Marjan Farma and Droxter Farma, both private legal entities registered under CNPJ numbers 60.726.692/0001-81 and 05.090.043/0001-29, respectively, with their headquarters located at Rua Gibraltar, 165/195, Santo Amaro, São Paulo City, State of São Paulo – ZIP Code: 04755-070, and Rua Vigario Taques Bitencourt, 258, Santo Amaro, São Paulo City, State of São Paulo – ZIP Code: 04.755-060, respectively, value and are committed to preserving your privacy, security, and transparency in the processing of personal data.
By using our services, you acknowledge and agree to the collection of personal data based on the purposes described in this Privacy Policy and Personal Data Protection (“Policy”), as well as in accordance with the provisions of Brazilian law. If the necessary Personal Data is not provided, we may not be able to offer our products and/or services.
This Policy applies when Marjan Farma and/or Droxter Farma act as the Data Controller.
This Policy applies to the processing of personal data collected by Marjan Farma and Droxter Farma, either directly or indirectly, from all individuals, including, but not limited to, current, future, or potential job candidates, employees, employees’ family members, clients, doctors, consumers, suppliers, contractors/subcontractors, or any third parties.
From this point forward, Marjan Farma and Droxter Farma will collectively be referred to as “COMPANY”.
Personal Data: information related to an individual that can make them identifiable;
Sensitive Personal Data: personal data related to racial or ethnic origin, religious belief, political opinion, affiliation to a union or to a religious, philosophical, or political organization, health or sexual life data, genetic or biometric data, when linked to an individual;
Anonymized Data: data related to a data subject that cannot be identified, considering the use of reasonable and available technical means at the time of processing;
Database: structured set of Personal Data, established in one or more locations, in electronic or physical support;
Data Subject: natural person to whom the personal data being processed refers (in this case, natural person consumers or representatives of legal entities);
Data Processing: any operation performed with Personal Data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, evaluation or control of information, modification, communication, transfer, diffusion, or extraction.
Data Sharing: any and all forms of transfer or mere granting of access, use, or other forms of contact with Personal Data, provided to third parties, through any means, physical or digital, in-person or remote.
Controller: natural or legal person, public or private, responsible for decisions regarding the processing of Personal Data; the COMPANY is a Personal Data Controller;
Processor: natural or legal person, public or private, who processes Personal Data on behalf of the Controller; employees of the COMPANY and third parties to whom the COMPANY shares Personal Data;
Data Protection Officer (DPO): person appointed by the Controller to act as a communication channel between the Controller, the Data Subjects, and the National Data Protection Authority (ANPD); The Legal Manager of the COMPANY is the DPO.
Cookies: small files sent by the website, saved on users’ devices, which store preferences and a few other pieces of information, with the purpose of personalizing navigation according to the consumer’s profile.
3.1. Compliance with the General Data Protection Law
This Privacy Policy (“Policy”) was created in accordance with the General Data Protection Law – LGPD (Law Nº. 13,790/2018) and the Brazilian Civil Internet Framework (Law Nº. 12,965/2014).
Thus, we are committed to complying with all principles of the LGPD, such as respect for purpose, adequacy, necessity, free access, quality, transparency, security, prevention, non-discrimination, accountability, and the best international data protection practices.
3.2. Fairness, Justice, and Transparency
The COMPANY collects only data for specific, explicit, and legitimate purposes and under no circumstances processes data in a manner incompatible with those purposes.
We may need to collect and process Personal Data when necessary for the execution of a contract, when required to comply with a legal obligation to which we are subject, or when necessary, with the prior consent of the Data Subject. We may also collect and process Personal Data for the legitimate interests of the COMPANY, except when these interests are overridden by the interests or fundamental rights and freedoms of the Data Subject.
When collecting and processing Personal Data, we will provide the Data Subject with fair and complete information or a privacy notice regarding who is responsible for processing such Personal Data, the purposes for which the Personal Data is processed, the recipients, the rights, and how to exercise them, etc., unless it is impossible or would require disproportionate efforts to do so.
When required by applicable law, we will seek the prior consent of the Data Subject (for example, before collecting any sensitive personal data).
5.1 The COMPANY will process Personal Data to achieve specific purposes in accordance with the legal bases (or requirements for processing) set forth in applicable legislation.
The processing of Personal Data for purposes not provided for in this Privacy Policy will only occur after prior communication to the user, ensuring that the rights and obligations set forth herein remain applicable.
5.2. Legitimate Purpose, Limitation, and Data Minimization
When the COMPANY acts for its own purposes, Personal Data is primarily processed for, but not limited to, the following purposes: recruitment management, human resources management, accounting and financial management, finance, treasury and tax management, risk management, personnel security management, IT tools provision, IT support management, health and safety management, information security management, customer and consumer relationship management, tenders, sales and marketing management, supply management, internal and external communication, event management, legal requirements such as reporting to regulatory bodies, including data protection authorities, consumer defense authorities, and sector-specific regulatory agencies such as the Brazilian Health Regulatory Agency (ANVISA), data analysis operations, corporate legal management, implementation of compliance processes, reporting adverse effects to ANVISA, in accordance with applicable legislation, and any defense of the COMPANY in administrative, judicial, or arbitral proceedings.
In the course of our business activities and for processing purposes, we may share Personal Data to comply with legal, regulatory, or tax requirements, as well as to fulfill the purposes mentioned above, within the limits required and authorized by law:
In cases of sharing your Data with third parties, all previously mentioned parties must use the shared Data in a manner consistent with and in accordance with the purposes for which they were collected (or for which the User has previously consented), as stipulated in this Privacy Policy. They must also adhere to other privacy statements from websites or countries, as well as all applicable privacy and data protection laws.
