Personal Data Protection and Privacy Notice

The CIMED Group (“CIMED & CO“) takes your individuality and privacy very seriously.

We are committed to the due and proper handling of any information that qualifies as personal data (or sensitive personal data). To this end, we value transparency and accountability in general, which is why we have created this Privacy Data Protection Notice (“Notice“).

In it, you will find information about any processing carried out by CIMED & CO with respect to your personal data.

If you do not find any information you are looking for or have questions about how we process your personal data, please do not hesitate to contact us through the contact channel indicated here (privacidade@grupocimed.com.br).

DEFINITIONS

For your better understanding, we have listed some definitions involving Personal Data Protection, as follows:

  • Personal Data: information related to an identified or identifiable natural person.
  • Personal Data Subjects: natural person to whom the personal data that are subject to processing refers (in this case, consumers, natural persons or representatives of legal entities).
  • Sensitive Personal Data: personal data on racial or ethnic origin, religious conviction, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, data relating to health or sex life, genetic or biometric data, when linked to a natural person.
  • Data Processing (or Processing): any operation carried out with Personal Data, such as those related to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or extraction.
  • Data Sharing: any and all forms of transfer or mere granting of access, use or other form of contact with personal data, provided to third parties, through any means, physical or digital, face-to-face or remote.
  • Personal Data Protection Officer: a person appointed by CIMED & CO to act as a communication channel between CIMED & CO, the data subjects and the National Data Protection Authority (ANPD).

 

CONTEXT I – PERSONAL DATA PROCESSED WITHIN THE CONTEXT OF MERE VISITATION OF CIMED & CO WEBSITES and CIMED & CO E-COMMERCES

Within the context of this section, the following personal data is processed:

  • Full name;
  • CPF;
  • Date of birth;
  • Email;
  • Access password;
  • Contact telephone number;
  • Full address;
  • Shipping address (if different from the registered address);
  • Financial data for payment (credit card, bank account, pix and boleto);
  • Documentation of an individual related to the Professional Council of which he/she is a member (document of registration with the Council, document of specialization in aesthetics, proof of address or letterhead prescription);
  • Registration number;
  • FU of the Council;
  • Category of Council;
  • Any personal data contained in documentation of a legal entity related to the Professional Council of which it is a member (document of registration with the Council, document of specialization in aesthetics, proof of address or letterhead prescription);
  • Where applicable, data provided by you when answering a quiz on our site (e.g., skin type, whether or not you have blackheads and pimples, age, biological sex, history of diseases, allergies, physical activity practices, among other information). It is important that you know that the information varies according to the quiz taken, however, information will only be collected on your initiative and, in cases involving sensitive personal data, with your consent;
  • Order history;
  • Behavior and use on the site;
  • Consumption profile; and
  • Information regarding the anti-fraud analyses carried out when purchasing products on the website.

CONTEXT II – PERSONAL DATA PROCESSED WITHIN THE CONTEXT OF PHARMACOVIGILANCE AND CONSUMER SERVICE

Within the context of this section, the following personal data is processed:

  • Full name;
  • CPF;
  • Sex;
  • Telephone;
  • Mobile phone (in case of contact by WhatsApp);
  • Email;
  • Full address;
  • Nationality;
  • Your voice in case of recorded telephone contact;
  • Your choice as to whether or not to contact you by phone;
  • Information about the products you are contacting about;
  • Any information provided by you in the description of your problem;
  • Any information provided by telephone;
  • Any information on adverse reactions suffered;
  • Any health information shared in your contact description;
  • Any information shared via photo or video, which may be related only to the product, but may also contain health information and adverse reactions to the product.

CONTEXT III – PERSONAL DATA PROCESSED WITHIN THE CONTEXT OF THE RELATIONSHIP WITH SERVICE PROVIDERS, VISITORS AND SUPPLIERS

Within the context of this section, the following personal data is processed:

  • Identification information, such as first name, last name, and identification document (identification document when you access our premises or for only first name, last name, and contact information when you are just contacting our personnel);
  • Your job title and professional contact information (for example, when you are an employee of a business partner, contractor or supplier);
  • Your registration information and documentation package requested at the time of hiring, if there is on-site service provision (detailed documentation requested at the time of hiring, in case of doubts regarding the details of the documentation, please contact the privacy channel informed here);
  • Any technical information necessary for the functions that will be performed, such as technical certifications and the like;
  • Images collected by the surveillance system on the premises of CIMED & CO.
  • Biometrics for any third-party employees or independent service providers who need registration for recurrent access to CIMED & CO facilities controlled by biometrics.
  • Financial information for payment, when an individual service provider (financial registration at the time of hiring, if you have any doubts about the details of the documentation, please activate the contact channel provided herein);
  • Any access data to CIMED & CO systems and environments, in the case of third parties or providers who will access CIMED & CO’s electronic systems. 

