Updated on 04/04/2022

Beneficência Portuguesa's privacy and data processing policy

1. INTRODUCTION

The purpose of this Policy is to demonstrate in a transparent manner the commitment of R.B. A. PORTUGUESA DE BENEFICENCIA ("BP"), headquartered in the City of São Paulo – SP, at Rua Maestro Cardim, 769, Bela Vista CNPJ [Tax ID]: 61.599.908/0001-58, and its respective subsidiaries, with their privacy and protection of personal data, respecting the provisions of the General Data Protection Law.


This Policy describes the applicable rules on the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation or control of information, modification, communication, transfer, dissemination or extraction of personal data of clients and/or their legal guardians, companions and visitors, collaborators, members of their clinical and multidisciplinary staff, students, volunteers, providers sponsors and any other third party in accordance with applicable laws.


To access and use the services offered by BP, You as Data Subject must declare that you have made the full and attentive reading of this Policy, and that you are fully aware of the terms set out herein, conferring your free and express agreement for the processing of the Data in accordance with the conditions specified below.


2. SCOPE

This Policy applies to all directors (members of the Board of Directors, Advisory Board, Fiscal Council, Administrative Board, Associates) and BP employees, clients and their legal guardians, companions and visitors, members of its clinical and multidisciplinary staff, students, volunteers, providers and suppliers of goods and services and any other third parties.

3. INFORMATION SUBJECT TO BP'S PRIVACY POLICY:

  • (i) All information provided or collected from clients and/or their legal guardians, whether physical or in access to Our Environments, in the context of BP's provision of health services. Among the health services that can be provided by BP, according to the chosen unit, are: hospital, hospitalization, outpatient, surgical, diagnostic tests, emergency care or emergency room, among other health services; as well as the application of clinical studies and research, credit recovery and predictive analysis to improve the experience of the services provided, respecting the terms of the applicable laws;
  • (ii) All information from BP Administrators and employees, providers and suppliers of goods and services, collected in the context of contractual or legal obligation;
  • (iii) All information provided or collected from Volunteers in the context of promoting support activities providing well-being, leisure and social responsibility to our clients and companions;
  • (iv) All information provided or collected from the members of its clinical and multidisciplinary staff in the context of the provision of health services, contractual or legal obligation;
  • (v) All information provided or collected from Students in the context of providing educational services.

4. PROCESSING OF PERSONAL DATA

Considering the principles and grounds defined by the General Data Protection Law, the Processing of Personal Data will be carried out by BP only when the following hypotheses are observed:



  • Consent
  • when the Data Subject or his/her legal guardian consents to the Processing of Personal Data, in a free and unambiguous, specific and outstanding manner, for a given purpose
  • Implementation of public policies
  • Processing of Personal Data admitted by law regardless of the consent of the Data Subject, to meet the interest of the public administration
  • Contractual performance
  • where data processing is necessary to ensure contractual performance
  • Compliance with legal or regulatory obligation
  • when Data Processing is necessary due to a legal or regulatory obligation
  • Regular exercise of rights
  • where data processing is necessary for the regular exercise of rights under contract, judicial, administrative or arbitral proceedings
  • Protection of the life of the Data Subject or third party
  • where Data Processing is indispensable for the protection of life or physical safety
  • Health protection
  • when data processing is carried out for the purpose of performing procedures by health professionals, health services or health authorities
  • Legitimate interests
  • when in certain situations, as an exception, it may avail itself of the legitimate interest for the processing of the Data Subject’s data, in the regular exercise of his rights or for the provision of services that benefit him, always in accordance with the General Data Protection Law
  • Studies by research body
  • when promoting studies by research body in accordance with the General Data Protection Law.

5. ABOUT DATA WE COLLECT

5.1. How We Collect Data

Data, including Personal Data and Sensitive Personal Data, may be collected physically and/or when interacting with Our Virtual Environments.

