Smile Train has a commitment not only with the formality of Law No. 13.709/2018 – the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados “LGPD”), but also with its spirit, reason by which it attaches great importance to the correct, legal, and appropriate use of personal data, respecting the rights, privacy, and trust of data subjects.
In compliance with the principle of transparency and best privacy practices, we provide this Policy so that data subjects are aware of the ways and purposes for which Smile Train processes their personal data.
We understand the importance of responsible use of personal data, and we treat such data in strict compliance with the purposes for which it is intended, collecting the personal data that is minimally necessary for the performance of our activities.
Personal data processed
Below we list the main types of personal data processed, the purposes of the processing and the respective categories of data subjects.
For the registration of patients who use the subsidies offered by Smile Train, we may process personal data for identification and registration, as well as sensitive personal data related to the patient’s health, in addition to photos and videos, so that we can carry out a complete evaluation of the beginning, middle and end of the medical treatment offered. All information related to the data collected and the specific purposes for the processing of said personal data are provided to the data subjects (and/or their legal representative, if applicable) at the beginning of the patient’s relationship with our institution.
Suppliers and Partners
We have records from our suppliers and partners strictly for the purpose of contact and conduct of financial, administrative, and operational routines.
We keep records of our suppliers and partners strictly to make contacts and perform financial administrative and operational routines.
For the performance of our routine activities, we may process the following personal data of our suppliers and partners: (i) name; (ii) CPF ; (iii) telephone; (iv) address; (v) bank data; (vi) e-mail; (vii) company; and (viii) profession.
For approval, registration and registration of Smile Train’s partner healthcare professionals: (i) name; (ii) e-mail; (iii) telephone (personal and/or professional); (iv) position; (v) profession; (vi) general curriculum data; and (vii) company where you work.
For the selection and approval of Smile Train volunteers, we may process the following personal data: (i) name; (ii) date of birth; (iii) address; (iv) telephone; (v) name of user’s social media (such as Facebook, Instagram and LinkedIn); (vi) profession; as well as personal and/or family information related to the existence of cleft lip and other information that is relevant to our evaluation and approval.
In carrying out our activities, we may offer Smile Train courses and/or courses in partnership with other entities. In order to register the data subject’s registration and participation in our courses, we may process the following personal data: (i) name; (ii) address; (iii) telephone; (iv) e-mail; (v) company where the data subject works; (vi) area of operation; and (vii) profession.
On our website we may collect data from users who spontaneously register themselves for the following purposes:
- Make donations: in this processing, identification data such as “name”, “e-mail”, “telephone” and “address” are collected with the purpose of recording and reconciling the donations received and sending marketing communications to donors, so that they can follow the development of our activities. No credit card details indicated by the donor on the website are stored, which are used solely and exclusively by the payment service provider authorized by us.
- Contact Smile Train: in this processing data such as “name”, “last name”, “e-mail”, “address” and “telephone” are collected with the purpose of responding to the communication made by the holder of the data;
- Applying for a job: in this processing, in addition to resumé data, data such as “name”, “last bame”, “e-mail”, “address” and “telephone” are collected for the purpose of profile evaluation and recruitment process.
When a user visits our website, we insert identifiers (“cookies”) in the user’s navigator or device, which inform us about the user’s interaction with the pages and the resources on our website.
Cookies can be necessary, analytic, related to functionality, related to advertising, permanent or session cookies, and may serve several purposes such as to permit navigation on the pages efficiently, store preferences, improve user experiences, segment the sending of advertising, generate statistical data to name a few.
Certain cookies allow the website to identify the user’s presence only during the user’s visit; others allow the website “to remember” the user when the user accesses the website again, identifying user preferred language, how often user sessions are, in addition to other material variables to improve user experience.
Some cookies may store personal data that has been informed through forms, such as name, e-mail, and telephone number, and also the navigator, address IP and user location data.
On our website we use the following cookies for the following purposes:
Sharing with third parties
In carrying out our legitimate activities, we may share personal data with third parties for storage purposes, such as with AWS.
We can also share personal data with our head office and other affiliates, both in Brazil and abroad. Such sharing may qualify as an international data transfer. When this happens, we will take all steps to ensure that the personal data is protected and that the transfer complies with applicable data protection laws.
We have a robust data privacy governance program and, under no circumstances, do we sell personal data or share it with third parties without a legitimate purpose or in violation of applicable laws.
Retention time of personal data
In general, we store data from personal data subjects for the duration of the relationship of the data subject with our organization, or for as long as necessary for our legitimate purposes as data controller. Personal data that is relevant to legal and accounting obligations is retained as long as necessary for our legitimate purposes, as data controller. Personal data that is material to legal and accounting obligations is retained for as long as necessary, in accordance with applicable legislation.
We store the personal data processed by us on third-party servers, with full commitment to security and making the necessary effort to preserve the integrity and privacy of personal data.
We seek to adopt modern technical and administrative measures, able to protect personal data from unauthorized access and from accidental or unlawful situations of destruction, loss, alteration, disclosure, or any form of inappropriate or illicit processing.
Exercise of rights by data subjects
Data subjects have the right to ask us, at any time and upon request:
- confirmation of the existence if processing of your personal data;
- access to data;
- the correction of incomplete, inaccurate or outdated data;
- the anonymization, blocking or elimination of unnecessary, excessive or treated data in violation of the LGPD;
- the portability of the processed data to another service or product provider, in accordance with the regulations of the National Data Protection Authority;
- information about public and private entities with which we share data;
- deletion of data processed on the basis of consent, a requirement which we may refrain from complying with, pursuant to article 16 of the LGPD; and
- revocation of consent for the processing of your personal data.
Any communication you intend to address to Smile Train regarding the processing of personal data, please contact our Data Protection Officer through the e-mail firstname.lastname@example.org.
When contacting us, aiming at the security, secrecy and inviolability of the data, we may ask you to provide us with additional information or perform procedures capable of confirming your identity.