Acessibilidade
A+
A-
Institucional

MSCI

Home > MSCI > Enviromental & Social > Privacy & data Security
Data pertaining to 2023
Overview Enviromental & Social Governance metrics

Privacy & data Security

Practices

Scope of data protection policy

Our Privacy Policy is publicy avaiable, check it here.

Rights provided to consumers regarding the control of their data

RD Saúde’s Data Privacy Policy ensures that data subjects have the right to access, rectify, and delete their personal data. Additionally, we have a Data Subject Portal through which requests and inquiries can be made in a simplified manner. You can also check the information about how we deal with personal data on our Sustainability Report – https://rdsaude.com.br/sustentabilidade/indicadores-e-relatorios/

Measures to address data breaches

We have some Policies related to the topic, such as “Security Incident Management Policy” and “Security Incident Communication Policy to ANPD and Data Holders”. The materials, however, are not public as they contain strategic information from RD Saúde.

Frequency of audits of information security system

Periodic and independent audits are conducted to assess the maturity and effectiveness of our cybersecurity management.

Responsibility for privacy and data security

The Audit Committee of the Board of Directors is responsible for overseeing risk management activities, data management and protection, and cybersecurity.

Evidence of access control and protection of personal or sensitive data

Our current practices involve storing only personal data and/or sensitive personal data for the regular exercise of our rights or for the fulfillment of legal or regulatory obligations, in accordance with the provisions of Article 27 of the Brazilian Consumer Defense Code (CDC), from the date of purchase. The data collected from customers is anonymized and processed in a grouped manner.

More information can be found at our Sustainability Report (from pages 37 to 40) and also at the Cybsersecurity and Data Privacy Policies.

Consent policy for use of consumer data for secondary purposes

As stated in our Privacy Policy RD does not rent, sell, or provide personal data to third parties

Collection, usage and retention of customer information

According to Brazilian law (LGPD), companies are required to limit the retention of personal data as follows: 5 years for data related to payment management or paid hours control; 20 years for medical record data; 3 years for contact information of a potential customer who has not responded to any requests; and 6 months for log data. Our company’s data privacy policy explicitly states that we adhere to these legal limits for data retention.

Scope of employee training on privacy and data security

Trainnig on Cybersecurity and Data Protection is offered to employees and contractors

Scope of information security management system certifications

In 2023, RD Saúde received certification in the ISO/IEC 27001:2022 standard for its digital channels (Raia & Drogasil websites) and Univers benefit channels, as detailed in our sustainability report on page 39. This international standard aims to protect the confidentiality, integrity, and availability of data, ensuring rigorous measures are in place to address cybersecurity threats.

Data protection programs covering suppliers and business partners

Inspections are conducted on a regular basis

© 2024 RaiaDrogasil – Todos os direitos reservados.  |  Produzido por Plank
Português Português English English