1. INTRODUCTION: read this document.

 

HBAW DESENVOLVIMENTO works from an essential premise: the commitment to privacy, confidentiality and security of data and information shared by its users, with strict respect and observance of the legal and administrative rules applicable to its services.

 

The Terms of Use and Privacy Policy aims to inform its users, clearly and adequately, which data are collected and how they are protected during all personal data treatment activities. For the user to understand the content of this information, the company points out the basic definition on the protection of personal data, such as personal data, sensitive personal data, collection, registration, storage, use, sharing, deletion, etc., in accordance with the Personal Data Law (Law No. 13,709/2018).

 

Attention: HBAW assumes that the explanations provided to the user can no longer be restricted to the already traditional set of information about the service offered by the company and the medical peculiarities inherent to it. The qualified information that must be delivered to the user needs to point out and clarify information regarding the protection of personal data, its advantages and risks.

 

  1. DEFINITIONS

The understanding of this Terms of Use and Privacy Policy involves the clarification of some definitions involving the protection of personal data.

 

What is personal data? It is any information that refers to an identified or identifiable natural person, that is, any data that can lead to the identification of a person, such as, for example, name, CPF and RG number, photograph, etc.

 

What is sensitive personal data? According to the General Data Protection Law, sensitive personal data differs from non-sensitive personal data because it refers to a person’s racial or ethnic origin, religion, political opinion, union membership, as well as issues involving a person’s health, sex life, genetic or biometric data.

 

Who is the data subject of personal data? It is the person about whom the data (sensitive and non-sensitive) relates.

 

What is data processing? The processing of personal data includes any action or conduct that is carried out with personal data, such as access, storage, collection, deletion, etc.

 

What is anonymization? It represents a technical measure used to render personal data unidentifiable, that is, it is a procedure that aims to prevent the personal data from leading to the identification of its holder. Once anonymized, according to the General Law of Data Protection, the data is no longer considered personal data.

 

  1. How does HBAW collect personal data?

 

The data collection performed by HBAW takes place at different times and with different types of personal data.

 

Collection of non-sensitive personal data. This is the collection of personal data that does not refer to health, genetic or biomedical information of the user. This data is essential for us to know who you are and thus provide you with an adequate and personalized service, according to your expectations and needs. Our objective is to make your HBAW EXPERIENCE as comfortable, satisfying and productive as possible.

 

Collection of sensitive personal data. Sensitive personal data may be shared by the direct client via App or by the professional client (health manager).

 

Professional Client: is the legal or natural person user who operates in the healthcare market and uses HBAW’s tools as an added value for managing their patients’ data. Sharing sensitive personal data of the direct user is essential for the professional user to provide a functional and efficient patient experience.

 

Direct Customer via app: this is the patient or his/her legal representative, who, directly or through the professional customer, shares information, test results, conversation with the health manager* or any other data that has content about the person’s racial or ethnic origin, religion, political opinion, union membership, as well as issues involving health, sex life, genetic or biometric data.

 

How is sensitive data identified? The combination of non-sensitive data, when grouped together, can generate situations in which sensitive data can be inferred. In this case the treatment of this set of data – non-sensitive data – can be carried out in the same way that sensitive data is organized and protected. The sensitivity of data, therefore, is not something static, and so its processing and protection must also be dynamic.

 

Processing of personal data of minors. When the documents and other health records refer to children or adolescents – i.e. are the direct client via the app – the identification of at least one of the parents or legal representative through specific and outstanding consent will be mandatory. This consent is simple, clear, and accessible. Any questions can be answered through the health manager or by contacting HBAW support.

 

How is personal data stored? HBAW has a format that allows direct access to the stored information, both to the professional client and the direct client via app. Eventual user requests will be answered by electronic means, secure and appropriate (art. 19, § 2º, I, LGPD). Answers by printed means will be provided by the professional client to its patients.

 

USERS’ RIGHTS AND DUTIES

The business customer and the direct customer are protected by the rights and duties listed in the General Data Protection Law (especially, but not exclusively, in articles 18 and 19).

