ATHENA SAÚDE PRIVACY AND DATA PROTECTION POLICY – HEALTH PLAN OPERATORS
Hello! Welcome to the Privacy Policy (“POLICY”) of ATHENA HEALTHCARE HOLDING S.A (“ATHENA SAÚDE”), CNPJ nº 26.753.292/0001-27, based on Avenida Dra. Ruth Cardoso, 8501, 4° andar, São Paulo/SP, CEP 05425-070.
This POLICY explains how ATHENA SAÚDE uses, stores, shares, and protects the personal data eventually collected by insurance plan operators under the ATHENA SAÚDE portfolio – you can find all of them at http://www.athenasaude.com.br/marcas-do-portfolio/ – related to all of their products.
This POLICY applies to the personal data of every Beneficiary and Dependent of ATHENA SAUDE health plans, as well as websites and applications users of ATHENA SAÚDE Health Operator companies. If you are an ATHENA SAÚDE employee, collaborator, or supplier, or if you are participating in any project or specific activity with ATHENA SAÚDE, you should seek the respective privacy policy, or the person responsible for your hiring at ATHENA SAÚDE, to obtain applicable terms and inform you of your rights to your data.
1. GENERAL TERMS
- Provide, manage and communicate with you about the products, services, offers, programs, events, and promotions of ATHENA SAÚDE companies. If you no longer wish to receive marketing communications from ATHENA SAÚDE, you can adjust your preferences at [www.athenasaude.com.br/xxx] at any time, or by contacting our Data Protection Officer [[email protected]].
- Meet the legitimate interests of ATHENA SAÚDE companies, always within the limits of what is expected by the data subject, and never to the detriment of their interests, fundamental freedoms, and rights.
- Manage our communications; determine the effectiveness and optimize our marketing campaigns; review our products, services, websites, mobile applications, and any other digital resources to facilitate their use; and perform due diligence, accounting, auditing, billing, reconciliation, and collection analysis activities;
- Anonymize the collected personal data, and prepare and provide aggregated data reports with anonymized information (including compilations, analyses, analytical and predictive rules, models, and other aggregated reports);
- Comply with legal or regulatory obligations;
- Exercise ATHENA SAÚDE’s rights in judicial, administrative, or arbitration proceedings;
- For other purposes, for which we provide specific notice at the time of collection, or otherwise as authorized or required by law.
AATHENA SAÚDE may centralize the collected personal data, which may be used in other services related to all ATHENA SAÚDE brands, respecting the purposes set forth herein and the consent of the Owner, whenever required by law.
5. WITH WHOM WE MAY SHARE THE DATA
ATHENA SAÚDE may share the collected data in the following cases:
a) With its affiliated/controlled companies, incorporated or operating in any State of Brazil or abroad – therefore ATHENA SAÚDE is hereby committed to only do so if the country of destination provides by law an adequate degree of personal data protection;
b) With third-party service providers to help us operate, run, improve, understand, customize, support, and advertise our services. When we share data with third-party service providers, we require them to use your data following our instructions and terms or with your express consent, where applicable.
c) With authorities, government entities, or third parties to defend ATHENA SAÚDE’s interests in any type of conflict, including legal actions and administrative proceeding;
d) In the case of transactions and corporate restructure involving ATHENA SAÚDE in which the information transfer is necessary for the continuity of the provision of the relevant Healthcare Services;
e) By court order, or by the request of administrative authorities that have legal competence to request..
f) With your permission. In other cases not mentioned above, in case we need to share your personal data, we will send you a notification to request your consent, allowing us to share the data for a specific purpose.
6. COOKIES
A “cookie” is a small bit of record-keeping information that websites often store on a user’s computer. ATHENA SAÚDE cookies are typically used to quickly identify a User’s device and to “remember” the User. We also use cookies as information to constantly improve our content and user experience.
Users can disable cookies or set their browsers to alert them when cookies are being sent to their device; however, disabling cookies may affect their ability to use the Service.
