Privacy Policy

Data Protection and Privacy Commitment

DrOnline Inc is committed to implementing the technical and organizational measures necessary to comply with the applicable community and national legal norms in the field of data protection, privacy, and information security, particularly those set out in the USA General Data Protection Regulation (USA GDPR).

Data Controller

DrOnline Inc is the entity responsible for processing all personal data provided to us for the delivery of services requested by the data subject or their legal representative.

Collection and Processing of Personal Data

DrOnline Inc processes the personal data strictly necessary to provide information, carry out administrative procedures within its attributions and competences, and to disseminate its activities, according to interactions through different customer service and communication channels.

The personal data collected by DrOnline Inc are processed electronically, with protection, privacy, and security assured under the current legislation.

Legal Principles

All data processing operations are guided by the fundamental legal principles applicable in the field of data protection and privacy, particularly concerning their circulation, legality, fairness, transparency, purpose, minimization, conservation, accuracy, integrity, and confidentiality. DrOnline Inc is committed to demonstrating its accountability to the data subject or any third party with a legitimate interest in this matter.

Lawfulness and Purpose of Processing

Data processing operations carried out by DrOnline Inc fall under one or more specific purposes, with the legitimacy of such operations based on the data subject’s consent and the necessity of the processing for:

• The execution of a service contract in which the data subject is a party;
• Compliance with a legal obligation to which the data controller is subject.

Personal data collected may also be processed for statistical purposes, for actions to disseminate information or promotional activities, and for communication actions via direct communication, whether by mail, email, messages, or any other electronic communication service.

However, prior information and the collection of express consent for these additional purposes are always ensured, and citizens can, at any time, exercise their right to oppose the use of their personal data for other purposes.

Data Retention Periods

Personal data will be kept for the period necessary for the purposes that motivated their collection or subsequent processing, to ensure compliance with all applicable legal norms concerning archiving.

Communication of Data to Other Entities

The provision of information through the various customer service and communication channels may involve the use of third-party subcontracted services, which may involve these entities accessing personal data.

Under these circumstances, DrOnline Inc will only contract entities that present sufficient guarantees of implementing appropriate technical and organizational measures to meet applicable standards, with such guarantees formalized in a contract between DrOnline Inc and each of these third entities.

Data Recipients

Except in the context of fulfilling legal obligations, personal data will not be communicated to third parties that are not subcontracted entities or legitimate recipients, nor will any communication be made for purposes other than those mentioned above.

Security Measures

Considering the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, all entities contracted by DrOnline Inc implement the necessary technical and organizational measures to ensure a level of security appropriate to the risk.

Various security measures may be adopted to protect personal data against dissemination, loss, misuse, alteration, unauthorized processing or access, and against any other form of unlawful processing.

It is the sole responsibility of the data subject to keep their access codes secret and not share them with third parties. In the particular case of software applications used to access channels, data subjects must maintain and conserve access devices securely and follow the security practices recommended by manufacturers and/or operators, including the installation and updating of necessary security applications, such as antivirus software.

In the event that subcontracted services to third parties that may have access to personal data are required, DrOnline Inc’s subcontractors will be obliged to adopt security measures and protocols, as well as other technical measures appropriate for the protection of the confidentiality and security of personal data, to prevent unauthorized access, loss, or destruction of personal data.

Exercise of Data Subjects’ Rights

Data subjects may at any time exercise their data protection and privacy rights, particularly the rights of access, rectification, erasure, portability, restriction, or objection to processing, within the limits set out in the applicable norms.

Any request to exercise data protection and privacy rights should be addressed in writing to DrOnline Inc by the data subject, according to the procedure and contact information provided below.

Complaints and Suggestions

Data subjects have the right to file a complaint, either through the complaints book record or by submitting a complaint to regulatory authorities.

Suggestions may also be made via email sent to the following address: dpo@dronline.com

Incident Communication

DrOnline Inc has appointed a Data Protection Officer (DPO) and has implemented measures in the field of data protection, privacy, and information security.

Data Protection Officer:

Priscila Vilhena Ganga

dpo@dronline.com

In the event that data subjects wish to report any personal data breach that accidentally or unlawfully causes the destruction, loss, alteration, disclosure, or unauthorized access to personal data transmitted, stored, or otherwise processed, they may contact the Data Protection Officer using the contact information provided above.

Changes to the Privacy Policy

DrOnline Inc may, at any time, make changes deemed appropriate to this Data Protection and Privacy Policy to ensure its ongoing update, development, and continuous improvement. Any such changes will be duly announced publicly to ensure transparency and information.