Privacy Policy and Terms of Use

Privacy Policy and Terms of Use:

The General Data Protection Law (Law No. 13709-2018) which regulates the use of personal data by companies and institutions in general, has transparency as one of its most important principles.

Your privacy is very important to us. Scitech is committed to protecting the security and privacy of your data.

This Privacy Policy (“Policy”) aims to clarify, in an objective, clear and accessible way, how SCITECH PRODUTOS MÉDICOS S.A, located at Rua 18, Lote 06 Polo Empresarial Goiás – Aparecida de Goiânia – GO Zip: 74.985-249 utilizes, uses, stores, processes and discloses (ie, “handle”) your Personal Data when you visit our website. Each user of this website will be referred to in this Policy as You.

This Policy applies to every individual who, in any way, accesses or uses the website, either through service channels or online forms.

The terms of this Policy are interpreted in accordance with the applicable data protection laws, but not limited to Law No. 13709/2018 (“General Data Protection Law”).

 

  1. HOW WE USE YOUR PERSONAL DATA?

For the purposes of this Policy, “Personal Data” is information relating to a natural person, who can be identified or identifiable, directly or indirectly, from data we hold about him/her or from data combined with other information.

In the context of the website, it will be necessary to collect some of your Personal Data to improve your browsing experience, contact for information, complaints, and comments. Thus, we may use your Personal Data in different ways, depending on each specific situation. When accessing the website, we may process your Personal Data:

  1. Contact form or other requests
  • if you are interested in being part of the team of SCITECH collaborators, you register through an online form through the WORK WITH US channel. Name, e-mail, telephone and a brief cover letter are required.
  • You register in our NEWSLETTER to receive news about SCITECH. Your name, e-mail, telephone and the company where you work or represent are requested.
  • You register to participate in events, in person or online, held by SCITECH. Name, email, address and profession will be requested.
  • Also, following any interaction with SCITECH, we may provide offers and marketing communications. You can unsubscribe at any time.

 

  1. Cookies

For a better browsing experience on the website, we use a cookie system. Cookie is a small text file that is sent to your browser and stored on the hard drive of your computer, mobile phone or other device to facilitate future access to the website, allowing you to store a certain amount of data about your activities on the internet, in order to know the interests and behavior, to better meet their needs.

You can set your browser to notify you when you receive a cookie. This allows you to decide whether you want to accept it or not. However, some of the services and functionality offered through our website may not function properly if your cookies are disabled.

 

  1. Social Media Platforms

The website may link to social media platforms that have their own privacy and confidentiality policies. If You use other platforms, we recommend that You refer to the privacy policy of those platforms, and this Policy does not cover the practices and policies of third parties.

 

  1. WITH WHOM WE SHARE YOUR PERSONAL DATA?

We do not sell or exchange your Personal Data with third parties, but we may share it with others as an essential part of providing our services to You. They can be service providers and SCITECH partners. We are all committed to keeping your data safe.

We may also share your Personal Data in order to comply with current legislation and cooperate with competent authorities.

 

  1. WHERE AND FOR HOW LONG WE STORE YOUR PERSONAL DATA?

We will keep your Personal Data for the duration of the relationship between You and SCITECH and for the time necessary for the specific purposes for which the data was collected. In some cases, we are required to keep your Personal Data to comply with legislation. In this case, we will ensure that your data is only used to comply with retention obligations and not for other purposes.

 

  1. HOW DO WE PROTECT YOUR PERSONAL DATA?

We take all necessary measures to protect your Personal Data from loss, misuse, unauthorized access, disclosure, alteration or destruction (“Incidents”). SCITECH protects your Personal Data in accordance with the security and confidentiality standards and procedures established by Brazilian law.

 

  1. YOUR RIGHTS

As your rights, you may request, at any time and free of charge:

  • Information about how your Personal Data is being handled;
  • Access the Personal Data we hold about You;
  • Request correction of inaccurate, incomplete or out-of-date Personal Data that we hold about You;
  • Request eventual anonymization, blocking or deletion of unnecessary, excessive or non-compliant data, always taking into account the exceptions regarding the maintenance of data necessary for the purposes of legal compliance by SCITECH;
  • Data portability to another service or product provider;
  • Information about the possibility of not providing consent about the consequences of the refusal;
  • Revoke consent at any time, and
  • Request information about the sharing of your Personal Data with public and private entities.

