DOMO Salute – Privacy and Data Protection Policy
DOMO Salute, a private legal entity registered under CNPJ nº 26.263.959/0001-03, is committed to privacy and data protection. All data collection is guided by the principles of purpose, necessity, transparency, security, prevention, non-discrimination, data quality, adequacy, free access, and accountability. This Policy expresses our commitment to the responsible and ethical processing of personal data, in line with the company’s principles and values, and, especially, in accordance with the provisions of Law No. 13.709/2018 (General Data Protection Law or “Lei Geral de Proteção de Dados Pessoais” – LGPD) and other applicable legislation.
Personal Data: information that identifies an individual or makes them identifiable. Examples include: Name, CPF (Tax ID), RG (ID Card), phone number, image, address, e-mail, parentage, etc.
Sensitive Personal Data: A category of personal data that, due to its potential for discrimination, requires an extra level of protection and a high duty of care. It includes personal data that may reveal racial or ethnic origin, religious beliefs, political opinions, membership in a trade union or religious, philosophical, or political organization, health or sexual life data, genetic or biometric data, when linked to a natural person.
Processing: All forms of use that can be given to Personal Data, including, but not limited to the following activities: collection, storage, consultation, use, share, transmission, categorization, reproduction, deletion, and evaluation.
Purpose: The reason for processing personal data or the intended outcome to be achieved through data processing.
Data Processing Agents: the controller and/or the processor, data subject, and data protection officer.
Holder/Data Subject: The natural person to whom the personal data being processed refers. The Data Subject may be our client, employee, supplier, or third party.
Controller: The natural or legal person, whether public or private, responsible for making decisions regarding the processing of personal data. DOMO Salute is the Controller of the data covered by this Policy.
Operator/Processor: The natural or legal person, whether public or private, who processes data on behalf of the Controller.
Legal basis (personal data and sensitive personal data): All processing of personal data must be based on one of the ten legal bases provided for in the LGPD. DOMO Salute uses the applicable legal bases for its business, which are: (i) consent; (ii) compliance with a legal or regulatory obligation; (iii) performance of a contract or preliminary procedures; (iv) regular exercise of rights in judicial, administrative, or arbitration proceedings; (v) legitimate interests; (vi) regular exercise of rights, including in contracts and in judicial, administrative, and arbitration proceedings.
Consent: it refers to a free, informed, and unambiguous expression of the data subject’s agreement to the processing of their personal data.
National Data Protection Agency (“Agência Nacional de Proteção de Dados” in Portuguese) – ANPD: The autonomous agency responsible for ensuring, implementing, and overseeing compliance with the LGPD throughout the national territory. Website: https://www.gov.br/anpd/pt-br.
If you have any questions or concerns regarding privacy and data protection, please feel free to reach out to our team at email@example.com.
2. USE OF PERSONAL DATA
The types of Personal Data collected by DOMO Salute and the manner in which they are collected depend on your relationship with us and the Purpose. The Personal Data collected will vary depending on whether you are a customer, a supplier, an employee, a business partner, or a user of our website and social media platforms.
We listed below some of the situations in which DOMO Salute may process your Personal Data:
- During the provision of regulatory consulting services;
- To comply with requirements and demands of regulatory authorities, such as ANVISA and INMETRO;
- Selection, hiring, and termination of employment contracts;
- Qualification of suppliers and distributors;
- Compliance with financial and tax obligations;
- To comply with requests from data subjects, respond to and defend against administrative and/or judicial proceedings;
- To Properly address requests and complaints;
- Processing leads at events and fairs from the health sector;
- To collaborate and/or comply with court orders or requests from administrative authorities, as well as to fulfill obligations to proactively report certain activities to the authorities;
For all personal data collection, the Company will adhere to the following rules:
- Only essential information will be collected for the execution of contracted services and compliance with regulatory requirements.
- If it becomes necessary to collect additional personal data, the individual will be notified, and their consent will be obtained as required.
