Last update: February 08, 2024

Sciath’s Privacy Policy (“Policy”) explains in a clear and accessible manner how your information and data shall be collected, used, shared and stored by means of our systems.

For you to better understand it, we have broken it down as follows:

  1. To whom this Policy is applicable
  2. The types of information Sciath collects and how it is handled
  3. How, when and with whomSciath shares your information
  4. Which rights you have over the information we collect
  5. How Sciath protects your information
  6. For how long Sciath holds your data
  7. Updates on this Policy
  8. Applicable law
  9. Contact

Should you have any question or should you need to take care of any matter related to this Policy, do get in touch with us via our email atendimento.lgpd@sciath.com.br.

  1. TO WHOM THIS POLICY IS APPLICABLE

Sciath has a wide array of business interests and operations, as well as a vast number of clients, suppliers, and Web users.

Many of our clients and suppliers are companies, including large-sized enterprises, partnerships or government agencies.

Therefore, in addition to Web users, this Policy also applies to the processing of personal information carried out by Sciath in a commercial context about individuals who are either suppliers or representatives of supplying organizations; clients or representatives of clients’ organizations and beneficiaries (collaborators hired by our clients).

The type of commercial information Sciath processes depends on the commercial context at hand and the purpose why it is collected, as one can see further ahead.

  1. INFORMATION WE COLLECT AND HOW IT IS USED

We highly respect your privacy, therefore, all data and information about you are processed as confidential and shall solely be used for the objectives and purposes described herein.

2.1. Automatic collection from all Users who access the Platform:

  • Access log – Sciath automatically collects accesses to the application (app), which include the IP address with date and time, used upon accessing Sciath site. The collection of such data is mandatory, in accordance with Law 12.965/2014.
  • Navigation data – To improve our service, Sciath carries out an analysis of the total number of accesses, most visited pages, gender, age, location, on an aggregate basis.

2.2. Data collection from Users who interactwith Sciath:

  • Interaction with Sciath – Whenever you interact with Sciath, we collect information about your interaction, including metadata such as date, IP, the time it occurred, all its content, as well as any information you choose to provide. Find below some examples of interactions with Sciath, via site:
    • When you post a comment on a tab of “Sciath blog”;
    • When you send us your resume to take part in a selection process by means of the “work with us” tab;
    • When you send us a message relying on the “contact” tab.

2.3 Data of theBeneficiary (Client’s employee) and his/her dependents,

collected by the Client and supplied to Sciath, due to the hiring of

services regarding benefits management and corporate insurance:

Identification, registration, and authentication data are processed for the following purposes:

  • Sharing of data with plans for intermediation, contracting and transactions (inclusion, exclusion, change of plans, service rendered regarding reimbursement) along with partner health insurance companies or carriers chosen by the Client.
  • “HR Portal”: account creation of the Client’s Representative on the Platform (Name and Email), for access, data visualization, monitoring and management of contracted benefits.
  • Beneficiary’s Portal: according to the data subject’s own interest, access to the Platform via application (app), to view the data related to the benefits contracted by the Client, to provide assistance and support, in compliance with the obligations resulting from the use of the services.

Health data, collected as needed, are processed for the following purposes:

  • Sharing of health-related data with plans for contracting along with health insurance companies or carriers chosen by the client to fulfill the obligations resulting from the use of our services and required by health and insurance agencies.
  • Support tocorporate Clients and their beneficiaries, with processes concerning benefits managed by Sciath, including the ones with access to medical information.
  • Data follow-up and analysis of specific needs aiming at a better Clients benefits management, as well as guidance as to how to make a better use of the benefits.

Interaction data is used to send a satisfaction survey to improve the services provided by Sciath.

The responsibility for collecting data of the beneficiary and dependents:

The Client is responsible for collecting the data of the beneficiary and his/her dependents, pursuant to the applicable legislation, according to adequate legal basis, in addition to adopting all relevant measures to ensure the security and confidentiality of such transfer.

Sciath is responsible for processing the data of the beneficiary and his/her dependents, pursuant to the applicable legislation.

3. SHARING OF INFORMATION

Sciath processes business information locally, in the country or region where it was obtained. Authorized Sciath collaborators may have access to this business information through remote access connections that comply with this policy.

