Privacy Policy

PRIVACY POLICY AND PERSONAL DATA PROTECTION

Mehling Orthopedics conducts its activities, including the processing of Personal Data, guided by its Core Values, Innovation, Integrity and Responsibility, and by the culture of Ethics and Compliance.

This Mehling Orthopedics Personal Data Protection and Privacy Policy applies to everyone who browses this Website and those who communicate with our company through our service channels, whether healthcare professionals or related, patients, consumers, employees, ex- employees, among others, even if they do not have a registered account, but have their data processed by our company.

This Policy establishes the conditions of use and service of the mehlingorthopedics.com Website and our channels. It is very important that you read this Policy to understand how your personal data may be treated by our company.

If you have questions or requests related to your Personal Data, please contact our Personal Data Protection Officer, via email: [email protected]

WHAT IS THE PURPOSE OF THIS POLICY AND OUR COMMITMENT?

The processing (use) of personal data is necessary for carrying out many of our company’s legitimate activities.

We know, however, how important your personal data is to you and, therefore, we are committed to treating (using) your personal data always in accordance with the forms authorized by current legislation.

In this sense, this Policy aims to inform, in a simple way, how your personal data can be treated and protected by our company and how you can exercise your rights as a holder of personal data. To facilitate understanding, we have divided the content into the following topics:

Definitions
What personal data is collected?
For what purposes do we process (use) personal data?
What are cookies?
With whom may we share personal data?
How do we keep personal data secure?
How long will personal data be stored?
Your rights as a Personal Data Holder and how to exercise them?

DEFINITIONS

To facilitate understanding, we have listed in the table below the main definitions and terms, normally related to privacy and protection of personal data, and we refer to them in the text of this Policy:

LGPD – General Law for the Protection of Personal Data, law n.º 13.709/2018

Personal data – Information related to a natural, identified or identifiable person.

Sensitive personal data – Personal data about racial or ethnic origin, religious conviction, political opinion, union affiliation or organization of a religious, philosophical or political nature, data referring to health or sexual life, genetic or biometric data, when linked to a natural person.

Holder – Natural person to whom the personal data that are subject to processing refer. These persons may be healthcare or related professionals, patients, consumers, employees, former employees or other natural persons.

Users – People who access our Website and/or interact with the activities offered therein.

Controller – Natural or legal person, public or private, who is responsible for decisions regarding the processing of personal data. Our company can act as Controller and/or Operator, in the processing of Personal Data.

Operator – Natural or legal person, public or private, who processes personal data on behalf of the controller. Our company can act as Controller and/or Operator, in the processing of Personal Data.

Person in charge – Person appointed by the controller and operator to act as a communication channel between the controller, the holders of personal data and the National Data Protection Authority (ANPD). Our Personal Data Protection Officer can be contacted via email: [email protected]

Treatment – Any operation carried out with personal data, such as those referring to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication , transfer, diffusion or extraction.

Anonymization – Processes through which personal data lose the possibility of direct or indirect association with an individual, considering the use of reasonable technical means available at the time of treatment. Under the law, the LGPD does not apply to anonymized personal data.

Automatic collection – Automatic collection is that carried out by accessing our company’s digital channels, without the Holder necessarily having informed personal data. Examples of data collected automatically are Cookies, access logs, characteristics of the access device or browser, IP (with date and time), IP origin, information on clicks, pages accessed, search terms entered in our channels, among others.

Cookies – These are the files sent by the Website’s server to the Users’ computer, in order to identify them and obtain access data, such as browsed pages or clicked links, thus allowing Users to customize their navigation on the Website, according to your preferences.

IP – Abbreviation for Internet Protocol. It is a set of numbers that identifies the connection, through which it is possible to identify the Users’ computer on the Internet.

Logs – Records of activities carried out by Users on the Website.

Site or Website – Designates the electronic address mehlingorthopedics.com and its subdomains.

WHAT PERSONAL DATA IS COLLECTED?

In order for us to carry out our activities, it may be necessary for our company to collect some information or personal data relating to you.

This information may have been provided directly by you, by third parties contracted or contacted by our company, or collected automatically.

Some examples of the information that may be collected:

Contact area information, such as “name, email, phone numbers, state and city.
Financial Information: possible amounts to be paid or received, through a bank account or slips due to our business relationship
Behavioral Information: access identification, information on clicks, among others, collected through technological means, such as cookies.

