Policy Privacy
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
São Leopoldo Group Privacy Policy
Scope and application of the policy
Possibilities for changes to this policy
1.0 ● Colleges
1.1 Introductory information
When contracting educational services from the institution (undergraduate and postgraduate, both in-person and distance learning), SLMANDIC collects personal information capable of identifying its students, from the moment the registration form for the undergraduate entrance exam or the chosen postgraduate course is filled out, until the enrollment is finalized, such as: name, personal document numbers (ID, CPF, passport/RNE), landline and mobile phone numbers, email, residential and professional addresses, parentage, and financial data for issuing payment slips, among others whose collection is mandatory due to regulations from the Ministry of Education (MEC).
After the contractual relationship between the student and the institution is formalized and continues until its termination, the institution will also collect other personal data that is mandatory, according to MEC (Brazilian Ministry of Education) regulations: financial data for tuition payments, race, socioeconomic status, family income bracket, among others.
Furthermore, the provision of services will result in the generation of other personal data of an academic nature, which, in turn, will also be able to identify you: student registration, academic transcript, requests, academic work, forms, access (entry and exit) to the institution, access (entry and exit) to the student's electronic portal, among others.
If you agree, we may also use your data to send you future advertisements that may be of interest to you, thus contributing to the development of new products, services, events and opportunities promoted by SLMANDIC.
If you are or have been a postgraduate student with access to the Faculty's clinics, we will maintain, in addition to your student data, data on the medical or dental treatments performed.
1.2 Legal basis for SLMANDIC Faculties to process personal data
All personal data (regular and sensitive) collected by SLMANDIC has the primary purpose of establishing a contractual relationship between the student and the Institution.
Other ancillary objectives related to the collection of personal data by this institution are the better management, administration, provision and expansion of services, adapting them to the student's preferences, as well as the creation of new services and products to be offered to the academic community.
In this regard, SLMANDIC has legal authorization for any and all personal data processing activities it carries out, namely:
Non-sensitive personal data processed for the purpose of university entrance exam registration and/or selection of postgraduate courses (lato sensu and stricto sensu): in these cases, the processing of personal data is authorized by article 7, item VI, of Law No. 13.709/2018, the General Data Protection Law (LGPD);
Sensitive personal data processed due to enrollment in university entrance exams and/or selection of postgraduate courses (lato sensu and stricto sensu): in these cases, the processing of personal data is authorized by article 11, items I and II, subparagraph “a” of Law No. 13.709/2018, the General Data Protection Law (LGPD);
Non-sensitive personal data processed due to enrollment in undergraduate and/or postgraduate courses (lato sensu and stricto sensu): in these cases, the processing of personal data is authorized by article 7, items II and V, both of article 7 of Law No. 13.709/2018, the General Data Protection Law (LGPD). The data is necessary for the proper execution of the educational services contract and will only be processed for this specific purpose;
Sensitive personal data processed due to enrollment in undergraduate and/or postgraduate courses (lato sensu and stricto sensu): in these cases, the processing of personal data is authorized by article 11, items I and II, subparagraph “a” of Law No. 13.709/2018, the General Data Protection Law (LGPD). In addition to data whose processing is mandatory by law, sensitive data is also necessary for the proper execution of the educational services contract and for the security of the campuses and the people who use them, in which case this data will be processed with express consent, solely for the purposes mentioned herein;
Non-sensitive personal data processed for marketing/sales/communication purposes: in these cases, data processing is authorized by items I and IX of article 7 of Law No. 13.709/2018, the General Data Protection Law (LGPD).
If the student is a minor (under 18 years of age), their personal data will only be collected with the free, express, and unequivocal consent of their father, mother, or guardian, and always in the best interest of the minor/incapacitated person, in accordance with the Civil Code, Federal Law No. 8.069/1990 (Statute of the Child and Adolescent), and Article 14 and paragraphs of Law No. 13.709/2018 (LGPD).
1.3 With whom and for what purpose may my data be shared?
If you are a student at any of the branches/units located in Araras/SP, São Paulo/SP, Rio de Janeiro/RJ, Belo Horizonte/MG, Porto Alegre/RS, Curitiba/PR, Brasília/DF, Vila Velha/ES, Fortaleza/CE or Arcoverde/PE, your data will be shared with the headquarters of SOCIEDADE REGIONAL DE ENSINO E SAÚDE LTDA, the maintaining entity of FACULDADE SÃO LEOPOLDO MANDIC, CNPJ: 04.600.555/0001-25, located at Rua Dr. José Rocha Junqueira, nº 13, Bairro: Swift, Campinas/SP, since the activities carried out in the branches or units are on behalf of the headquarters, which will act as the data controller, while the branches will only be data operators.
Furthermore, if you have agreed to provide your data for advertising, commercial and marketing purposes related to the college, your data may be shared with the college's marketing company, namely AGÊNCIA 12K – MARKETING E PROPAGANDA, CNPJ 28.205.406/0001-20, Rua Waldemar Blatkauskas, 72, Bloco R Andar 2 Sala A, Bairro: Ponte Preta, Campinas/SP.
Apart from these situations, SLMANDIC does not routinely disclose information that could identify you, except when authorized by the data subject or in circumstances provided for in this policy or in a specific consent form.
In this regard, it is important to note that SLMANDIC is part of a group comprised of several legal entities, duly listed in this policy, which work in partnership with other companies.
Furthermore, as a company that provides extremely important services to society, it has direct responsibilities to various sectors of the public and regulatory authorities.