If your Data is shared with third parties, only the necessary data required for the provision of the contracted services will be shared. It is important to note that our contracts are drafted in accordance with the data protection standards of Brazilian law. However, our partners have their own Privacy Policies, which may differ from this one.
When redirected to a third-party website or application, you will no longer be subject to this Privacy Policy or the Terms of Service of our platform. We are not responsible for the privacy practices of these websites and recommend that you read their privacy statements.
No documents and/or personal information will be disclosed and/or shared, except if expressly authorized by the data subject or by court order, or as required by law.
No documents or personal information will be sold. Additionally, the personal data of Users (referred to as Data Subjects) will not be individually exposed to third parties, except as provided in this document or as required by law and court order.
The COMPANY may share your data with certain third parties located or with facilities in other countries. However, your personal data will remain subject to the General Data Protection Law and other Brazilian data protection regulations.
In this regard, the COMPANY is committed to adopting efficient cybersecurity and data protection standards to comply with all legal requirements.
Personal Data will be stored digitally and/or physically for as long as necessary to fulfill the purposes for which it is processed, in accordance with the provisions of item I of Article 15 of the LGPD.
Data will be deleted when no longer necessary for the purposes for which it was collected, or upon request for deletion by the user, unless it is necessary to fulfill a legal or regulatory obligation, as provided by the General Data Protection Law.
If you have any questions regarding the specific retention period of certain Personal Data, please feel free to contact us via the contact channel indicated in this document.
We have implemented appropriate technical and organizational measures to protect Personal Data from accidental or unlawful alterations, losses, and unauthorized use, disclosure, or access. We also adopt additional security measures when necessary and conduct privacy impact assessments based on the level of risk associated with data processing to ensure the protection and integrity of personal information.
We make every reasonable effort to implement the necessary safeguards and protect the processing of Personal Data, including applying additional security protections for data considered confidential.
The COMPANY is committed to adopting best practices to prevent security incidents. However, it is important to emphasize that no information transmission is completely risk-free and may be subject to technical failures, viruses, or other similar occurrences. Despite all of our security protocols, problems may arise due to the exclusive fault of third parties, such as cyberattacks by hackers, or even due to negligence or imprudence on the part of the user/customer.
In the event of a security incident that could present a significant risk or harm to the data subjects, the COMPANY is committed to making all reasonable efforts to mitigate the consequences of the event. Additionally, we will notify the affected individuals and the National Data Protection Authority (ANPD), as required by the General Data Protection Law.
By accessing our website and consenting to the use of Cookies, the Data Subject acknowledges and accepts the collection of browsing information, agreeing to the use of Cookies on their device.
The COMPANY may use cookies to gather information, for example, to determine if a particular user has visited us before or if they are a new visitor, and helps us identify features the visitor may have the most interest in.
Cookies can enhance the online experience by saving preferences while a user visits a website. We will inform visitors to our websites about the types of cookies we use and how to disable them. When required by law, users may visit our websites and refuse the use of cookies at any time on their device.
The Data Subject may, at any time and at no cost, change the permissions, block, or refuse cookies. However, revoking consent for certain cookies may hinder the proper functioning of some features on the platform.
Additionally, the Data Subject may find more information about the cookies we use and how they function in our Cookie Policy.
The COMPANY is committed to ensuring the protection of the rights of data subjects, in accordance with Brazilian law.
You may contact the COMPANY if you wish to exercise your rights under the General Data Protection Law (LGPD).
Below is a summary of the main rights of data subjects, with an emphasis on those established by Article 18 of the LGPD, without prejudice to other rights guaranteed by the legislation.
(a) Right of access.
The Data Subject may request access to their personal data. They may also request the correction of incomplete, inaccurate, or outdated data.
The Data Subject may request any available information regarding the source of their personal data, and may also request a copy of their personal data being processed by the COMPANY.
(b) Right to be forgotten.
The Data Subject has the right to request the deletion of their personal data in the following cases:
i. the data is no longer necessary;
ii. withdrawal of previously given consent;
iii. personal data was processed in non-compliance with current legislation;
iv. there is a legal obligation to delete such personal data;
(c) Right to restrict processing.
The Data Subject may request that the processing of their personal data be restricted in the following cases:
i. the Data Subject contests the accuracy of the personal data;
ii. the COMPANY no longer requires the personal data for the purposes of processing;
iii. the Data Subject objects to processing for legitimate reasons.
(d) Right to data portability.
The Data Subject may request, when applicable, the portability of personal data provided to the COMPANY.
The Data Subject has the right to transmit this data to another Controller without hindrance from the COMPANY when:
(i) the processing of their personal data is based on consent or a contract; and
(ii) the processing is carried out by automated means.
The Data Subject may also request that their personal data be transmitted to third parties of their choice (when technically feasible).
(e) Right to object to processing for direct marketing purposes.
The Data Subject may object (i.e., exercise their right to “opt-out”) to the processing of their personal data, particularly in relation to profiling or marketing communications.
When processing Personal Data based on consent, the Data Subject may withdraw their consent at any time.
(f) Right not to be subject to automated decisions.
The Data Subject has the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect on the Data Subject or significantly affects them.
To exercise these rights, the Data Subject may submit their request, complaint, or question by following the procedure established in the privacy notices provided at the time of data collection or by sending an email to the Data Protection Officer.
DPO Contact: Ricardo Chiodaro – dpo@marjanfarma.com.br or by phone at +55 (11) 5642-9888.
We reserve the right to modify this Privacy Policy at any time, particularly to comply with any changes made to our website or legislative changes. You can consult the most recent version at any time on our website. Additionally, we may send updates whenever we deem necessary.
This Policy was last updated on December 5, 2024.
Contact our SAC [Customer Service] on 0800 055 4545 or send us a message.
