LGPD - Privacy and data protection annex

The parties have decided to amend the main contract, in accordance with the clauses and commitments now established.

There are several definitions listed in the LGPD - General Data Protection Law, Law No. 13,709/2018. We have listed below the most relevant definitions for this PRIVACY NOTICE:

• > Personal data: information related to an identified or identifiable natural person, in other words, any data that can identify a person.
• > Sensitive Personal Data: personal data about racial or ethnic origin, religious belief, political opinion, membership in a union or religious, philosophical, or political organization, data related to health or sexual life, genetic or biometric data, when linked to a natural person.
• > Data subject: a natural person to whom the personal data being processed refers to, in other words, it's YOU!
• > Data processing: any operation performed with personal data, such as those related to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation, or information control, modification, communication, transfer, dissemination, or extraction.
• > Controller: a natural or legal person, public or private, responsible for decisions regarding the processing of personal data.
• > Processor: a natural or legal person, public or private, who processes personal data on behalf of the controller.
• > Data Protection Officer (DPO): a person appointed by the controller and processor to act as a communication channel between the controller, data subjects, and the National Data Protection Authority (NDPA).

1 DEFINITIONS

• 1.1. For the purposes of this Agreement:
• (a) "CONTROLLER”: the party responsible for decisions regarding the processing of personal data, especially regarding the purposes, legal basis, and means of processing personal data;
• (b) "PROCESSOR": the party that processes personal data according to the Controller's instructions;
• (c) "PERSONAL DATA": any information obtained under this contract, related to an identified or identifiable natural person, such as, for example: name, CPF (Tax ID), RG (ID), driver's license, professional registration, postal address, fixed or mobile phone number, email address, geolocation information, user IP, among others;
• (d) "SENSITIVE PERSONAL DATA": personal data concerning racial or ethnic origin, religious belief, political opinion, union membership or religious, philosophical, or political organization affiliation, data concerning health or sexual life, genetic or biometric data, when linked to a natural person;
• (e) "ANONYMIZED DATA": data related to a data subject that cannot be identified, considering the use of reasonable and available technical means at the time of its processing;
• (f) "DATA SUBJECT": a natural person to whom the personal data being processed refers to;
• (g) "PROCESSING": any operation or set of operations performed on personal data or sets of personal data, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation, or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction;
• (h) "NATIONAL DATA PROTECTION AUTHORITY: the body responsible for supervising compliance with the provisions of the General Data Protection Law, Federal Law No. 13,709/2018, in the national territory.

2 O SCOPE AND FUNCTIONS

• 2.1 This contract applies to the processing of Personal Data within the scope of the LGPD by the Processor on behalf of the Controller.
• 2.2 For the purposes of this contract, the parties agree that the CONTRACTING PARTY is the Controller of the Personal Data, and NINSAÚDE SOFTWARE LTDA is the Processor of such data.
• 2.3 These Terms do not apply when NINSAÚDE SOFTWARE LTDA is a Controller of Personal Data.

3 PROCESSING OF PERSONAL DATA

• 3.1 As the Processor, NINSAÚDE will process personal data only to fulfill its contractual obligations described in the main contract. If this clause refers to an addendum to the contract, it should be stated as follows: 3.1 The subject matter, duration, nature, purpose of processing, and types of Personal Data will be defined in Annex 4 of this Contract.
• 3.2 NINSAÚDE will not collect, use, access, maintain, modify, disclose, transfer, or otherwise process personal data without the knowledge and authorization of the Controller.
• 3.3 NINSAÚDE acknowledges that Sensitive Personal Data are subject to stricter legal requirements and, therefore, require greater technical and organizational protection. Thus, when NINSAÚDE processes Sensitive Personal Data, it will use appropriate technical protection measures capable of maintaining the integrity, confidentiality, and security of this information.

