Last update: July 21, 2021.
WARNING – READ CAREFULLY BEFORE ACCESSING OR USING OUR SERVICES.
- What is this Policy for?
- Definitions used along the Policy
- Data from Underage People
- Collected Personal Data
- Registration Data
- Service-generated Data
- Marketing Communication
- Retention period
- Guidelines to protect your data
- Third-party sharing
- Service Providers
- Clinical and scientific research
- Third-party links
- International Transfer
- Holder Rights
- Changes to this Policy
- Questions and clarifications
Our goal is to follow you in this journey through healthcare. That is why we want you to be comfortable about the collection and use of your Personal Data, especially your healthcare data.
If you have any doubt on the statements in this Policy or any worry about your Personal Data, contact us through the e-mail address firstname.lastname@example.org
We are always available to hear from you, both in your journey through healthcare and in favor of your privacy!
1. What is this Policy for?
This Policy describes which types of Personal Data we can receive from you – directly or from your interaction with us – with whom may we share and how to protect them, keeping both you and your Personal Data rights safe. This Policy provides an overview of all the situations through which we may interact.
We are aware of our great responsibility on securing your Personal Data, mainly about your healthcare. We commit to be as clear and transparent as possible, so that you understand what we do with your data. For that, we aim the highest privacy and safety standards, all in accordance with the Applicable Legislation, referring to the Data Processing we carry out. The more you interact with us, more you inform us and we can improve our services. When this Policy mentions “Phelcom”, “we”, “us”, “our” or “ours”, as well as the grammar variations of the first person plural, it refers to Phelcom Technologies LTDA-ME, under the CNPJ (National Registry of Legal Entities) no. 24.476.108/0001-13, headquartered at 820, José Missali Street – Jardim Santa Felícia – ZIP Code 13.562-405 – São Carlos / SP, Brazil.
2. Definitions used along this Policy
- Personal Data means any information related to a natural person, identified or identifiable, directly or indirectly, privately or through an ID number or one or more person-specific factors, such as name, surname, birthdate, identification document, address, telephone number, e-mail address, behavioral profile, etc., that is disclosed, provided to or accessed by PHELCOM, for the ends of providing Services and operation of PHELCOM Platform.
- Anonymized data means any data related to a non-identifiable Holder, considering the usage of reasonable technical means available by the time of your treatment. For example: data we collect when you visit our website, as clicks, mouse moves, location, browser name and version, name, device brand and version, browser language preferences, screen size, page visibility, date and time, time spent in specific pages, and the resources you access in our website. None of this information can tell us who you really are.
- PHELCOM Platform means the integrated system between the medical device Eyer fundus camera and the EyerCloud Software;
- Controller means any person, natural or legal, of public or private law, who performs the Personal Data Processing in the name of the Data Controller.
- Patient means the user and beneficiary of the Services we provide through the PHELCOM Platform.
- Customers/ Partners mean all those who subscribe to the EyerCloud software service, including Doctors, medical or laboratorial institutions, such as Clinics and Hospitals that use Phelcom’s Services to carry out retinal exams in Patients and/ or to manage the attainment of reports and results of exams carried out through Eyer fundus camera. This definition also includes the Professional Technicians who Phelcom’s Customers hire to carry out the referred retinal exams.
- Qualified Professional Technicians are the professionals trained either by Phelcom or Phelcom’s Customers to correctly operate Eyer Fundus Camera and/ or the Sotwares to carry out retinal exams, including Doctors and other healthcare professional technicians.
- User means all individuals who access and use our Services, either Patients, Customers or Qualified Professionals.
- Holder means the natural person to whom the Personal Data object to Processing refers.
- Processing: any operation or set of operations with Personal Data or set of Personal Data, whether by automated means or not, such as (but not limited to) collection, use, access, organization, query, production, alteration, receipt, classification, use, reproduction, communication, transmission, distribution, processing, filing, recording, structuring, storage, adaptation, retrieval, transfer, provision, combination, restriction, elimination, evaluation or control, modification, deletion or extraction.
