MV has health management systems with solutions for hospitals, health plan operators, diagnostic medicine centers, and public and private health networks.
We from MV want to inform you through this Privacy and Data Protection Policy ("Policy") how we process your personal data, including through our platforms, services, and websites (http://www.mv.com.br/; https://www.healthcarealliance.com.br/; https://universidademv.com.br/).
We know your privacy is important to you. It's important to us, too. For that reason, one of our principles is to build reliable and long-lasting relationships, so we will make our best efforts to ensure that the data you allow us to process is processed in a safe, complete and transparent manner.
We formulated this policy to be simple and accessible, so that you can easily understand how we process personal data, thus providing you with an experience of transparency and security in relation to the conduct of MV.
If you have any questions about how MV processes your data, please contact our Data Protection Officer, through the communication channels described in this document.
To make it easier to understand, we divided this Policy into the following topics:
1. WHAT DATA ARE PROCESSED BY US?
2. ABOUT THE DATA PROCESSED THROUGH OUR PLATFORMS
3. WHAT'S THE PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA?
4. DO WE PROCESS THE PERSONAL DATA OF CHILDREN AND TEENAGERS?
5. HOW DO WE STORE PERSONAL DATA?
6. WITH WHOM DO WE SHARE THE PERSONAL DATA?
7. HOW LONG ARE THE DATA PROCESSED?
8. HOW DO WE PROTECT PERSONAL DATA?
9. HOW DO OUR PLATFORMS PROCESS PERSONAL DATA?
10. COOKIES
11. DATA UPDATE
12. WHAT ARE THE RIGHTS OF DATA SUBJECTS?
13. DATA SUBJECT'S ACCESS TO THE PERSONAL DATA
14. WHO IS THE DATA PROTECTION OFFICER (DPO)?
15. ABOUT OUR PRIVACY AND DATA PROTECTION POLICY
A few disclaimers before you read our Policy:
For a better understanding of this Privacy and Data Protection Policy, personal data are considered information related to identified or identifiable natural persons, which are obtained through the direct collection of data from data subjects or shared by third parties.
Data that are not related to a natural person will be considered corporate data, to facilitate your understanding when reading this Policy.
1. WHAT DATA ARE PROCESSED BY US?
We strive to protect the personal data that we keep in our storage, by using the minimum amount of information necessary for the purposes aimed at providing our services.
In this way, the personal data collected depend on what relationships the data subject has with MV and which services or softwares he/she is using.
To make this information accessible, below are examples of the data that are processed:
• Identification data, such as name, date of birth, nationality, gender, address, telephone number, email address, contact, individual taxpayer number, ID, driver's license, social-security card, and worker's registration number;
• Resume, academic qualifications, languages, employment history, and information about the recruitment process;
• Data related to specific cases for which you have been hired;
• Data related to image and sound registration.
On some occasions we may also process Sensitive Personal Data, including, but not limited to:
• Health-related data;
• Genetic or biometric data linked to an individual.
Due to the plurality of forms of relationship between MV and society, we cannot rule out the processing of any personal data not described in this policy. Thus, to be more specific and assertive, if you want to know more about how your data are processed, we recommend that you contact our Data Protection Officer through the means of contact described in this policy.
2. ABOUT THE DATA PROCESSED THROUGH OUR PLATFORMS
Through the platforms developed and provided by MV, our customers assume the condition of controllers, having autonomy and freedom in relation to the processing of personal data, being able to choose the purpose for which they are processed, the category of data to be collected, how long the data are retained, and other issues directly related to the processing of personal data.
Please be aware that our software only processes data selected by our customers. Therefore, we do not act as the controller of the personal data processed through our systems.
The information collected and processed by our software is controlled by our customers, who use, disclose and protect it, in accordance with their respective privacy and data protection policies.
As a data processor, we do not control the data that are collected directly from our customers. However, in order to minimize incidents involving personal data processed because of these relationships, we have adopted several information security practices in the market, to ensure that the information collected on our platforms are processed in a safe manner.
