Skip to main content
Giving

Einstein Privacy and Data Protection Portal

Learn more about how your data is collected, used, and managed

Quick access

Einstein and the LGPD

Ethics, transparency and security guide Einstein's commitment to the protection and privacy of the personal data of its employees, customers and partners

To promote greater understanding and transparency, the Privacy Portal summarizes the key concepts of the LGPD and details how to apply these principles in practice, including specific examples of processes and measures

If you would like more detailed information about the treatment of your data, click here to access the Privacy Policy

Ilustração representando a segurança digital

What is LGPD?

The Brazilian General Data Protection Law (LGPD) establishes rules for the processing of personal data by companies, in order to ensure more transparency, protection and privacy for their holders

Important 
Concepts

LGPD Treatment Agents

Data Owner

the person to whom the data that will be processed refers to

Controller

the party responsible for defining and managing how the data will be processed, according to the purpose for which it was collected. This role ensures that the data on patients, visitors, students, employees or third parties are properly treated every time they use the organization's services and share their data with Einstein

Operator

carries out the processing of personal data according to the controller's determinations. A common example of an operator is cloud data storage and processing service providers

Data Officer

it is defined by the controller and the operator as the main party  responsible for maintaining the organizations' compliance with the LGPD. Considered the custodian of the governance and privacy program. This party also acts as a communication channel between the controller, the data owners and the National Data Protection Authority (ANPD)

Brazilian National Data Protection Agency (ANPD)

the national authority responsible for ensuring, implementing and supervising compliance with the LGPD by organizations. For more information, see the ANPD official website

Other concepts you need to know

  • Anonymization

    use of technical means by which data loses the possibility of association, directly or indirectly, with an individual

  • Cookies

    the cookie allows the website to “remember” your actions or preferences over time

  • Legal bases

    are hypotheses provided for in the Brazilian General Data Protection Law (LGPD) that authorize the processing of personal data. Among these situations are consent, legal or regulatory obligation, public policy, research agencies, contract execution, normal exercise of rights, protection of life, protection of health, legitimate interest and credit protection

Your rights at Einstein

Einstein makes available to its patients, students, employees, third parties and visitors a dedicated channel to exercise their rights as provided for in the LGPD

 

If you have any questions, please contact our Data Officer (DPO), Rogéria Leoni Cruz, via the email: dpo@einstein.br

Homem jovem com camisa azul olha seu celular e sorri. Ele entra no site do Einstein, faz seu cadastro e demonstra confiança nos serviços oferecidos e na forma como o hospital protege seus dados pessoaisJovem e mulher de cabelo grisalho sorriem enquanto olham juntos para um celular, em um ambiente acolhedor; eles demonstram confiança ao acessar facilmente o FAQ com perguntas frequentes sobre o tratamento de seus dados pessoais no Hospital Israelita Albert Einstein.

Your rights

After all, what are your rights?

  • access your data

  • confirm that your data is being processed

  • update and correct your data

  • anonymize, delete or block any unnecessary, excessive or processed data in violation of the provisions of the Brazilian General Data Protection Law (LGPD), No. 13.709, of August 14, 2018

  • delete the personal data processed with your consent, except for the exceptions provided for in the LPGD

  • consent, or not, to the portability of data to another service or product provider, according to regulations

  • revoke consent at any time

  • obtain information and request review of decisions made solely on the basis of automated data processing, which affect your interests

  • receive information about the possibility of not providing consent and the consequences of this denial

My Einstein app Data

In the My Einstein app, you can also change your registration data (email, phone, home address) and manage the consents provided and you can revoke them at any time

FAQ

What data is collected? And how are they collected?

Einstein collects your personal data to provide its services in the best way possible, in accordance with the Privacy Policy in force in the organization. This includes information such as name, CPF, address, email, health plan, medical history and other information relevant to your care. In addition, sensitive data may be collected by the organization, such as information about your health, genetics or sex life, but only when it is strictly necessary for your care

How long is the data stored?

The data is stored for the time necessary to provide services with excellence, to comply with legal obligations, to defend rights in the event of litigation and to prevent fraud. Exact storage time varies by data type and purpose of collection

Where is my data stored?

Your data may be stored on servers in Brazil or in other countries, always in secure places and with adequate protection measures. If your data is stored abroad, data protection rules are respected, in accordance with LGPD standards. For more information on how Einstein protects your data, see our Privacy Policy

How is data from children and adolescents handled?

In the case of children (up to 12 years old) and adolescents (between 12 and 18 years old), Einstein collects and processes personal data in accordance with their best interest. Einstein ensures that all data from children and adolescents is handled in strict accordance with the principles of the LGPD and best data protection practices

How can I contact Einstein's Data Protection Officer?

If you want more information or have questions about the content presented on Einstein's website or in Einstein's Privacy Policy, Einstein's Data Officer (DPO) Rogéria Leoni can assist you at: dpo@einstein.br. In addition, if you wish to exercise your rights as a data subject, click here

What is a Personal Data Security Incident?

Personal data security incidents occur when your data is:

 

  • processed unlawfully or unethically
  • accessed or made available by an unauthorized person
  • improperly modified or altered
  • not available when needed

 

Although Einstein adopts several technical and administrative security and privacy measures, no organization is completely protected from the occurrence of these incidents

 

If you believe any of the above situations may have occurred with your data at Einstein, please complete the form by clicking here, or if you prefer, please contact us anonymously by clicking here

 

Your request for an incident investigation is treated in a careful and respectful manner, and receives full attention, according to the Einstein quality standard 

How can I get a copy of my medical record?

The medical record can only be requested by the patients themselves or their legal representative, upon documentary proof. Please call +55(11)2151-2370

 

If you are a patient at the Goiânia unit, contact recepcao.same@einstein.br or gsame@einstein.br

 

If you are a patient at Hospital Vila Santa Catarina, please contact samehospmunvilastacatarina@einstein.br

If you wish to exercise your rights as a data owner, whether you are a patient, visitor, student, employee or third party, click here

If you believe that your personal data has been the subject of a security incident, please complete the form by clicking here, or if you do not wish to be identified, please complete the form anonymously by clicking here

Any change in the information presented here will be communicated by means of a notice on this portal. For more information or questions, contact Einstein's Data Officer (DPO) Rogéria Leoni Cruz at: dpo@einstein.br

See also our Privacy Policy