- Adequate information will be provided alongside any obtained consent, in compliance with the principles of LGPD (Brazil’s General Data Protection Law).
- The personal data collected from customers, visitors, suppliers, and/or employees will be solely used for the specified purposes.
3. PERSONAL DATA SHARING
To facilitate the provision of our services, there may be instances where it is necessary to share your personal data.
We outline below the situations in which your data may be shared:
- With authorities, regulatory bodies, government entities, and other third parties, to comply with legal requirements of the regulatory process;
- In the event of transactions and corporate changes involving DOMO Salute, where the transfer of information is necessary for the continuity of services;
- In compliance with legal, regulatory, contractual obligations, court orders, or requests of administrative authorities with legal competence to make such requests;
- With financial and accounting service providers;
- For the regular exercise of rights and/or for their protection.
4. DATA SUBJECT’S RIGHTS
As a Data Subject, you have the right to request the following:
- Confirmation of the existence of processing of your personal data;
- Access to the data;
- Correction of incomplete, inaccurate, or outdated data;
- Anonymization, blocking, or deletion;
- Data portability;
- Obtain information about public and private entities with which the controller shared your data;
- Obtain information about the possibility of not providing consent and the consequences of refusal;
- Revocation of consent.
For further information and details regarding the Rights of the Data Subject, please refer to our Policy on the Exercise of Data Subject Rights.
5. IMPORTANT INFORMATION
For the safety of data subjects, whenever we receive a request to exercise data subject rights, the Company may request additional information and/or documents to verify the identity of the requester.
In certain situations, the Company may have valid grounds to decline a request to exercise rights. These circumstances may include cases where disclosing specific information could violate intellectual property rights or business secrets of the Company or third parties. Additionally, requests for data deletion may be refused due to the existence of Company’s obligation to retain data, whether to comply with legal or regulatory obligations, or to enable the Company’s or third parties’ defense in disputes of any nature.
The Company is committed to responding to requests within a reasonable timeframe in accordance with the Policy on the Exercise of Data Subject Rights and applicable legislation.
If you have any questions regarding privacy and data protection, please contact our team via email at firstname.lastname@example.org.
6. INTERNATIONAL TRANSFER OF PERSONAL DATA
7. PERSONAL DATA STORAGE TERM
The Company has a Personal Data Retention and Disposal Policy in line with the applicable legislation. Personal Data is stored only for as long as necessary to fulfill the purposes for which it was collected, unless there is any other reason for its retention, such as compliance with any legal, regulatory, contractual obligations, among others permitted by law.
8. PERSONAL DATA PROTECTION
DOMO Salute is responsible for protecting Personal Data and using it solely for the purposes described in this Policy. To ensure the privacy and protection of Data, we employ appropriate technical means and security procedures to safeguard Data against misuse, unauthorized access, interference, alteration, disclosure, or loss. This includes limiting physical access to our facilities, restricting access to collected information, and implementing other measures to fulfill obligations regarding the confidentiality and inviolability of Data.
DOMO Salute dedicates appropriate resources to protect the privacy of Personal Data. However, unauthorized entries and uses by third parties with the Data Subject’s information, hardware or software failure beyond the Company’s control, and other external factors, may compromise the security of Personal Data. Therefore, the proactive involvement of the Data Subject is also essential in maintaining a safe environment. If any factors compromising the security of Data in your relationship with the Company are identified, please contact us via email at email@example.com.
9. FINAL PROVISIONS
If you have any questions, comments, or suggestions regarding this Policy, please contact our Communication Channel via email at firstname.lastname@example.org.
At DOMO Salute, we are committed to continually enhancing our services and practices. As part of this commitment, our Privacy and Data Protection Policy may be updated from time to time. We encourage you to periodically review this policy to stay informed. Any significant changes to the policy will be communicated and announced accordingly. Your privacy and data protection remain our top priorities, and we appreciate your ongoing support and cooperation.