3. WHAT'S THE PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA?
We only process the personal data when its purpose fulfills the requirements set forth in the General Law for the Protection of Personal Data (LGPD), the Brazilian version of the GDPR.
Below, we provide the purposes and their respective legal basis on which we process personal data:
• Purpose – The provision of services and supply of software: We process personal data having as ground the compliance of legal obligations and the performance of a contract or preliminary procedures;
• Purpose – Recruitment: We process personal data based on the need for contract-related preliminary procedures, the legitimate interest of MV, and the data subject's consent, as applicable;
• Purpose – Contact and marketing messages: We process personal data grounded in the legitimate interest in informing the data subject of his/her topics of interest, as well as the activities offered by the company.
• Purpose – Replying to requests, complaints, or providing clarifications to data subjects: We have as legal basis the legitimate interest, compliance with legal obligations, and contractual performance, as applicable;
• Purpose – Management of administrative activities: We process personal data based on contractual performance, the regular exercise of rights in a judicial or administrative proceeding, the legitimate interest, and compliance with legal obligations.
• Purpose – Recording images through the security system, access controls, recording telephone calls, as well as monitoring information traveling electronically in our computer infrastructure: We process personal data based on the legitimate interest in physical and information security, as well as to prevent frauds and secure the data subjects whose data are processed by us.
• Purpose – Measurement of Software users' satisfaction level | Collection of suggestions for improvement: We have as legal basis the express consent.
Aiming at the continuous improvement of the software, in order to analyze how users interact with the tools and correct potential errors, we occasionally trigger certain attributes on the platform controlled by the customers, which collect and store usage information in the system.
The purposes and hypotheses legally provided for the processing of personal data may change according to the evolution of the activities performed by us, the applicable rules and the relationships maintained with society.
Therefore, we will endeavor to keep our Privacy and Data Protection Policy updated, providing data subjects with accurate information about our conduct.
Under no circumstances will we process data for any purpose that is discriminatory, illegal or abusive.
4. PROCESSING OF PERSONAL DATA OF CHILDREN AND TEENAGERS
With regard to platforms developed or used by us for interaction with subjects of data that we control, in the event that children's personal data are processed, we agree to obtain the consent of the parents or legal guardian to carry out such processing.
Regarding the personal data processed by us from the use of our platforms by the customers, the latter are responsible, as controllers, for the direct interaction with parents or legal guardians of the children, to obtain the due consent.
5. HOW DO WE STORE DATA?
As a result of our activities, the data we collect are stored in an infrastructure in Recife - PE, Brazil. The data collected from physical documents remain in our facilities.
We store data only when it is necessary to directly or indirectly manage the services that we provide and for commercial ends that are legitimate and indispensable.
6. WITH WHOM DO WE SHARE THE PERSONAL DATA?
We share personal data with certain public and private entities, for the purpose of complying with normative and contractual obligations, in the events provided by law, intended for maintaining and managing our activities.
We monitor the operations involving the sharing of personal data, especially for the purpose of attesting the commitment of the party receiving the information to using technical and administrative measures able to protect the shared data.
You should be aware that we may share data with our suppliers and, when necessary, to other countries, since we have service providers outside Brazil.
Even though these data are only shared with a restricted group of partner companies, we commit to check whether the country receiving the information provides the same degree of protection of personal data as provided for in the LGPD law.
Data subjects can learn about any sharing of personal data by contacting our Data Protection Officer, through the means available and reported in this policy.
7. HOW LONG ARE THE DATA PROCESSED?
Depending on the characteristics and applications of the data, we will observe different duration criteria, since there are different processes and deadlines for the processing of data.
We will process the data (including personal data) for a certain period and we will maintain the processing for the minimum time necessary to achieve the purpose for which they were collected. After their use cycle, data are deleted or anonymized.
If MV has to retain the data, this will be to comply with legal or regulatory obligations within the retention period.
In order to guarantee the right to defense or act with public institutions in judicial or administrative proceedings, we may also store some personal data, whether in physical or electronic media.
The data processed based on consent will be retained until the data subject issues a notice revoking the consent, except for cases when retention is enforced through legal obligation.