- Applicable Legislation means the Brazilian Law, especially while the General Law of Personal Data Protection (Law no. 13.709/2018 or “LGPD”) remains in effect, as well as the Brazilian Civil Rights Framework for the Internet (Law no. 12.965/2014 and Decree No. 8.771/2016), the Federal Constitution, Brazilian Civil Code, Criminal Code, Customer Defense Code (Law no. 8.078/1990 and Decree no. 7.963/2013), their further alterations, and any other applicable laws and regulations related to the Processing, privacy, secrecy and protection of Personal Data and, if so, all the guidelines, norms, rules, ordinances, regulations and practice and conduct codes issued by the National Data Protection Authority (“ANPD”), National Health Surveillance Agency (“ANVISA”) or any other pertinent government entity.
3. Data from Underage People
PHELCOM platforms are not designed nor directed to children. We do not collect data from patients under 12 (twelve) consciously or intentionally. You need to inform your birthdate to create a User Account in PHELCOM. It allow us to check the User’s age automatically.
If you are under 18, you must not use PHELCOM Platform without a written consent of at least one of your parents or legal tutors, which they must send to email@example.com.
If you suspect someone under the age 18 (eighteen) is using our Services with no due authorization, do not hesitate to contact us at firstname.lastname@example.org.
If we are aware that data from people under 18 (eighteen) years old was collected without previous authorization from parents or legal guardians, we will not disclose such data and we reserve the right to erase the User account immediately, as well as all the information related to the underage User, including from our servers.
4. Collected Personal Data
We access your Personal Data through Phelcom Platform.
Sometimes, you provide us these data directly (for example, when you create an account, report symptoms, physical activities, feelings, when you contact us by chat or “contact us” link, or when you write a testimonial). Sometimes, we collect data (for example, by using cookies to understand how you use our Platforms). Still, sometimes we receive information about you available on the internet, or through third parties such as Facebook, Instagram, Youtube, LinkedIn and Google. The more you interact with us the more you inform us and more we can provide you personalized services.
All the Personal Data that PHELCOM detains over you are confidential and so must remain, unless you opt actively to share them, for example, with another medical team that treats you.
Veracity and quality of Personal Data. Users are solely responsible for ensuring the exactitude, clarity, relevance and timely update of provided Personal Data provided, as necessary. PHELCOM is not obliged to investigate the veracity of the information submitted. Notwithstanding the foregoing, PHELCOM may ask you to update your Personal Data from time to time.
5. Registration Data
If you are a Patient, when you create your PHELCOM User Account, we need to receive data necessary to identify and contact you and provide our Services. We will collect your full name, CPF, birthdate, address, gender, telephone number and e-mail (collectively, the ”Registration Data”) and some data on your habits and health, such as pre-existent diseases. Registration Data are essential for us to provide our Services. If you do not fill in Registration Data, we will not be able to provide them.
Registration data the user enters to create his/her User Account must be precise, current and true.
The main reason for us to collect your Personal Data is to offer our Services.
When you receive your Registration Data, they are inserted in PHELCOM’s database, safely masked and encrypted, only for the purposes informed in this Policy.
You shall never share information and Personal Data from third parties or sensitive data.
6. Service-generated data
Processing data from the use of our services aims mainly to allow you to carry out retinal exams and their evaluation by the responsible doctor. Such data also generate statistical anonymous analyses on how you interact with and use PHELCOM Platform, helping us understand how you use our products, as well as correcting problems and bugs to improve your experience.
Location data. PHELCOM may collect information about your precise or approximate location, according to your device settings and permissions, as well as GPS data, IP address and Wi-Fi. PHELCOM collects such location data whenever the Eyer – EyerCloud system is running in the foreground (application is open and visible in screen) or background (application open, but not shown in screen).
Use and transaction data. We collect Anonymous Data on how you interact and use our services, including:
- Type of demanded or provided service;
- Features of Phelcom Platform you used or pages you viewed;
- Software failures and other system activities;
- Browser used and third-party websites and services used before accessing our services;
- Order details;
- Information on benefits, time and date of delivered service and platform access;
- Length of the intervention.
- Hardware models;
- Device IP addresses;
- Systems and operational versions;
- File names, their respective operation system versions and credentials in PHELCOM software subscription system, if applicable;
- Unique Device Identification (UDID);
- Ad identifiers;
- Serial numbers;
- Device movement information;
- Mobile network data;
- City location.
Log file Information. More than the referred data, we can also collect data such as:
- Domain names
- Internet Service Providers;
- Files viewed in our website (for example, HTML pages, charts, etc.), operation system and clickstream data.
