Privacy Policy

1. General Information

This Privacy Policy contains information about how we process, either fully or partially, in an automated or non-automated manner, the personal data of users who access our website. Its purpose is to clarify interested parties about the types of data that are collected, the reasons for collection, and how the user can update, manage, or delete this information.

This Privacy Policy has been prepared in accordance with Federal Law No. 12,965 of April 23, 2014 (Internet Civil Rights Framework), Federal Law No. 13,709 of August 14, 2018 (Personal Data Protection Law), and EU Regulation No. 2016/679 of April 27, 2016 (General Data Protection Regulation – GDPR).

This Privacy Policy may be updated due to eventual normative updates, which is why users are invited to periodically consult this section.

2. User Rights

The website is committed to complying with the provisions of LGPD (Brazil’s General Data Protection Law) in respect to the following principles:

• User’s personal data will be processed lawfully, fairly, and transparently (lawfulness, fairness, and transparency).
• User’s personal data will only be collected for specific, explicit, and legitimate purposes and will not be processed in a way that is incompatible with those purposes (purpose limitation).
• User’s personal data will be collected in an adequate, relevant, and limited manner to what is necessary for the purposes for which they are processed (data minimization).
• User’s personal data will be accurate and up-to-date whenever necessary, so that inaccurate data are deleted or rectified when possible (accuracy).
• User’s personal data will be stored in a way that allows the identification of data subjects only for the period necessary for the purposes for which they are processed (storage limitation).
• User’s personal data will be processed securely, protected from unauthorized or unlawful processing, and against their loss, destruction, or accidental damage, by adopting appropriate technical or organizational measures (integrity and confidentiality).

The user of the website has the following rights, granted by the Personal Data Protection Law and the GDPR:

• Right to confirmation and access: the user has the right to obtain from the website confirmation whether personal data concerning them is being processed and, if so, the right to access their personal data;
• Right to rectification: the user has the right to obtain from the website, without undue delay, the rectification of inaccurate personal data concerning them;
• Right to erasure (right to be forgotten): the user has the right to have their data erased from the website;
• Right to restriction of processing: the user has the right to restrict the processing of their personal data, and they can obtain it when they contest the accuracy of the data, when the processing is unlawful, when the website no longer needs the data for its proposed purposes, and when they have objected to the processing of data and in cases of unnecessary data processing;
• Right to object: the user has the right to object at any time, for reasons related to their particular situation, to the processing of personal data concerning them, including profiling for marketing purposes (profiling);
• Right to data portability: the user has the right to receive the personal data concerning them that they have provided to the website, in a structured, commonly used, and machine-readable format, and they have the right to transmit that data to another website;
• Right not to be subject to automated decision-making: the user has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects them.

The user may exercise their rights through a written communication sent to the website with the subject “LGDP – (desired subject),” specifying:

• Full name or legal entity name, CPF (Individual Taxpayer Identification Number) or CNPJ (National Registry of Legal Entities), and email address of the user and, if applicable, their representative;
• The right they wish to exercise with the website;
• Date of the request and the user’s signature;
• Any document that can demonstrate or justify the exercise of their right.

The request should be sent to the email address: drthiagohemerly.urologia@gmail.com or by mail to the following address:

Rua Comendador Eduardo Saccab, 215, conjunto 207, Brooklin, São Paulo – SP CEP: 04601-070

The user will be informed in case of rectification or erasure of their data.

3. Duty Not to Provide Third-Party Data

During the use of the website, in order to safeguard and protect the rights of third parties, the website user should only provide their personal data and not the data of third parties.

4. Types of Collected Data

4.1.1. User Identification Data for Registration

The use of certain website features by the user may require registration, and in these cases, the user’s data will be collected and stored.

4.1.2. Data Provided in the Contact Form

Data that the user may provide when using the contact form on the website, including the content of the message sent, will be collected and stored.

4.1.3. Data Related to the Execution of Contracts with the User

For the execution of a purchase and sale contract or a service agreement that may be entered into between the website and the user, other data related or necessary for its execution may be collected and stored, including the content of any communications with the user.

4.1.4. Access Logs

In compliance with the provisions of Article 15, paragraphs and provisions of Federal Law No. 12,965/2014 (Internet Civil Rights Framework), user access logs will be collected and stored for at least six months.

4.1.5. Sensitive Data

The website may collect sensitive data from users.