5.2. What data we collect and what we collect for



Data Subject What can we collect? What do we collect for?
  • Clients/Patients and their Legal Representatives
  • Registration Data, Personal Characteristics, Identification generated by official bodies;
  • Residential, professional, financial and credit, legal and health information;
  • Information about mobile devices and computers (such as mobile, tablet, computer and notebook, etc.) and digital identification (IP addressing, geolocation, unique device identification, source and access logs in our digital environments);
  • Preferences;
  • Video images captured on CCTV;
  • • To enter requests and visits in person for opening records and hospitalization of patients;
  • • To provide medical and health care services, including cases of video consultation (telemedicine), situations in which the data can also be used for identification processes on telemedicine service providers;
  • • Request authorization to perform an examination and/or consultation with the health operator/insurer, as well as to carry out financial procedures;
  • • Perform the monitoring service and support recovery after hospital discharge (including through remote monitoring technologies).
  • • Quote the values of medical and material procedures such as orthotics, prostheses and special materials (OPME) and other special category with Third Parties and Health Operators;
  • • Invite you to participate in research projects;
  • • Invite you to participate in the Clinical and Surgical Patient Reception Program;
  • • Develop legal instruments relating to the Services provided;
  • • Identify, release access and monitor our facilities, such as badges, stickers, identification bracelets, as well as record your images in our monitoring and physical security systems (CCTV);
  • • Comply with the obligations arising from the use of our services and required by health agencies;
  • • Meet requests and other manifestations;
  • • Provide service through electronic messaging applications;
  • • Implement administrative and financial processes, including studies of indicators that enable the improvement of the services provided;
  • • Recover credits under claims resulting from default;
  • • Send relevant institutional communications;
  • • Authenticate and grant access to wireless internet network.
  • Accompanying Persons and Visitors
  • Registration Data, Personal Characteristics, Identification generated by official bodies;
  • Residential information;
  • Information about mobile devices and computers (such as mobile, tablet, computer and notebook, etc.) and digital identification (IP addressing, geolocation, unique device identification, source and access logs in our digital environments);
  • Video images captured on CCTV
  • • Identify, release access and monitor our facilities, such as badges, stickers, identification bracelets, as well as record your images in our monitoring and physical security systems (CCTV);
  • • Authenticate and grant access to wireless internet network;
  • • Provide service through electronic messaging applications;
  • • Comply with the obligations arising from the use of our services and required by health agencies.
  • • Meet requests and other manifestations.
  • Associates and Administrators
  • Registration Data, Personal Characteristics, Identification generated by official bodies;
  • Residential, professional, financial and credit, legal and health information;
  • Information about mobile devices and computers (such as mobile, tablet, computer and notebook, etc.) and digital identification (IP addressing, geolocation, unique device identification, source and access logs in our digital environments);
  • Preferences;
  • Video footage captured on CCTV;
  • • Comply with statutory legal obligations;
  • • Promote the electronic voting of Associates and Administrators at ordinary and extraordinary general meetings and other statutory acts, through digital platforms of service providers;
  • • Conduct internal and external audit;
  • • Provide access to physical and digital environments;
  • • Prepare legal instruments related to services provided and other legal and state obligations;
  • • Meet requests and other manifestations;
  • • To enter requests and visits in person for opening records and hospitalization of patients;
  • • To provide medical and health care services, including cases of video consultation (telemedicine), situations in which the data can also be used for identification processes on telemedicine service providers;
  • • Request authorization to perform an examination and/or consultation with the health operator/insurer, as well as to carry out financial procedures;
  • • Perform the monitoring service and support recovery after hospital discharge (including through remote monitoring technologies).
  • • Quote the values of medical and material procedures such as orthotics, prostheses and special materials (OPME) and other special category with Third Parties and Health Operators;
  • • Invite you to participate in research projects;
  • • Identify, release access and monitor our facilities, such as badges, stickers, identification bracelets, as well as record your images in our monitoring and physical security systems (CCTV);
  • • Comply with the obligations arising from the use of our services and required by health agencies and other public administration bodies;
  • • Provide service through electronic messaging applications;
