1. Our commitment
For RCG Herco, the privacy and protection of the Personal Data of its customers and other Holders of Personal Data and Sensitive Personal Data are fundamental. Therefore, RCG Herco is determined to comply with the applicable Brazilian legislation on the protection of Personal Data, in particular the General Law for the Protection of Personal Data no. 13,709/2018, respecting the fundamental principles and rights of data subjects.
This Privacy Policy complements other contractual provisions and information that may be provided by RCG Herco to its customers, as well as other policies and regulations that are created for data protection.
RCG Herco advises you to read this Policy and other documents that may be transmitted or communicated to you and that deal with the privacy and protection of your personal data, updates of which will be made available on the RCG Herco website (rcgherco.com/politica-de -privacy/).
For the processing of personal data of minors, RCG Herco requests from its customers, the prior consent of parents or guardians at the time of collecting information for insurance quote purposes and at the time of contracting insurance.
Note: This Privacy Policy applies to both public and private legal entities.
2. Position of RCG Herco regarding personal data
RCG Herco will be responsible for the processing of Personal Data, when resulting from the provision of services and product offerings, when the latter is the subject of an insurance quote/proposal in general, as well as in other situations provided for in this instrument, and in this context it will decide what are the relevant data, treatments and their purposes, as will be verified in item 4 of this document.
In cases where RCG Herco acts as a subcontractor, all requirements established in the contracts of the Personal Data controllers will be duly respected.
3. Main categories of personal data processed by RCG Herco
a) Customer or potential customer identification data;
b) Claim registration data in the life insurance business;
c) Claim registration data in the field of health insurance;
d) Claim registration data in the field of general liability insurance;
e) Claim registration data in the field of personal accident insurance;
f) Claim registration data in the field of auto insurance;
g) Data for claim registration in other lines of insurance, such as home insurance, travel insurance, local bail insurance, bike insurance, benefit insurance and dental insurance;
h) Registration data for the purpose of handling claims in the field of transport insurance, truck insurance;
i) Data for insurance quotes in general;
j) Identification data of the insured object;
k) Billing data;
l) Data on health and lifestyle;
m) Call recording data;
n) Data for customer travel coverage;
o) Data for customer registration;
p) Data of associated brokers;
q) Data of customer representatives – legal entity;
r) Details of beneficiaries and dependents;
s) Customer data relating to complaint records;
t) Power of attorney data;
u) Data from third parties that have some connection, including contractual, with RCG Herco; and
v) Video surveillance data.
The processing of Personal Data of children and adolescents will be carried out in their best interest, in accordance with the relevant Brazilian legislation.
I declare that I am the parent or legal guardian of the minor whose Personal Data will be processed by RCG Herco for the purposes set forth in this Privacy Policy and other documents entered into with RCG Herco.
4. Processing of personal data
The Processing of Personal Data will be applied in the following situations:
a) Prospecting;
b) Insurance quotation;
c) Proposal for insurance;
d) Information transactions with insurance companies and/or operators;
e) Verification of information for policy issuance;
f) Endorsement;
g) Sinister;
h) Renewal.
5. