This policy applies to the processing of personal data collected by the COMPANY, directly or indirectly, from all individuals, including, but not limited to, current, future or potential job applicants, employees, relatives of employees, customers, physicians, consumers, suppliers, contractors/subcontractors, or any third parties. This Data Protection Policy applies to Marjan Farma and Droxter Farma, hereinafter referred to as “COMPANY”.
Personal data: information related to an identified or identifiable natural person;
Sensitive personal data: personal data about racial or ethnic origin, religious conviction, political opinion, union affiliation or organization of a religious, philosophical or political nature, data referring to health or sexual life, genetic or biometric data, when linked to a natural person;
Anonymized data: data relating to a holder who cannot be identified, considering the use of reasonable technical means available at the time of processing;
Database: structured set of personal data, established in one or several places, in electronic or physical support;
Holder: natural person to whom the personal data that are the object of treatment refer;
Controller: individual or legal entity, public or private, who is responsible for decisions regarding the processing of personal data; The COMPANY is a Personal Data Controller;
Operator: individual or legal entity, public or private, who processes personal data on behalf of the controller; COMPANY Employees and Third Parties to whom the Company shares personal data are considered operators;
Person in charge: person appointed by the controller to act as a communication channel between the controller, the data subjects and the National Data Protection Authority; The Company’s Legal Manager is the Data Officer.
3.1. Compliance with the Brazilian Data Protection Law
We are committed to complying with all applicable legislation regarding personal data and will ensure that personal data is collected and processed in accordance with the provisions of Brazilian data protection law.
3.2. Loyalty, Justice and Transparency
The COMPANY does not collect or process personal data without having a legal reason to do so. We may have to collect and process personal data when necessary for the performance of a contract or when necessary for the fulfillment of a legal obligation to which we are subject or when necessary, with the prior consent of the data subject. We may also collect and process personal data for the legitimate interests of the COMPANY, except when these interests are overridden by the interests of the Holder or fundamental rights and freedoms.
When collecting and processing personal data, we will provide the data subject with a fair and complete information notice or privacy statement about who is responsible for processing your personal data, for what purposes your personal data is processed, who the recipients are, what your rights are and how to exercise them, etc., unless it is impossible, or requires disproportionate efforts, to do so.
When required by applicable law, we will seek the subject’s prior consent (for example, before collecting any sensitive personal data).
3.3. Legitimate Purpose, Data Limitation and Minimization
Personal data is collected for specific, explicit and legitimate purposes and is not processed in a manner inconsistent with those purposes.
When the COMPANY acts for its own purposes, personal data is processed mainly for, but not limited to, the following purposes: recruitment management, human resource management, accounting and financial management, finance, treasury and tax management, risk management, management personnel security, IT tool delivery, IT support management, safety and health management, information security management, customer and consumer relationship management, procurement, sales and marketing management, supply management, communication internal and external and event management, any legal requirements, data analysis operations, legal corporate management and implementation of compliance processes.
3.4. Data Accuracy and Storage Limitation
The COMPANY will keep the personal data processed accurately and, where necessary, updated. Furthermore, we only keep personal data for as long as is necessary for the purposes for which it is processed.
3.5. Security of Personal Data Processed by the Company
We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful alteration or loss, or from unauthorized use, disclosure or access. We take it when DATA PROTECTION POLICY 3 / 5 This document is the property of Marjan Indústria e Comércio Ltda and Droxter Indústria e Comércio e Participações Ltda, its reproduction being prohibited without our prior authorization. Appropriate, all reasonable measures to implement necessary safeguards and protect the processing of personal data. We also carry out, depending on the level of risk posed by the processing, a privacy impact assessment to adopt appropriate safeguards and ensure the protection of personal data. We also provide additional security protections for data that is considered sensitive.
3.6. Disclosure of Personal Data
We may, in the normal course of our business and for processing purposes, share personal data with relevant personnel within the COMPANY, whether duly authorized employees, contractors/subcontractors, to ensure consistency in our procurement activities, we maximize quality and efficiency of our operations. We may also be required to disclose personal data to regulatory authorities, courts and government agencies when required by law, regulation or legal process, or to defend the interests, rights or property of the COMPANY or related third parties. Otherwise, we will not share personal data with other parties, unless the Holder requests it or has given us prior approval for such sharing.
3.8. Holders’ Rights of Data Collected by the Company
We are committed to ensuring the protection of the rights of data subjects, in accordance with Brazilian law:
The following table contains a summary of the holders’ rights:
Right of Access
The Holder may request access to his personal data. You can also request the correction of inaccurate personal data or have incomplete personal data completed.
The Holder may request any available information about the source of the personal data, and may also request a copy of his personal data that is being processed by the COMPANY.
Right to Be Forgotten
The Holder has the right to request the deletion of their personal data in cases where:
i. the data is no longer needed;
ii. the subject chooses to withdraw their consent;
iii. personal data was processed illegally;
iv. there is a legal obligation to erase personal data;
v. disposal is necessary to ensure compliance with applicable laws.
Right to Restriction of Processing
The holder may request that the processing of his personal data be restricted in cases where:
i. the holder contests the accuracy of the personal data;
ii. the COMPANY no longer needs the personal data, for the purposes of processing;
iii. the holder opposes the processing for legitimate reasons
Right to Data Portability
The Holder of personal data may request, when applicable, the portability of their Personal Data that they have provided to the COMPANY. The Holder has the right to transmit this data to another Controller without hindrance from the COMPANY where:
(a) the processing of your Personal Data is based on consent or a contract; and
(b) processing is carried out by automated means.
The Holder may also request that their personal data be transmitted to third parties of their choice (when technically feasible).
Right to object to processing for direct marketing purposes
The holder may object (i.e. exercising your right to “opt-out”) from the processing of your personal data, particularly in relation to profiling or marketing communications. When we process personal data based on consent, the data subject can withdraw their consent at any time.
Right Not to Be Subject to Automated Decisions
The Holder has the right not to be subject to a decision based exclusively on automated processing, including profiling, which has a legal effect on the Holder or significantly affects it.
To exercise these rights, the holder can send his Request or Complaint following the procedure established in the privacy statements brought to his attention at the time of collection of his personal data or by sending an e-mail to the Data Protection Officer
DPO Contacts: Ricardo Chiodaro – firstname.lastname@example.org and (11) 5642-9888
Contact our SAC [Customer Service] on 0800 055 4545 or send us a message.