7. Marketing Communications
User e-mail and phone number aim to authenticate and validate your PHELCOM account login. They are the main and secondary means of communication (“Essential Communications”) with the User, enabling us to provide Service. PHELCOM may also use them to send “push” notifications with information, reminders, news, contents, partnerships and other relevant events on PHELCOM’s products and services, to keep our relationship with you (“Marketing Communications”). We will ask you for previous consent to send Marketing Communication.
We are attentive about what and how often we communicate. PHELCOM will never send Marketing Communications without your consent. You can change definitions from your device at any time: in the e-mail you received, in Phelcom Platform settings, sending a chat message or an e-mail to email@example.com, with the subject “Consentment Revogation”.
If you do not consent us to send Marketing Communication, PHELCOM will keep providing services and functionalities regularly.
8. Retention period
We only keep your Personal Data for the time needed to reach the Processing reasons, to fill your necessities or to comply with our legal or regulatory obligations. When we do not need to use your Personal Data anymore, or when the law demands, they will be either removed from our systems and registries or anonymized, so that you are not identifiable from such data anymore.
We may retain some Personal Data to fulfill our legal or regulatory obligations, to allow and to guarantee the regular exercise of our rights (for example, in law, administrative or arbitration process).
PHELCOM takes your Personal Data security very seriously. We always apply technical and organizational safety measures established in the Applicable Legislation. We consider both the nature of the Personal Data and the circumstances of their processing. We also consider advisable circumstances, assuring integrity, safety and confidentiality of Personal Data in PHELCOM Platform.
Although taking all the technical and organizational measures to assure your Personal data security, no system of electronic data transmission or retention is plainly safe and is subject to external attacks. PHELCOM is not liable for any damage resulting from acts of third parties who use improper, fraudulent or illegal means to access the data stored in servers or databases we use. Neither can Phelcom be liable for having caused the unauthorized access to PHELCOM Platforms.
10. Guidelines to protect your data
For our users and Customers: the Software installed in Eyer stores your Personal Data. We understand that protecting your device is also a way to keep your data safer. Below we present some ways to better secure the data in your device:
- Enable authentication by code, digital biometric or facial recognition for your device. It automatically encrypts the access data and prevents any person from using your device without permission.
- Set up a feature to allow you to erase all the data in your device if lost or stolen:
- For iOS™ devices, activate this feature in two steps: first, enable “Find my iPhone” through iCloud® then “Erase a Device” (search for instructions in Apple Support webpages).
- For Android™ devices, download and setup “Find my Device” from Google Play Store and, if necessary, use the connected web interface to remote block or clean you cellphone (search for instructions in Google Support webpages).
11. Third-party sharing
PHELCOM will not share your Personal Data with third parties, unless: (i) it is necessary to provide you our Service (as technical service suppliers), (ii) we have asked for your explicit consent, or (iii) your data have been anonymized in databases with aggregated data for clinical and scientific research. Such anonymous research data have no information that allows the researcher, PHELCOM’s Customer or partner, to identify you as an individual.
We may also share your Personal Data with third parties:
- If we have the right or duty to disclose or share your Personal Data to fulfill a legal or regulatory obligation;
- To protect your rights or for the safety of PHELCOM, our Users, patients or employees;
- If we have your express consent to do it.
12. Service Providers
We may, sometimes provide certain Personal Data to trustworthy third parties, so that they do a series of activities in our behalf. We need them to provide our Services. They help us by providing IT services, as follows:
- Platform suppliers
- Hosting services
- Maintenance and support to our database, software and applications that may have data about you.
These services may imply access to your data to do the necessary tasks.
We only provide them the necessary information to perform the service concerned. We demand they have the same level of protection and privacy to your data as PHELCOM. This includes the obligation not to use your Personal Data for any other purpose than the one PHELCOM hired, besides obligations of confidentiality and security standards, inter alia.
13. Clinical and scientific research
Our mission is to promote health to as many people as possible.
We understand it is our duty to share obtained data – carefully made anonymous – for scientific and clinical research about health.
Data anonymization means that PHELCOM will delete specific information that, gathered with other data, may identify you as an individual – your User name or e-mail address. PHELCOM may also replace that information with a random number, so that we do not share your identity information with any third party.
We make explicitly sure we select our partners very carefully and, most importantly, we only provide data for scientific and clinical investigation after they are anonymized, following a rigorous protocol that involves removing any information useful to identify any specific Patient.
