Privacy Notice

Updated on July 31, 2023

This Privacy Notice and the Terms of Use apply exclusively to the Caren platform.

By registering and using the services, you confirm that you have read and understood the Terms of Use and Privacy Notice applicable to the service and agree to be bound by them.

You may withdraw your consent to the provisions of this Privacy Notice at any time by notifying Caren at privacidade@caren.app.

If you withdraw or do not consent to the Privacy Notice, some of the services available on the Platform may become unavailable for access. Refusal of the terms related to the Privacy Notice will prevent access to the platform.

GOAL:

Caren 's priority is to ensure the privacy and security of data subjects' information. 

Therefore, the main purpose of this Privacy Notice is to define the guidelines adopted by Caren regarding the collection, use and disclosure of personal information. In other words, our goal is to provide transparency to the use of personal data and protect your privacy, as well as to inform you of your rights or answer questions about how your information is being used.

By accepting Caren's Privacy Notice, the user acknowledges and accepts that we may treat personal data in accordance with the terms set forth herein, as provided for in Brazilian law, mainly in the General Data Protection Law and related legislation.

If Caren modifies the terms of this Privacy Notice, you will be duly notified through our official communication vehicles with the User. At which time you may consent to the new terms or not.

If you have any questions or suggestions about the platform's Privacy Notice or any other information, you can contact us at privacidade@caren.app, which will be answered during business hours, Monday to Friday, from 9am to 6pm.

GLOSSARY:

For a better understanding of the document, we will explain to you some definitions used in the Notice. Whenever you read the terms described below, whether in capital or small letters, plural or singular, with or without bold, they should be interpreted as follows:

Personal Data: Information that can identify a natural person, directly or indirectly. Direct identification occurs when the data itself already identifies the person who holds that data (such as, for example, the C.P.F.). Indirect data are those that require additional information for identification (for example, home address).

Sensitive Personal Data: These are data on racial or ethnic origin, religious conviction, political opinion, membership of a trade union or religious, philosophical or political organization, data concerning health or sex life, genetic or biometric data, when linked to a natural person.

LGPD: Acronym that refers to the General Personal Data Protection Law (Law No. 13,709/2018).

Processing: When some operation is performed with the personal data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation or control of the information, modification, communication, transparency, dissemination or extraction.

Legal Basis: Hypotheses in which LGPD authorizes Caren to use personal data.

We or our: This term is used when referring to Caren.

You: Any person who accesses our website, as a visitor and/or User, and/or responsible for a legal entity that accesses or performs some type of interaction with the activities or functionalities made available on our website.

User: Employees or customers who use our service.

SCIENCE AND CONSENT - FREE AND INFORMED:

The patient user declares to be aware that: 

Through the platform, it will transmit personal and health information to the professional responsible for the care via videoconference;

The care of patients under the age of 18, or other persons requiring representation or assistance, will take place in accordance with the Terms of Use and this Privacy Notice with the participation and/or consent, as appropriate, of at least one of the legal guardians and upon assessment of technical feasibility by the professional responsible for the care;

It may be necessary, at the discretion of the professional responsible for the care, to carry out additional tests to assist in the diagnosis;

The health professional responsible for the care may request the physical presence of the patient in a health service, even after the teleconsultation, due to the limits of this care support service through information technology;

With the exception of care provided by psychologists, the data collected during teleconsultation will be recorded and stored in medical records, which will be kept confidential, as required by law;

The teleconsultation can be interrupted by both the patient and the healthcare professional;

PERSONAL DATA COLLECTED:

DATA: full name; country; state; city; biological sex; password; professional registration; technical specialty, profile photo, CPF.
PURPOSE: Registration and identification of users on the platform.
LEGAL BASIS: Health Professional: Execution of Contract / Patient: Consent.

DATA: weight; height; date of birth; documents and exams uploaded to the platform.
PURPOSE: To make the platform available and for the telehealth and electronic medical record tools to function correctly.
LEGAL BASIS: Guardianship of Health.

DATA: e-mail and cell phone.
P URPOSE: Communication.
LEGAL BASIS: Consent.

DATA: IP access log information, date and time.
P URPOSE: Auditing, Platform Security.
LEGAL BASIS: Compliance withLegal Obligation.

The personal data collected by the platform has the legal basis indicated. The data subject may revoke this consent at any time. Caren guarantees that personal data whose consent has been revoked and which is not supported by another legal basis justifying its retention will be duly deleted.

DATA SHARING:

In order to ensure that we can best offer our products and services, we rely on the collaboration of other companies in our operations. In some circumstances, it is necessary to share data with third parties, as described below:

Suppliers and partners: We rely on the assistance of suppliers and partners who may process personal data, including payment data. The information is shared exclusively to fulfill the purposes of the services provided. We always carry out a rigorous assessment of our suppliers and partners, establishing contractual obligations for the protection of personal data in order to minimize risks for data subjects.