Business information is predominantly accessed in the same country in which the individual to whom it refers lives or works. However, if, in order to support an international process or a management structure, Sciath’s collaborators need to be aware of the business information related to individuals in another country, such information may be transferred (in other words, it may be received electronically) from this other country. For example, in situations in which a Sciath Client is in another country and provides information to Sciath, which after processing, will transfer it back to the country of origin.

To enable rendering its benefits management services, Sciath shares information with partners for technological data management, and with other participants in the services supply chain.

All data, information, and content about you may be considered active in the case of negotiations in which Sciath is part of. Therefore, we reserve the right, for example, to include your data among the company’s assets in case it is sold, acquired or merged with another one.

Sciath reserves the right to provide data and information about you, including your interactions, in case it is legally required to do so, a necessary act for the company to comply with the national laws.

4. RIGHTS OF THE DATA SUBJECT

Regardless of the treatment carried out by Sciath, we understand it is your right to be aware of every right provided in the General Data Protection Law (LGPD), as follows:

  • Right of access. This right allows you to request and receive a copy of the personal data we hold about you.
  • Right of rectification. This right allows you to request the correction and/or rectification of your personal data, at any moment, should you identify that some of it is incorrect
  • Right of exclusion.: You can request the exclusion of your personal data, except in specific cases such as legal obligations.
  • Right to object: You can object to the processing of your personal data in certain contexts
  • Right to Request Anonymization, Blocking or Deletion: You can request the suspension of the processing of your data in certain scenarios
  • Right to Portability: We will provide your personal data in a structured and interoperable format, as regulated by the competent authorities.
  • Right to withdraw your consent. You can withdraw your consent to data processing at any time
  • Right to review automated decisions. You can request a review of decisions based solely on automated processing of your personal data.

You can exercise your privacy rights mentioned above and others provided for by law by sending an e-mail to atendimento.lgpd@sciath.com.br. To ensure your security, we may request additional information to confirm your identity before providing or changing your personal data. We will do our best to respond to requests within 15 working days, although in complex cases or with multiple requests, it may take longer, but we will keep you informed of progress. If you need further clarification, please do not hesitate to contact us at the same e-mail address.

5. INFORMATION SECURITY

Your privacy and information security are very important to us:

Your data is confidential and only authorized persons can access it, in accordance with this Policy.

– We take security measures, such as encryption and locating servers in different places, to protect your data.

– You can request a copy of your stored data at any time.

– We only keep your data for as long as necessary and as required by law.

We will do our best to protect your privacy, but we cannot guarantee absolute protection against unauthorized access, especially if your credentials are shared.

– It is your responsibility to keep your password secure and to inform us immediately of any unauthorized use of your account.

If you have any questions or concerns about your privacy, please contact us.

6. FOR HOW LONG WE HOLD YOUR PERSONAL DATA

We keep your personal data only for as long as it is necessary to fulfill the purposes for which we have collected them, also observing any need for data maintenance to comply with legal or regulatory obligations to which we are subject or even to safeguard Sciath’s rights.

To determine the appropriate retention period for personal data, we consider the purposes as to why the personal data will be processed, as well as the type of data processed and the existence of specific legislation that demands its storage and maintenance.

7. PRIVACY POLICY UPDATES

Sciath reserves the right to amend this Policy as many times as it is deemed necessary, in order to provide you with more security, convenience, and increasingly improve your experience. That is why it is very important to access our Policy periodically. To make it easier, we indicate the date of the last update at the beginning of the document.

8. APPLICABLE LAW

This document is governed by and shall be construed in accordance with the laws of the Federative Republic of Brazil, which is elected as the competent forum to settle any questions arising from this document, expressly waiving any other, however privileged.

9. CONTACT

Feel free to contact us to speak with the Data Protection Officer, available for contact or questions about exercising rights related to privacy and data protection, as per the information below:

E-mail: atendimento.lgpd@sciath.com.br

Address/Telephone: Avenida Paulista, 1728 – 6º andar – Bela Vista – São Paulo – SP – Cep 01310-200 – Phone – 11 31385990 – 11 97183 2067.