Privacy & Cookies Policy

Privacy policy

Last updated on November 13 2020

General Privacy and Data Protection Policy

Rede D’OR São Luiz (“Rede D’Or”), a corporation registered at the Brazilian National Registry of Legal Entities under no. 06.047.087/0001-39, based at Rua Voluntários da Pátria, 138, Botafogo, Rio de Janeiro, RJ, 22270-010, Brazil, views your privacy and therefore the protection of the electronic records of the personal data that you (“User”) disclose an important issue concerning the use of the various websites and services (“Services”) provided by Rede D’Or. The present Privacy Policy (“Policy”) aims to regulate the way your personal data are collected, used and protected with all due straightforwardness, transparency and objectivity.

what types of data are collected about you;
what cookies are;
how we use your personal data;
whom we share your personal data with;
how we protect your personal data;
how long your personal data shall be stored;
your rights as a personal data User and how you may exercise them.

Should you have any questions, please contact our Personal Data Processing Officer:

Name: Leandro Rodrigues Rezende
Contact info: dpo.rededor@rededor.com.br

Summary Table

The present document is aimed at clients of Rede D’Or and other Users whose data are processed by Hospitals, Digital Media and other companies that belong to Rede D’OR São Luiz Group and its branches.

This Privacy Policy provides for, amongst other issues,

Data processing agent	REDE D’OR
Data processing role	Parent controlling company.
Nature of processed data	Personal data supplied by the User and/or collected automatically, including sensitive and financial data (art. 5, para. II of Brazilian Law no. 13.709/2018).
Main data processing aims	*Rede D’Or* may use personal data to enable the offer of its products and services, to send notices or reminders of appointments and clinical tests, preventive care or other activities.
Data sharing	Essential service traders or providers who operate our activities; other companies that belong to the *Rede D’Or* Group, such as D’Or Soluções, Consultoria D’Or and Instituto D’Or; government officials/entities, in what refers to legal or regulatory compliance.
Data protection	Appropriate safety, technical and administrative measures.
Your rights	To request confirmation or endorsement of data processing, amendment, etc.

This Policy may be modified or amended at any time by Rede D’Or upon notice published on this website and/or sent by e-mail if the User has chosen this means of communication with Rede D’Or.

What Data are Collected About You

Personal data collection is essential to allow us to render our Services to Users. What data are collected about Users?

Personal data supplied by third party: Rede D’Or is provided with personal data by third parties such as partners or service providers that are somehow connected to you. Data provided by such sources allow Rede D’Or to render better services to you.
Personal data supplied by User: Rede D’Or will collect all the personal data entered or sent by Users as they sign up and log in to our portal. Data may vary according to the type of service Users access. Below you will find a non-exhaustive list of the services provided by Rede D’Or and the data they collect:

Services	Personal data
Appointments for doctor examinations and clinical tests	User’s name, tax payer’s no., telephone no.; data about healthcare insurance plan, the physician, type of clinical tests, clinical records
Outpatient care	User’s name, ID, tax payer’s no., telephone no. and address; data about healthcare insurance plan; patient’s escort data; symptoms and health records
Clinical tests carried outt	User’s login and password to access the portal; name, tax payer’s no. and e-mail; data about the test and the physician
Surveys	User’s name, tax payer’s no. and medical records

Data automatically collected: Rede D’Or also collects a number of data automatically such as features of the device used to access the pages, browser, IP (date and time), IP origin, number of clicks, pages browsed, search terms entered by Users, etc. Data collection is processed by standard tracking technologies such as cookies.

What Cookies Are

Cookies are files or data that may be stored in the Users’ devices whenever they brose the website or use Rede D’Or’s online services.

Types of Cookies	What they do
Necessary	Cookies are essential to allow *Rede D’Or’*s web pages to properly load and Users to browse through them comfortably.
Performance	Cookies allow us to understand how visitors interact with *Rede D’Or* web pages by supplying information about browsed pages, length of browsing period and any problem encountered, such as error messages.
Functional	Cookies allow *Rede D’Or* web pages to remember the Users’ preferences so as to provide them with a customized experience.
Marketing	Cookies are used to provide Users with more relevant content and advertisements, and also to assess the effectiveness of marketing campaigns.

