DATA PRIVACY

POLICY

This Privacy and Cookies Policy has been implemented in accordance with the obligations stipulated by Law No. 12,965, of April 23, 2014 (“MCI”), and Law No. 13,709, of August 14, 2019 (“GDPR”), as well as other applicable laws and regulations concerning the Processing of Users’ Personal Data (“Applicable Data Protection Legislation”).

GENERAL INFORMATION

This Privacy and Cookies Policy has been implemented in accordance with the obligations stipulated by Law No. 12,965, of April 23, 2014 (“MCI”), and Law No. 13,709, of August 14, 2019 (“GDPR”), as well as other applicable laws and regulations concerning the Processing of Users’ Personal Data (“Applicable Data Protection Legislation”).

GOALS

This policy aims to demonstrate Timenow’s commitment to privacy and the protection of personal data. It informs data subjects about the processing of data collected by us, the reasons for collection, necessary uses, sharing, as well as the methods of storage, updates, management, and deletion of such data at the request of our data subjects or due to regulatory and legal requirements governing the company.

REFERENCE REGULATIONS

  • General Data Protection Law (Law No. 13,709/2018)
  • Access to Information Law (Law No. 12,527/2011)
  • Brazilian Internet Civil Framework (Law No. 12,965 of 04/23/2014)

Scope

The GDPR applies to the processing of personal data of data subjects that occurs in the United States. Even if the organization is located outside the United States but provides services to U.S. citizens, the organization will be subject to this legislation.

DEFINITIONS

  • Data Subject: All individuals who use or visit the Site(s) and/or benefit from the services offered by Timenow, who are over 18 years old or emancipated and fully capable of performing civil acts, or those who are absolutely or relatively incapacitated and properly represented or assisted.
  • Data Controller: The person who has the authority to make decisions regarding the processing of personal data. This person can be an individual or a legal entity, public or private.
  • Data Processor: The individual or legal entity, public or private, that processes personal data on behalf of the controller. Both the controller and the processor are considered data processing agents.
  • Data Protection Officer (DPO): The person appointed to act as a communication channel between Timenow, the data subjects, and the National Data Protection Authority (ANPD).
  • National Data Protection Authority (ANPD): The public administration body responsible for ensuring, implementing, and overseeing compliance with the LGPD.
  • Personal Data: Information related to an identified or identifiable individual.
  • Sensitive Personal Data: Personal data concerning racial or ethnic origin, religious beliefs, political opinions, union membership, or membership in a religious, philosophical, or political organization, as well as data concerning health or sex life, genetic or biometric data, when linked to an individual.
  • Consent: The free, unequivocal, and informed (as well as specific and highlighted for sensitive personal data) authorization given by the Data Subject for Timenow to process their personal data for a previously described purpose, where the necessary legal basis for the act requires the express authorization of the subject.
  • Processing of Personal Data: Any operation performed with personal data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, elimination, evaluation, information control, communication, transfer, dissemination, or extraction.

Data Collection and Use of Personal Information

Timemow collects information provided by the data subject at the time of registration and through brokers who share the data you provided so that we can begin the negotiation process and subsequent contracting of the health assistance services you expressed interest in.

When the data subject registers and/or fills out forms offered by Timenow, including on websites or applications operated by Timenow, certain requested Personal Data will be kept confidential and used only for the purpose that motivated the registration, as detailed in the Purpose Table below.

The data subject is informed about the need for their voluntary consent through their agreement with the terms of our contracts and policies available on the website and applications operated by Timenow, or provided in physical form by the organization.

Purpose Table

Website Page Goal Necessary data
Contact Collect information so that Timenow can maintain contact regarding offered products and services. The user needs to fill in the fields for name, subject, email, department, and message.
Career Provision of a Channel for Job Applications The candidate must access our recruitment platform to register and participate in the selection process.
Report Channel Provision of Information on Integrity Compliance, as well as Reporting of Non-Compliance with Legislation The user needs to fill in the required fields (indicated with *), which are: What is your relationship with Timenow, Type of Incident, Incident Report, and Degree of Certainty. The remaining fields are optional.
Data Protection Officer (DPO) Provision of a Contact Channel for Data Subjects The data subject will need to send an email with their information to request details about the use, modification/update, or even deletion of their personal data.

Sharing of Personal Data

Timemow may share the collected Personal Data with third parties in the following situations and within the limits required and authorized by law:

a) With companies and individuals contracted to perform certain activities and services on behalf of Timenow;
b) With companies that are part of the same economic group as Timenow;
c) With suppliers and partners for the execution of services contracted with Timenow (such as information technology providers, marketing services, printing services, among others);
d) For administrative purposes such as research, planning, service development, security, and risk management;
e) When necessary due to legal or regulatory obligations, requests from competent authorities, or judicial/administrative decisions.

