Policy document updated 1st November 2023
Policy document updated 1st November 2023
DrOnline Inc is committed to implementing the technical and organizational measures necessary to comply with the applicable community and national legal norms in the field of data protection, privacy, and information security, particularly those set out in the USA General Data Protection Regulation (USA GDPR).
DrOnline Inc is the entity responsible for processing all personal data provided to us for the delivery of services requested by the data subject or their legal representative.
DrOnline Inc processes the personal data strictly necessary to provide information, carry out administrative procedures within its attributions and competences, and to disseminate its activities, according to interactions through different customer service and communication channels.
The personal data collected by DrOnline Inc are processed electronically, with protection, privacy, and security assured under the current legislation.
All data processing operations are guided by the fundamental legal principles applicable in the field of data protection and privacy, particularly concerning their circulation, legality, fairness, transparency, purpose, minimization, conservation, accuracy, integrity, and confidentiality. DrOnline Inc is committed to demonstrating its accountability to the data subject or any third party with a legitimate interest in this matter.
Data processing operations carried out by DrOnline Inc fall under one or more specific purposes, with the legitimacy of such operations based on the data subject’s consent and the necessity of the processing for:
Personal data collected may also be processed for statistical purposes, for actions to disseminate information or promotional activities, and for communication actions via direct communication, whether by mail, email, messages, or any other electronic communication service.
However, prior information and the collection of express consent for these additional purposes are always ensured, and citizens can, at any time, exercise their right to oppose the use of their personal data for other purposes.
Personal data will be kept for the period necessary for the purposes that motivated their collection or subsequent processing, to ensure compliance with all applicable legal norms concerning archiving.
The provision of information through the various customer service and communication channels may involve the use of third-party subcontracted services, which may involve these entities accessing personal data.
Under these circumstances, DrOnline Inc will only contract entities that present sufficient guarantees of implementing appropriate technical and organizational measures to meet applicable standards, with such guarantees formalized in a contract between DrOnline Inc and each of these third entities.
Except in the context of fulfilling legal obligations, personal data will not be communicated to third parties that are not subcontracted entities or legitimate recipients, nor will any communication be made for purposes other than those mentioned above.
Considering the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, all entities contracted by DrOnline Inc implement the necessary technical and organizational measures to ensure a level of security appropriate to the risk.
Various security measures may be adopted to protect personal data against dissemination, loss, misuse, alteration, unauthorized processing or access, and against any other form of unlawful processing.
It is the sole responsibility of the data subject to keep their access codes secret and not share them with third parties. In the particular case of software applications used to access channels, data subjects must maintain and conserve access devices securely and follow the security practices recommended by manufacturers and/or operators, including the installation and updating of necessary security applications, such as antivirus software.
In the event that subcontracted services to third parties that may have access to personal data are required, DrOnline Inc’s subcontractors will be obliged to adopt security measures and protocols, as well as other technical measures appropriate for the protection of the confidentiality and security of personal data, to prevent unauthorized access, loss, or destruction of personal data.
Data subjects may at any time exercise their data protection and privacy rights, particularly the rights of access, rectification, erasure, portability, restriction, or objection to processing, within the limits set out in the applicable norms.
Any request to exercise data protection and privacy rights should be addressed in writing to DrOnline Inc by the data subject, according to the procedure and contact information provided below.
Data subjects have the right to file a complaint, either through the complaints book record or by submitting a complaint to regulatory authorities.
Suggestions may also be made via email sent to the following address: email@example.com
DrOnline Inc has appointed a Data Protection Officer (DPO) and has implemented measures in the field of data protection, privacy, and information security.
Data Protection Officer:
Priscila Vilhena Ganga
In the event that data subjects wish to report any personal data breach that accidentally or unlawfully causes the destruction, loss, alteration, disclosure, or unauthorized access to personal data transmitted, stored, or otherwise processed, they may contact the Data Protection Officer using the contact information provided above.