Our company ensures that personal data is collected and processed only to the extent necessary, as a result of legitimate, clear and informed purposes, as well as upon authorization, which may be consent or any other provided for in the LGPD, such as those provided for in articles 7, 11 or 14.

FOR WHAT PURPOSES DO WE PROCESS (USE) PERSONAL DATA?

Personal Data may be processed by our company for various legitimate purposes. Below, we list some of these purposes and examples:

Carry out commercial operations: carry out marketing and sales activities; respond to requests received; track interactions and meetings, including when you contact our company to request information or support
Comply with legal or regulatory obligations: manage adverse events; carry out prevention, evaluation and research activities; comply with administrative formalities; carry out records and declarations; attend audits
Provide customer support, using previously requested registration data and contact information
Provide access to services: allow access, download, use or management of applications, websites and online platforms
Improve and develop products and services: identify usage trends and develop new products and services; understand how people and their electronic devices interact with our services and platforms; track and respond to security concerns; evaluate the effectiveness of our promotional campaigns, carry out surveys, among other things
Personalize your experience when using services that may be offered by our company: allow the offered services to be presented in the way that best suits the User’s preferences; understand your professional and personal interests in relation to the content, products and services made available through our communication channels; present products and contents as Users carry out searches
So that our company can communicate with you: answer your questions; meet your requests; provide support for products and services; provide important information, administrative information, necessary notices and promotional materials; send you news and information about our products, services, brands and operations; organize and manage professional, remote or face-to-face events, meetings, classes and congresses
To process payments that may be necessary, in specific and clearly informed situations: receive and verify financial data, with the aim of allowing payments to be made/receipt in specific and clearly informed situations
Offer donations and sponsorships: in situations where they are allowed or applicable
Respond to requests from authorities, administrative or judicial, in accordance with applicable laws: comply with subpoenas, submit necessary records, follow up, manifest or defend in legal proceedings;
Protect our company’s rights and interests: protect the health and safety of employees, third parties and our company’s facilities; perform internal audits, asset management, system and other business controls; manage and monitor the administration of the company’s business (including finance and accounting; fraud monitoring and prevention, among others); maintain the security of services and operations; protect our company’s rights, whether privacy, security or property; enable solutions; mitigate risks; limit damages that may be incurred by our company, where necessary; protect our company and affiliated companies against possible fraudulent actions.

WHAT ARE COOKIES?

Cookies are files or information that can be stored on the electronic devices of Users who visit the Website or use our company’s digital channels.

Our company adopts an ethical and transparent policy regarding the use of “cookies”.

When accessing our company’s website for the first time, you can inform your preferences for the use of Cookies. To review the authorization granted or revoke it, contact us via email [email protected]

WITH WHOM MAY WE SHARE PERSONAL DATA?

Based on the purposes described above, it may be necessary for our company to share your personal data with:

Our partners, including healthcare professionals, organizations and services, distributors, or other institutions related to healthcare and the pharmaceutical industry
Authorities, government entities or other third parties, to comply with legal or regulatory rules, for the protection of our company’s interests in any type of conflict, including lawsuits and administrative proceedings
Select vendors, service providers or vendors, who may act in accordance with our instructions, whether for website hosting, data analysis, payment processing, order fulfillment, information technology processing, provision of related infrastructure, customer service customer, e-mail deliveries, audits, among others.
Potential acquirers and other interested parties, in the case of corporate/legal restructuring operations, such as acquisitions, mergers, joint ventures, assignments, spin-offs, investments or divestments.

Personal data may also be subject to international transfer, which will always be done in accordance with legal and regulatory standards, and through the use of legal means or instruments that guarantee the security of personal data, as permitted by the LGPD or other laws or regulations, depending on the destination of the information.

HOW DO WE KEEP PERSONAL DATA SECURE?

Any personal data processed by our company will be stored in accordance with the strictest security standards, which include the adoption of measures such as:

Protection of our systems against unauthorized access;
Restricting access to personal data only to people specific to the place where the personal data is stored; and
Guarantee that employees or external partners, who need to process personal data, must undertake to maintain absolute secrecy, as well as adopt best practices in the eventual treatment of this personal data, as determined by corporate policies and procedures, contracts, legal or regulatory norms, among others;

In addition to technical efforts, our company also adopts institutional measures to protect personal data, through its Governance Structure for Privacy and Personal Data Protection, which includes its Privacy and Personal Data Protection Committee, as Data Protection Officer Personal.