  • • Implement administrative and financial processes, including studies of indicators that enable the improvement of the services provided;
  • • Recover credits under claims resulting from default;
  • • Authenticate and grant access to wireless internet network;
  • Collaborators and Clinical Staff
  • Registration Data, Personal Characteristics, Identification generated by official bodies;
  • Residential, professional, financial and credit, legal and health information;
  • Information about mobile devices and computers (such as mobile, tablet, computer and notebook, etc.) and digital identification (IP addressing, geolocation, unique device identification, source and access logs in our digital environments);
  • Information on schooling and titles;
  • Health information;
  • Preferences;
  • Video images captured on CCTV;
  • • Perform selection process and functional registration;
  • • Carry out activities related to your work function;
  • • Perform periodic medical examinations;
  • • Identify, release access and monitoring of our facilities, such as for the manufacture of identification badges, wristbands, stickers, as well as record your images in our monitoring and physical security systems (CCTV), as well as to free access to the corporate digital environment (authentication services of computer networks and systems);
  • • Process payroll, charges and benefits;
  • • Provide medical assistance;
  • • Develop legal instruments relating to the services provided and legal obligations;
  • • Conduct training;
  • • Comply with the obligations required by public agencies;
  • • Send institutional communications, internal guidelines.
  • • Registration, Accreditation and disclosure of Clinical Staff;
  • • Patient care and record of medical records and prescriptions;
  • • Attest to technical responsibility before the Competent Bodies;
  • • Process payments.
  • Students
  • Registration Data, Personal Characteristics, Identification generated by official bodies;
  • Residential, professional, financial and credit, legal and health information;
  • Information about mobile devices and computers (such as mobile, tablet, computer and notebook, etc.) and digital identification (IP addressing, geolocation, unique device identification, source and access logs in our digital environments);
  • Information on schooling;
  • Preferences;
  • Video images captured on CCTV;
  • • Register in the selection process of the chosen course and for other activities related to its academic activity, (such as: enrollments, reenrollments, registration with government agencies, such as the Ministry of Education - MEC, Department of Education and other correlated public agencies);
  • • Develop legal instruments relating to the services provided and legal obligations;
  • • Process payments and issue invoices;
  • • Apply for health insurance for Students, where applicable and within the legal limits;
  • • Identify, release access and monitor our facilities, such as badges, stickers, identification bracelets, as well as record your images in our monitoring and physical security systems (CCTV);
  • • Authenticate and grant access to wireless internet network;
  • • Comply with the obligations required by public agencies;
  • • Meet requests and other manifestations;
  • Volunteers
  • Registration data (including company name and personal data of the NGO's legal representative);
  • Identification generated by official bodies;
  • Residential information;
  • Information about mobile devices and computers (such as mobile, tablet, computer and notebook, etc.) and digital identification (IP addressing, geolocation, unique device identification, source and access logs in our digital environments);
  • Video images captured on CCTV;
  • • Promote support activities providing well-being, with social participations by providing your time, experiences, skills and abilities for solidarity activities services, without personal burden.
  • • Act in activities that generate knowledge, leisure, comfort and social responsibility for our patients and companions, either as volunteers or partners.
  • • Identify, release access and monitor our facilities, such as badges, stickers, identification bracelets, as well as record your images in our monitoring and physical security systems (CCTV);
  • • Authenticate and grant access to wireless internet network;
  • • Comply with the obligations arising from the use of our services and required by public agencies and public administration bodies;
  • • Meet requests and other manifestations;
  • Third parties
  • Registration Data;
  • Identification generated by official bodies;
  • Legal information;
  • Information about mobile devices and computers (such as mobile, tablet, computer and notebook, etc.) and digital identification (IP addressing, geolocation, unique device identification, source and access logs in our digital environments);
  • Video footage captured on CCTV;
  • • Develop legal instruments;
  • • Process payments;
  • • Identify, release access and monitor our facilities, such as badges, stickers, identification bracelets, as well as record your images in our monitoring and physical security systems (CCTV);
  • • Authenticate and grant access to wireless internet network;
  • • Comply with the obligations arising from the use of our services and required by public agencies and public administration bodies;
  • • Meet requests and other manifestations;