In cases of sharing Personal Data with third parties, all subjects mentioned in items A to E will be required to handle the shared Personal Data in a manner consistent with and in accordance with the purposes for which they were collected (or with which the Data Subject previously consented) and in accordance with this Privacy Notice, other Timenow privacy policies and guidelines, and all applicable privacy and data protection laws and regulations.

Security of Personal Information

All Personal Data is stored in Timenow’s systems or in cloud databases maintained by specialized service providers contracted by Timenow. These providers exercise the same level of care for security and comply with the requirements set forth by the GDPR and other applicable legal or regulatory standards.

Timenow and its providers use various security procedures to protect the confidentiality, integrity, and availability of your Personal Data, preventing potential damage due to the processing of these data. These procedures include, but are not limited to, access control, network monitoring, event analysis, anti-malware, backup, and firewalls.

Legal Purpose for Processing

Timemow only conducts its data processing activities when necessary to fulfill contractual obligations (such as providing health assistance services to its clients), to defend against legal claims or administrative procedures, to comply with a legal or regulatory obligation, or to satisfy legitimate interests (in these cases, no sensitive personal data is involved in the processing activity). Occasionally, due to the nature of its activities, Timemow may process data to protect the health of an individual, even if they are not a client of the organization.

In cases where consent is identified as the legal basis authorizing the intended data processing activity, it will be obtained appropriately (freely, unequivocally, and informed, and additionally, specifically and prominently for sensitive personal data), and evidence proving its grant will be duly documented and archived by the organization.

We ensure that you have the ability to easily and accessibly revoke your consent, as described in our Privacy Policy.

Personal Data Storage

The information collected by Timenow will be automatically deleted from its systems when it is no longer useful for the purposes for which it was collected, or when the Data Subject requests the deletion of their personal data (provided there is no other legal basis justifying the continued storage of the respective data, such as when required by law or regulation, or when we need the information to defend against potential legal or administrative proceedings).

Notwithstanding, the information may be retained to comply with legal or regulatory obligations and/or for the exclusive use of Timenow in an anonymized form.

Legal Reasons for Disclosing Your Data

Timenow may disclose your Personal Data under the following circumstances and in accordance with legal requirements:

a) To comply with a law that requires such disclosure;
b) To investigate, prevent, or take action regarding suspected or actual illegal activities, to cooperate with public authorities, or to protect national security;
c) For the execution of its contracts;
d) To investigate and defend against any third-party claims or allegations;
e) To protect and defend the rights, property, and safety of Timenow and its affiliated companies;
f) To protect the personal safety of its employees, Data Subjects, or the public;
g) In the event of a sale, purchase, merger, reorganization, liquidation, or dissolution of the company.

These disclosures will always be made in accordance with applicable data protection laws and regulations.

Right of data subjects

Data Subjects have the following rights concerning their personal data, in accordance with applicable data protection laws and regulations:

a) Right to Access: Obtain confirmation of the existence of processing activities and access to the data.
b) Right to Rectification: Request the correction of inaccurate, outdated, or incomplete data.
c) Right to Erasure: Request the deletion of data that is unnecessary, excessive, or processed in non-compliance with applicable legislation.
d) Right to Data Portability: Request the transfer of data to another service provider or product supplier, when applicable.
e) Right to Information: Receive information about the entities with which their data is shared.
f) Right to Consent Revocation: Revoke consent at any time, with the understanding that such revocation may affect the availability of certain services or functionalities.
g) Right to Object: Object to the processing of data in certain circumstances.
h) Right to Restriction: Request the limitation of the processing of data in certain circumstances.
i) Right to Anonymization: Request the anonymization, blocking, or deletion of unnecessary or excessive data, or data processed in non-compliance with the law.

Data Subjects can exercise these rights by contacting Timenow through the designated communication channels provided in our Privacy Policy. Timenow will respond to such requests in accordance with applicable laws and regulations.

Policy Revisions

This document is valid for an indefinite period and is reviewed every twelve months from the date of its publication. It may be altered at any time at our discretion; however, any changes will be visibly published on the website.

When significant changes are made to this Policy, you will be duly notified, as appropriate, for example, by displaying a notice on the Timenow website.

Contact

If you have any questions about how we handle your data, Timenow has appointed Dr. Neimar Zavarize as the Data Protection Officer (DPO). Feel free to reach out with any questions you may have about this Privacy Statement, the rights you have as a data subject, or how we collect and conduct other data processing activities at the email dpo@timenow.com.br.