14. Third-party links
By accessing the social media content through our Website (for example: Google, Facebook, Instagram, Twitter, LinkedIn, Vimeo, YouTube, etc.), you may have a Cookie from the social network stored in your device. We invite you to read their Cookie Policies to obtain further information.
15. International Transfer
Data collected from you may be transferred, accessed and/ or stored in a foreign country. Foreign employees of our service providers may process them.
We only process your Personal Information outside Brazil safely and according to the Applicable Data Protection Law. Most of the times, the eventual transfer is to countries or international organizations with a level of personal data protection adequate to the Applicable Law. As some countries may not have an adequate law to regulate processing and international transfer of Personal Data, we take measures to assure the third parties comply with the commitments of this Policy. Such measures may include analyzing the norms of privacy and safety of the third parties and/ or the signature of appropriate contracts, with specific clauses on Personal Data Processing.
We use these data to know and analyze tendencies, administer the site, track the User behavior, improve our products and services, as well as collect demographical information on all our Users. PHELCOM can use such data in our marketing and advertising services.
The main web browsers have options to refuse storing cookies and the tools to control permissions and Personal Data as, for example, private or anonymous browsing modes. If you are interested, you can edit your browser settings to refuse and/ or delete cookies. The “Help” function in your browser may inform you how to do it.
There are still diverse free browsing extensions that allow blocking personalized ads and tracking through cookies. PHELCOM does not endorse or verifies any of such applications. Using them is at your entire responsibility.
Note that, by disabling cookies, you may keep some web services from working properly, partially or completely affecting your navigation.
17. Holder Rights
We make efforts to assure your rights are respected, therefore we would like you to know that:
- We designed our Services to minimize the use of your Personal Data. We only collect and use your data for the purposes referred above.
- Specialists routinely check our servers’ safety to protect your data from unauthorized access.
- We do not keep your data in an identifiable format for longer than necessary.
- You as a user of our services can, at any time:
- Require PHELCOM to confirm your Personal Data Processing.
- Require access to your Personal Data at PHELCOM.
- Require portability of your Personal Data to other service provider.
- Require the correction of your Personal Data that are inexact, incomplete or out of date.
- Require revocation of your consent for Personal Data Processing, for the data are processed based in your consent. You can still require that this data is deleted at any time.
- Require deletion of your Personal Data at PHELCOM.
- Require information about the public and private entities with which PHELCOM shares your Personal Data.
- Require anonymization, blockage or deletion of Personal Data considered unnecessary, excessive or processed in disconformity with the Applicable Legislation.
- Present a complaint to the competent supervision authority, if you consider PHELCOM violates the Applicable Legislation while Processing your Personal Data.
To require the exercise of any of these rights, send an e-mail to firstname.lastname@example.org with a subject referring to the information about which you would like to have more clarifying (for example: “access to my data”, “confirmation of existent data processing”, etc). Get in touch through the link ‘Contact Us’ in our Website www.phelcom.com or write to: Phelcom Technologies LTDA-ME, under the CNPJ no. 24.476.108/0001-13, at 820, José Missali Street – Jardim Santa Felícia – Zip Code 13.562-405 – São Carlos / SP, Brazil.
We are always available to you, in your journey through healthcare or in favor of your privacy!
18. Changes to this Policy
As mentioned in the beginning of this Policy, we may update this page periodically. In case of significant changes, you will receive a notification via Phelcom Platform or registered e-mail at least 30 (thirty) days in advance. To the extent allowed by the applicable law, the use of our services after this warning equals to accepting the updates in this Policy.
We highlight it is important that you review this Policy periodically to obtain the latest information on our data protection practices.
19. Questions and clarifications
PHELCOM does not intend, at any circumstance, to diagnose or replace the relation between you and your personal Doctor, or another health professional who follows you personally and face-to-face.
Always consult your doctor or another qualified healthcare professional, face-to-face or remotely, whenever you have doubts related to a medical condition.
Never dismiss the advice of a professional doctor, nor take a long time to seek for medical care due to something you have read or to which you have searched counseling in our Platform.
If you are not satisfied with our answers to your complaints, or if you consider your Personal Data Processing is not in accordance with the Applicable Data Protection Law, send a complaint to email@example.com or write to Phelcom Technologies LTDA-ME, under the CNPJ no. 24.476.108/0001-13, at 820, José Missali Street – Jardim Santa Felícia – Zip Code 13.562-405 – São Carlos / SP, Brazil.