SPECIAL NOTE FOR LEGAL REPRESENTATIVES

BP may collect and process Personal Data of children and adolescents under the age of 18, in a physical manner and/or when interacting with Our Environments, including Sensitive Personal Data, and therefore there will be a need for legal consent from parents or legal representatives for this purpose.


Although in the collection and processing of personal data of children and adolescents there is consent, parents must supervise the online activities of their underage children in Our Environments, especially in Our Digital Environments.


The activities of adolescents over 16 and under 18 years of age must be assisted by parents or legal representatives.



5.2.1. Other personal data that is not described in the Table above may be collected in accordance with the specific nature of the service or activity in question, in accordance with a specific document that should be considered together with this Privacy Policy.

5.2.2. Many of BP's services rely directly on some data provided in the table above, mainly Registration Data. If the Data Subject chooses not to provide any of this Data, we may be unable to provide all or part of our services.

5.2.3. BP is not responsible for the accuracy, veracity or timeliness of the information provided by the Data Subject, and it is the responsibility of the Data Subject to provide it accurately or update it whenever applicable. It is important to say that BP is not obliged to process any Data if there is reason to believe that such processing may impute to us any legally intended infringement, or if Our Environments are being used for any illegal or unlawful purpose or in any way contrary to ethics and/or morality purposes.

5.2.4. The database formed through the collection of Personal Data is the property and responsibility of BP, and its use, access and sharing, when necessary, will be made within the limits of this Privacy Policy and specific Terms of Use, if any.

5.3 Data collection through cookies:

We use cookies to identify you in your next access to the site and thus provide a personalized service according to your preferences or browsing history, and thus provide more practicality and functionality in your navigation. To know details about the Cookies we collect and why we collect them, please visit our Cookie Policy, available on the website: https://www.bp.org.br/politica-de-cookie


All technologies used by BP will always comply with the current legislation and the terms of this Policy.

5.4 How We Share Data and Information

The Collected Data and recorded activities can be shared:


  • (i) With competent judicial, regulatory, administrative or governmental authorities, whenever there is legal determination, request or court order;
  • (ii) With health operators or insurers, laboratories and class councils always following regulatory requirements, and current laws.
  • (iii) Automatically, in case of corporate transactions, such as merger, acquisition and consolidation; in case of compliance with statutory obligations, according to legal provision.
  • (iv) With Third Parties, to provide the services to you in accordance with our confidentiality criteria and for the purposes expressly permitted.
  • (v) Data Interoperability, to ensure the continuity of your medical treatment , we share the personal data strictly necessary between health institutions to assist in your care. This sharing shall be made with the consent provided freely, wittingly and unequivocally.

BP will not be liable for the misuse of information, whether by third parties, volunteers, students or their employees, due to the failure to comply with this Policy and the contractual obligations assumed with them and BP through proper instruments.

6. INFORMATION SECURITY

6.1. BP makes every effort to maintain privacy and information security by adopting technical, physical and administrative security measures:


  • (i) technical measures, such as the transmission of personal data through a secure website, storage of data in electronic means that maintain high standards of security, use of a system whose access is controlled and segregated according to the responsibilities of each employee;
  • (ii) physical measures, such as restricted access to authorized persons held in facilities that include, use of market security tools; and
  • (iii) administrative measures, including the adoption of Security Policies and Standards, training and awareness of employees and confidentiality agreements.

6.2 Internally the Personal Data collected by BP is accessed only by duly authorized professionals, respecting the principles of proportionality, necessity and relevance to the objectives of our business, in addition to the commitment to confidentiality and preservation of your privacy under this Policy.

6.3. When using Our digital environments it is very important that the Data Subject protects their Data from unauthorized access to their computer or mobile phone, account or password, and always make sure to click "exit" when terminating their browsing on a shared computer. It is also very important to inform that BP never sends electronic messages with attachments that can be executed (this can be verified through file extensions such as: .exe, .com, among others) or links to file downloads. The emails are intended to provide information about your appointments, health and care reports and other information that the Data Subject consents to.

6.4. When the Data Subject accesses Our Environments, it may be conducted, via link, to other portals or platforms (such as BP's social networks), which may request that you provide your personal data and other information and have your own Data Processing Policy or specific Terms and Conditions of Use:

6.4.1 It will be up to the Data Subject to read the Privacy and Data Processing Policies of such portals or platforms outside our environment, and it is his/her responsibility to accept or reject them. BP will not be responsible for Privacy and Data Processing Policies of Third Parties or for the content of any websites or services linked to virtual environments of BP's systems, even if associated to it through links;

6.4.2 BP has business partners who may occasionally offer services through features or websites that can be accessed from Our Environments. [sic] to the supplier data to these partners shall be their responsibility and they are thus subject to their own data collection and use practices.

6.4.3 The consent provided by the Data Subject is collected individually, clearly, specifically, legitimately and informed.

6.5. BP uses market-compatible technologies, respecting the reasonable state of the art, with constant updates. All technologies used must comply with current laws and the terms of this Privacy Policy.

6.6. BP conducts training of its employees, clinical staff and multidisciplinary professionals regarding the standards and good practices related to information security, privacy and protection of personal data and on the General Data Protection Law, with the purpose of making them aware of the importance of preserving and keeping confidential the information collected, recorded, stored, and shared.

