Brazilian General Data Protection Law (in Portuguese, LGPD, Lei Geral de Proteção de Dados)
We at Sistema Hapvida are part of a group of companies that are currently among the largest health plans in Brazil. In addition to trades related to health plan operators, the System has diagnostic medicine services, through its diagnostic imaging centers and laboratory collection. The group also has its own extensive proprietary care network, currently comprising Hospitals, Clinics and Emergency Units.
When a patient or beneficiary contracts our services and/or products, following the recommendations of the Brazilian General Data Protection Law (in Portuguese, LGPD, Lei Geral de Proteção de Dados), we may use their information for the treatment of Personal Data, including in digital media, per person (natural or legal of public or private law), respecting the protection of the fundamental rights of freedom and privacy, provided that such Personal Data have been collected in the national territory.
Data Protection ? What for?
Every day we receive and send various information to carry out our activities and for this reason we submit our data to the treatment of various organizations. Treatment means any and all operations carried out with personal data, such as collection, classification, use, reproduction, transmission, modification, transfer and elimination. The organizations to which we entrust our data do not always do so in order to guarantee the effective security of what they have use. For this reason, the Brazilian General Data Protection Law (in Portuguese, LGPD, Lei Geral de Proteção de Dados) (Law 13,709/18) was enacted, in order to establish the ideal standards for the effective processing of data and ensure that data owners (“Subject Holders”) do not suffer any problems arising from inadequate treatments and possible leaks.
What is personal data?
Any and all information related to an identified or identifiable natural person (when it is possible to determine directly or indirectly an individual);
Examples: name, registry of individual taxpayers (CPF), identity card (RG), address, affiliation, e-mail.
These data also contain sensitive personal data that are related to:
- racial or ethnic origin,
- religious conviction,
- political opinion,
- membership of a trade union or organization of a religious, philosophical or political nature,
- health or sex life,
- genetics or biometrics
What data does Hapvida collect? And why?
Normally, for Hapvida to carry out its activities, from the sale of a health plan to the provision of medical services, personal data, even sensitive, are required so that all proposed functions are effectively performed, taking into account individuality of each customer and employee.
Therefore, we normally collect the following data in each sector:
|Website access||IP, access date and time, cookies||Legal obligation and Legitimate interest|
|Appointment scheduling and exams||E-mail, plan card number, beneficiary code, date of birth and registry of individual taxpayers (CPF)||Permission|
|Scheduling dental appointments||Permission|
|Health plan authorization request||E-mail, registry of individual taxpayers (CPF), plan card number and birth date||Regular exercise of contractual rights|
|Issue of 2nd copy of bill||E-mail, plan card number, birth date and registry of individual taxpayers (CPF)||Regular exercise of contractual rights|
|Health and dental plan request||Full name, city, e-mail, cell phone and landline||Permission|
|Service (questions, complaints and chat bot)||Name, e-mail and phone number||Permission, Legal obligation and Legitimate interest (depending on the service)|
Who does Hapvida share your data with?
Hapvida may work together with other companies so that it can provide its Services. When sharing your Personal Data is necessary, we will adopt, whenever possible, mechanisms for anonymization or pseudonymization of such Data.
We use personal data protection clauses in our contracts with third parties, in order to preserve your privacy and information security as much as possible.
We may share your Personal Data in the following cases:
Our suplliers: We have certain categories of providers that we need to hire to offer our Services, and some of them may process the Personal Data we receive on our behalf. For example, we hire call center services to assist us in your service. Likewise, we contract services from several other third parties such as auditing, legal and cloud hosting services, for example.
Hospitals, Clinics and Diagnostics: When You are a beneficiary of our Health and Dental Plans, in order for us to properly provide our Services, it is necessary to share certain information with the hospitals, clinics and diagnostics of your choice about their procedures so that we can release their performance through your Plan of Health or Dental and make your refund.
Company where You work: If the company where You work has contracted our Health and Dental Plan Services, it is possible that certain information may be shared with your company so that You can exercise your rights under our contract.
To safeguard and protect Hapvida’s rights: Hapvida reserves the right to access, preserve and provide any Data and information about You if necessary to comply with a legal obligation or a court order; to enforce or enforce our contracts; or protect the rights, property or safety of Hapvida as well as our employees and/or other users. For example, we may share certain information with the Public Prosecutor’s Office and/or the police when requested by these bodies, only to the extent legally authorized.
Companies belonging to the Hapvida corporate group: We may transfer Data between companies belonging to the Hapvida corporate group to offer our Services. All our companies are subject to contractual obligations in which they undertake to treat your Personal Data with the same level of security and in accordance with applicable legislation.
How long will my data be stored?
With regard to health data, according to Law No. 13.787, of December 27, 2018, we must keep them for at least 20 (twenty) years so that we can then eliminate them upon request or upon termination of the data processing.
What are my rights as a data owner?
Holders have the right to obtain at any time, upon request to Hapvida on the website www.hapvida.com.br/site
|CONFIRMATION of existence
|ACCESS to data||DATA CORRECTION
incomplete, inaccurate or outdated
OR DELETION of data
unnecessary, excessive or
treated in nonconformity
with the provisions of this Law;
|PORTABILITY of data to
another service provider or
product, upon request
|ELIMINATION of data
personal treated with the
holder’s consent, except
in some cases
public and private with the
which the controller used
|INFORMATION about the
possibility of not providing
consent and about the
consequences of denial;
How does Hapvida’s information security work?
Hapvida takes technical and organizational measures to protect your Personal Data against loss, unauthorized use or other abuse. Data is stored in a secure operating environment that is not publicly accessible.
In order to ensure the security of your Personal Data on our systems, we adopt the best information security practices available, including:
- The use of encryption for the transmission and storage of certain personal data;
- Adoption of strict access controls to personal data stored in the systems;
- Use of technical mechanisms against unauthorized access to systems through firewalls, anti-malware, among others; and
- Implementation of preventive procedures against information security incidents.
We strive to protect the privacy of your Personal Data, but unfortunately we cannot guarantee complete security. Unauthorized account entry or use, hardware or software failure and other factors may compromise the security of your Personal Data.
If you identify or become aware of anything that compromises the security of Hapvida’s information, please contact us.
Who is in charge of Hapvida`s data?
Tatiana Moreira de Souza – Hapvida GNDI Data Officer (email@example.com)