 

Send us your request or any questions you may have regarding the processing of your Personal Data directly to contato@scitech.com, the Data Controller (“DPO”).

This Policy may be amended/updated at any time and will do so periodically. Any changes to our Policy will be immediately communicated on this page, so we recommend that you visit this page regularly.

If you have questions about this Policy or more information, please feel free to contact us at contato@scitech.com.

 

 

GENERAL DATA PROTECTION POLICY

SCITECH/CMS GROUP

  1. PURPOSE

It is a priority for the SCITECH/CMS GROUP to protect, preserve and respect the data, privacy and rights of its customers, employees, suppliers, and service providers (“Holders”). The company is attentive and adequate to the concepts and principles of Brazilian and foreign regulations, which regulate the rights to privacy and protection of Personal Data.

The SCITECH/CMS GROUP adopts, and will continue to adopt, measures that ensure the integrity and security of the Personal Data it processes, and continuously makes every effort to adapt its internal procedures, processes, and products so that the Processing of the Holders’ Personal Data is carried out legally and transparently.

This General Personal Data Protection Policy (“Policy”) aims to act as a guide for all employees of the SCITECH/CMS GROUP to understand the scope and extent of the conscientious, transparent, lawful, and sustainable Processing of Personal Data, always respecting the privacy, integrity, purpose, adequacy, necessity and security in the Processing of the Holders’ Personal Data.

The Processing of Personal Data carried out by the SCITECH/CMS GROUP must be guided and governed by the pillars, principles, rules, and standards provided and determined by this Policy, by the General Data Protection Law (“GDPL”), Civil Rights Framework for the Internet (“Civil Framework”) and global best practices, from its conception, and throughout its lifecycle, until it is eliminated.

This Policy is not intended to address all situations in which you and other employees may process Personal Data in your daily professional activities. Therefore, when faced with a situation that apparently does not fit any rule established in this Policy, assess whether the situation really does not violate the spirit of the rules and principles presented in this Policy. If after this assessment you are still not sure that the Processing can be carried out without causing problems for the SCITECH/CMS GROUP, do not worry. You can (and should) forward your doubts to your manager. Alternatively, you may seek direct guidance from dpo@scitechmed.com.

Data processing is everyone’s responsibility, and respect and commitment to Personal Data Processing is essential for the SCITECH/CMS GROUP to achieve its goals and objectives in an ethical and transparent manner.

The SCITECH/CMS GROUP takes compliance with the provisions of this Policy seriously. That is why it is essential that you know it and follow it rigorously. Failure to comply with the rules contained herein, as well as any applicable rules and procedures, may affect the company’s reputation, which may lead to the application of penalties that include fines and, in certain circumstances, restrictions on activities involving the Processing of Personal Data. Any violation of the rules presented in this Policy will be dealt with rigorously, subjecting employees to disciplinary measures, including warning and dismissal for just cause.

  1. SCOPE

This Policy applies to all employees of the SCITECH/CMS GROUP who receive, access, or otherwise process Personal Data. Compliance with these guidelines is mandatory and reflects on Corporate Governance regarding the themes of the General Data Protection Law.

  • DEFINITIONS

So that everyone can act actively in the Processing of Personal Data, so that any procedures, actions, and standards of the SCITECH/CMS GROUP are in compliance with this Policy and data protection legislation, knowledge and clarification of essential concepts is essential. Among the concepts, stand out:

  1. Personal DataPersonal Data is all information related to an identified or identifiable natural person, therefore, all data that identifies a natural person, or that, through the combination of various types of data, may come to identify a natural person.

Ex1: Identified – CPF (Individual registration), Full Name, RG (ID), Class Council Number, etc.

Ex2: Identifiable – I know that the person is female, aged between 30-40, married, lives in the Moema neighborhood of São Paulo, works in the marketing area of SCITECH/CMS GROUP and owns a motor vehicle. This woman can only be Joana, as she is the only person with these characteristics within the marketing area of SCITECH / CMS GROUP.