PURPOSES OF THE PROCESSING OF PERSONAL DATA – CONTEXT I (E-COMMERCE)

With regard to the personal data processed in Context I described above, the purposes of processing are:

  • User registration and access to the profile created.
  • Execution and operationalization of the purchase of products on the website and delivery of the purchased products.
  • Invoicing, collection and compliance with tax issues related to the purchase;
  • Delivery of purchased product;
  • Evaluation of consumption profile and sending of targeted advertising.
  • Communication and relationship with you, by sending e-mail and other means of communication.
  • Validation of regulatory issues related to the purchase and sale of products from the website (only where appropriate, e.g. in the case of Millimetric Pro).
  • Anti-fraud analysis in our e-commerces.
  • Conducting and documenting audits by CIMED & CO in order to verify compliance with its rules, policies and current legislation in general.
  • Verification of user identity and legitimacy.
  • Guarantee of your safety and that of third parties in the CIMED & CO. environment.
  • Possible defense of CIMED & CO in administrative, judicial or arbitration proceedings.
  • Performance evaluation of CIMED & CO websites, as well as analytical and statistical studies of website usability.

PURPOSES OF PERSONAL DATA PROCESSING – CONTEXT II (PHARMACOVIGILANCE AND CONSUMER SERVICE)

  • Assistance to you in the event of contact for consumer service purposes or for pharmacovigilance purposes.
  • Accountability to competent regulatory bodies, such as Data Protection authorities, consumer protection authorities and sectoral regulatory bodies, such as ANVISA.
  • Reporting of adverse effects to ANVISA, in compliance with applicable legislation.
  • Possible defense of CIMED & CO in administrative, judicial or arbitration proceedings.
  • Evaluation of the performance and performance of the service provided to the consumer.

PURPOSES OF PERSONAL DATA PROCESSING – CONTEXT III (SERVICE PROVIDERS, VISITORS AND SUPPLIERS)

  • Access control to CIMED & CO. facilities.
  • Registration and compliance with legislation involving third-party employees or independent contractors who will perform functions internally on the premises of CIMED & CO.
  • Operationalization of the contracting process, from proposal management to contractual formalization with partners, providers and suppliers.
  • Verification of compliance and compliance of certain suppliers to comply with legal and sectoral obligations.
  • Risk management involving third-party employees and independent contractors who will perform functions at CIMED & CO.
  • Providing access to CIMED & CO. systems and tools.
  • Payment and management of financial issues related to the relationship with suppliers and service providers.
  • Commercial and relational contact to maintain the relationship with partners, suppliers and service providers.
  • Contractual formalization and verification of credentials for the purposes of the contractual relationship.
  • Guarantee of security on CIMED & CO’s premises, your own security and that of third parties.
  • Possible defense of CIMED & CO in administrative, judicial or arbitration proceedings.

SHARING WITH THIRD PARTIES AND THEIR PURPOSES

Considering all the above contexts, CIMED & CO may share your data with the following third parties:

  • Third-party companies contracted for anti-fraud analysis in CIMED & CO’s e-commerces;
  • Financial institutions, including banks, payment gateways and SAS platforms used to host CIMED & CO’s e-commerce websites;
  • Logistics and transportation operation companies;
  • A third-party service provider that will provide analytics with aggregated site usage data, heat maps, and the like;
  • CIMED & CO’s websites have tags and pixels installed, as well as cookies. They are: Pixel Meta and Google Ads Tag, whose purpose is to track the behavior and actions of users who arrive on the site through media ads; Google Analytics tags, whose purpose is to track metrics and track the behavior of those who visit the site through their traffic sources (Google Ads, Meta ads, E-mail Marketing and other sources); and, with regard to cookies, CIMED & CO also uses cookies, which are internet files that temporarily store what you are visiting on the web and information that you have already voluntarily provided to the internet server, and which have the purpose of identifying, personalizing and improving your browsing experience. Some cookies are essential, others are utility, marketing or analytical.
  • In addition to tags, pixels and cookies, the personal data registered may be used for targeted advertising on platforms such as Google and Facebook;
  • Physicians providing services related to customer care in cases of adverse reactions or involving health issues;
  • Service provider responsible for the telephone system of the SAC of CIMED & CO;
  • System used to evaluate the quality of care;
  • Supplier related to the management of telephone service in the SAC;
  • Suppliers related to the delivery of products in case of exchange or new product shipped;
  • Tools used internally at CIMED&CO for communication (e.g., Office 365);
  • Third-party property security service provider;
  • Providers of legal advice and legal matters;
  • Cloud hosting services used by CIMED & CO;
  • Marketing and advertising service providers used by CIMED&CO (e.g. advertising agency, advertising triggering tools and the like);
  • Information technology service providers (e.g., systems and environment maintenance providers);
  • Any third-party audits contracted for financial and tax verification purposes.