4 OBLIGATIONS AND RESPONSIBILITIES OF THE CONTROLLER

• 4.1 Taking into account the nature, scope, context, and purposes of the processing, as well as the risks of varying likelihood and severity for the rights and freedoms of individuals, the Controller must implement appropriate technical and organizational measures to ensure and demonstrate that the processing is carried out in accordance with the General Data Protection Law (LGPD). These measures should be reviewed and updated as necessary.
• 4.2 When proportionate to the processing activities, the measures referred to in paragraph 4.1 should include the implementation of appropriate data protection policies by the Controller.
• 4.3 The Controller must implement appropriate technical and organizational measures to ensure that only the Personal Data necessary for each specific purpose are processed. This obligation applies to the quantity of personal data collected, the extent of processing, the storage period, and accessibility.
• 4.4 The Controller is responsible for the accuracy, truthfulness, and quality of the data entered into the NINSAÚDE system.

5 OBLIGATIONS AND RESPONSIBILITIES OF THE OPERATOR

• 5.1.2 Ensure that authorized persons processing Personal Data have committed to confidentiality or are under a statutory obligation of confidentiality;
• 5.1.3 Adopt all necessary measures in compliance with LGPD, implement appropriate technical and organizational measures to ensure a level of security adequate to the risk to the rights and freedoms of individuals, including, at a minimum, the measures set out in Annex 2 of this Agreement;
• 5.1.3 Respect the conditions of subcontracting of third parties, with NINSAÚDE not hiring a Sub-Processor without the prior authorization of the Controller. Sub-Processors authorized by the Controller as of the date of this Agreement are listed in Annex 3. In cases where another Operator is involved, they will be subject to the same contractual terms described in this Agreement;
• 5.1.4 In the event that international transfer of Personal Data is necessary for the fulfillment of this Agreement, NINSAÚDE will inform the Controller in advance and take the necessary security measures to ensure the confidentiality, integrity, and availability of the transferred personal data;
• 5.1.5 Assist the Controller through appropriate technical and organizational measures, to the extent possible, in fulfilling the Controller's obligation to respond to requests to exercise the rights of the data subject established in Chapter III of the LGPD;
• 5.1.6 Delete or return, at the option of the Controller, all Personal Data to the Controller after the provision of services related to processing has ended, and delete existing copies unless applicable law requires the storage of Personal Data;
• 5.1.7 Provide the Controller with all necessary information to demonstrate compliance with the obligations established in Article 38 of the LGPD and allow and contribute to audits conducted by the Controller or another party authorized by the Controller.