Therefore, your personal data may also be shared in the following circumstances:
With other companies in the group, which undertake to use the information for the same purposes for which it was originally collected; including with the consent of the data subject, when necessary;
With companies in the group, for statistical and research purposes with academic objectives (anonymous, whenever possible), safeguarding the rights and duties of the institution and the data subject protected by other specific regulations, in addition to the LGPD (Brazilian General Data Protection Law);
With companies within the group and/or partner and supplier companies, through the collection of the free, express and unequivocal consent of the data subject, aiming at the development of SLMANDIC's advertising and commercial activities;
To guarantee the protection of the rights, interests, property, and security of SLMANDIC and its affiliated companies in any type of conflict, including legal actions;
In cases where sharing is necessary to ensure the protection of the rights and personal safety of its employees, users, or the public;
In cases where legislation requires such sharing;
In cases where the execution of their contracts requires such sharing;
In the event of a sale, purchase, merger, reorganization, liquidation, dissolution, or any other corporate transactions and changes involving SLMANDIC, if the transfer of information is necessary for the continued provision of services contracted by you;
To investigate, prevent or take action regarding illegal activities, whether suspected or actual, or to cooperate with public authorities or to protect national security;
By court order or at the request of administrative authorities with legal authority to request it.
Furthermore, we clarify that your information may also be shared with companies that provide the technological and operational infrastructure necessary for SLMANDIC's activities, such as payment intermediaries and information storage service providers, as well as education or healthcare systems.
SLMANDIC may notify the respective data subjects of any legal demands that result in the disclosure/sharing of personal data, as previously stated, unless such notification is prohibited by law or by court order, or, finally, if the request is urgent.
If it becomes necessary to obtain the free, express, and unequivocal consent of the data subject to share their personal data, SLMANDIC undertakes to obtain it and, at the same time, explain in detail how the sharing will occur, the reasons, and what data will be used.
SLMANDIC also reserves the right to contest any requests for the sharing of personal data that it deems excessive, vague, or originating from incompetent authorities.
To learn more about the possibilities of sharing your personal data or other information that interests you, simply contact us through the communication channels contained in this policy, in particular: privacidade@slmandic.hml.slmandic.edu.br.
1.4 What are my rights and how can I exercise them?
In compliance with applicable regulations regarding the processing of personal data, SLMANDIC and all its affiliated companies respect and guarantee the following rights to the data subject:
Give your consent for us to process your personal data in any way;
To revoke, at any time, the previously granted consent;
Ask if the company is processing any of your data without your knowledge;
Access all the data that is being processed;
Correct any and all data that is incorrect;
Request the anonymization, blocking, or deletion of any unnecessary or excessive data being processed by anyone;
Request the portability of your data to another provider of the same services or products, by means of an express request;
Request the deletion of all personal data processed by the company, even if you have previously given your consent;
To receive information about the possibility of not providing consent and the consequences of this refusal to give permission;
To object to processing carried out based on one of the grounds for waiving consent, in the event of non-compliance with the General Data Protection Law;
Request a review of a decision made solely on the basis of automated processing of personal data that affects your interests, including decisions intended to define your personal, professional, consumer and credit profile or aspects of your personality;
Furthermore, each request for complete deletion of personal data must be analyzed individually, since there is a lot of personal data that the institution cannot delete, even at the request of the data subject, in order to comply with all obligations imposed by Brazilian law, as it is subject to a minimum period for keeping, storing and archiving said personal data (internet, labor, social security, health, education legislation, etc.).
To exercise any of the rights described above, the data subject must contact us via email at privacidade@slmandic.hml.slmandic.edu.br, stating which right they would like to exercise and the reason why.
Should you require any assistance in exercising your rights, you may contact SLMANDIC through the same communication channels mentioned above. Every effort will be made to fulfill all requests made by data subjects in the shortest possible time.
1.5 How long does SLMANDIC store my data?
Data that is no longer useful for its intended purposes will be duly deleted, regardless of any express request from the data subject, who may also request the deletion of their data based on consent at any time, through the communication channels contained in this policy.
Without prejudice, regular and sensitive personal data held by SLMANDIC may be retained/processed/shared/archived and whatever else is necessary, regardless of a request for deletion by the data subject, to comply with legal or regulatory obligations, prevent fraud and abuse, and/or guarantee the regular exercise of rights in legal proceedings, provided that all principles and rules inherent to the protection of personal data are respected, including guaranteeing the prohibition of access by unnecessary third parties and the anonymization of data, when possible and necessary.
Regarding personal data for which the data subject has expressly given consent for advertising purposes, given that SLMANDIC's advertising campaigns are recurring, this data will remain stored, except in cases of express revocation of consent and request for deletion of said data by the data subject and/or their legal representative.
1.6 Is my data safe?
Yes, we work to ensure your data is permanently secure.
All personal data (regular and sensitive) collected and processed by SLMANDIC for the purpose of providing any service are:
Stored physically or electronically in the respective files of the area responsible for processing personal data, when data processing activities are still carried out due to the contract. In exceptional cases, external servers are contracted from companies trusted by SLMANDIC;
Archived physically or electronically, even after the contractual relationship has ended, the institution is obligated to retain personal data for specific legal periods depending on each situation. In exceptional cases, external servers are contracted from companies trusted by SLMANDIC;
SLMANDIC and all other companies mentioned in this policy use legally required means to preserve the privacy of all personal data collected, regardless of the purpose. Therefore, it adopts the following precautions, in accordance with the guidelines on security standards established in Decree No. 8.771/2016, such as:
Standard and industry-leading methods for encrypting and anonymizing collected personal data;
Protection against unauthorized access to your systems;
Access authorization is granted only to those previously designated at the location where the collected information is stored
Imposition of absolute confidentiality on those who come into contact with any information. Any breach of confidentiality will result in civil liability, and the responsible party will be duly penalized in accordance with Brazilian law
Maintaining an inventory indicating the time, duration, identity of the employee or person responsible for access, and the file accessed, based on connection and application access logs.
Furthermore, regarding the physical security of the information it collects, processes, stores, and archives, SLMANDIC informs that it is constantly adapting all its internal processes in order to prevent unauthorized access and potential leaks of personal data.
In this regard, SLMANDIC states that it makes every effort to preserve the privacy of the personal data of all its students, patients, employees, collaborators, agents, representatives, suppliers, and partners.
Therefore, SLMANDIC believes that if all those involved in the processing of personal data (controllers, processors, and data subjects) strive to do their part, everyone's privacy can be preserved. And for this reason, we primarily encourage data subjects themselves to take appropriate measures to prevent unauthorized access to their private information.