Are there any differences between the rights of the business customer and the direct customer via the app? Yes, certain rights contained in the Data Protection Law can only be exercised by the professional client with the express authorization of the direct client via app, which can be given in advance, given the information related to the functionalities of the application.

What are these rights? The professional client and the direct client via the app have the following rights:

 Unrestricted access to their data;

 The correction of data, when incomplete, inaccurate or outdated;

 The anonymization, blocking or deletion of data that is unnecessary, excessive or processed in non-compliance with the LGPD;

 

ATTENTION: Due to the dynamics of HBAW’s functionalities, which involve not only the direct client via app, but also the professional client and other participants in the information chain – who support the patients’ health care – the anonymization, blocking or elimination of the professional client’s or direct client’s data via app will be carried out after analyzing the effective existence of

 

 The portability of data to another application or provider of the same services, through the express written request of the direct client via app to the professional client, who will in turn request it from HBAW;

 

ATTENTION: Since HBAW services may be used directly by the direct client via the app, through access to the information and records contained in the app, it is important that the sharing of data be done in a responsible manner. Personal data is now considered a highly valuable financial asset, especially when its content relates to users’ health information.

 

 The direct client via app and the professional client may request the termination of the data treatment, respecting, however, the peculiarities of the treatment referring to the dynamics of the health care of patients, which fall under the hypotheses foreseen by art. 16 of LGPD, in particular the fulfillment of legal or regulatory obligation by HBAW.

 

 How can the professional client and the direct client via app exercise their rights? The direct client via app should exercise the rights foreseen in the legislation through an express request addressed to the professional client, who will intermediate the issue with HBAW.

 

 How will HBAW proceed with these requests? HBAW will send a written reply to the professional client in case it is not possible to take the required action immediately.

 

ATTENTION: The aforementioned request will not cost anything to the users. Moreover, such request has a simplified format and its filling out must respect the provision of the information requested therein. According to the LGPD (art. 19, II), HBAW has fifteen (15) days to answer the professional client’s requests.

 

PURPOSE OF THE TREATMENT OF PERSONAL DATA 

 

HBAW is responsible for the treatment of the personal data of its users, both professional client and direct client via app. However, given its functionalities, the forwarding of the personal data of its users can be carried out by the contracting company and by the patient himself.

 

ATTENTION: Since the HBAW services can be used directly by the direct client, through access to the information and records contained in the application, it is important that the sharing of data be done responsibly.

 

Does HBAW provide only archiving of health records? No. The records, documents, and information entered by the professional client in the application relate directly or indirectly to the health of users, which includes providing subsidies to companies and health professionals for the management of systems and other services, auditing, and continuous improvement of health care.

 

ATTENTION: One of the greatest concerns of the sectors that provide health care services is the security of their clients’ data. HBAW, in this circumstance, seeks to provide its clients and users with the highest level of reliability and security in the treatment of personal data.

 

HBAW’s Obligations to Other Participants in the Health Care Data Processing and Security Process. HBAW has legal and regulatory obligations and duties, as the provision of health care is subject to specific regulations, including the time of archiving of health records, interactions within the application, and other functionalities involving patient information.

ATTENTION: HBAW may use the data of its users for defense in administrative, judicial or arbitral processes. It may also use these data to instruct procedures initiated before the user service sector (SAU) or other inspection organs.

 

SHARING OF PERSONAL DATA

 

In what situations may users’ personal data be shared? HBAW allows the sharing of data between the client company and the health professionals who provide its services. The direct client via the app who eventually has access to the functionality of the app may also share their data and health records with other companies or individuals, which is why HBAW insists on responsible and safe use of its services. In addition, HBAW may share the data of its users: 

 

 By legal or regulatory determination;

 To comply with judicial orders;

 To comply with determinations emanating from the National Authority of Data Treatment or other organizations with power to do so.

 

COMPLAINTS AND QUERIES 

 

Any doubts related to the treatment of data carried out by HBAW should be sent to the health manager or to the user service (SAU).

 

CHANGES TO THE PRIVACY POLICY

 

HBAW may alter this privacy policy and terms of use at any time. All changes will be made available in the body of the application.