When Users sign up and log in to Rede D’OR portal they are informed of the types of cookies that are used and why they are used.

To collect any type of personal data, Rede D’Or will always comply with the following rules:

only data considered essential for the target services will be collected;
in case other types of personal data are deemed necessary, we will take all necessary measures to notify and request the Users’ consent to collect them;
any consent is granted by Users on a voluntary and informed basis;
personal data that are collected will be used for the sole purposes informed to Users.

How We Use Your Personal data

Personal data are processed by Rede D’Or for various purposes. Below you will find the major purposes for which Users’ data will be processed.

To feed into agreements and preliminary inquiry or survey, such as

to manage, provide, expand and improve the Services offered to Users;
to be used in our communication with Users and to provide them and other Rede D’Or’s client with information about our products and services;
to assess the offering of specific products or services and under what conditions.

In case Rede D’Or has to fulfill any legal or regulatory obligation such as:

storing medical records for as long as 20 (twenty) years commencing on the date of the latest record, pursuant to art. 6 of Brazilian Law no. 13.787/2018;
issuing compulsory notification in cases of suspected child abuse, pursuant to art. 13 of the Brazilian Statute on Children and Adolescents;
collecting a patient’s informed consent for medical procedures that involve inherent risks, pursuant to art. 22 of the Brazilian Code of Medical Ethics;
sharing data with the Brazilian Department of Health to be encompassed by a Minimum Set of Data (MSD), pursuant to art. 47 of Brazilian Law no. 8.080/1990 and to art. 4 of Brazilian Ordinance no. 29/2017;
releasing compulsory notification of diseases, pursuant to Brazilian Law no. 6.259/1975;
storing access records to the WiFi system made available at all Rede D’Or’s Hospitals and Laboratories, pursuant to art. 13 of the Brazilian Civil Rights Framework for the Internet.

For healthcare procedures that do not require the User’s informed consent,

such as medical examinations during which personal data such as the User’s height, weigh, eating habits, blood pressure, amongst other data, are collected.

Depending on the judgment of emergency degree and aiming to protect the User’s life and physical integrity

in the event of emergency care in emergency rooms, for instance, when informed consent for high-risk procedures is impossible to be obtained.

When pursuing Rede D’Or’s legitimate interests, provided that such interests are not superseded by the User’s expectations, interests, rights and fundamental freedoms.

For instance, concerning identification procedures in order to grant Users access to Rede D’Or’s Hospitals and Laboratories.

When conducting any activities that aim at fraud prevention, such as

internal investigations/audits that may require the use of the User’s sensitive personal data.

Upon Users’ granted consent, in whatever applies to

any communication sent with marketing and information purposes;
releases about events or research that is pertinent to Rede D’Or’s activities.

Whom We Share Your Personal Data With

Rede D’Or may occasionally need to share the Users’ personal data with the following third parties:

partners and suppliers, particularly healthcare carriers with whom Rede D’Or hospitals and laboratories are licensed to operate with, so as to develop and provide Users with healthcare services;
government officials and entities, as well as with other third parties, aiming to protect Rede D’Or’s interests with respect to any type of conflict, including law suits and administrative cases;
in the case of transactions and any type of amendment in corporate equity holding positions that concern Rede D’Or, in which case disclosing personal data may be required for the continuation of Services;
whenever requested by court order or administrative authorities who have legal powers to request so.

How We Protect Your Personal Data

We use strict measures to ensure that every User’s personal data stored by Rede D’Or shall remain secure. Such measures comprehend:

protecting your data against non-authorized access to our systems;
granting strict access to personal data storage locations only to specifically assigned staff;
ensuring that agents, staff or external partners who may process your data comply with total secrecy and best practices to process such data, in compliance with our corporate policies and practices.

In additional to our technical efforts, Rede D’Or undertakes institutional measures to protect the Users’ personal data as provided by our privacy governance program, which applies to all our governance structure and activities and which is regularly updated and managed by our Personal Data Protection Officer.

