Privacy Policy
Our Commitment
Your privacy is important to us, from GSH &R2PHARMA.
This way, we ensure that your information and personal data are handled with security and transparency.. Desta forma prezamos por tratar suas informações e dados pessoais com toda segurança e transparência.
It is our duty to keep your data safe and ensure their confidentiality and integrity while they are with us, stating our Group’s commitment to the security and transparency in the processing of
personal data, as provided for in the General Data Protection Regulation.
Access our Privacy Statement
The Privacy Statement is directed to GSH & R2PHARMA clientsand to other data subjects whose data is processed in our units, digital channels or by other companies from our Group and its subsidiaries. This one aims to present the main information about treating personal data performed by GSH and R2PHARMA, such as: collection, processing, and storage.
Rights of the data subjects
GSH & R2PHARMA take your privacy seriously, and that is why we established a contact channel so you can exercise your rights, which are assured by GDPR.
GSH & R2PHARMA make available to all their data subjects an exclusive channel, where you
can obtain information and make requests regarding your data and the way they are treated.
Just access the link below:
Data Protection Officer
Considering the need to appoint a Data Protection Officer for personal data processing activities
(Art. 41 of Law No. 13.709 – Brazilian General Data Protection Regulation). The Personal Data
Officer in charge of processing the data is responsible for assuring the conformity to the GDPR
in GSH and R2Pharma environments, as well as their subsidiaries, ensuring that the personal
data is always processed accordingly and this will be the channel of communication between
the Controller, the Data Subjects and the National Data Protection Authority – DPA.
Whenever you need to ask questions, make suggestions, or file complaints, please contact our
Data Protection Officer via email:
What is GDPR?
The General Data Protection Regulation (GDPR), or Brazilian Law N. 13.709/2018, has created
rules for Brazilian’s personal data protection, both in digital and physical formats, aiming to
ensure the fundamental rights of freedom and privacy of their subjects.
It also establishes hypothesis for the treatment of personal data to be considered legit.
What is personal data?
It is information that can directly or indirectly identify you, such as your social security number,
e-mail, telephone, IP number, browsing history, geopositioning, and other information capable
of identifying you.
What is personal data processing?
It is named “personal data processing” every actions that can be executed using an information, such as: to collect, access, update, store, file, reproduce, evaluate, classify, extract, communicate, share, transfer, delete, and others.
Who is the data subject?
The data subject is you, the owner of your own personal information. GDPR brought power to the individual to control their data, strengthening the exercise of freedom of expression, information access and the right to privacy, honor, and self-image.
Who are the data protection officers?
They are natural or legal (companies) persons that collect, use, share, or engage in any other activity involving personal data for economic purposes. They must act as guardians of personal data within their environments and, therefore, have the duty to carry out processing activities in accordance with the purposes set forth in the GDPR.
There are two categories of protection officers:
– Controller: responsible for making decisions regarding the personal data processing, as well as defining its purpose.
– Processor: person or company hired for commercial purposes by the Controller to execute a service at their request. They will process the data following the Controller’s instruction and always in accordance with the Law.
Who is responsible for personal data protection in Brazil?
The law institutes a National Data Protection Authority, also known as DPA, to regulate all data processing activities in Brazil. They have the power to inspect companies and receive reports and/or complaints made by the data subjects.