4.2. Legal Basis for the Processing of Personal Data

By using the website’s services, the user is consenting to this Privacy Policy.

The user has the right to withdraw their consent at any time, without affecting the lawfulness of the processing of their personal data before the withdrawal. The withdrawal of consent can be done via email at drthiagohemerly.urologia@gmail.com or by mail to the following address:

Rua Comendador Eduardo Saccab, 215, conjunto 207, Brooklin, São Paulo – SP CEP: 04601-070

Consent of individuals who are relatively or absolutely incapacitated, especially children under 16 (sixteen) years of age, can only be given if they are properly assisted or represented.

Personal data necessary for the execution and fulfillment of services contracted by the user on the website may also be collected.

The processing of personal data without the user’s consent will only be carried out for legitimate interests or in cases provided by law, including, among others, the following:

• To fulfill a legal or regulatory obligation by the data controller;
• For research purposes by a research organization, with personal data anonymized whenever possible;
• When necessary for the execution of a contract or preliminary procedures related to a contract of which the user is a party, at the request of the data subject;
• For the regular exercise of rights in a judicial, administrative, or arbitration proceeding, the latter in accordance with Law No. 9,307 of September 23, 1996 (Arbitration Law);
• To protect the life or physical integrity of the data subject or a third party;
• For health protection, in procedures carried out by healthcare professionals or health entities;
• When necessary to meet the legitimate interests of the data controller or a third party, except where the fundamental rights and freedoms of the data subject that require the protection of personal data prevail;
• For credit protection, including as provided in relevant legislation.

4.3. Purposes of Processing Personal Data

The personal data of the user collected by the website are intended to facilitate, expedite, and fulfill the commitments established with the user and to enforce the requests made through the completion of forms.

Personal data may also be used for commercial purposes, to personalize the content offered to the user, and to provide the website with insights to improve the quality and functionality of its services.

The website collects user data for profiling purposes, which involves automated processing of personal data to evaluate certain personal aspects of the user, mainly to analyze or predict characteristics related to their professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movement.

Registration data will be used to enable the user’s access to certain website content, exclusive to registered users.

The collection of data related to or necessary for the execution of a purchase and sale contract or service agreement possibly entered into with the user will aim to provide legal certainty to the parties and facilitate and enable the completion of the transaction.

The processing of personal data for purposes not provided in this Privacy Policy will only occur after prior communication to the user, and in any case, the rights and obligations set forth here will remain applicable.

4.4. Personal Data Retention Period

The user’s personal data will be retained for a maximum period of 10 (ten) years unless the user requests their deletion before the end of this period.

Personal data of users may only be retained after the end of their processing in the following cases:

• To fulfill a legal or regulatory obligation by the data controller;
• For research purposes by a research organization, with personal data anonymized whenever possible;
• For transfer to a third party, provided that the requirements for data processing under the law are met;
• For the exclusive use of the data controller, with third-party access prohibited, and with data anonymized.

4.5. Recipients and Transfer of Personal Data

The user’s personal data may be shared with the following individuals or companies:

• Google Brasil Internet Ltda
• Facebook Serviços Online do Brasil Ltda
• LinkedIn Representacoes do Brasil LTDA

Transfer can only be made to another country if that country or territory or the relevant international organization ensures an adequate level of protection of the user’s data.

If there is no adequate level of protection, the website undertakes to ensure the protection of your data in accordance with the strictest rules, through specific contractual clauses for a given transfer, standard contractual clauses, global corporate rules, or seals, certificates, and codes of conduct regularly issued.

5. Security in the Processing of User’s Personal Data

The website is committed to applying technical and organizational measures to protect personal data from unauthorized access and from situations involving destruction, loss, alteration, communication, or dissemination of such data.

To ensure security, solutions will be adopted that take into account appropriate techniques, implementation costs, the nature, scope, context, and purposes of processing, as well as the risks to the rights and freedoms of the user.

However, the website disclaims responsibility for the exclusive fault of a third party, such as in the case of attacks by hackers or crackers, or the exclusive fault of the user, such as when the user themselves transfers their data to a third party. The website also commits to informing the user promptly if any type of security breach of their personal data occurs that could pose a high risk to their personal rights and freedoms.

A personal data breach is a security breach that results in the accidental or unlawful destruction, loss, alteration, disclosure, or unauthorized access to personal data transmitted, stored, or otherwise processed.

Finally, the website commits to treating the user’s personal data with confidentiality, within legal limits.