6.7. BP respects the principles of lawfulness, purpose, adequacy, proportionality, necessity, free access, data quality, transparency, security, prevention, non-discrimination, accountability, subsidiarity and storage limitation, in addition to establishing a commitment to confidentiality and privacy preservation under this Privacy Policy.

7. STORAGE OF PERSONAL DATA

BP will maintain and store Personal Data and Sensitive Personal Data for as long as necessary to comply with the purposes for which it was collected, as well as for the purposes of fulfilling any legal, regulatory or contractual obligation, accountability or request of competent authorities.


The Collected Data will be stored on our servers located in Brazil, as well as in a cloud computing environment, which may require a transfer and/or processing of this Data outside Brazil.

8. INTERNATIONAL DATA TRANSFER

BP informs that, depending on the services used, your data may be transferred and maintained in an environment inside or outside Brazil. This transfer will always respect evaluation criteria of partners and suppliers that provide technological structure in countries with data protection laws equivalent to the Brazilian General Data Protection Law.


Currently the data for some of our services is stored in:


  • Germany;
  • Bolivia;
  • Brazil;
  • Chile;
  • United States of America;
  • Canada;
  • Buenos Aires, Argentina.

9. WHAT ARE YOUR RIGHTS AND HOW TO EXERCISE THEM

Any Data Subject has the right to request BP information related to the processing of his/her data. According to the LGPD, their rights consist of:


  • • Confirmation: right to be informed of the processing of his/her data. Access: right to request access to the personal data processed. Elimination: right to request the deletion of personal data, observing compliance with legal or regulatory obligations;
  • • Withdrawal of consent: right to revoke consent at any time, through express manifestation, by free and facilitated procedure.
  • • Portability: right to request the transmission of the processed data to another service provider. Correction: right to request the change of personal data processed whenever it is incomplete, inaccurate or outdated. Information: right to be informed about the public and private entities with which the data was shared. Restriction: right to request anonymisation, blocking or deletion of unnecessary data, excessive data or data processed in disagreement with the personal data protection law.
  • • Review of automated decisions: possibility of reviewing decisions made solely on the basis of automated processing of personal data affecting the Data Subject’s interests.
  • • Copy of the Data Subject’s medical records;

To fulfill your rights from requests for information, please contact us through the [DATA SUBJECT PETITION FORM] available at:



The Data Subject may exercise his/her rights directly, or through a legally appointed representative. In this channel, Data Subjects can also request a Copy of their Medical Records.


As a result, some additional documents will be requested by the BP Team to verify the identity of the Data Subject. All validation steps will be done through email. Keep an eye on your inbox and place the m.onetrust.com domain in your email provider's list of secure senders.


To deregister the mailing to receive communications from BP and other consents provided to our institution, access: https://privacyportal.onetrust.com/ui/#/preferences/multipage/login/46f72a0e-1293-4b45-976d-8d3d993e79e4


If we are asked to delete Personal Data, it may happen that the Data may need to be maintained for a period longer than the request for deletion, pursuant to Article 16 of the General Personal Data Protection Law, for the purposes of: (i) compliance with legal or regulatory obligation, (ii) study by research body, and (iii) transfer to a third party (subject to the data processing requirements set out in the same Law). In all cases by anonymizing Personal Data, provided possible. After the maintenance period and legal need, personal data will be deleted using safe disposal methods, or used in an anonymized manner for statistical purposes.


10. CONTACT US

In case of any doubt regarding the provisions of this Privacy and Data Processing Policy, the Data Subject may get in contact through the service channels indicated below, whose opening hours are Monday to Friday from 7:00 am to 6:00 pm.


Data Officer:


Eduardo Nicolau


e-mail: dpo@bp.org.br


Channel for infractions and/or complaints:


https://www.canalconfidencial.com.br/bp; or


Phone: 0800-882-0628


Channel for questions and information:


Phone: (11) 3505-1000


The channels identified above are also available for reports of possible incidents when applicable to:


  • • Clients and their legal guardians, companions and visitors, Third Parties who observe any deviations from the guidelines of this Policy, may report this fact to the Channel for infractions and/or complaints (https://www.canalconfidencial.com.br/bp) or 0800-882-0628), and they may or may not identify themselves;
  • • For Administrators, Employees, clinical and multidisciplinary staff and students, the failure to comply with the guidelines of this Policy will result in the application of accountability measures according to the respective severity of such non-compliance;
  • • When an incident reported to the Confidential Channel involves sensitive personal data and/or personal data, the Confidential Channel must promptly report it to the Data Protection Officer ("DPO").