HOW LONG WILL PERSONAL DATA BE STORED?

Personal data will be processed by our company until they no longer serve the purposes for which they were collected, when they will be deleted or until the holder of the personal data requests their deletion, except in the event that our company needs to maintain the processing of Personal Data , for the purposes of complying with a legal or regulatory obligation, transfer to a third party – provided that the requirements for processing personal data are respected – and exclusive use of our company, including for the exercise of your rights, including in judicial or administrative proceedings.

YOUR RIGHTS AS A PERSONAL DATA HOLDER AND HOW TO EXERCISE THEM

Our company respects your rights as a holder of personal data, whether these rights are provided for in the General Law for the Protection of Personal Data (LGPD) or in other legal or regulatory rules. In this way, with regard to the processing of personal data, our company guarantees you – the holder, the right to make the following requests:

Confirmation of the existence of treatment – You can request the consultation of possible processing activity of your personal data. If, eventually, your data is not or has not been processed by our company:

a) If we know who performs the treatment, we will tell you, and

b) If we do not know, we will inform you that our company has not carried out the treatment.

Access to your personal data – You can request access to your personal data, which is processed by our company, in two ways:

a) Simple: Receiving only a simplified extract of your personal data; or

b) Complete: Receiving, in addition to the personal data processed, information about the origin of your data, the lack of registration, the criteria used and the purpose of the treatment, observing the rights to preserve business, commercial, industrial and other legal or regulatory determinations that determine confidentiality by our company.

Correction of incomplete, inaccurate or outdated personal data – If you verify that your data is not up to date, incorrect or incomplete, you can request the alteration, correction or supplementation of your personal data to our company.

Anonymization, blocking or deletion of data that is unnecessary, excessive or treated in violation of legal or regulatory rules – If you understand that your personal data is being treated irregularly, you can request that it be anonymised, blocked and even deleted.

Revocation of Consent – If the processing of your personal data is carried out based on the collection of your consent, you can revoke this consent at any time.

Deletion of data processed with the consent of the Holder – If the processing of your personal data is carried out based on the collection of your consent, you can expressly request the deletion of your personal data from our databases, at any time.

Obtaining information about public or private entities with which our company has shared your personal data – So that you can understand, in detail, with whom we share your personal data, in addition to the information provided for in this Policy, you can request complete details .

Information about the possibility of not providing your consent, as well as being informed about the consequences, in case of refusal of your consent to the processing of personal data – For all activities in which the processing of your personal data requires the collection of your consent, you will be informed, clearly and objectively, about the possibility of not providing your consent and about the natural consequences of your non-consent.

Automated decision review – If our company takes any automated decision, involving the processing of your personal data, or that directly affects you, you can ask us to review this decision.

All requests received from holders of personal data processed by our company will be:

Made available to the holder of the personal data (or his legal representative), free of charge
Submitted to some form(s) of validation of the Holder’s identity or presentation of powers of representation, so that our company can guarantee compliance with the requests of the true holder(s) of the personal data.

All requests from holders regarding personal data will be evaluated by our company’s Privacy and Personal Data Protection Committee, which may request more information to better understand the request and ensure the best and most accurate service to the holder of personal data. .

In some situations (provided for in legal or regulatory rules), perhaps the requests of the holder of the personal data cannot be met. Thus, when assistance is not possible, the relevant justifications will be presented, so that you can understand our reasons.

To exercise your rights as a holder of personal data, simply make your request through our channel [email protected]

APPLICABLE LAW AND CHANGES TO THIS POLICY

This Policy was prepared based on the LGPD and the requests and rights set forth herein may be exercised as from the validity of the LGPD.

Our company may, at its discretion and at any time, change, add, adapt or remove parts of this Policy.

This Mehling Orthopedics Personal Data Protection and Privacy Policy was updated in September 2020.

Our company is committed to the privacy of holders of personal data. For any clarification on our privacy practices and the exercise of your rights as a holder of personal data, please contact us via email [email protected]