6 DURATION AND APPLICABLE LAW

• 6.1 This Agreement will remain in effect as long as NINSAÚDE SOFTWARE LTDA is processing Personal Data on behalf of the Controller.
• 6.2 This Agreement shall be governed by the laws of Brazil.
• Annex 2 Measure Reasons Encryption at rest Information at rest is automatically encrypted before writing to disk. Each encryption key is encrypted with a set of master keys. Key and encryption policies are managed in the same way, in the same keystore, as Google's production services. Encryption in motion Information in motion is encrypted with a 2048-bit SSL certificate that changes its keys automatically every three months.Vulnerability tests We test the security of the SYSTEM using the Nessus platform, which has a battery of more than 40 thousand vulnerability tests. Destruction of damaged discs Damaged discs are destroyed before dispensing. Armed security, access cards, alarms, gates that control vehicle access, perimeter isolation, metal detectors, biometrics and a laser beam intrusion detection system. Keep equipment safe from intruders.
• Annex 3 SUPPLIER CONTEXT: 1. GOOGLE CLOUD BRASIL COMPUTAÇÃO E SERVIÇOS DE DADOS LTDA, CNPJ 26.012.398.0001-07 - Application and database hosting. 2. NFE.io HUB, CNPJ 18.792.479/0001-01 - Invoicing gateway for the CONTROLADOR's consumers. 3. IUGU SERVICOS NA INTERNET S/A, 15.111.975/0001-64 - OPERADOR's invoicing gateway for the CONTROLADOR. 4. NEXODATA DO BRASIL S/A, CNPJ 26.995.485/0001-94 - Medication prescription. 5. NEXMO INC NUMBER 201602130K - Telehealth API. 6. COMIGO TECNOLOGIA E LICENCIAMENTO DE SOFTWARE LTDA., CNPJ 29.728.517/0001-83 - Prescription of exams. 7. GOOGLE BRASIL INTERNET LTDA., CNPJ 06.990.590/0001-23 - Application storage on Google Drive.
• Annex 4 Purchase Form
  MANDATORY INFORMATION(*) REASONS:
  - Clinic's Trade Name, email, area code, phone number, number of healthcare professionals, number of secretaries: Besides registering the CONTROLADOR, these pieces of information are used for pre-registering a CONTROLADOR's care unit in the SYSTEM. These care unit details are used for making new appointments, printing documents with information at the top of reports, among other purposes. The number of healthcare professionals is used for calculating the CONTROLADOR's monthly payment. The number of secretaries is not stored, it's only collected to show the client how much they are saving compared to other systems that charge per user.
  - Full name or corporate name, CPF or CNPJ, ZIP code, city, state, neighborhood, street, number, and complement: These data are used for issuing invoices and also for pre-registering a CONTROLADOR's care unit in the SYSTEM. These care unit details are used for making new appointments, printing documents with information at the top of reports, enabling the CONTROLADOR to issue their own invoices, using the city to suggest nearby cities in the registration of new patients, among other purposes.
  - Payment recurrence (monthly or annually): Used for billing and generating invoices.
  
  NON-MANDATORY INFORMATION REASONS:
  - Choose the system you want to import data from: If filled, our customer success team will handle the process of importing data from another system used by the CONTRACTOR.
• Internal Records
  
  MANDATORY(*) AND NON-MANDATORY INFORMATION REASONS:
  HEALTHCARE PROFESSIONALS REGISTRATION:
  - Name, active, council, specialty, agenda duration: Used for communication internally and by the OPERATOR, establishes the working hours of the professional, sharing of medical records among healthcare professionals in the same group, allows patients to schedule appointments with the professional electronically, automatic data filling in TISS Forms.
  - CPF, landline phone, cell phone, email, council number, time schedule, digital signature, groups, online scheduling link, TISS: Permission to access, medical care, and prescription of medical prescriptions – both in-person and remotely, used for internal communication and by the OPERATOR, establishes the working hours of the professional, sharing of medical records among healthcare professionals in the same group, allows patients to schedule appointments with the professional electronically, automatic data filling in TISS Forms.
  
  USER REGISTRATION:
  - Name, email, active, level, username, password: Identification through an image (photo), access identification, permissions to access menus within the system, contact for password recovery/change.
  
  PATIENT REGISTRATION:
  - Name, active: Email, phone numbers, mother's name, father's name, complete address, CNS, date of birth, gender, marital status, race/color, profession, observation, and family relationship: Medical care, prescription of medical prescriptions – both in-person and remotely, allows patients to schedule appointments with the professional electronically, automatic data filling in TISS Forms.
  
  SUPPLIER REGISTRATION:
  - Trade name and active: Email, phone numbers, CNPJ, IE, contact name, website, complete address, and observation: Adding products, sending automatic emails for stock replenishment, and maintaining contact information for negotiations.
  
  REFERRAL REGISTRATION:
  - Name and active: Email, phone number, complete address: Linking to patient appointments to maintain a history of referrals, develop relationships between the healthcare professional team and referrers.
• Annex 5 NON-MANDATORY INFORMATION REASONS:
  - IP, date, time, time on each screen, insertions, changes, and deletions: These data are collected to generate access reports, display the history of record changes to the CONTROLADOR, and understand the behavior of SYSTEM users for development improvements.
  - Cookies: Cookies are used to suggest language, user, care unit, selected healthcare professionals on the appointment and checkup screen, and keep the session active for authenticated users.