Acessibilidade
A+
A-
Institucional

SASB

Home > SASB > Data security and privacy > HC-DR-230a.1
Data pertaining to 2024
Overview Retail energy management Controlled substances management Medicine supply chain integrity Activity metrics Patient health outcomes Data security and privacy

Data security and privacy

Seta para baixo
GRI HC-DR-230a.1
Description of policies and practices to secure customers' protected health information (PHI) records and other personally identifiable information (PII)

RD Saúde maintains a comprehensive compliance program that includes permanent technical and organizational measures designed to ensure data security, robust internal governance, and ongoing training for teams and professionals.
Our Company’s compliance program has been built on several pillars since its inception: (a) structuring an internal Data Privacy and Information Security Governance team; (b) appointing an internal Data Protection Officer (DPO); (c) continuously updating internal and external policies, including the Privacy Policy, to align with the LGPD and guidance from the ANPD and other regulatory bodies; (d) maintaining a permanent Privacy Portal so that our customers, professionals, partners, and service providers can not only stay informed but also exercise their rights guaranteed by the LGPD; (e) ongoing contract reviews with suppliers and other partners to ensure our customers’ rights are upheld in line with the latest regulatory requirements; (f) continuous implementation and enhancement of necessary technical
and organizational security measures to protect data; (g) regular training sessions for Company teams aimed at disseminating LGPD knowledge and strengthening the data protection culture; (h) hiring specialized consultancies to manage data protection programs; (i) certification under ISO/IEC 27001:2022 Information Security standard; and (j) contracting specialized consultancies for data protection program management.
We implement internal policies guiding professionals and service providers on this subject, as well as external policies that ensure the necessary transparency for consumers and other stakeholders, including:

  • Internal Privacy Policy (Confidential Document – Annex I, Internal Policies item);
  • Information Security Policy (Confidential Document – Annex I, Internal Policies item);
  • Information Security and Personal Data Incident Policy (Confidential Document – Annex I, Internal Policies item);
  • Incident Reporting Policy to the ANPD and Data Subjects (Confidential Document – Annex I, Internal Policies item);
  • Privacy Policy;
  • Corporate Information Security Policy

We provide a Privacy Portal that enables customers to request the exercise of their rights over their
personal data.

© 2025 RaiaDrogasil – Todos os direitos reservados. Produzido por Plank