However, should SLMANDIC become aware of a data breach resulting in the destruction, loss, alteration, unauthorized disclosure, or accidental or unlawful access to the personal data it processes, during any stage of the processing, and which may cause serious harm to the data subjects, the institution will immediately:
Notify him about the incident;
Investigate and provide the data subject with all information about what happened;
Take reasonable measures to mitigate the effects and minimize damage;
Notify the National Data Protection Authority (ANPD), in accordance with the General Data Protection Law (Federal Law No. 13.709/2018).
Finally, we ask that the data subject, should they become aware of any misuse of their personal data that may be attributed to SLMANDIC employees, agents, or representatives, inform us immediately through the communication channels provided in this policy so that we can take all appropriate measures.
If you would like to know more about our security measures, you can contact us through the communication channels contained in this policy, especially privacidade@slmandic.hml.slmandic.edu.br.
2.0 ● Research
2.1. Introductory Information
One of the main guidelines of the SLMANDIC Group is the carrying out of technical and scientific research.
As part of its institutional mission, research is conducted in several of the legal entities that make up the group, such as the parent company SOCIEDADE REGIONAL DE ENSINO E SAÚDE LTDA, CNPJ: 04.600.555/0001-25, as well as its branches and units. However, research also plays a significant role in the Centro de Pesquisas Odontológicas São Leopoldo Mandic SS Ltda., CNPJ nº 02.014.035/0001-05 and in the Instituto e Centro de Pesquisas São Leopoldo Mandic, CNPJ nº 09.489.077/0001-41.
Personal data processed for research purposes at SLMANDIC is anonymized. It is important to note that the research is regulated and monitored by the Ethics Committee, which operates autonomously from the institution, further reinforcing the institution's commitment to ethics and to society.
The Research Ethics Committee of SLMANDIC, in its advisory, deliberative, and educational roles, evaluates and monitors the ethical and scientific aspects of research involving, directly or indirectly, human beings. To this end, it follows international ethical guidelines (Declaration of Helsinki) and Brazilian guidelines (CNS Resolution No. 466/12 and complementary resolutions), which aim to safeguard the interests of research participants in their integrity and dignity and contribute to the development of science within ethical standards.
The Research Ethics Committee of SLMANDIC is subordinate to and accredited by the National Research Ethics Commission (CONEP) of the National Health Council (CNS) and has a multi-professional composition and multidisciplinary approach, aiming to guarantee pluralism in decisions on topics related to ethics and research.
2.2 What is the legal basis for SLMANDIC to process my personal data?
SLMANDIC has a legal basis for all and any processing of personal data that it carries out in research, namely:
Non-sensitive personal data processed for research/study purposes: in these cases, the LGPD (Brazilian General Data Protection Law) requires a legal basis for processing, as stipulated in the law itself, in its article 4, II, subparagraph “b”. Therefore, the legal basis is consent (article 7, item I), which will be obtained freely and expressly in the documents you enter into with us. It is worth noting that personal data used for research/study purposes will, whenever possible, be anonymized by SLMANDIC, in which case the legislation establishes that the General Data Protection Law does not apply.
Sensitive personal data processed for research/study purposes: in these cases, the LGPD (Brazilian General Data Protection Law) requires a legal basis for processing, as stipulated in the law itself, in its article 4, II, subparagraph “b”. Therefore, the legal basis is consent (article 11, item I), which will be obtained freely and expressly in the contracts you enter into with us. It is worth noting that personal data used for research/study purposes will, whenever possible, be anonymized by SLMANDIC, in which case the legislation establishes that the General Data Protection Law does not apply.
Non-sensitive personal data processed for marketing/sales/communication purposes: in these cases, data processing is authorized by items I and IX of article 7 of Law No. 13.709/2018, the General Data Protection Law (LGPD).
If the patient undergoing research is a minor (under 18 years of age), their personal data will only be collected with the free, express, and unequivocal consent of their father, mother, or guardian, always in their best interest, in accordance with the Civil Code, Federal Law No. 8.069/1990 (Statute of the Child and Adolescent), and Article 14 and paragraphs of Law No. 13.709/2018 (LGPD).
2.3. With whom and for what purpose may my data be shared?
In research, the data of the data subject may be shared between the parent company of SOCIEDADE REGIONAL DE ENSINO E SAÚDE LTDA, its branches and units, the clinics, the Centro de Pesquisas Odontológicas São Leopoldo Mandic SS Ltda. and the Instituto e Centro de Pesquisas São Leopoldo Mandic.
Furthermore, if you have agreed to provide your data for advertising, commercial and marketing purposes related to the college, your data may be shared with the college's marketing company, namely AGÊNCIA 12K – MARKETING E PROPAGANDA, CNPJ 28.205.406/0001-20, Rua Waldemar Blatkauskas, 72, Bloco R Andar 2 Sala A, Bairro: Ponte Preta, Campinas/SP.
Apart from these situations, SLMANDIC does not routinely disclose information that could identify you, except when authorized by the data subject or in circumstances provided for in this policy or in a specific consent form.
In this regard, it is important to note that SLMANDIC is part of a group comprised of several legal entities, duly listed in this policy, which work in partnership with other companies.
Furthermore, as a company that provides extremely important services to society, it has direct responsibilities to various sectors of the public and regulatory authorities.
Therefore, your personal data may also be shared in the following circumstances:
With other companies in the group, which undertake to use the information for the same purposes for which it was originally collected; including with the consent of the data subject, when necessary;
With companies within the group, for statistical and research purposes with academic objectives (anonymous whenever possible), safeguarding the rights and duties of the institution and the data subject protected by other specific regulations, in addition to the LGPD (Brazilian General Data Protection Law);
With companies within the group and/or partner and supplier companies, through the collection of the free, express and unequivocal consent of the data subject, aiming at the development of SLMANDIC's advertising and commercial activities;
To guarantee the protection of the rights, interests, property, and security of SLMANDIC and its affiliated companies in any type of conflict, including legal actions;
In cases where sharing is necessary to ensure the protection of the rights and personal safety of its employees, users, or the public;
In cases where legislation requires such sharing;
In cases where the execution of their contracts requires such sharing;
In the event of a sale, purchase, merger, reorganization, liquidation, dissolution, or any other corporate transactions and changes involving SLMANDIC, if the transfer of information is necessary for the continued provision of services contracted by you;
To investigate, prevent or take action regarding illegal activities, whether suspected or actual, or to cooperate with public authorities or to protect national security;
By court order or at the request of administrative authorities with legal authority to request it.
