Privacy Policy

This system is maintained and operated by Acol Consulting & Systems


We collect and use some personal data belonging to those who use our application. In doing so, we act as controller of this data and we are subject to the provisions of Federal Law no. 13,709/2018 (General Personal Data Protection Law – LGPD). We care about the protection of your personal data and, therefore, we provide this privacy policy, which contains important information about:

 Who should use our app
 What data we collect and what we do with it;
 Your rights in relation to your personal data; It is
 How to contact us.


1 – Data we collect and reasons for collection


   1.1 – Personal data expressly provided by the user


We collect the following personal data that our users expressly provide to us when using our application:

• Name
• Surname
• Login
• Email
• Telephone
• Professional Advice


This data is collected at the following times:

 When the user to access the system is created
 When filling out the spreadsheet for user creation


The data provided by our users is collected for the following purposes:

 So that the user can access the system
 Billing for services provided to healthcare providers


   1.2 – Personal data obtained in other ways


We collect the following personal data from our users:

• IP adress
• Login


This data is collected at the following times:

 When logged in
 When logged off
 When a transaction is carried out


This data is collected for the following purposes:

 Comply with legal determination of storing access records
• Guarantee the security and authenticity of transactions made


   1.3 – Sensitive data


No Sensitive data will be collected from our users, understanding those defined in arts. 11 et seq. of the Personal Data Protection Law. Like this, no there will be collection of data on racial or ethnic origin, religious conviction, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data, when linked to a natural person .


   1.4 – Collection of data not expressly provided for


Occasionally, other types of data not expressly provided for in this Privacy Policy may be collected, provided that they are provided with the user's consent, or that collection is permitted based on another legal basis provided for by law. In any case, data collection and resulting processing activities will be communicated to application users.


2 – Sharing of personal data with third parties


We do not share your personal data with third parties. Despite this, it is possible that we do so to comply with some legal or regulatory determination, or even to comply with an order issued by a public authority.


3 – How long will your personal data be stored


The personal data we collect will be stored and used for the following periods of time:

 5 years


The periods informed are not longer than strictly necessary, taking into account the purposes and legal justifications for data processing. 


It is worth mentioning that, if there is any legal or regulatory justification, the data may continue to be stored even if the purpose for which it was collected or processed has been exhausted. 


Once the processing has ended, in compliance with the provisions of this section, the data is deleted or anonymized.


4 – Legal bases for the processing of personal data


Each personal data processing operation must have a legal basis, that is, a legal basis, which is nothing more than a justification that authorizes it, provided for in the General Personal Data Protection Law.


All of Our personal data processing activities have a legal basis that supports them, among those permitted by law. More information about the legal bases we use for specific personal data processing operations can be obtained from our contact channels, provided at the end of this Policy.


5 – Rights of the data subject


We ensure your rights as holders set out in article 18 of the General Data Protection Law. This way, you can, free of charge and at any time:


 Confirm the existence of data processing, in a simplified manner or in a clear and complete format.
 Access your data, being able to request it in a legible copy in printed form or electronically, secure and suitable.
 Correct your data when requesting it to be edited, corrected or updated.
 Limit your data when unnecessary, excessive or treated in non-compliance with legislation through anonymization, blocking or deletion.
 Request the portability of your data, through a registration data report that Acol processes regarding you.
 Delete your data processed with your consent, except in cases provided for by law.
 Revoke your consent, deauthorizing the processing of your data.
 Find out about the possibility of not providing your consent and the consequences of refusal.


   5.1 – How the holder can exercise their rights


Holders of personal data processed by us may exercise their rights using the form available in the following way: Alternatively, if desired, the holder may send an email to our Personal Data Protection Officer. The information necessary for this is in the “How to contact us” section of this Privacy Policy.


To ensure that the user who intends to exercise their rights is, in fact, the holder of the personal data subject to the request, we may request documents or other information that can assist in their correct identification, in order to protect our rights and the rights of third parties. This will only be done, however, if absolutely necessary, and the applicant will receive all related information.


6 – Security measures in the processing of personal data


We employ technical and organizational measures capable of protecting personal data from unauthorized access and situations of destruction, loss, loss or alteration of that data. The measures we use take into account the nature of the data, the context and purpose of the processing, the risks that a possible violation would generate for the user's rights and freedoms, and the standards currently used in the market by companies similar to ours.


Among the security measures adopted by us, we highlight the following:


 Encrypted password storage
 End-to-end encryption on connections
 Database access restrictions
 Server access monitoring


We also inform you that we have ISO 27001 certification. We therefore follow the highest technical information security standards, so that we can protect the personal and non-personal data of our users.


Even if you do everything you can to avoid security incidents, it is possible that a problem may occur caused exclusively by a third party – such as in the case of attacks by hackers or crackers, or even in the case of the user's sole fault, which This occurs, for example, when he himself transfers his data to a third party. Therefore, although we are, in general, responsible for the personal data we process, we are exempt from responsibility if an exceptional situation such as these occurs, over which we have no control.


In any case, if any type of security incident occurs that could create significant risk or damage for any of our users, we will inform those affected and the National Data Protection Authority about what happened, in accordance with the provisions of the General Protection Law. of Data.


7 – Changes to this policy


This version of this Privacy Policy was last updated on: 04/04/2022


We reserve the right to modify these rules at any time, especially to adapt them to any changes made to our application, whether by making new features available or by deleting or modifying existing ones.


Whenever there is a modification, our users will be notified about the change.


8 – How to contact us


To clarify any doubts about this Privacy Policy or the personal data we process, please contact our Personal Data Protection Officer, through any of the channels mentioned below:



Telephone: +55 21 2507-4321 extension 2