Privacy Policy
For the purposes of this provision, PRÓGENÉRICOS – ASSOCIAÇÃO BRASILEIRA DAS INDÚSTRIAS DE MEDICAMENTOS GENÉRICOS E BIOSSIMILARES(Brazilian Association of Generic and Biosimilar Drug Manufacturers), registered with the CNPJ/MF under number 05.776.298/0001-40, headquartered at Avenida Engenheiro Luís Carlos Berrini, nº 1.681, 5º andar, CEP 04571-011, São Paulo/SP (PRÓGENÉRICOS) establishes this Privacy Policy (“POLICY”) applicable to visitors to the website https://progenericos.org.br/, social media and/or other digital platforms (“USERS”).
The purpose of this POLICY is to describe in a simple, objective, and transparent manner what personal data is processed by PRÓGENÉRICOS, the purposes of data processing, and the rights of data subjects.
For the correct reading and interpretation of this document, we remind you that the term "personal data" means any information that can identify the user directly or indirectly, such as registration data, preferences, and electronic identifiers.
If, after reading this POLICY, you still have any questions or, for any reason, need to communicate about matters involving your personal data, you can contact the Personal Data Protection Officer identified below:
Name of Data Manager: Rafael Barros
Contact email: rafael.barros@progenericos.org.br
PERSONAL DATA PROCESSED
In the course of our activities, we may process the following personal data:
- Full name, email address or CPF (Individual Taxpayer ID), access password, cell phone number, and photo.
In addition, personal data may be collected through cookies, including profile data, in accordance with our cookie policy available at https://progenericos.org.br/politica-de-cookies/.
PURPOSE OF PROCESSING
We process personal data for the following purposes:
- Identification, authentication, and authorization on our website;
- Predictive analysis of user behavior to facilitate future browsing;
- To contact you in order to properly respond to your requests and questions.
DATA SHARING
For the performance of certain activities, such as managing and developing updates to the website and storing information, the personal data of USERS may be shared with third-party service providers in order to better serve you.
RIGHTS OF DATA SUBJECTS
According to Article 18 of the LGPD, data subjects have the following rights:
- Confirmation of the existence of personal data processing;
- Access to personal data;
- Correction of personal data that is incomplete, inaccurate, or outdated;
- Anonymization, blocking, or deletion of personal data that is unnecessary, excessive, or processed in violation of the provisions of the LGPD;
- Portability of your personal data, upon request, in accordance with the regulations of the National Data Protection Authority (ANPD);
- Deletion of personal data processed based on consent, except in cases of retention provided for in the LGPD;
- Information on public and private entities with which PRÓGENÉRICOS shares or has shared personal data;
- Information about the possibility of not providing your consent and the consequences thereof;
- Withdrawal of consent for the processing of personal data, when personal data is processed on that legal basis.
To respond to requests from data subjects, we will devote our full attention and efforts to performing our duties as quickly as possible, which may be affected by factors beyond our control, such as:
- Any delay due to the complexity of the request, the age of the data, the means of sharing, or other reasonable factors; and
- Rejection of the request, if there is a legal basis for retaining the data, absence of regulation by the ANPD, or other justifiable reason, according to the LGPD.
The data subject may exercise any of the above rights by submitting a request to the Data Protection Officer (DPO), providing proof of identity.
Please note that your request may be rejected if it does not comply with applicable legislation, in which case you will be provided with all the reasons for the rejection.
The authority responsible for data protection in Brazil is the National Data Protection Authority (ANPD), which can be contacted through the channels listed on the website https://www.gov.br/anpd/pt-br.
MEASURES FOR THE SECURITY OF PERSONAL DATA
The personal data collected is stored in accordance with procedures defined by PRÓGENÉRICOS, with the aim of protecting it from unauthorized access, destruction, loss, alteration, communication, or any form of inappropriate or unlawful treatment.
Your data is collected and stored in accordance with market security standards.
We remind you that, even though significant investments are constantly made in the preservation and security of your data, global experience shows that no data sharing or storage is completely secure. Therefore, if any data breach occurs, we will act proactively to minimize the effects and remedy the situation, providing all available information and assistance.
RETENTION OF PERSONAL DATA
Personal data will remain stored in Brazil for the period necessary to fulfill the purposes described in this policy and to comply with legal obligations.
Personal data may be kept anonymously, where applicable, i.e., without being or being able to be linked to the data subject, for longer periods.
VALIDITY AND CHANGES
This policy will take effect on November 1, 2023, and may be changed at any time.
As we are always seeking improvements, this Privacy Policy may undergo updates, which will be disclosed through the same communication channels, so that they reach you in an appropriate manner.
GLOSSARY
| Term | Definition |
|---|---|
| LGPD | Law No. 13,709/2018 (General Data Protection Law), with subsequent amendments. |
| Personal data | Information related to an identified or identifiable natural person (Article 5, I, LGPD). |
| Sensitive personal data | Personal data on racial or ethnic origin, religious beliefs, political opinions, union membership, or religious, philosophical, or political affiliations; data concerning health or sex life; genetic or biometric data, when linked to a natural person (Art. 5, II, LGPD). |
| Anonymized data | Data relating to the data subject that cannot be identified, considering the use of reasonable and available technical means at the time of its processing (Article 5, III, LGPD). |
| Database | Structured set of personal data, established in one or more locations, in electronic or physical form (Article 5, IV, LGPD). |
| Incumbent | Natural person to whom the personal data being processed refers (Article 5, V, LGPD). |
| Controller | Natural or legal person, under public or private law, responsible for decisions regarding the processing of personal data (Article 5, VI, LGPD). |
| Operator | Natural or legal person, under public or private law, who processes personal data on behalf of the Controller (Article 5, VII, LGPD). |
| Data Protection Officer (DPO) | Person appointed by the Controller and Operator to act as a communication channel between the Controller, the Data Subjects, and the National Data Protection Authority (ANPD) (Article 5, VIII, LGPD). |
| Treatment agents | The Controller and the Operator (Article 5, IX, LGPD). |
| Treatment | Any operation performed on personal data, such as those related to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination, or extraction (Article 5, X, LGPD). |
| Anonymization | Use of reasonable and available technical means at the time of processing, through which data loses the possibility of being directly or indirectly associated with an individual (Article 5, XI, LGPD). |
| Consent | Free, informed, and unequivocal statement by which the data subject agrees to the processing of their personal data for a specific purpose (Article 5, XII, LGPD). |
| Block | Temporary suspension of any processing operation, by storing personal data or the database (Article 5, XIII, LGPD). |
| Elimination | Deletion of data or sets of data stored in a database, regardless of the procedure used (Article 5, XIV, LGPD). |
| International data transfer | Transfer of personal data to a foreign country or international organization of which the country is a member (Article 5, XV, LGPD). |
| Shared use of data | Communication, dissemination, international transfer, interconnection of personal data, or shared processing of personal databases by public agencies and entities in the fulfillment of their legal duties, or between these and private entities, reciprocally, with specific authorization, for one or more types of processing permitted by these public entities, or between private entities (Article 5, XVI, LGPD). |
| National Data Protection Authority (ANPD) | Public administration body responsible for ensuring, implementing, and enforcing compliance with the LGPD throughout the national territory (Art. 5, XIX, LGPD). |