(Updated: May 18, 2021)
We seek, with this document, to inform you clearly and precisely about the rules we adopt for the Treatment of your Personal Data, always in compliance with the requirements set out in the Applicable Data Protection Legislation.
We emphasize that good governance practices are adopted, including information security standards, in order to minimize the risks associated with data loss, misuse, unauthorized access, unauthorized disclosure and changes, in order to ensure the correct and safe treatment of your Personal data.
WHO WE ARE
G-Flex América Latina is a company incorporated under Brazilian law, headquartered in the city of Espírito Santo do Pinhal, State of São Paulo, at Rua Marquês do Herval, nº 189, Centro – CEP: 13990-000 and registered with the CNPJ/MF under No. 19.865.312/0001-96.
With over 10 years of experience, G-Flex America Latina specializes in diagnostic and therapeutic treatment accessories for the gastrointestinal and pulmonary market. We offer high quality reusable and disposable devices.
Through our network of international partners located in over 30 countries, we have been able to achieve a global vision of simple, performing medical devices.
We will be, under the Applicable Data Protection Law, the Controller of your Personal Data processed under this policy, as detailed below:
- Anonymization or Anonymized Data(s): means the adoption of reasonable technical means available at the time of Treatment, whereby data loses the possibility of association, directly or indirectly, with an individual.
- Personal Data: means any information related to an identified or identifiable natural person.
- Applicable Data Protection Legislation: means the Brazilian General Personal Data Protection Law No. 13.709/2018 (“LGPD”) and subsequent amendments, as well as the Civil Law of the Internet No. 12.965/2014, Decree No. 8.771/ 2016, Federal Constitution, Brazilian Civil Code, Penal Code, Consumer Defense Code, Decree No. 7.963/2013 and any other applicable laws and regulations related to the Treatment of Personal Data and privacy and, if applicable, all guidelines and codes of issued by the National Data Protection Authority (“ANPD”) or other relevant data protection or supervisory authority.
- Owner: natural person to whom the Personal Data that are the object of Processing refer.
- Controller: natural or legal person, under public or private law, who are responsible for decisions regarding the Processing of Personal Data.
- Operator: means any natural or legal person, under public or private law, who carries out the Processing of Personal Data on behalf of the Personal Data Controller.
- Services: means any product or service offered by G-Flex.
- Treatment: means any operation performed with Personal Data, such as those relating to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, broadcast or extraction.
- User(s): means anyone who visits our Site or uses services made available through it.
- Cookies: are small text files that are stored on your device (computer, tablet or mobile) when you are on the Internet.
DATA PROCESSING PRINCIPLES
All Personal Data Processing is guided by the principles established in the Applicable Data Protection Legislation, namely: purpose, adequacy, necessity, free access, data quality, transparency, security, non-discrimination, responsibility and accountability and prevention.
G-Flex guarantees that all Personal Data Processing is:
- performed for a legitimate, specific and explicit purpose, always previously informed to the Data Subject;
- compatible with the stated purposes;
limited to the minimum necessary to achieve the purpose, always proportionate and not excessive in relation to the necessary Data;
- transparent, with clear, accurate and easily accessible information about the Treatment and the respective agents (Controllers and Operators) participating in the operation;
- non-discriminatory, illegal or abusive in relation to its purposes; conforme e seguro, através da adoção de medidas técnicas e administrativas capazes de comprovar o cumprimento com as normas de proteção de Dados Pessoais, bem como de prevenir e proteger os Dados contra acessos não autorizados, eventos acidentais ou ilegais de destruição, perda, alteração, comunicação, divulgação ou quaisquer outros danos.
PERSONAL DATA WE COLLECT FROM YOU
In order to enable the provision of services and/or products (“Services”), response to demands and service to users or customers, we may collect, directly or indirectly, and store all or some of the Personal Data described below, depending on of your level of interaction with us.
You are solely responsible for ensuring the accuracy, clarity, relevance and timely updating of the Personal Data provided, as needed. Therefore, we are under no obligation to investigate the veracity of the information submitted, but rather to update our database whenever requested by you.
PERSONAL DATA YOU PROVIDE WHEN YOU COMPLETE THE “CONTACT US” FORM
In order for you to contact us, we will need to receive some Personal Data from you to identify you, contact you and provide our Services. We will always indicate the mandatory fields with an asterisk. Therefore, we will collect:
Mandatory (with asterisk):
- your name;
- your email;
- your phone;
- the subject of your message;
- Your message.
PERSONAL DATA YOU PROVIDE US WHEN YOU COMPLETE THE “CLAIMS” FORM
- your name;
- your email;
- your phone;
- the code of the product object of the complaint;
- the batch code of the product object of the claim;
- a description of the facts reported through the complaint;
- information related to the use of the product that is the subject of the complaint;
- information regarding the consequences of the adverse event that is the subject of the complaint;
- information related to the resolution of the adverse event object of the complaint, if possible through health agents (doctors, nurses, etc.);
- photos and/or videos that illustrate the object of the complaint;
AUTOMATIC DATA COLLECTION THROUGH COOKIES
G-Flex may collect, through Cookies, some Personal Data relating to your browsing on our Site and use of our Services and always in accordance with the specific authorizations granted by you through the settings of your device, operating system or browser. We can collect, for example:
- your IP address;
- the date and time of use of the Site;
- your Geolocation;
- information about browsing habits, such as pages/environments accessed within the Site, number of clicks, interaction with the Site and duration of access, blocking and unblocking the device;
- information about the services and products you are looking for, interested in, and using;
- the pages that gave rise to access to the Site and which were accessed during and after browsing the Site;
- information about your device, such as operating system, browser and its versions, language, permissions, Wi-Fi networks and mobile network used, and statistical information related to the use of the device.
G-Flex uses data collected through Cookies to know and analyze trends, administer the website, track User behavior, improve products and services, collect demographic information about all of our Users and for its marketing and advertising initiatives.
Whenever you want, you can disable Cookies through the configuration options of your respective browser.
PERSONAL DATA COLLECTED THROUGH THIRD PARTIES
G-Flex may receive Personal Data about you indirectly, through third parties who are legitimate to share your Personal Data and who may be our business partners, suppliers, advertising networks, social networks such as Facebook, Instagram, Twitter and LinkedIn, search information providers, third parties that enable the signaling functionality and integration of social networks or other Users.
Because our Services are of a medical and hospital nature, we may also receive Personal Data owned by them from our customers, including their physician.
In any event, Personal Data will only be used for the purposes set out in this Policy, and we recommend that you also access the Privacy Policies of these third parties to understand how your Personal Data are treated by them.
HOW YOUR PERSONAL DATA ARE USED AND ON WHAT BASIS APPLICABLE
According to the Applicable Data Protection Law, depending on the purpose for which your Personal Data are used, there will be a legal basis to authorize the Processing.
The legal bases applicable to the Processing of your Personal Data carried out by us are:
- Execution of a contract with you or pre-contract arrangements, ie to provide the Services you request from us.
In this case, Personal Data are used to:
- Help us answer your questions and manage your demands.
- Allow the maintenance and updating of your registration data, as well as the execution, access and use of the Site and for your interaction with us.
- Make it possible to meet your demands.
- A legitimate interest in promoting or looking after our activities and interests, such as:
- Help us to better understand your needs and expectations and therefore improve our Services for the benefit of our Users.
- Fraud prevention.
- Keeping our tools and systems safe and secure and ensuring they are working properly and continually being improved.
- Measure or understand the effectiveness of the information we provide you and others, and provide information relevant to you.
- Administer our Site and carry out internal operations, including troubleshooting, analyzing Personal Data, testing, research, statistics.
- Improve our Site and Services to ensure that content is delivered in the most effective way for you and your device.
- Verify your identity and assess it.