11. CHANGES IN THIS POLICY

We seek to offer you the services as efficiently as possible and, for this purpose, we constantly update them. For this reason, this Policy may be adjusted at any time. Access updates to this Policy whenever possible through this email address.

12. GENERAL PROVISIONS

If any topic of this Policy is deemed unenforceable by the Data Authority or any judicial authority, the other conditions shall remain in full force and effect.


Any communication made by e-mail (to the addresses informed in your registration), SMS, instant communication applications or any other digital form, are also valid, effective and sufficient for the disclosure of any subject that refers to the services we provide, as well as the conditions of its provision or any other subject addressed therein, unless otherwise provided for in this Policy.

13. APPLICABLE LAW AND JURISDICTION

This Policy shall be interpreted in accordance with the Brazilian law, in the Portuguese language, and the court of your domicile shall have jurisdiction to settle any dispute arising out of this document, unless specific to personal, territorial or functional competence by applicable law.


If the domicile in Brazil, and due to the services offered by BP only in the national territory, is subject to the Brazilian law, you therefore agree that, in case of litigation to be resolved, the lawsuit shall be brought in the Court of the Judicial District of São Paulo.

14. PUBLIC REGISTRATION

This Policy is registered at the Forth Vital Records of the Judicial District of São Paulo. For all purposes consider the latest version in force to be published on our website.

GLOSSARY

For the purposes of this Policy, the following definitions and descriptions shall be considered:


  • (i) National Data Protection Authority ("ANPD"): Public administration body responsible for ensuring, implementing and supervising the compliance with the LGPD throughout the country.
  • (ii) Anonymization: Use of reasonable technical means available at the time of Processing, through which a data loses the possibility of association, directly or indirectly, with an individual.
  • (iii) CCTV: "Closed Circuit Television". Camera monitoring and surveillance system that refers real-time images to a video recorder and/or central monitoring through wired system or IP.
  • (iv) Cloud Computing: Or cloud computing, is a service virtualization technology built from the interconnection of more than one server through a common information network (e.g. the Internet), with the aim of reducing costs and increasing the availability of sustained services.
  • (v) Access Account: Credential required to use or access BP’s virtual environments features.
  • (vi) Cookies: Small files sent by the Platform, saved on your devices, that store preferences and little other information, in order to customize your navigation according to your profile.
  • (vii) Personal Data Controller: Natural or legal person, under public or private law, responsible for decisions concerning the processing of personal data..
  • (viii) Data: Any information entered, processed or transmitted through Our Environments.
  • (ix) Personal Data: Data related to identified or identifiable natural person.
  • (x) Sensitive Personal Data: Personal data consisting of racial or ethnic origin, religious conviction, political opinion, or trade union membership or organization of a religious, philosophical, or political nature, data concerning health or sex life, genetic or biometric data when linked to a natural person.
  • (xi) Exclusively Automated Decisions: Decisions that affect a user and that have been programmed to work automatically, without the need for a human operation, based on automated processing of personal data.
  • (xii) Data Protection Officer (DPO): Person appointed by BP to act as a communication channel between the controller, data subjects and the National Data Protection Authority (ANPD).
  • (xiii) Session ID: Identification of the user session when access to Our Virtual Environments is made.
  • (xiv) IP: Short for Internet Protocol. It is an alphanumeric set that identifies users' devices on the Internet.
  • (xv) General Data Protection Law (or "LGPD"): Law No. 13.709/18: which provides for the processing of Personal Data in the Brazilian territory.
  • (xvi) Logs: Activity logs of any users using BP Virtual Platforms.
  • (xvii) Our Environments: It designates both our digital environments as our e-mail address https://www.bp.org.br/ and scheduling of appointments and exams, as well as our physical environments, like our buildings and facilities.
  • (xviii) Personal Data Operator: Natural or legal person, under public or private law, who carries out the processing of personal data on behalf of the Controller.
  • (xix) Third Party: Natural or legal person, under public or private law, who supplies goods or provides services to BP, on its premises or remotely, and in the exercise of its activities may have access to information related to the business of BP or its Clients.
  • (xx) Data Processing: Any and all operations carried out with Personal Data, such as those referring to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation or control of information, modification, communication, transfer, dissemination or extraction;

Previous versions available on the website:

18/12/2020 - Version 01

18/12/2021 - Version 02

04/04/2022 - Version 03