  1. Sensitive Personal Data – it is a special category of Personal Data, due to its discriminatory potential. This category of Personal Data has special processing rules.

Ex: Sensitive personal data are: Data on racial or ethnic origin, religious conviction, political opinion, membership of a union or organization of a religious, philosophical or political nature, data regarding health or sexual life, genetic or biometric data.

  1. Anonymized Data – are those in which the holder cannot be identified, considering the technical means used at the time of processing. Anonymized data is not considered Personal Data. It is recommended that, as far as technically possible, all Personal Data be anonymized and encrypted.

Ex: (i) statistical data (Ex: 25% of the employees of SCITECH/CMS GROUP are men); and (ii) scientific data (Ex: 30% of Brazilians have diabetes).

  1. Processing – corresponds to all activity carried out with Personal Data, from its collection to its elimination. Thus, in a very general way, all activities carried out by the SCITECH/CMS GROUP with Personal Data are considered as Processing.

Ex: collection, production, reception, classification, use, access, reproduction, disposal, processing, distribution, extraction, dissemination, communication, transfer, storage, and archiving.

  1. Holder – The Holder is the natural person to whom the Personal Data that are the object of the Processing refer. In the SCITECH/CMS GROUP environment, holders may be employees, interns and executives, customers, third parties, suppliers, and shareholders. Outside the SCITECH/CMS GROUP environment, these holders may be End Users of the SCITECH/CMS Products.
  2. Third parties – Everyone who somehow represents the SCITECH/CMS GROUP in the market. Including but not limited to suppliers, third-party employees, franchises, Channels, Partnerships and Alliances.
  3. End User – Natural person, consumer of the SCITECH/CMS product on the market.
  4. Consent – Consent consists of free, informed, and unequivocal manifestation. It must be clear to the holder that he is actively agreeing with the Processing of his Personal Data for a specific and determined purpose.
  5. Processing Agents – Controller and Operator.
  6. Controller – consists of the agent responsible for decisions regarding the Processing of Personal Data. These are the situations, for example, in which the SCITECH/CMS GROUP processes the Personal Data of employees for the purposes of hiring (HR), payments (Financial) and/or access registrations, such as photos collected for the access of employees to the building of the SCITECH/CMS GROUP. In these, the decisions regarding the Processing of Personal Data are the responsibility of the SCITECH/CMS GROUP itself.
  7. Operator – is the agent that processes Personal Data on behalf of the controller.
  8. National Data Protection Authority or ANPD – consists of the public administration body responsible for overseeing, implementing, and supervising compliance with the GDPL.
  9. Data Protection Officer (DPO) – is the person appointed by the controller to act as a communication channel between the controller, the Personal Data Holders and the ANPD.
  10. International Transfer of Personal Data – consists of the international transfer, interconnection of Personal Data or shared Processing of Personal Data banks by public bodies and entities in compliance with their legal competences.
  11. PRINCIPLES OF PROCESSING PERSONAL DATA

Any and all Personal Data, regardless of the Processing hypothesis (whether by Consent or by legal determination) must comply with the Processing principles. In particular, the purpose, suitability and necessity must always be observed.

The SCITECH/CMS GROUP respects and establishes the following principles that must be followed during the Processing of Personal Data:

  1. All processes carried out by SCITECH/CMS GROUP must prioritize, from their conception, the minimization of the Processing of Personal Data, aiming at anonymization and encryption whenever possible, clearly, and objectively informing the principles, form and duration of each Processing, and making possible all the rights of the Holders.
  2. Purpose. The Data Processing must have a justified, specific reason and must be informed to the Holder. For the Processing to be legitimate, SCITECH/CMS GROUP must inform the Holder for which specific purposes the Processing of their data will be carried out and, whenever possible, minimize the amount of Personal Data to be processed, avoiding the Processing of excessive, unnecessary, or illegal data.
  3. Suitability. The activity carried out with Personal Data must be compatible with the purpose informed to the Holder.
  4. Necessity. The Processing of Personal Data can only be carried out when really necessary for the fulfillment of the purposes.
  5. Free access. The Holder must always be able, in an easy and free way, to consult the SCITECH/CMS GROUP regarding the form and duration of the Processing of his Personal Data.
  6. Data Quality. Stored Personal Data must be kept up-to-date, clear, and accurate.
  7. All information on how Personal Data is Processed must be clear, precise, and easily accessible. The Holder must know which and for what purpose the Personal Data are processed by SCITECH/CMS GROUP.
  8. Security. SCITECH/CMS GROUP is always attentive and taking all administrative and technical information security measures to safeguard the Personal Data it processes. For more information, consult our [SOP – Incident Management and our Information Security Policy].
  9. Measures must be taken to prevent the occurrence of damage, such as periodic audits, training, etc.
  10. Non-Discrimination. Impossibility of carrying out a Processing for discriminatory or abusive purposes. Ex: Dismiss employees of a specific religion.
  11. Responsibility and Accountability. The adoption of effective measures capable of proving compliance with and compliance with Personal Data protection rules and the effectiveness of these measures must be demonstrated, such as the adoption of policies, training, creation of internal procedures such as incident retention of Personal Data security procedures, etc. For more information about security incidents, see the Personal Data Protection Incident Policy.
  12. HYPOTHESES FOR THE PROCESSING OF PERSONAL DATA

The General Data Protection Law brings ten legal hypotheses for the Processing of Personal Data to be lawful, that is, when carrying out the Processing of Personal Data, it must be observed whether this treatment is within the legal hypotheses, if not, the Processing will not be allowed.

Therefore, the SCITECH/CMS GROUP may process Personal Data in the following cases:

  1. When the holder or his legal guardian consents, in a specific and prominent way, for specific purposes.
  2. Compliance with Legal Obligation. In this case, when the Controller needs to process Personal Data due to a legal or regulatory obligation, it will not need the Consent of the Holder.
  3. Execution of Public Policies and Studies by Research Entity. These two Treatment hypotheses are admitted regardless of Consent for purposes considered to be in the interest of management or research purposes.
  4. Execution of Contract/Pre-Contractual Due Diligence. In this case, in addition to a request made by the Holder of the Personal Data, the Processing takes place to ensure compliance with the contractual execution or pre-contractual diligences.
  5. Regular Use of Rights. In this case, Consent is waived when the Treatment is necessary for the regular exercise of rights in judicial, administrative or arbitration proceedings.
  6. Protection of the Holder Life or third parties. If the Treatment is indispensable for the protection of life or physical safety, it can be carried out without the Consent of the Holder.
  7. Health Guardianship. If the Treatment is carried out with the purpose of promoting a procedure by health professionals or by health entities, a relevant public interest that must be justified.
  8. Controller/Third Party’s Legitimate Interests. In some situations, on an exceptional basis, the SCITECH/CMS GROUP may use legitimate interest to process Personal Data. Concrete situations in which this hypothesis can be used include: (i) support and promotion of the controller’s activities; and (ii) protection, in relation to the holder, of the regular exercise of his rights or provision of services that benefit him. Whenever the processing of data is based on legitimate interest, the Personal Data Protection Management Committee (CGPDP) must be consulted.

In some cases, SCITECH/CMS GRUP as Controller or Operator of Personal Data may come to treat the category of Sensitive Personal Data, such as health data or biometric data.

The possibilities of Processing for this category are more restricted than those established for Personal Data. SCITECH/CMS GRUP may process Sensitive Personal Data in the following cases:

  1. When the holder or his legal guardian consents, in a specific and prominent way, for specific purposes.
  2. Compliance with Legal Obligation. In this case, when the Controller needs to process Sensitive Personal Data due to a legal or regulatory obligation, it will not need the Consent of the Holder. This topic exists because Processing is considered necessary to serve the public interest.
  3. Execution of Public Policies and Studies by Research Entity. These two Treatment hypotheses are admitted regardless of Consent for purposes considered to be in the interest of management or research purposes.
  4. Regular Exercise of Rights, including in contracts. In this case, Consent is waived when the Processing is necessary for the regular exercise of rights in judicial, administrative or arbitration proceedings or to ensure compliance with contractual performance.
  5. Protection of the Holder Life or third parties. If the Treatment is indispensable for the protection of life or physical safety, it can be carried out without the Consent of the Holder.
  6. Health Guardianship. If the Treatment is carried out with the purpose of promoting a procedure by health professionals or by health entities, a relevant public interest that must be justified.
  7. Ensuring fraud prevention and holder security. identification processes and registration authentication in electronic systems is allowed regardless of consent, except in the case of prevailing fundamental rights and freedoms that require the protection of Personal Data.

