Privacy Policy

OMINT GROUP’S PRIVACY AND PERSONAL DATA PROTECTION POLICY

The purpose of this Privacy Policy and Protection of Personal Data is to make the guidelines adopted for the protection of Personal Data collected and stored by the companies of the Omint Group transparent, in compliance with the relevant legislation, in particular Law No. 13,709 of August 14, 2018 (“General Data Protection Law” or “LGPD”).

For the purposes of interpreting this Privacy Policy and Protection of Personal Data, the terms and expressions listed below, regardless of whether they begin with upper or lower case letters, both singular and plural, male or female, with or without boldface, will have the meaning assigned to them as follows:

  • • Anonymization

    Use of reasonable and available technical means at the time of treatment, whereby data loses the possibility of association, directly or indirectly, with its Holder.

  • • Consent

    Free, informed and unambiguous expression by which the Holder agrees with the treatment of his personal data for a specific purpose.

  • • Data

    Referring, together and indistinctly, to Personal Data and Sensitive Personal Data.

  • • Sensitive personal data

    Personal data on racial or ethnic origin, religious belief, political opinion, union membership or organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data, when linked to an individual person.

  • • Personal data

    Information related to an identified or identifiable individual person.

  • • Elimination

    Exclusion of data or data set stored in a database, regardless of the procedure used.

  • • Policies

    Omint Group’s Privacy and Data Protection Policy.

  • • Holder

    You are the holder of the Personal Data and / or Sensitive Personal Data, a natural person to whom the personal data that are being processed refer to.

  • • Treatment

    Any operation performed with personal data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or extraction.

  • • Shared use of data

    Communication, dissemination, international transfer, interconnection of personal data or shared treatment of personal databases by public bodies and entities in the fulfillment of their legal powers, or between these and private entities, reciprocally, with specific authorization, for one or more modalities of treatment allowed by these public entities, or between private entities.

This Policy applies to the companies of the Omint Group in Brazil, namely: Omint Serviços de Saúde Ltda., CNPJ / MF nº 44.673.382 / 0001-90 (OMINT SAÚDE); Omint Seguros S.A. CNPJ/MF nº 20.646.890/0001-10 (OMINT SEGUROS); (Del Sol Odontologia Ltda. CNPJ/MF nº 04.057.033/0001-29 (CLÍNICA ODONTOLÓGICA OMINT); and Premium Assistance Serviços de Assistência Ltda. CNPJ/MF nº 13.041.940/0001-70 (PREMIUM ASSISTANCE).

The guiding principles of this Privacy and Data Protection Policy are:

1. Strict compliance with national legislation pertaining to the protection of Personal Data.

2. The confidentiality, integrity and availability of Personal Data, using the reasonable means and technological tools available to ensure, in the best possible way, its adequate protection, as well as preventing undue access, copying, reading, modification, destruction and unauthorized disclosure;

3. Collection and use of Personal Data in a limited way, observing the strict need and purpose;

4. Promote the creation, development and continuous improvement of internal processes, systems and qualification of employees and partners to ensure the implementation and faithful compliance with this Policy, as well as the prevention, protection, detection, and recovery against external attacks and leakages of Personal data;

5. To guarantee the Holder the transparency in relation to the storage and Treatment of his Personal Data.

Only the Personal Data and Sensitive Personal Data that are essential for the activities carried out by the companies of the Omint Group will be collected and stored and their use / treatment will take place to the extent strictly necessary.

Eventually, Personal Data and Sensitive Personal Data may be collected from children and adolescents, always observing the above principles and the relevant legislation.

Personal Data may be obtained through different means and platforms provided by the Omint Group, directly from the Holder, through third parties and / or collected automatically, as specified below:

• Personal Data provided directly by the Holder: all Personal Data provided directly by the Holder when: filling out and sending forms, forms, questionnaires, adhesion proposals, medical records, etc .; automatically collected when the Holder accesses one of the Omint Group’s digital channels or platforms (websites, applications, social networks, etc.); during the execution of the contract (s) entered into with any of the companies of the Omint Group; filling out a registration form to access company facilities; filling out or sending information to participate in selection processes, etc.;

• Personal data provided by third parties: Omint Group companies may collect Personal Data and / or Sensitive Personal Data from the Holder through third parties, partners or service providers who maintain relationships with one or more Omint Group companies and which have obtained the Data upon the consent of the Holder or have a legal justification for its treatment and sharing; from public bases; and also Data made public by the Holder on websites, social networks or by other means.

• Personal data collected automatically: Personal data of the Cardholder may be collected automatically using various technologies such as cookies, social network profile, local shared objects, among others, with the purpose of improving the Cardholder’s experience while browsing the platforms Omint Group’s digital services, to offer its own products and services more suited to the Holder’s profile.

Regardless of how Personal Data and Sensitive Personal Data have been collected, the duties of secrecy and confidentiality will always be observed.

