Welcome to the Centro Diagnóstico Lucilo Ávila (CDLA) privacy notice. This notice was prepared for you, who are a customer and have your data processed for the purpose of providing health services by CDLA. Our mission is to provide an increasingly better service, and therefore, this document seeks to objectively clarify how we collect and process our customers’ personal data, under the terms of the Brazilian General Personal Data Protection Law – LGPD (Law No. 13,709 /2018).

This privacy notice provides information, among other matters, about:

• What data is collected about you;
• How we use your personal data;
• With whom we share your personal data;
• How long your personal data will be stored;
• Your rights as a Data Subject and the way to exercise them.

To learn how we use your data for marketing purposes, please access the Marketing Privacy Notice, as per the link below:

https://luciloavila.com.br/marketing-privacy-notice/

Controller Identification:

Centro de Diagnóstico Lucilo Ávila Ltda, legal entity of private law, CNPJ 08.175.400/0001-51, headquarters on Av. João de Barros, 50- Boa Vista – Recife/PE – CEP: 50050- 180.

To facilitate understanding, we highlight some important concepts for your reading:

Personal data: any information capable of identifying a person such as name, CPF, telephone, e-mail, etc.

Sensitive Data: personal data regarding racial or ethnic origin, religious conviction, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, data relating to health or sex life, genetic or biometric data, when linked to a natural person.

Data Subject: natural person or individual to whom the personal data being processed refers, that is, you as a customer are considered the data subject.

Controller: corporation responsible for the processing of personal data. The controller in this case would be CDLA.

Processing: any operation that uses personal data. Includes activities such as collection, storage, transfer, elimination, among others.

Centro de Diagnóstico Lucilo Ávila (CDLA) collects the necessary data to provide its health services, whether sensitive personal data of the patients themselves or data of the doctors who attend them.

We highlight below which types of data are processed:

Identification Data: data that guarantee the patient’s personality in the provision of health services, such as: name, address, telephone, insurance information, e-mail, RG, CPF, height, weight, among other data that guarantee the direct or indirectly from the data subjects.

Health data : sensitive data regarding health or that allow conclusions about the health of its patients, such as information about diseases, allergies, vital signs, biological materials collected during medical examinations, etc.

Data about physicians: related to whoever makes the exam requests and are used to identify health professionals. Data treated in this category includes information on professional address, name, telephone, CRM, area of ​​expertise and e-mail.

Financial Data: data regarding the remuneration for the provision of health services performed by the Clinic, such as information about the prices ​​of the tests performed, forms of payment, bank details, credit card details, among others.

CDLA obtains personal data from the information you pass on to us or through doctors when necessary to fulfill the purpose of providing the health services that the data subject sought.

The means of data collection occur through registration forms, medical records, health exams, medical reports, surveillance cameras and answers to questionnaires.The data collection is justified by the following legal bases: health guardianship in procedures performed by health professionals, protection of life in cases of emergencies, contractual execution and compliance with legal obligations related to the Clinic’s health services.

Here you find the following purposes:

• Scheduling and execution of health exams contracted by the data subjects;
• Delivery of test results to the data subjects, health professionals indicated by them or third parties that prove the data subjects’ authorization for withdrawal;
• To carry out marketing campaigns with health professionals;
• Fulfillment of obligations provided for in legislation or regulations in the health sector;
• Carrying out the data transfer required by the data subject health plan;
• Assurance of preservation of physical integrity of the data subject in cases of emergencies;
• Payment of services by data subjects and assurance of payment for services with the health insurance company;
• Improvement in the services provided by the Clinic to assure that you, the data subject, have a better experience and quality in your health services.

The personal data is processed and may be stored physically or digitally through ERP, data management and internal storage systems. The criteria used to determine storage periods include:

1. duration of relationship with the data subject;
2. legal or regulatory obligation which requires data storage;
3. applicable deadlines according to law.

You can contact our communication channel to request specific information about the storage time, identifying the purpose of the treatment, or request the deletion of your data in compliance with this policy. There is the possibility that CDLA will only restrict the processing of personal data, keeping some or all current storage of data for compliance with legal obligations.

In some cases, we may share your personal data with other companies or healthcare professionals in order to assure the provision of services, respecting limits and taking precautionary measures to protect your privacy. Sometimes we will not be able to comply with the data subjects’ requests because another institution might control the information (example: your health plan), in which case we will redirect you to contact who will actually be able to fulfill the requests.

Your data may be shared in the following situations:

Partners and service providers: whenever your information is essential for carrying out their activities during the provision of health services.

Inspection bodies: the provision of health services is subject to many regulations by bodies such as Federal Council of Medicine of Brazil (CFM), the National Supplementary Health Agency of Brazil (ANS) and the National Health Surveillance Agency of Brazil (ANVISA). Many of these regulations require sharing of sensitive personal data to comply with legal and regulatory obligations.

Health insurance companies: the collection of sensitive personal data, in some cases, is mandatory to the data subject’s health insurance company in order to authorize health procedures. Health insurance companies are required to collect personal data under the regulations of National Supplementary Health Agency of Brazil (ANS), and may establish that CDLA must collect identification and health data from patients.

In compliance with the General Data Protection Law (LGPD), CDLA guarantees its customers the following rights, pursuant to art. 18 of LGPD:

• Confirmation of the existence of data treatment and processing;
• Access data;
• Correction of incomplete, inaccurate or outdated data;
• Anonymization, blocking or elimination of unnecessary, excessive or non-conforming data;
• Portability of your data to another service or product provider, upon request issued by the data subject;
• Deletion of data processed with the data subject’s consent;
• Information about the public or private entities with which we share your data;
• Information about the possibility of not providing your consent, as well as being informed about the consequences, in case of refusal;
• Withdraw consent.

Note: there is a possibility that your request may be legally rejected, either for formal reasons (such as the impossibility of proving your identity) or legal reasons (such as the request to delete data whose maintenance is free exercise of our right). In these cases where these requests cannot be met, we will present the justifications within a reasonable period of time.

This policy may be updated at any time to provide improvements, with CDLA’s rights being protected in case the data subject is not interested in obtaining updated information.

Last updated on Aug 10, 2022

If you still have questions after reading or are interested in talking to us about any issue related to personal data, feel free to contact our team through the service channel below:

[email protected]