Furthermore, we clarify that your information may also be shared with companies that provide the technological and operational infrastructure necessary for SLMANDIC's activities, such as payment intermediaries and information storage service providers, as well as education or healthcare systems.
SLMANDIC may notify the respective data subjects of any legal demands that result in the disclosure/sharing of personal data, as previously stated, unless such notification is prohibited by law or by court order, or, finally, if the request is urgent.
If it becomes necessary to obtain the free, express, and unequivocal consent of the data subject to share their personal data, SLMANDIC undertakes to obtain it and, at the same time, explain in detail how the sharing will occur, the reasons, and what data will be used.
SLMANDIC also reserves the right to contest any requests for the sharing of personal data that it deems excessive, vague, or originating from incompetent authorities.
To learn more about the possibilities of sharing your personal data or other information that interests you, simply contact us through the communication channels contained in this policy, in particular: privacidade@slmandic.hml.slmandic.edu.br.
2.4. What are my rights and how can I exercise them?
In compliance with applicable regulations regarding the processing of personal data, SLMANDIC and all its affiliated companies respect and guarantee the following rights to the data subject:
Give your consent for us to process your personal data in any way;
To revoke, at any time, the previously granted consent;
Ask if the company is processing any of your data without your knowledge;
Access all the data that is being processed;
Correct any and all data that is incorrect;
Request the anonymization, blocking, or deletion of any unnecessary or excessive data being processed by anyone;
Request the portability of your data to another provider of the same services or products, by means of an express request;
Request the deletion of all personal data processed by the company, even if you have previously given your consent;
To receive information about the possibility of not providing consent and the consequences of this refusal to give permission;
To object to processing carried out based on one of the grounds for waiving consent, in the event of non-compliance with the General Data Protection Law;
Request a review of a decision made solely on the basis of automated processing of personal data that affects your interests, including decisions intended to define your personal, professional, consumer and credit profile or aspects of your personality;
Furthermore, each request for complete deletion of personal data must be analyzed individually, since there is a lot of personal data that the institution cannot delete, even at the request of the data subject, in order to comply with all obligations imposed by Brazilian law, as it is subject to a minimum period for keeping, storing and archiving said personal data (internet, labor, social security, health, education legislation, etc.).
To exercise any of the rights described above, the data subject must contact us via email at privacidade@slmandic.hml.slmandic.edu.br, stating which right they would like to exercise and the reason why.
Should you require any assistance in exercising your rights, you may contact SLMANDIC through the same communication channels mentioned above. Every effort will be made to fulfill all requests made by data subjects in the shortest possible time.
2.5. How long does SLMANDIC store my data?
In compliance with applicable regulations regarding the processing of personal data, SLMANDIC and all its affiliated companies respect and guarantee the following rights to the data subject:
Give your consent for us to process your personal data in any way;
To revoke, at any time, the previously granted consent;
Ask if the company is processing any of your data without your knowledge;
Access all the data that is being processed;
Correct any and all data that is incorrect;
Request the anonymization, blocking, or deletion of any unnecessary or excessive data being processed by anyone;
Request the portability of your data to another provider of the same services or products, by means of an express request;
Request the deletion of all personal data processed by the company, even if you have previously given your consent;
To receive information about the possibility of not providing consent and the consequences of this refusal to give permission;
To object to processing carried out based on one of the grounds for waiving consent, in the event of non-compliance with the General Data Protection Law;
Request a review of a decision made solely on the basis of automated processing of personal data that affects your interests, including decisions intended to define your personal, professional, consumer and credit profile or aspects of your personality;
Furthermore, each request for complete deletion of personal data must be analyzed individually, since there is a lot of personal data that the institution cannot delete, even at the request of the data subject, in order to comply with all obligations imposed by Brazilian law, as it is subject to a minimum period for keeping, storing and archiving said personal data (internet, labor, social security, health, education legislation, etc.).
To exercise any of the rights described above, the data subject must contact us via email at privacidade@slmandic.hml.slmandic.edu.br, stating which right they would like to exercise and the reason why.
Should you require any assistance in exercising your rights, you may contact SLMANDIC through the same communication channels mentioned above. Every effort will be made to fulfill all requests made by data subjects in the shortest possible time.
2.6. Is my data safe?
Yes, we work to ensure your data is permanently secure.
All personal data (regular and sensitive) collected and processed by SLMANDIC for the purpose of providing any service are:
Stored physically or electronically in the respective files of the area responsible for processing personal data, when data processing activities are still being carried out due to the contract. In exceptional cases, external servers are contracted from companies trusted by SLMANDIC;
Archived physically or electronically when the contractual relationship has ended, however, the institution is obliged to maintain personal data for specific legal periods for each situation. In exceptional cases, external servers are contracted from companies trusted by SLMANDIC;
SLMANDIC and all other companies mentioned in this policy use legally required means to preserve the privacy of all personal data collected, regardless of the purpose. Therefore, it adopts the following precautions, in accordance with the guidelines on security standards established in Decree No. 8.771/2016, such as:
Standard and market-leading methods for encrypting and anonymizing collected personal data;
Protection against unauthorized access to its systems;
Access authorization only for those previously established at the location where the collected information is stored;
Imposition of absolute confidentiality on those who come into contact with any information. Any breach of confidentiality will result in civil liability, and the responsible party will be duly penalized under Brazilian law;
Maintenance of an inventory indicating the time, duration, identity of the employee or person responsible for access, and the file accessed, based on connection and application access logs.