- Maintain and improve the security of the Site, including to identify and prevent possible security threats and also to develop and use anti-fraud tools.
- Measure, analyze and understand the audience, performance and use of the Site and our Services (including browsing habits and the profile of Users), as well as Users’ satisfaction with the Site.
- Use information technologies for the purposes specified herein.
- Update your Personal Data and information in our records.
- Send communications that are necessary under our contract with you or relevant to maintaining our relationship with you.
- Obtaining express and specific consent to send marketing communications or other timely communications that may be of interest to you. You may opt-out of receiving such communications through our opt-out tool, located at the end of all communications from us.
- Fulfillment of a legal and/or regulatory obligation, when processing is required by law.
- Regular exercise of our rights or those of third parties in judicial, administrative and/or arbitration proceedings, including the rights of our clients to exercise their rights before third parties, as well as to allow the fulfillment of requests, requests and decisions of administrative authorities and judicial proceedings.
SHARING PERSONAL DATA WITH THIRD PARTIES
Your Personal Data may be shared with third parties in the following cases:
- to the extent that we are required to do so based on legal provisions or due to administrative, arbitration or court order;
- when we are involved in a merger, acquisition, transfer of control, bankruptcy, reorganization or sale of assets or due diligence associated with such matters;
In the case of sharing Personal Data, we will only provide the information necessary to perform the service in question and achieve the purposes, as well as require third parties to commit to the same level of protection and privacy that we would have if your Personal Data were processed by us directly. This includes the obligation not to use your Personal Data for any purpose other than the contracted purpose, in addition to confidentiality obligations and security standards, among others.
HOW LONG WE PROCESS YOUR DATA
Your Personal Data will be stored for the entire period in which:
- you are accessing our Site, interacting with us or using our Services;
- is required by some specific legislation, for example the storage of Digital Identification Data for 6 months provided for by Art. 14 of the Marco Civil da Internet;
- is necessary to fulfill the purposes described above;
- it is necessary to enable the regular exercise of the rights of G-Flex or third parties in judicial, administrative, arbitration or audit demonstration proceedings, always in accordance with Brazilian law;
- it is necessary to comply with any determination of a judicial, administrative or arbitration authority;
WE CAN TRANSFER YOUR DATA OUTSIDE BRAZIL
YOUR RIGHTS AS A HOLDER OF PERSONAL DATA
The Applicable Data Protection Law guarantees you, as the Data Subject, the fundamental rights of freedom, intimacy and privacy.
G-Flex will use its best efforts to ensure that your rights are respected and therefore it is important that you know that you can request:
- Confirmation of the existence of processing: You have the right to ask us if we have processed your Personal Data.
- Access to Personal Data: Subject to legal exceptions, you have the right to access the Personal Data we hold about you or, as the case may be, to receive a copy of such Data in electronic form.
- Correction: You have the right to correct the Personal Data we hold about you if it is incorrect, incomplete or out of date. You are responsible for keeping your information accurate and up to date.
- Anonymization: You have the right to object to the processing and to request the anonymization, blocking or deletion of unnecessary or excessive Personal Data, or those treated in breach of the Applicable Data Protection Law.
- Portability: Subject to legal exceptions, you have the right to request the transfer of the Data we collect to another organization or directly to you.
- Deletion: When processed on the basis of your consent, you have the right to request that your Personal Data be deleted from our database. However, this right is not available when we have a valid legal reason to process your Personal Data, such as to comply with a legal obligation.
- Information: You have the right to be informed about the possibility of not giving consent to a certain treatment and its implications, as well as to be informed about the treatment we carry out, including about the public and private entities with which we share your Personal Data.
- Revocation of consent: When we process Personal Data on the basis of your consent, you have the right at any time to revoke this consent.
It is also important that you know that you have the right to question us about our data protection and privacy practices, as well as and, if you deem it necessary, to address a specific complaint to the National Data Protection Authority (ANPD).