The Omint Group carries out the Treatment of Personal Data and Sensitive Personal Data collected for different purposes, depending on the relationship maintained with its Holder, such as:

• For the offer of products and services offered by the companies of the Omint Group;

• To prepare quotations, proposals and budgets for products and services in the pre-contractual phase;

• Adequate provision of services and execution of contracts;

• Compliance with legal and regulatory obligations;

• For the regular exercise of rights;

• To provide information and clarifications regarding the products and services provided by the companies of the Omint Group, as well as to answer customer questions sent through the different relationship channels, including through the Ombudsman;

• To prepare responses to public agencies, such as the Federal Revenue Service, the National Supplementary Health Agency – ANS, the Superintendence of Private Insurance – SUSEP, PROCON, etc;

• Exercise broad defense in administrative and judicial proceedings;

• Fraud prevention;

• To safeguard the legitimate interest of the companies of the Omint Group, always within the limit of the strict need and without prejudice to the interests and fundamental rights and freedoms of the Holder;

• Evaluation of the customer profile to offer customized products compatible with their needs, through the analysis of habits and preferences in the different relationship channels and platforms for interaction and data sharing with other companies of the 0Omint Group;

• Statistical analysis, tests and evaluations for research and development, aiming at the management and evaluation of business risks, the improvement and / or creation of new products and internal processes.

Whenever it is necessary, under the terms of the law, the consent of the Holder will be requested to carry out a certain Treatment of his Personal Data and Sensitive Personal Data.

The various digital platforms made available by the Omint Group companies, such as websites and applications, use cookies to facilitate use and better adapt the browsing experience for the interests and needs of users. Cookies can also be used to speed up your future activities and experiences on our services.

Through cookies, information about browser activities is stored, including IP address and the page accessed. These activity logs (logs), which may include data such as the IP address, the actions performed on the Site, the pages accessed, the dates and times of each action and access to each page of the Site and information about the device used, version of operating system, browser, among other installed applications, will be used only for statistical purposes and metrics of the services provided, for the investigation of fraud or undue changes in their systems and registrations, not having the purpose of providing data to third parties without express authorization from the user.

The authorization for the use of cookies may be canceled at any time by the user, using the settings of his preferred browser. In that case, certain functionality of the platforms may not work properly.

Personal Data and Sensitive Personal Data collected and stored by Omint Group companies may be shared with third parties, such as:

• With partner companies and suppliers for the development and regular provision of services made available to the Holder;

• For marketing actions;

• With authorities and governmental entities or other third parties, to protect the legitimate interest of the Omint Group in any type of conflict, including lawsuits and administrative proceedings; and / or

• To comply with a court order or request from administrative authorities that have legal competence for your request.

Eventually there may be an international transfer of Data, always observing the limits of strict necessity and observing the legal dictates.

The sharing of Personal Data and Sensitive Personal Data with third parties will observe the limits of the strict need, ensuring that the third party is able to safeguard confidentiality and adequate protection.

The storage of Personal Data and Sensitive Personal Data will observe strict security standards through the use of reasonable and available tools and technologies, which include the adoption of measures such as:

• Protection against unauthorized access;

• Restricted access for people to the place where personal information is stored; and

• Adoption of procedures so that internal employees or external partners that carry out the Processing of Personal Data are committed to maintaining the absolute confidentiality of the information, adopting good practices for handling this data.

If there is a hypothesis of incidents of leaks or violation of stored data, all available measures will be adopted to remedy the consequences of the event, always ensuring due transparency to the Holder.

The termination of treatment and the elimination of Personal Data and Sensitive Personal Data will occur when: it is verified that the purpose has been achieved or that the Data is no longer necessary or relevant to achieve the specific purpose sought; end of the treatment period; at the request of the Holder, including in the case of revocation of consent; and by determination of the competent authority.

Even after the end of the treatment, Personal Data and Sensitive Personal Data may be kept for the purposes of: compliance with legal or regulatory obligations; carrying out studies and research, guaranteeing, whenever possible, anonymity; transfer to a third party, provided the legal requirements are respected; or exclusive use of the Omint Group, provided the data is anonymized.

From the beginning of the General Data Protection Law, the Omint Group will make available to the Personal Data Subject its own channel for addressing requests and requests related to:

• Confirmation of the existence of Treatment;

• Access to data;

• Correction of incomplete, inaccurate or outdated data;

• Anonymizing, blocking or eliminating unnecessary, excessive or treated data in non-compliance with the law;

• Data portability to another service or product provider;

• Elimination of data processed with the Holder’s consent;

• Obtaining information about public or private entities with which the Omint Group shared its dat;

• Information about the possibility of the Holder not providing consent, as well as the consequences in case of refusal;

• Revocation of consent.

The Cardholder must be aware that the eventual request to delete Personal Data and / or essential information for the management of his registration with the companies of the Omint Group, when possible, may imply the termination of his contractual relationship, with the consequent cancellation of services then rendered.

All reasonable efforts will be made to meet the requests made by the Holders in the shortest possible time. However, justifiable factors may delay or prevent your prompt service, and it is certain that, in case of delay, the justifications will be presented.

When the requests submitted by the Holder are rejected, either for formal reasons (for example, the inability to prove their identity) or legal reasons (for example, the request for deletion of data whose maintenance is essential), or in the event of the impossibility of meeting these requirements, requisitions, due justifications will be presented.

To clarify additional questions about the Omint Group’s Privacy and Personal Data Protection Policy, the Holder should contact us through the following channel: privacidade@omint.com.br

The current version of the Omint Group’s Privacy and Data Protection Policy was last modified and published on our portal (www.omint.com.br) on 08/28/2020, and can be changed and / or updated at any time or moment, effective from the date of its publication.