Furthermore, regarding the physical security of the information it collects, processes, stores, and archives, SLMANDIC informs that it is constantly adapting all its internal processes to prevent unauthorized access and potential leaks of personal data.
In this regard, SLMANDIC states that it makes every effort to preserve the privacy of the personal data of all its students, patients, employees, collaborators, agents, representatives, suppliers, and partners.
Therefore, SLMANDIC believes that if all those involved in the processing of personal data (controllers, processors, and data subjects) strive to do their part, everyone's privacy can be preserved. And for this reason, we primarily encourage data subjects themselves to take appropriate measures to prevent unauthorized access to their private information.
However, should SLMANDIC become aware of a data breach resulting in the destruction, loss, alteration, unauthorized disclosure, or accidental or unlawful access to the personal data it processes, during any stage of the processing, and which may cause serious harm to the data subjects, the institution will immediately:
Notify you about the incident;
Investigate and provide the data subject with all information about what happened;
Take reasonable measures to mitigate the effects and minimize damages;
and Notify the National Data Protection Authority (ANPD), in accordance with the General Data Protection Law (Federal Law No. 13.709/2018).
Finally, we ask that the data subject, if they become aware of any misuse of their personal data that may be attributed to SLMANDIC employees, agents or representatives, inform us immediately, through the communication channels available in this policy, so that we can take all appropriate measures.
If you would like to know more about our security measures, you can contact us through the communication channels contained in this policy, especially privacidade@slmandic.hml.slmandic.edu.br.
3.0 ● Clinics
3.1. Introductory Information
The São Leopoldo Mandic Group was founded over 30 years ago thanks to the innovative vision and determination of a group of dental surgeons who established a Study Center dedicated to expanding knowledge and promoting education in the field of dentistry.
In this sense, providing excellent clinical care in the areas of dentistry and medicine is also part of the institutional mission. Thus, several clinics are part of the group, some within the Faculties' own structure, and others constituting autonomous legal entities, but linked to the teaching and research of the sponsoring institution.
If you are interested in becoming our patient, or are already a patient at one of our medical or dental clinics, your data will be collected by the clinic that provides your care so that we can continue with the treatment you are interested in.
Services can be provided at the headquarters of SOCIEDADE REGIONAL DE ENSINO E SAÚDE LTDA, the parent company of FACULDADE SÃO LEOPOLDO MANDIC, at any of its branches or units (Araras/SP, São Paulo/SP, Rio de Janeiro/RJ, Belo Horizonte/MG, Porto Alegre/RS, Curitiba/PR, Brasília/DF, Vila Velha/ES, Fortaleza/CE or Arcoverde/PE), as well as at clinics that are structured as separate legal entities, although part of the group:
Dental Imaging and Radiodiagnostics Clinic SS Ltda., CNPJ nº 05.426.095/0001-23;
Dental Radiology Clinic S/S Ltda., CNPJ nº 54.679.006/0001-66;
Medmandic Medical Clinic LTDA., CNPJ nº 26.940.187/0001-05;
SLM Digital Dentistry Ltda., CNPJ nº 30.901.210/0001-11.
Regarding medical and dental health services, for triage purposes, the following information is collected: your full name, ID, CPF (Brazilian tax ID), address, landline and mobile phone numbers, email, date of birth, marital status, race, health insurance plan, and the responsible party's information (when necessary).
After becoming a patient of the institution, personal data is collected relating to: (i) financial data for the payment of examinations and materials (for issuing a payment slip or payment by credit card or check); (ii) data relating to the patient's Anamnesis Form, such as their health history, where the patient will provide personal data relating to their health.
This information will be part of the patient's medical record, which will be filed both physically and electronically, as outlined in this policy. The record will also include other personal data generated by the institution, relating to the patient's health, consistent with all medical examinations performed, whether blood tests, imaging tests, or any other type, as well as medical prescriptions, treatment plans, and other documents.
This information is important so that the Clinic can communicate with you and inform you about your treatment, schedule exams and appointments.
If you agree, we may also use your data to send you future advertisements related to promotions for other treatments offered that may be of interest to you, thus contributing to the development of new products, services, events, and opportunities promoted by SLMANDIC.
3.2. What is the legal basis for SLMANDIC Clinics to process my personal data?
All personal data (regular and sensitive) collected by SLMANDIC has the primary purpose of establishing a contractual relationship. Other objectives related to the collection of personal data by this institution are the better management, administration, provision and expansion of services, adapting them to the preferences of patients, as well as the creation of new services and products.
In this regard, SLMANDIC has a legal basis for all and any personal data processing activities it carries out, namely:
Non-sensitive personal data processed in connection with care provided by any of the specialties of public service clinics: in these cases, data processing may be based on Article 7, items I, II, V and VIII, of Law No. 13.709/2018, the General Data Protection Law (LGPD). The basis for compliance with a legal obligation will be for the exclusive purpose of data processing under Law No. 13.787, of December 27, 2018. Furthermore, for adequate medical care, it is necessary to process the patient's personal data, which will be done according to the legal basis of necessity for the execution of a contract, and only within the limits and purposes of the contract. Finally, the collection of personal data may be necessary for the protection of the data subject's health, in which case all processing activity will be carried out for that specific purpose.
Sensitive personal data processed in connection with care provided by any of the specialties of public service clinics: in these cases, data processing is authorized by items I and II, subparagraphs “a”, “d” and “f”, all of article 11 of Law No. 13.709/2018, the General Data Protection Law (LGPD).
Non-sensitive personal data processed in connection with tests performed in the laboratory: in these cases, data processing is authorized by items I, II, V, VI and VIII, all of article 7 of Law No. 13.709/2018, the General Data Protection Law (LGPD).
dataprocessed as a result of tests performed in the laboratory: in these cases, data processing is authorized by items I and II, subparagraphs “a”, “d” and “f”, all of article 11 of Law No. 13.709/2018, the General Data Protection Law (LGPD);
Non-sensitive personal data processed for marketing/sales/communication purposes: In these cases, data processing is authorized by items I and IX of article 7 of Law No. 13.709/2018, the General Data Protection Law (LGPD).