THE SCITECH/CMS GRUP may also process data from children and adolescents by hiring underage learners, or even in its products for educational platforms. The Processing of Personal Data of minors is the most delicate type of Personal Data, as it always requires specific and prominent Consent given by at least one of the minor’s parents or legal guardian.

The only exception to the Consent is when the Treatment is necessary to contact the parents or legal guardian, used only once and without storage, or for their protection, and in no case may they be passed on to a third party without specific and prominent Consent given by at least one parent or legal guardian of the minor.

  1. RIGHTS OF HOLDERS

The SCITECH/CMS GROUP recognizes and respects the individual rights granted to Data Subjects. Thus, when the SCITECH/CMS GROUP processes Personal Data, it must guarantee the following rights of the Holders:

  1. Confirmation of the existence of Processing and Access to Personal Data. The Holder may request that the SCITECH/CMS GROUP declare whether its Personal Data is processed. This right is related to the principle of free access, that is, the guarantee that the Holder can, free of charge and facilitated, consult about the form and duration of the Processing of his Personal Data, as well as the completeness of his Personal Data.
  2. Data portability to another service or product provider. The Holder of Personal Data may wish to receive the Personal Data concerning him and that he has provided to the SCITECH/CMS GROUP so that he can transmit them to another person responsible for the Treatment without the SCITECH/CMS GROUP being able to prevent him.
  3. Information of the entities with which the controller carried out shared use of data. The Holder may request GRUPO SCITECH/CMS to provide information regarding the sharing of their Personal Data with third parties.
  4. Correction of incomplete data. The Holder may request SCITECH/CMS GRUP to correct or supplement his Personal Data.
  5. Information about the possibility of not providing Consent. The Holder has the right to receive information regarding the possibility of not providing Consent when processing Personal Data.
  6. Anonymization, blocking or deletion of unnecessary, excessive or illicitly treated data. By virtue of the principles of suitability and necessity, the Holder may request the SCITECH/CMS GROUP to anonymize, block or delete unnecessary, excessive or illicitly treated data.
  7. Revocation of Consent. The Holder may at any time request the revocation of the Consent given to the SCITECH/CMS GROUP for the Processing of his Data.
  8. Complaint to the National Authority. The Holder of Personal Data may file a complaint with the ANPD for violations caused by the SCITECH/CMS GROUP. If you receive any complaints in this regard, forward them directly to your Manager or to the Personal Data Protection Management Committee (CGPDP).
  9. Deletion of Personal Data. The Holder may request the deletion of his Personal Data processed by SCITECH/CMS GRUP. Note that if the retention/storage of Personal Data is due to situations such as a legal or regulatory obligation, these data may be retained/stored regardless of the consent of the subject, as an exceptional case of Treatment. Whenever you have doubts about the possibility of Processing or the need to delete Personal Data, consult your Manager or the Personal Data Protection Management Committee (CGPDP).
  10. Opposition to Treatment if irregular. The Holder may object to the Processing of his Personal Data, if it is found that it is an irregular Processing. If you receive any complaints in this regard, forward them directly to your Manager or to the Personal Data Protection Management Committee (CGPDP).
  • RETENTION AND DELETION OF PERSONAL DATA

The Personal Data Processing activities carried out by the SCITECH/CMS GROUP must be compatible with the Treatment Principles and parameters informed to the Holder.

The SCITECH/CMS GROUP strives to minimize the Personal Data processed, eliminating unnecessary and innocuous Personal Data.

Furthermore, Personal Data must not be retained for longer than necessary. This means that the SCITECH/CMS GROUP has defined and will define maximum retention periods for Personal Data and will implement processes to proceed with the elimination of unnecessary data if necessary.

For more information, consult our Personal Data Retention Policy available at: [link].

  • WHAT SHOULD I DO WHEN I COME TO PERSONAL DATA?