Public authorities: Your data may be shared with public authorities to comply with applicable law. If a judge or a legally competent authority requires us to share certain personal data, for example for an investigation, we have an obligation to comply with this request. However, we are strongly against any abuse of authority and, if we consider an order to be abusive, we will always defend the privacy of data subjects.

DATA STORAGE AND RETENTION:

Caren stores your data on secure servers and follows its own internal policies for retention and disposal of personal data, determining the appropriate retention period for each type of personal data collected. This takes into account the nature of the data, the need for collection and the purpose for which it will be processed. Personal data is stored only for as long as necessary to fulfill the purposes for which it was collected, unless there is some other valid reason for its retention, such as compliance with legal, regulatory, contractual obligations, among others. 

The main obligation in the treatment of patient data is that of the health professional using the platform as a virtual care tool, however, as a way of collaborating with the security of information in its role as data operator, Caren informs that electronic medical records will be stored for a period of 20 (twenty) years in accordance with current legislation.

COOKIES:

What are Cookies. A cookie is a piece of information stored locally on the User's computer or device, which contains information about the User's activities on the Internet. 

Cookies used. Cookies can be used in different ways and modalities. Caren may use:

Performance Cookies: this type of cookie collects anonymous information about how Users use the platform in order to optimize it. The information collected by these cookies never contains personal details from which it is possible to identify you.

Necessary/Security Cookies: These are cookies that are absolutely essential for the website to function properly. These cookies ensure basic functionality and security features of the website, in an anonymous form.

Statistics Cookie: Statistics cookies help platform owners understand how visitors interact with websites by collecting and reporting information anonymously.

Marketing Cookies: Marketing cookies are used to track visitors on websites. The intention is to display advertisements that are relevant and engaging to the individual user and therefore more valuable to third party publishers and advertisers.

Access to Cookies. Access to cookies ends as soon as the User closes the browser. The User is given the possibility to accept or refuse cookies. 

Consent to Use Cookies. The User's acceptance is required before the section starts in order for Cookies to be used. 

Option without Cookies. The holder may choose to refuse the use of cookies. If the User chooses not to accept them, his/her access to most of the information available on the platform will not be compromised. However, the holder may not be able to fully use the services offered.

RIGHTS OF THE HOLDERS:

Under the law, you have rights relating to your data that is processed by us. Below we provide a list of these rights, along with information on how to exercise them. On receipt of your request, we may ask to verify your identity before we comply with your request. This verification may include requesting additional data to ensure your correct identification. In addition, if you designate a third party to make requests on your behalf, that third party must provide a document evidencing their authorization, such as a power of attorney signed by you.

To exercise any of these rights, you can contact us at the email address provided.

Confirmation and Access: Allows you to check whether we process your personal data and, if so, request a copy of the data we hold about you.

Correction: Allows you to request the correction of any of your personal data that is incomplete, inaccurate or out of date.

Anonymization, blocking or deletion: Allows you to request that your data be anonymized (so that they can no longer be related to you and therefore cease to be personal data), temporarily blocked (suspending the processing of the data) or deleted (erasing all your data irreversibly), except in cases provided for by law.

Portability: You have the right to request, upon an express request, that your personal data be provided to you or to a third party of your choice in a structured and interoperable format for the purpose of transfer to another provider, provided that this does not infringe Caren's intellectual property or trade secrets.

Information on sharing: You have the right to know which public and private entities we share your data with. If you have questions or want more details, you have the right to request this information.

Information about the possibility of not consenting: Allows you to have clear and complete information about the possibility and consequences of not providing consent. Your consent, when required, must be free and informed. Therefore, whenever we ask for your consent, you are free to deny it, although in such cases we may need to limit our services to you.

Revocation of consent: You have the right to revoke your consent in relation to processing activities that are based on consent. However, this will not affect the lawfulness of any processing carried out previously. If you withdraw your consent, we may not be able to provide certain communications or services, but we will inform you when this occurs.

Opposition: The law allows the processing of personal data even without your consent. However, if you disagree with such processing, you may object to it in certain cases by requesting its interruption.

GENERAL INFORMATION:

The Platform acts in accordance with Brazilian legislation, including and especially with the terms of Law no. 12.965/2014 (the Civil Rights Framework for the Internet), Law no. 13.709/2018 (General Data Protection Law), Law no. 13.787/2018 (Electronic Medical Record Law, CFM Resolution no. 2.314/2022 (Telemedicine Regulation), CFM Resolution No. 2,217/2018 (Code of Medical Ethics), CFP Resolution No. 11/2018 (Provision of Psychological Services Performed by Means of Information Technologies), CFP Resolution No. 10/2005 (Code of Professional Ethics of the Psychologist), and other laws that may be applied.

If you have any questions, comments or requests regarding your personal data, please contact our Data Protection Officer, who can be reached by e-mail at privacidade@caren.app.