If the patient is a minor (under 18 years of age) or legally incapacitated, their personal data will only be collected with the free, express, and unequivocal consent of their father, mother, or guardian, and always in the best interest of the minor/incapacitated person, in accordance with the Civil Code, Federal Law No. 8.069/1990 (Statute of the Child and Adolescent), and Article 14 and paragraphs of Law No. 13.709/2018 (LGPD).
3.3. With whom and for what purpose may my data be shared?
If you are a student or patient of companies within the São Leopoldo Mandic Group, your data may be shared with the parent company, always with your consent.
Furthermore, if you have agreed to provide your data for advertising, commercial and marketing purposes, your data may be shared with the Faculty's marketing company, namely AGÊNCIA 12K – MARKETING E PROPAGANDA, CNPJ 28.205.406/0001-20, Rua Waldemar Blatkauskas, 72, Bloco R Andar 2 Sala A, Bairro: Ponte Preta, Campinas/SP.
Apart from these situations, SLMANDIC does not routinely disclose information that could identify you, except when authorized by the data subject or in circumstances provided for in this policy or in a specific consent form.
In this regard, it is important to note that SLMANDIC is part of a group comprised of several legal entities, duly listed in this policy, which work in partnership with other companies.
Furthermore, as a company that provides extremely important services to society, it has direct responsibilities to various sectors of the public and regulatory authorities.
Therefore, your personal data may also be shared in the following circumstances:
With other companies in the group, which undertake to use the information for the same purposes for which it was originally collected; including with the consent of the data subject, when necessary;
With companies within the group, for statistical and research purposes with academic objectives (anonymous whenever possible), safeguarding the rights and duties of the institution and the data subject protected by other specific regulations, in addition to the LGPD (Brazilian General Data Protection Law);
With group companies and/or partners and suppliers, through the collection of the free, express and unequivocal consent of the data subject, aiming at the development of SLMANDIC's advertising and commercial activities;
To guarantee the protection of the rights, interests, property and security of SLMANDIC and its affiliated companies in any type of conflict, including legal actions;
In cases where sharing is necessary to ensure the protection of the rights and personal safety of its employees, users, or the public;
In cases where legislation requires such sharing;
In cases where the execution of their contracts requires such sharing;
In the event of a sale, purchase, merger, reorganization, liquidation, dissolution, or any other corporate transactions and changes involving SLMANDIC, if the transfer of information is necessary for the continued provision of services contracted by you;
To investigate, prevent or take action regarding illegal activities, whether suspected or actual, or to cooperate with public authorities or to protect national security;
By court order or at the request of administrative authorities with legal authority to request it.
Furthermore, we clarify that your information may also be shared with companies that provide the technological and operational infrastructure necessary for SLMANDIC's activities, such as payment intermediaries and information storage service providers, as well as education or healthcare systems.
SLMANDIC may notify the respective data subjects of any legal demands that result in the disclosure/sharing of personal data, as previously stated, unless such notification is prohibited by law or by court order, or, finally, if the request is urgent.
If it becomes necessary to obtain the free, express, and unequivocal consent of the data subject to share their personal data, SLMANDIC undertakes to obtain it and, at the same time, explain in detail how the sharing will occur, the reasons, and what data will be used.
SLMANDIC also reserves the right to contest any requests for the sharing of personal data that it deems excessive, vague, or originating from incompetent authorities.
To learn more about the possibilities of sharing your personal data or other information that interests you, simply contact us through the communication channels contained in this policy, in particular: privacidade@slmandic.hml.slmandic.edu.br.
3.4. What are my rights and how can I exercise them?
In compliance with applicable regulations regarding the processing of personal data, SLMANDIC and all its affiliated companies respect and guarantee the following rights to the data subject:
Give your consent for us to carry out any activity involving the processing of your personal data;
Revoke, at any time, the consent previously granted;
Question whether the company is processing any of your data that you are unaware of;
Access all data being processed;
Correct any and all data that is incorrect;
Request the anonymization, blocking, or deletion of any unnecessary or excessive data being processed by anyone;
Request the portability of your data to another provider of the same services or products, by means of an express request;
Request the deletion of all personal data processed by the company, even if you have previously given consent;
Receive information about the possibility of not providing consent and the consequences of this refusal of permission;
Object to processing carried out based on one of the hypotheses of exemption from consent, in the event of non-compliance with the General Data Protection Law;
Request the review of a decision taken solely on the basis of automated processing of personal data that affects your interests, including decisions intended to define your personal, professional, consumer, and credit profile or aspects of your personality;
Furthermore, each request for complete deletion of personal data must be analyzed individually, since there is a lot of personal data that the institution cannot delete, even at the request of the data subject, in order to comply with all obligations imposed by Brazilian law, as it is subject to a minimum period for keeping, storing and archiving said personal data (internet, labor, social security, health, education legislation, etc.).
To exercise any of the rights described above, the data subject must contact us via email at privacidade@slmandic.hml.slmandic.edu.br, stating which right they would like to exercise and the reason why.
Should you require any assistance in exercising your rights, you may contact SLMANDIC through the same communication channels mentioned above. Every effort will be made to fulfill all requests made by data subjects in the shortest possible time.
3.5. How long does SLMANDIC store my data?
In cases of any medical or dental healthcare services, or for research purposes, data files that are no longer useful for the intended purposes will be duly deleted, regardless of an express request from the data subject, who may also request the deletion of their data at any time if the legal basis for their data is consent, through the communication channels contained in this policy.
Without prejudice, regular and sensitive personal data held by SLMANDIC may be retained/processed/shared/archived and whatever else is necessary, regardless of a request for deletion by the data subject, to comply with legal or regulatory obligations, prevent fraud and abuse, and/or guarantee the regular exercise of rights in legal proceedings, provided that all principles and rules inherent to the protection of personal data are respected, including guaranteeing the prohibition of access by unnecessary third parties and the anonymization of data, when possible and necessary.
