Learn more about how your data is collected, used, and managed
Einstein Privacy and Data Protection Portal
Quick access
Our Commitment to Your Data Privacy
Learn how Einstein works to protect your data privacy
Brazilian General Data Protection Law (LGPD)
Understand what the LGPD is and its main concepts
Your rights
Learn about your rights guaranteed by the Brazilian General Data Protection Law (LGPD)
FAQ
Check frequently asked questions about the processing of your personal data
Einstein and the LGPD
Ethics, transparency and security guide Einstein's commitment to the protection and privacy of the personal data of its employees, customers and partners
To promote greater understanding and transparency, the Privacy Portal summarizes the key concepts of the LGPD and details how to apply these principles in practice, including specific examples of processes and measures
If you would like more detailed information about the treatment of your data, click here to access the Privacy Policy

What is LGPD?
The Brazilian General Data Protection Law (LGPD) establishes rules for the processing of personal data by companies, in order to ensure more transparency, protection and privacy for their holders
Important
Concepts
LGPD Treatment Agents
Data Owner
the person to whom the data that will be processed refers to
Controller
the party responsible for defining and managing how the data will be processed, according to the purpose for which it was collected. This role ensures that the data on patients, visitors, students, employees or third parties are properly treated every time they use the organization's services and share their data with Einstein
Operator
carries out the processing of personal data according to the controller's determinations. A common example of an operator is cloud data storage and processing service providers
Data Officer
it is defined by the controller and the operator as the main party responsible for maintaining the organizations' compliance with the LGPD. Considered the custodian of the governance and privacy program. This party also acts as a communication channel between the controller, the data owners and the National Data Protection Authority (ANPD)
Brazilian National Data Protection Agency (ANPD)
the national authority responsible for ensuring, implementing and supervising compliance with the LGPD by organizations. For more information, see the ANPD official website
Other concepts you need to know
Anonymization
use of technical means by which data loses the possibility of association, directly or indirectly, with an individual
Cookies
the cookie allows the website to “remember” your actions or preferences over time
Legal bases
are hypotheses provided for in the Brazilian General Data Protection Law (LGPD) that authorize the processing of personal data. Among these situations are consent, legal or regulatory obligation, public policy, research agencies, contract execution, normal exercise of rights, protection of life, protection of health, legitimate interest and credit protection
Your rights at Einstein
Einstein makes available to its patients, students, employees, third parties and visitors a dedicated channel to exercise their rights as provided for in the LGPD
If you have any questions, please contact our Data Officer (DPO), Rogéria Leoni Cruz, via the email: dpo@einstein.br


Your rights
After all, what are your rights?
access your data
confirm that your data is being processed
update and correct your data
anonymize, delete or block any unnecessary, excessive or processed data in violation of the provisions of the Brazilian General Data Protection Law (LGPD), No. 13.709, of August 14, 2018
delete the personal data processed with your consent, except for the exceptions provided for in the LPGD
consent, or not, to the portability of data to another service or product provider, according to regulations
revoke consent at any time
obtain information and request review of decisions made solely on the basis of automated data processing, which affect your interests
receive information about the possibility of not providing consent and the consequences of this denial
My Einstein app Data
In the My Einstein app, you can also change your registration data (email, phone, home address) and manage the consents provided and you can revoke them at any time
FAQ
What data is collected? And how are they collected?
Einstein collects your personal data to provide its services in the best way possible, in accordance with the Privacy Policy in force in the organization. This includes information such as name, CPF, address, email, health plan, medical history and other information relevant to your care. In addition, sensitive data may be collected by the organization, such as information about your health, genetics or sex life, but only when it is strictly necessary for your care
How long is the data stored?
The data is stored for the time necessary to provide services with excellence, to comply with legal obligations, to defend rights in the event of litigation and to prevent fraud. Exact storage time varies by data type and purpose of collection
Where is my data stored?
Your data may be stored on servers in Brazil or in other countries, always in secure places and with adequate protection measures. If your data is stored abroad, data protection rules are respected, in accordance with LGPD standards. For more information on how Einstein protects your data, see our Privacy Policy
How is data from children and adolescents handled?
In the case of children (up to 12 years old) and adolescents (between 12 and 18 years old), Einstein collects and processes personal data in accordance with their best interest. Einstein ensures that all data from children and adolescents is handled in strict accordance with the principles of the LGPD and best data protection practices
How can I contact Einstein's Data Protection Officer?
If you want more information or have questions about the content presented on Einstein's website or in Einstein's Privacy Policy, Einstein's Data Officer (DPO) Rogéria Leoni can assist you at: dpo@einstein.br. In addition, if you wish to exercise your rights as a data subject, click here
What is a Personal Data Security Incident?
Personal data security incidents occur when your data is:
- processed unlawfully or unethically
- accessed or made available by an unauthorized person
- improperly modified or altered
- not available when needed
Although Einstein adopts several technical and administrative security and privacy measures, no organization is completely protected from the occurrence of these incidents
If you believe any of the above situations may have occurred with your data at Einstein, please complete the form by clicking here, or if you prefer, please contact us anonymously by clicking here
Your request for an incident investigation is treated in a careful and respectful manner, and receives full attention, according to the Einstein quality standard
How can I get a copy of my medical record?
The medical record can only be requested by the patients themselves or their legal representative, upon documentary proof. Please call +55(11)2151-2370
If you are a patient at the Goiânia unit, contact recepcao.same@einstein.br or gsame@einstein.br
If you are a patient at Hospital Vila Santa Catarina, please contact samehospmunvilastacatarina@einstein.br
If you wish to exercise your rights as a data owner, whether you are a patient, visitor, student, employee or third party, click here
If you believe that your personal data has been the subject of a security incident, please complete the form by clicking here, or if you do not wish to be identified, please complete the form anonymously by clicking here
Any change in the information presented here will be communicated by means of a notice on this portal. For more information or questions, contact Einstein's Data Officer (DPO) Rogéria Leoni Cruz at: dpo@einstein.br
See also our Privacy Policy