During your daily activities, you and other employees may process Personal Data. Therefore, when faced with the Processing of Personal Data:

  • assess whether the principles of Personal Data Processing prioritized by SCITECH/CMS GROUP were followed;
  • If the Holders’ Rights are being respected; It is
  • If the Treatment fits into one of the forms of Treatment provided for in this Policy, or even if the situation does not violate the spirit of the rules and principles presented in this Policy.

If, after this assessment, you are still not sure that the Treatment can be carried out without causing problems for SCITECH/CMS GROUP or for you, rest assured, you can (and should) forward your doubts to your manager.

  1. SECURITY INCIDENTS INVOLVING PERSONAL DATA

GRUPO SCITECH/CMS has technical measures against security incidents. No company is immune from leakage episodes or any type of information incident, however, SCITECH/CMS GROUP undertakes to make the best efforts to avoid this type of incident.

For more information, consult our Incident Management Procedure available at: [link].

  1. INTERNATIONAL TRANSFER OF PERSONAL DATA

The SCITECH/CMS GROUP, as a rule, only transfers Personal Data to another country that provides a degree of protection of Personal Data equal to or greater than that of Brazil.

If the country of destination of the Personal Data has a lower degree of protection than Brazil, GRUPO SCITECH/CMS may still transfer Personal Data to that country, provided that the receiver offers and proves guarantees that it complies with the LGPD, among other hypotheses.

Exceptions and doubts must be evaluated on a case-by-case basis by the Personal Data Protection Management Committee (CGPDP).

  1. TRAININGS

It is a priority for the SCITECH/CMS GROUP to meet and respect all the principles and rules that regulate the rights to privacy and protection of Personal Data. Therefore, the SCITECH/CMS GROUP is concerned with ensuring that employees, suppliers, service providers and even its customers also comply with such standards.

SCITECH/CMS GROUP frequently promotes training in matters of privacy and protection of Personal Data, in order to keep employees and Third Parties up to date and acting in accordance with the applicable regulations.

Try to find out about upcoming training courses available through [link].

  • PENALTIES

Failure to comply with the rules and guidelines imposed in this document may be considered a serious misconduct, subject to disciplinary sanctions based on the Code of Ethics and Conduct of the SCITECH/CMS GROUP.

Any member of the SCITECH/CMS GROUP who becomes aware of any situation or practice contrary to what is indicated in this Policy must immediately report the fact to the Personal Data Protection Management Committee (CGPDP).

If you deem it necessary, you can also contact the Compliance Officer directly for the adoption of appropriate measures.

For more information regarding the Code of Ethics and Conduct of the SCITECH/CMS GROUP, please consult: [LINK]

  • PERSON IN CHARGE

The Person in Charge is the Personal Data Protection Management Committee (CGPDP) appointed by Senior Management of the SCITECH/CMS GROUP to act as a communication channel between the SCITECH/CMS GROUP, Third Parties, Personal Data Holders and the National Data Protection Authority Data (ANPD) playing a relevant role in the activities/operations of processing of Personal Data, guaranteeing, among other aspects, the conformity of the data processing with the legislation in force, proceeding with the verification of the fulfillment of this General Policy of Protection of Personal Data in the entire SCITECH/CMS GROUP.

Among the activities performed by the Person in Charge are receiving complaints and communications from the Holders, requests for clarification and adoption of corrective/preventive measures; Receipt of ANPD communications; orientation of employees and contractors of the entity regarding the practices to be adopted in relation to the protection of Personal Data; and execution of attributions determined by the SCITECH/CMS GROUP or established in complementary norms.

Contact the supervisor if:

  • You have a general question about how GRUPO SCITECH/CMS protects your Personal Data.
  • You wish to exercise your rights in relation to your Personal Data.
  • You want a copy of our Personal Data Privacy Policy.
  • You wish to make a complaint about the use of your data by GRUPO SCITECH/CMS.

For more information, addressing questions and sending suggestions to the Person in Charge, please contact our Personal Data Protection Management Committee (CGPDP) at [dpo@scitechmed.com + PHONE].

  • CHANGES TO THIS POLICY

SCITECH/CMS GROUP reserves the right to, from time to time, make modifications or amendments to this Policy.

When we make material changes to this Policy, we will communicate visibly and appropriately under the circumstances, for example, providing a visible email communication to employees.