Regarding personal data for which the data subject has expressly given consent for advertising purposes, given that SLMANDIC's advertising campaigns are recurring, this data will remain stored, except in cases of express revocation of consent and request for deletion of said data by the data subject and/or their legal representative.
3.6. Is my data safe?
Yes, we work to ensure your data is permanently secure.
All personal data (regular and sensitive) collected and processed by SLMANDIC for the provision of medical and dental healthcare services and for research purposes are:
Stored physically or electronically in the respective files of the area responsible for processing personal data, when data processing activities are still being carried out due to the contract. In exceptional cases, external servers are contracted from companies trusted by SLMANDIC;
Archived physically or electronically when the contractual relationship has ended, however, the institution is obliged to maintain personal data for specific legal periods for each situation. In exceptional cases, external servers are contracted from companies trusted by SLMANDIC;
SLMANDIC and all other companies mentioned in this policy use legally required means to preserve the privacy of all personal data collected, regardless of the purpose. Therefore, it adopts the following precautions, in accordance with the guidelines on security standards established in Decree No. 8.771/2016, such as:
Standard and market-leading methods for encrypting and anonymizing collected personal data;
Protection against unauthorized access to its systems;
Access authorization only for those previously established at the location where the collected information is stored;
Imposition of absolute confidentiality on those who come into contact with any information. Any breach of confidentiality will result in civil liability, and the responsible party will be duly penalized under Brazilian law;
Maintenance of an inventory indicating the time, duration, identity of the employee or person responsible for access, and the file accessed, based on connection and application access logs.
Furthermore, regarding the physical security of the information it collects, processes, stores, and archives, SLMANDIC informs that its internal processes are adequate to prevent unauthorized access and potential leaks of personal data.
In this regard, SLMANDIC states that it makes every effort to preserve the privacy of the personal data of all its students, patients, employees, collaborators, agents, representatives, suppliers, and partners. However, despite secure procedures and systems, SLMANDIC and its community are aware that there are malicious individuals seeking unauthorized access and will work to prevent this from happening.
Therefore, SLMANDIC believes that if all those involved in the processing of personal data (controllers, processors, and data subjects) strive to do their part, everyone's privacy can be preserved. And for this reason, we primarily encourage data subjects themselves to take appropriate measures to prevent unauthorized access to their private information.
In the event that SLMANDIC becomes aware of a data breach resulting in the destruction, loss, alteration, unauthorized disclosure, or accidental or unlawful access to the personal data it processes, during any phase of the processing, and which may cause serious harm to the data subjects, the institution will immediately:
Notify you about the incident;
Investigate and provide the data subject with all information about what happened;
Take reasonable measures to mitigate the effects and minimize damages;
and Notify the National Data Protection Authority (ANPD), in accordance with the General Data Protection Law (Federal Law No. 13.709/2018).
Finally, we ask that the data subject, if they become aware of any misuse of their personal data that may be attributed to SLMANDIC employees, agents or representatives, inform us immediately, through the communication channels available in this policy, so that we can take all appropriate measures.
If you would like to know more about our security measures, you can contact us through the communication channels contained in this policy.
4.0 ● Websites
4.1. Which pages does this privacy policy apply to?
If you are a user of one of the pages below and want to know how we handle the personal information you share with us through our websites, please see the information below.
The pages to which this policy applies are:
slmandic.edu.br
slmandicararas.edu.br
medmandic.com.br
medicinadosertao.com.br
iro.com.br
mandicexperience.com.br
4.2. What information do we collect about you on our website and for what purpose?
When you access the web pages of any of the companies belonging to the SLMANDIC group, we collect your browsing records, in accordance with the provisions of Article 15 of the Brazilian Civil Rights Framework for the Internet.
As described in detail in our Cookie Policy, for such data collection, SLMANDIC uses some standard technologies, such as cookies, pixel tags, beacons, and local shared objects, which are used to improve your browsing experience on the institution's pages and those of other related companies, according to your habits and preferences.
As also explained in our Cookie Policy, you can control cookies and other technologies through your browser settings and other tools.
You can also disable our use of cookies and similar technologies that track your behavior on websites for third-party advertising purposes.
In addition to these possibilities, information is collected on our websites through the following fields:
On the pages related to the Clinics, it is possible to schedule an appointment via WhatsApp by sharing your full name, CPF (Brazilian tax identification number), and contact phone number;
In the publications, events, and news tabs, you can share data by making comments identified by name, email, and website;
In the e-book download tabs, we collect your email and name in order to direct you to relevant content that may be of interest to you;
In the registration form, we request your name, email, phone number, city, state, academic status, and course so that we can contact you and continue with your application
In the registration forms for the university entrance exam, we request your name, email address, and phone number so that we can contact you and continue assisting you
In the "Contact Us" section, data is collected to continue the service;
In the "Candidate Center" section, the candidate has restricted access, with login and password, to the environment with relevant information related to the exam;
The project submission form for the NIT (Technological Innovation Center) requests the following information: name, advisor, email, and course
The Ombudsman Form collects data for service purposes, but it is also possible to file an anonymous complaint or report;
In the Library-related sections, information is requested for research and assistance.
The Student Portal, Professor Portal, and Alumni Portal links provide restricted access, requiring login and password, to dedicated areas.
If you expressly agree in a specific Term, we may also use your data to send you future advertisements that may be of interest to you, thus contributing to the development of new products, services, events and opportunities promoted by SLMANDIC.
4.3. What is the legal basis for SLMANDIC websites to process my personal data?
SLMANDIC has a legal basis for all and any personal data processing activities it carries out, including those performed on its web pages, namely:
Non-sensitive personal data processed for marketing/sales/communication purposes: in these cases, data processing is authorized by items I and IX of article 7 of Law No. 13.709/2018, the General Data Protection Law (LGPD);
Non-sensitive personal data processed due to visits to websites/applications: in these cases, data processing is authorized by items I, II, V and IX, all of article 7 of Law No. 13.709/2018, the General Data Protection Law (LGPD), as well as by article 15 of the Brazilian Civil Rights Framework for the Internet (Law 12.965/14).
