This system is maintained and operated by Acol Consulting & Systems
We collect and use some personal data belonging to those who use our application. In doing so, we act as controller of this data and we are subject to the provisions of Federal Law no. 13,709/2018 (General Personal Data Protection Law – LGPD). We care about the protection of your personal data and, therefore, we provide this privacy policy, which contains important information about:
• Who should use our app
• What data we collect and what we do with it;
• Your rights in relation to your personal data; It is
• How to contact us.
Index
1 – Data we collect and reasons for collection
1.1 – Personal data expressly provided by the user
We collect the following personal data that our users expressly provide to us when using our application:
• Name
• Surname
• Login
• Email
• Telephone
• CPF
• Professional Advice
This data is collected at the following times:
• When the user to access the system is created
• When filling out the spreadsheet for user creation
The data provided by our users is collected for the following purposes:
• So that the user can access the system
• Billing for services provided to healthcare providers
1.2 – Personal data obtained in other ways
We collect the following personal data from our users:
• IP adress
• Login
This data is collected at the following times:
• When logged in
• When logged off
• When a transaction is carried out
This data is collected for the following purposes:
• Comply with legal determination of storing access records
• Guarantee the security and authenticity of transactions made
1.3 – Sensitive data
No Sensitive data will be collected from our users, understanding those defined in arts. 11 et seq. of the Personal Data Protection Law. Like this, no there will be collection of data on racial or ethnic origin, religious conviction, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data, when linked to a natural person .
1.4 – Collection of data not expressly provided for
Occasionally, other types of data not expressly provided for in this Privacy Policy may be collected, provided that they are provided with the user's consent, or that collection is permitted based on another legal basis provided for by law. In any case, data collection and resulting processing activities will be communicated to application users.
2 – Sharing of personal data with third parties
We do not share your personal data with third parties. Despite this, it is possible that we do so to comply with some legal or regulatory determination, or even to comply with an order issued by a public authority.
3 – How long will your personal data be stored
The personal data we collect will be stored and used for the following periods of time:
• 5 years
The periods informed are not longer than strictly necessary, taking into account the purposes and legal justifications for data processing.
It is worth mentioning that, if there is any legal or regulatory justification, the data may continue to be stored even if the purpose for which it was collected or processed has been exhausted.
Once the processing has ended, in compliance with the provisions of this section, the data is deleted or anonymized.
4 – Legal bases for the processing of personal data
Each personal data processing operation must have a legal basis, that is, a legal basis, which is nothing more than a justification that authorizes it, provided for in the General Personal Data Protection Law.
All of Our personal data processing activities have a legal basis that supports them, among those permitted by law. More information about the legal bases we use for specific personal data processing operations can be obtained from our contact channels, provided at the end of this Policy.
5 – Rights of the data subject
We ensure your rights as holders set out in article 18 of the General Data Protection Law. This way, you can, free of charge and at any time:
• Confirm the existence of data processing, in a simplified manner or in a clear and complete format.
• Access your data, being able to request it in a legible copy in printed form or electronically, secure and suitable.
• Correct your data when requesting it to be edited, corrected or updated.
• Limit your data when unnecessary, excessive or treated in non-compliance with legislation through anonymization, blocking or deletion.
• Request the portability of your data, through a registration data report that Acol processes regarding you.
• Delete your data processed with your consent, except in cases provided for by law.
• Revoke your consent, deauthorizing the processing of your data.
• Find out about the possibility of not providing your consent and the consequences of refusal.
5.1 – How the holder can exercise their rights
Holders of personal data processed by us may exercise their rights using the form available in the following way: https://www.acol.com.br/formulario-lgpd/. Alternatively, if desired, the holder may send an email to our Personal Data Protection Officer. The information necessary for this is in the “How to contact us” section of this Privacy Policy.
To ensure that the user who intends to exercise their rights is, in fact, the holder of the personal data subject to the request, we may request documents or other information that can assist in their correct identification, in order to protect our rights and the rights of third parties. This will only be done, however, if absolutely necessary, and the applicant will receive all related information.
6 – Security measures in the processing of personal data
We employ technical and organizational measures capable of protecting personal data from unauthorized access and situations of destruction, loss, loss or alteration of that data. The measures we use take into account the nature of the data, the context and purpose of the processing, the risks that a possible violation would generate for the user's rights and freedoms, and the standards currently used in the market by companies similar to ours.
Among the security measures adopted by us, we highlight the following:
• Encrypted password storage
• End-to-end encryption on connections
• Database access restrictions
• Server access monitoring
We also inform you that we have ISO 27001 certification. We therefore follow the highest technical information security standards, so that we can protect the personal and non-personal data of our users.
Even if you do everything you can to avoid security incidents, it is possible that a problem may occur caused exclusively by a third party – such as in the case of attacks by hackers or crackers, or even in the case of the user's sole fault, which This occurs, for example, when he himself transfers his data to a third party. Therefore, although we are, in general, responsible for the personal data we process, we are exempt from responsibility if an exceptional situation such as these occurs, over which we have no control.
In any case, if any type of security incident occurs that could create significant risk or damage for any of our users, we will inform those affected and the National Data Protection Authority about what happened, in accordance with the provisions of the General Protection Law. of Data.
7 – Changes to this policy
This version of this Privacy Policy was last updated on: 04/04/2022
We reserve the right to modify these rules at any time, especially to adapt them to any changes made to our application, whether by making new features available or by deleting or modifying existing ones.
Whenever there is a modification, our users will be notified about the change.
8 – How to contact us
To clarify any doubts about this Privacy Policy or the personal data we process, please contact our Personal Data Protection Officer, through any of the channels mentioned below:
Email: dpo@acol.com.br
Telephone: +55 21 2507-4321 extension 2
