationship with you, updating your records and contacting you by phone, e-mail, SMS, direct mail, or other means of communication;

  • Conduct satisfaction/opinion surveys;

  • Informing the Data Subject about our promotions, news, services, news, contents, functionalities and other relevant events of GOL and its partners;

  • Carry out media campaigns and events;

  • Make segmented and personalized offers of services, content, and products;

  • Perform analysis of our platforms to improve performance and provide the Data Subject with functionality tailored to his or her preferences;

  • Complying with legal or regulatory obligations and/or exercise rights in legal, administrative or arbitration proceedings;

  • Increase the security of our channels and fight fraud;

  • Enriching our databases with information from legitimate sources, if applicable, aiming at maintaining contact with the Data Subject;

  • Understanding the consumer profile in order to better offer products and services by GOL;

  • Manage access control;

  • Perform audits;

  • Manage contracts; and

  • Carry out recruitment and selection processes.


On what legal basis do we process your personal data?

We only process your personal data when we have a legal basis provided for under the laws of your country or, in the absence of such legal basis, in accordance with the principles of good faith, proportionality, and reasonableness applicable to our industry. Where provided by law, we will rely on the following legal bases:

  • the performance of a contract to which you are a party or the undertaking of pre-contractual measures at your request;

  • compliance with a legal or regulatory obligation to which GOL is subject;

  • your consent, which may be withdrawn at any time without affecting the lawfulness of the processing carried out before its withdrawal;

  • our legitimate interests or those of third parties, provided that such interests do not override your interests or fundamental rights and freedoms; and

  • the protection of your vital interests or those of another person. When we rely on consent to process special categories of data (such as health or biometric data), you will be informed and consulted.

Loyalty program (Smiles): When you join our Smiles loyalty program, we process additional personal data, such as your Smiles membership number, address (if you request a physical card), identification documents, date of birth, membership level, accumulated or redeemed miles, and other data related to your account. We process this data to administer the program and provide you with its benefits based on the performance of our contract with you. When we send you marketing communications about GOL and its partners related to the program, we rely on your consent as the legal basis for processing. Your consent may be withdrawn at any time, without affecting the lawfulness of the processing carried out before its withdrawal.

With whom may we share personal data?

  • We may share your personal data with third parties whenever necessary to provide our services, comply with legal obligations, protect rights, or support the development of our activities, in accordance with the principles of your country’s privacy law, especially purpose, necessity, and transparency.

    Whenever we carry out data sharing, we assess:

  • the specific purpose;

  • the applicable legal basis;

  • the type of relationship (processor, joint controller, or independent third party); and

  • the applicable security and governance measures.

ENTITY

PURPOSE

Business partners

To provide information regarding requests made on your behalf, such as partner airlines, travel agencies, hotels, transportation services, among others.

Service providers and suppliers

To enable GOL’s activities for your service and its general operations, such as technology services, logistics, recruitment services, among others.

Companies belonging to the same Economic Group

As companies within GOL’s Economic Group share or may share their technological infrastructure (systems, service providers, workforce, etc.), personal data may be accessed by any company that is part of the Group.

Financial institutions and payment methods

 

For payment processing, execution of banking transactions, among other related activities.

Third parties in the event of corporate restructuring

To support GOL’s business operations in the event of a corporate restructuring involving its Economic Group.

Specialized anti-fraud service providers

To prevent fraud against GOL, you, or third parties.

Partner companies that support our recruitment and selection processes

For recruitment and hiring purposes.

Judicial authorities and law firms in connection with potential legal proceedings

To protect the legally established rights of GOL, you, or third parties.

Public authorities and administrative entities in your country

As an airline company, GOL is legally required to share certain data with public authorities when required by law, including, but not limited to, obligations applicable in the country of origin, destination, or overflight.


 


How do we keep personal data safe?

We have adopted several effective security measures, following market standards, such as:

  • Encryption;

  • Data Governance Program;

  • Privacy Awareness Program;

  • Information Security Management

  • Environment Protection and Physical and Logical Security;

  • Information Asset Management;

  • Access Management;

  • Vulnerability Scanning and Intrusion Testing;

  • Malicious Software Control; and

  • Information Security Awareness.

Despite these measures, no system can guarantee absolute security. In the event of a personal data breach, we will notify the competent supervisory authority without undue delay, and we will inform affected data subjects where the breach is likely to result in a high risk to their rights and freedoms.


What are the rights of the Data Subject?

  • Right of access: obtain confirmation as to whether we process your personal data and, if so, access such data and receive a copy of it;

  • Right to erasure (“right to be forgotten”): obtain the deletion of your personal data in the circumstances permitted by law;

  • Right to restriction of processing: obtain the restriction of processing in the circumstances provided for by law;

  • Right to rectification: obtain the correction or update of inaccurate or incomplete personal data;

  • Right to object: object, on grounds relating to your particular situation, to processing based on our legitimate interests and object, at any time, to the processing of your data for direct marketing purposes;

  • Right to data portability: receive the personal data you have provided to us in a structured, commonly used, and machine-readable format and transmit it to another controller, whenever technically feasible and where provided for under the laws of your country;

  • Right not to be subject to automated individual decision-making, including profiling, that produces legal effects concerning you or significantly affects your rights;

  • Right to withdraw consent: withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

  • Without prejudice to any other remedy, you have the right to lodge a complaint with the competent authority in your country, your place of work, or the place of the alleged infringement, if you consider that the processing of your personal data violates the applicable data protection laws.


How long will we process your personal data?

Personal data strictly necessary to fulfill the purpose of the processing will be retained only for as long as it is essential to achieve such purpose. After this period, the data will be deleted, except where it is necessary to retain it to comply with legal and/or regulatory obligations applicable to GOL, or for the exercise of rights in judicial, administrative, or arbitration proceedings. These exceptions may include, for example, retaining information to meet tax or regulatory requirements, or to protect GOL and Data Subjects in legal proceedings.


How do we process international personal data transfer?

We may occasionally need to transfer our customers’ personal data, collected in their country of origin, to our Suppliers and Partners located in other countries, in order to enable the provision of products and/or services that have been offered and contracted. We are committed to working with suppliers and partners that comply with local privacy and personal data protection laws, or that are in the process of becoming compliant with such regulations. In addition, we adopt security and contractual measures to ensure that all international data transfers are carried out securely and in compliance with applicable legislation, such as the adoption of standard contractual clauses, specific contractual clauses, global standards, among others.


Announcements and Advertising

If you no longer wish to receive communications from us, no problem! Opt out by clicking on the option available in the communication you received. By selecting this option, you will be removed from our mailing list and will no longer receive our promotional messages. But don’t worry: this will not affect transactional communications related to your flights.


Contact channels:

If you have any questions and/or requests regarding the processing of your personal data, please contact our Data Protection Officer (DPO) through the designated channel:

PERSONAL DATA CONTROLLER: GOL LINHAS AÉREAS (“GOL”)
Gol Linhas Aéreas S.A.
CNPJ: 07.575.651/0001-59
Address: Praça Senador Salgado Filho, s/nº, Santos Dumont Airport, Ground Floor, public area, between Axes 46-48/O-P, Sala de Gerência – Back Office, city and state of  Rio de Janeiro – Brazil.

Postal Code: 20021-340 
 
Data Protection Officer (DPO): Bruna Costa Baccini
Deputy Data Protection Officer: Guilherme Seigo Matsumoto

Contact for the Data Protection Officer (DPO): privacidade@voegol.com.br
If you wish to exercise your rights as a Data Subject,  click here.

If you have any questions about privacy and personal data protection, please contact us through the channels available on our website.
 
Last Updated: 06/29/2026