4.4. With whom and for what purpose may my data be shared?
If you access websites of other companies within the economic group, your data may be shared with the parent company/group leader (SOCIEDADE REGIONAL DE ENSINO E SAÚDE LTDA, which owns FACULDADE SÃO LEOPOLDO MANDIC, CNPJ: 04.600.555/0001-25, located at Rua Dr. José Rocha Junqueira, nº 13, Bairro: Swift, Campinas/SP).
Furthermore, if you have agreed to provide your data for advertising, commercial and marketing purposes, your data may be shared with the Faculty's marketing company, namely AGÊNCIA 12K – MARKETING E PROPAGANDA, CNPJ 28.205.406/0001-20, Rua Waldemar Blatkauskas, 72, Bloco R Andar 2 Sala A, Bairro: Ponte Preta, Campinas/SP.
To learn more about the possibilities of sharing your personal data or other information that interests you, simply contact us through the communication channels contained in this policy, in particular: privacidade@slmandic.hml.slmandic.edu.br.
4.5. What are my rights and how can I exercise them?
In compliance with applicable regulations regarding the processing of personal data, SLMANDIC and all its affiliated companies respect and guarantee the following rights to the data subject:
Give your consent for us to process your personal data in any way;
To revoke, at any time, the previously granted consent;
Ask if the company is processing any of your data without your knowledge;
Access all the data that is being processed;
Correct any and all data that is incorrect;
Request the anonymization, blocking, or deletion of any unnecessary or excessive data being processed by anyone;
Request the portability of your data to another provider of the same services or products, by means of an express request;
Request the deletion of all personal data processed by the company, even if you have previously given your consent;
To receive information about the possibility of not providing consent and the consequences of this refusal to give permission;
To object to processing carried out based on one of the grounds for waiving consent, in the event of non-compliance with the General Data Protection Law;
Request a review of a decision made solely on the basis of automated processing of personal data that affects your interests, including decisions intended to define your personal, professional, consumer and credit profile or aspects of your personality;
To exercise any of the rights described above, the data subject must contact us via email at privacidade@slmandic.hml.slmandic.edu.br, stating which right they would like to exercise and the reason why.
Should you require any assistance in exercising your rights, you may contact SLMANDIC through the same communication channels mentioned above. Every effort will be made to fulfill all requests made by data subjects in the shortest possible time.
4.6. How long does SLMANDIC store my data?
For WEBSITE purposes, data that is no longer useful for the intended purposes will be duly deleted, regardless of any express request from the data subject, who may also request the deletion of their data based on consent at any time, through the communication channels contained in this policy.
Without prejudice, regular and sensitive personal data held by SLMANDIC may be retained/processed/shared/archived and whatever else is necessary, regardless of a request for deletion by the data subject, to comply with legal or regulatory obligations, prevent fraud and abuse, and/or guarantee the regular exercise of rights in legal proceedings, provided that all principles and rules inherent to the protection of personal data are respected, including guaranteeing the prohibition of access by unnecessary third parties and the anonymization of data, when possible and necessary.
Regarding personal data for which the data subject has expressly given consent for advertising purposes, given that SLMANDIC's advertising campaigns are recurring, this data will remain stored, except in cases of express revocation of consent and request for deletion of said data by the data subject and/or their legal representative.
Furthermore, regarding the web pages of any companies related to SLMANDIC and listed in this policy, information relating to access logs to the applications (minimum of 6 months) of all users will be retained and maintained for the legal periods contained in the Brazilian Civil Rights Framework for the Internet (Marco Civil da Internet), unless a court order mandates retention for a longer period.
4.7. Is my data secure?
Yes, we work to ensure your data is permanently secure.
All personal data (regular and sensitive) collected and processed by SLMANDIC from the websites are:
Stored electronically in the respective files of the area responsible for processing personal data, when data processing activities are still carried out due to the contract. In exceptional cases, external servers are contracted from companies trusted by SLMANDIC;
Archived electronically once the contractual relationship has ended, however, the institution is obligated to retain personal data for specific legal periods depending on each situation. In exceptional cases, external servers are contracted from companies trusted by SLMANDIC;
SLMANDIC and all other companies mentioned in this policy use reasonable market and legally required means to preserve the privacy of all personal data collected, regardless of the purpose. Therefore, it adopts the following precautions, in accordance with the guidelines on security standards established in Decree No. 8.771/2016, such as:
Standard and market-leading methods for encrypting and anonymizing collected personal data;
Protection against unauthorized access to its systems;
Access authorization only for those previously established at the location where the collected information is stored;
Imposition of absolute confidentiality on those who come into contact with any information. Any breach of confidentiality will result in civil liability, and the responsible party will be duly penalized under Brazilian law;
Maintenance of an inventory indicating the time, duration, identity of the employee or person responsible for access, and the file accessed, based on connection and application access logs.
In this regard, SLMANDIC states that it makes every effort to preserve the privacy of the personal data of all its students, patients, employees, collaborators, website users, agents, representatives, suppliers, and partners.
Therefore, SLMANDIC believes that if all those involved in the processing of personal data (controllers, processors, and data subjects) strive to do their part, everyone's privacy can be preserved. And for this reason, we primarily encourage data subjects themselves to take appropriate measures to prevent unauthorized access to their private information.
However, should SLMANDIC become aware of a data breach resulting in the destruction, loss, alteration, unauthorized disclosure, or accidental or unlawful access to the personal data it processes, during any stage of the processing, and which may cause serious harm to the data subjects, the institution will immediately:
Notify him about the incident;
Investigate and provide the data subject with all information about what happened;
Take reasonable measures to mitigate the effects and minimize damage;
Notify the National Data Protection Authority (ANPD), in accordance with the General Data Protection Law (Federal Law No. 13.709/2018).
Finally, we ask that the data subject, should they become aware of any misuse of their personal data that may be attributed to SLMANDIC employees, agents, or representatives, inform us immediately through the communication channels provided in this policy so that we can take all appropriate measures.
If you would like to know more about our security measures, you can contact us through the communication channels contained in this policy.