All sharing of personal data carried out by CIMED & CO will take place within the legal limits and CIMED & CO will adopt measures capable of ensuring the appropriate level of compliance with the legislation by the third parties that eventually receive the information.

If you have any questions regarding the sharing of personal data carried out by CIMED & CO, please feel free to contact us through the contact channel indicated in this Notice.

RETENTION PERIOD OF PERSONAL DATA

Personal data will be processed only for concrete and specific purposes and will be processed for the period necessary to achieve such purposes.

If you have any questions regarding the specific retention period for certain personal data, please feel free to contact us through the channel indicated in this Notice.

RETENTION PERIOD OF PERSONAL DATA

CIMED & CO values the security of the personal data it processes in its activities, applying and updating its technical and administrative measures periodically, in order to ensure security and prevention standards consistent with market practices and proportionality in relation to its business reality.

As a general measure, CIMED values the minimization of personal data and performs recurrent analysis in order to ensure the limitation of processing to what is necessary and appropriate.

If you have any specific questions regarding the information security measures in a particular processing activity, please feel free to contact us through the channel indicated in this Notice and we will respond within the limits of confidentiality and commercial and business secrets.

CONTACT AND YOUR RIGHTS AS A PERSONAL DATA SUBJECT

The General Data Protection Law guarantees several rights to data subjects. In this way, you have several rights in relation to your personal data, and you can exercise them at any time and free of charge, simply by sending a request to our Officer.

You can contact CIMED&CO:

  • If you wish to exercise your rights provided for in the General Data Protection Law, especially those provided for in article 18 of the LGPD, without prejudice to others, such as: (i) confirmation of the existence of data processing; (ii) access to data; (iii) correction of incomplete, inaccurate or outdated data; (iv) anonymization, blocking, or deletion of data that is unnecessary, excessive, or processed in violation of the LGPD; (v) portability of data to another service or product provider, upon express request; (vi) deletion of data processed with your consent; (vii) revocation of consent previously provided; and (viii) information on public and private entities with which the controller has shared data; and
  • If you have any questions or suggestions related to the provisions of this Notice or any other topic involving Privacy and Personal Data Protection.

To contact CIMED&CO in this regard, please consider the following channel:

GENERAL PROVISIONS

This document may be updated at any time by CIMED & CO, without prejudice, you can always consult the most up-to-date version on our website, as well as we may send updates whenever we deem necessary.

Updated on April 12, 2024

  • Faria Lima
    São Paulo - SP Av. Brig. Faria Lima, 3.477 - 3º Andar 11 3703 1698
  • Angélica
    São Paulo - SP Av. Angélica, 2248 – 5º andar 11 3544 7350
  • Pouso Alegre
    Pouso Alegre - MG Av. Maj. Armando Rubens Storino, 2.750 35 2102 2000
  • Bela Vista
    São Sebastião da Bela Vista - MG Rod. AMG, Km 1920 - S/ Número 35 2102 7397
  • Projeto Mais
    Pouso Alegre - MG Rodovia Fernão Dias BR381 Km 848 S/ Número Bairro Ipiranga – Setor Industrial
  • Centro Adminitrativo R2M do Brasil
    Edifício Titanium Tower Av. Dr. Alvaro Severo de Miranda, 1106 Sala 1903 - Cidade Nova CEP: 99.022-032 / Passo Fundo - RS
  • Polo Fabril
    Rua Jandir Francisco Bertoti, 157, Letra D Belvedere CEP: 89.810-402 / Chapecó - SC
  • Polo Fabril
    Rod BR-459, 157, KM124 125 Galpão 03 CEP: 37.540-000 / Santa Rita do Sapucai - MG