In the event that the personal data processed by us are deleted, we will issue a notice to all processing agents who have shared and received personal data from the data subject, in the manner provided in law.
If you have any doubt about the processing period for any particular data, as the data subject, you may request this information from us by contacting our Data Protection Officer, through the means available and reported in this policy.
8. HOW DO WE PROTECT PERSONAL DATA?
In order to improve the security of the processed data, all the activities carried out by us have control measures, systems, techniques and processes in line with market standards to ensure the confidentiality, integrity and availability of the legal use of the data you provide to us.
Also, we take prevention measures to reduce the occurance of any damage involving the data processed by us.
As controllers of personal data, we have the responsibility to comply with the requirements of the law and to prove the adoption and effectiveness of the measures necessary to protect the personal data in accordance with this policy.
9. COOKIES
Cookies are data files stored in the user's device according to the instructions contained in the code of the website visited. We may collect information from these codes in the device to identify the user's navigation activity, thus facilitating the optimization and usability of the website.
We use cookies to facilitate your navigation on our websites.
To learn more about the use of cookies by MV, we recommend you read our Cookies Policy.
10. DATA UPDATE
We are concerned with the quality of the data and, for that reason, we will endeavor to keep the information of the data subject up to date, as it is essential for the correct fulfillment of our purpose.
If you find any inconsistency in the data processed by us, we request that you contact us through the method provided, so that the incorrect data can be rectified.
11. WHAT ARE THE RIGHTS OF DATA SUBJECTS?
When we process personal data, we must observe the data subject's rights, as provided for in the LGPD law, namely:
• Confirmation that the data owned by you is being processed;
• Which data are being processed by MV;
• Correction of incomplete, inaccurate or outdated data;
• Anonymizing, blocking or deleting unnecessary or excessive data, observing the events provided for by the current legislation;
• Portability of personal data, in accordance with the regulations of the controlling authority;
• Information on public and private entities with which the controller shares personal data;
• Information on the option of not giving consent for the processing of any data that requires this legal basis, as well as the consequences of such refusal; and
• Revocation of consent for the processing of data processed under such circumstances, subject to the conditions provided for in this document.
The requests must be made by the data subject by contacting our Data Protection Officer, through the means available and reported in this policy.
12. DATA SUBJECT'S ACCESS TO THE PERSONAL DATA
We offer data subjects free access through a simple and free of charge consultation with our Data Protection Officer.
When we contact you, we will provide transparent information about how your data is being processed, while respecting our trade secrets.
We will need to request specific information to help us confirm your identity and ensure that the legitimate data subject has the right to access the personal data (or exercise other rights).
This is a security measure to ensure that personal data is not disclosed to anyone who is not authorized to receive them. We may also contact you to get more information about your request in order to give you a faster response.
13. WHO IS THE DATA PROTECTION OFFICER (DPO)?
MV may act as the controller and processor of personal data, and undertakes to respect and comply with the legislation, as well as the terms proposed in this Privacy and Data Protection Policy.
In order to facilitate communication between the personal data subject and MV, we have decided to appoint a Data Protection Officer (DPO), who will be responsible for supervising all issues related to this Privacy and Data Protection Policy.
If you believe that your personal information was used in a manner incompatible with this Policy, or if you have any other questions, comments or suggestions, you can reach out to our DPO for any clarification and information using the contact details below:
EMAIL - DPO@MV.COM.BR
Note: The communications between MV and the data subject through the contact means described in this document will be considered true between the parties, as legitimate valid instruments for manifesting their intentions.
14. ABOUT OUR PRIVACY AND DATA PROTECTION POLICY
This policy aims at providing the reader with clear and objective information. However, if you still have questions or complaints about this text or the way we process your data, please contact us to solve your needs before taking any administrative or legal action.
This privacy policy will be frequently revised and updated based on the dynamics of existing processes, adding news and making adjustments in accordance with legal requirements, always with the objective of protecting the privacy of the data subjects of personal data and ensuring the legal use of their information.
This version of the Privacy and Data Protection Policy was published on December 2, 2020.