Types of cookies |
What they do |
Mandatory |
These cookies are essential for ATHENA SAÚDE pages to load correctly and allow you to browse our websites. |
Performance |
These cookies help us understand how visitors interact with ATHENA SAÚDE pages, providing information about the areas visited, the time spent on the site, and any problems you may find, such as error messages. |
Functional |
These cookies allow ATHENA SAÚDE pages to remember your choices, to provide a more personalized experience, and for the Beneficiary to watch videos and use social tools, comment sections, and forums, among others. |
Marketing |
These cookies are used to provide more relevant content and are of interest to the Beneficiary. We may use it to display targeted advertising or to limit the number of times we display an ad on the site; to measure the effectiveness of an advertising campaign, and to indicate the pages and sites the Beneficiary visited. ATHENA SAÚDE may share this information with third parties, such as contracted advertising agencies. |
7. PERSONAL DATA INTERNATIONAL TRANSFERS
ATHENA SAÚDE may transfer your personal data to third-party service providers abroad, including cloud service providers..
When your personal data gets transferred abroad, ATHENA SAÚDE will take appropriate measures to ensure adequate protection of your personal data under the requirements of applicable data protection legislation, reaching data transfer agreements with third parties when required.
8. HOW WE KEEP YOUR DATA SAFE
ATHENA SAÚDE follows generally accepted industry standards to safeguard the privacy of your personal information, taking reasonable steps and guidelines on security standards, such as:
a) Data encryption and anonymization;
b) Protection against unauthorized access to your systems;
c) Control and registration of all people who access each location where personal data is stored;
d) Confidentiality Agreements and Commitments with all those who access personal data;
e) Institutional measures such as updated privacy governance;
Even adopting the necessary measures, however, no data transmission is secure. ATHENA SAÚDE encourages Beneficiaries to adopt personal protective measures within their own environment.
9. DATA RETENTION
ATHENA SAÚDE retains the data collected under this Privacy Policy for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. ATHENA SAÚDE may still retain some of the data to the extent such retention is necessary to resolve disputes, enforce ATHENA SAÚDE user agreements, and comply with technical and legal requirements and constraints related to the security, integrity, and operation of the Service. Thereafter if the collected data is no longer needed for purposes specified in this Privacy Policy, ATHENA SAÚDE deletes all aforementioned data in its possession within a reasonable timeframe.
10. YOUR RIGHTS
In compliance with and respect for the legislation applicable to the processing of personal data, ATHENA SAÚDE guarantees the Beneficiary the following rights:
a) Personal data processing confirmation. Upon the Beneficiary’s request, ATHENA SAÚDE will confirm the existence of personal data processing, under the applicable legislation;
b) Access to data. The Beneficiary may request access to their personal data collected and stored by ATHENA SAÚDE;
c) Correction of incomplete, inaccurate, or outdated data. The Beneficiary may, at any moment, alter and edit their personal data through the Operator’s Call Centers and the channel [email protected];
d) Personal data portability. Upon express request from the Beneficiary, ATHENA SAÚDE will carry out the personal data portability to another service provider, under the terms of the applicable legislation;
e) Personal Data Erasure. The Beneficiary may request the erasure of personal data that have been collected by ATHENA SAÚDE, upon the Beneficiary’s request, at any time. The erasure of personal data will only take place in cases when the personal data is not necessary for ATHENA SAÚDE to comply with legal, and contractual obligations, for the protection of its legitimate interest and in other cases legally admitted;
f) Shared use of personal data info. Information about shared personal data can be found in this Privacy Policy. In case the Beneficiary needs additional clarifications, ATHENA SAÚDE makes itself available to the Beneficiary;
g) Consent withdrawal. The consent given by the User for ATHENA SAÚDE Personal Data processing can be revoked at any time. This, however, will not affect the lawfulness of processing based on the User’s consent before its withdrawal. The consent withdrawal request will not imply the deletion of personal data previously processed and maintained by ATHENA SAÚDE based on other legal grounds.
The beneficiary may directly exercise these rights by contacting our Data Protection Officer via the email address [email protected].
5. LEGISLATION AND JURISDICTION
This Notice will be governed, interpreted, and executed under national legislation, especially Law 13.709/2018 (LGPD), and any doubts arising from this document will be resolved by the competent jurisdiction of the personal data Holder.
6. CHANGES TO THIS POLICY
We reserve ourselves the right to correct or update this POLICY from time to time. When we update this Privacy Policy, we also update the date at the top of the document.
In relevant situations, mainly in the eventual modification of the purposes for which the data were collected, the Beneficiary will be informed about the changes made. The new Privacy Policy will take effect immediately upon publication.
São Paulo/SP, August 01, 2020