Although Rede D’Or endeavors its best efforts to safeguard privacy and protect the Users’ personal data, it should be acknowledges that no information sharing is ever totally secure, hence susceptible to technical failures, viruses or malware activities.

Anyway, in the remote hypothesis that events of the aforementioned nature occur, Rede D’Or will endeavor all its efforts to remediate any possible adverse outcomes of such events, and shall share all its efforts as clearly and straightforwardly as possible with Users.

How Long Your Personal Data Shall Be Stored

Personal data processed by Rede D’Or shall be eliminated whenever they cease to be useful for the purposes they were collected, or whenever any User requests that they be eliminated, except when elimination prevents complying with any legal or regulatory obligation. Examples of the latter obligations are the Electronic Medical Record Law (art. 6 of Brazilian Law no. 13.787/2018), which provides that such records be kept for at least 20 (twenty) years commencing on the date of the latest record; data transfer to third parties (provided data processing requirements are complied with); and exclusive use by Rede D’Or, also in what refers to Rede D’Or exercising its rights in law suits or administrative cases.

Your Rights As A Personal Data User

To comply with the applicable regulation, with reference to personal data processing, Rede D’Or, as the legal controlling agent of the Users’ personal data, abides to and ensures to Users the right to request the following:

confirmation that Rede D’Or is processing the User’s personal data ;
access to the User’s personal data
update of the User’s personal data that a user deems incorrect, incomplete our outdated;
anonymity, blockage or elimination of unnecessary or excessive data, or any data processed in a non-compliant manner
portability of personal data to another product or service supplier, upon the User’s written request;
deletion of personal data that is insofar processed upon the User’s request;
information about state or private entities with whom Rede D’Or shares the User’s;
the prerogative of not granting consent for data processing as well as information about the consequences of such prerogative;
withdrawal of previously granted consent for personal data processing.

In which cases, every User’s request shall be

carried out free of charge;
submitted to identity verification (so that Rede D’Or may respond solely to the User who submitted the request).

To exercise your right as a User of personal data, you can click here or go the the LGPD – General Personal Data Protection Law – page, available on Rede D’Or’s website.

Rede D’Or warns Users about the possibility of requests being turned down upon legal grounds, whether for formal reasons (such as impossibility to verify a User’s identify) or legal reasons (such as request for the elimination of data to which Rede D’Or holds the right to store). In the event of a User’s request being turned down Rede D’Or shall supply all the reasonable justifications.

Applicable Legislation And Amendments

The present document was written out in compliance with the Brazilian Federal Law no. 13.709/2018 – General Personal Data Protection Law – “LGPD”.

Rede D’Or maintains the right, at its own discretion, to change, modify, amend or eliminate portions of the present document at any time.

Definitions

Should you have any questions about the terms used in this Privacy Policy, please check the glossary below.

*Terms*	*Definitions*
Anonymization	Data processing technique through which anonymized data cannot be associated with any one individual, considering all the reasonable and available technical means at the time of data processing.
Cookies	Text files from a website that are stored within a User’s web browser to identify a User’s computer and collect access data, browsing history, length of browsing period and links clicked on, aiming to customize a User’s browsing experience.
Personal data	Any piece of information which may directly or indirectly lead to identifying an individual.
Sensitive personal data	Special type of personal data related to an individual’s racial or ethnic origin, religious beliefs, political views, membership to unions or religious, political or philosophical organizations, health, sexual life, genetic or biometric data.
IP	Short for Internet Protocol. A set of numbers that identifies a User’s computer on the internet.
Logs	Records of Users’ interactions with a given website.
Website	The electronic address of *Rede D’Or*’s domain and subdomains.
Users	Individuals to whom the set of personal data refers, such as past, current or potential clients, customers, staff, subcontractors, trade partners and third parties.
Processing	Any operation carried out using a User’s personal data, such as data collection, production, classification, use, access to, reproduction, transfer, distribution, filing, storage, elimination, evaluation or assessment, modification, communication, spread or extraction.
Users	Individuals who access *Rede D’Or*’s website and/or interact with the products and services therein available and advertised.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.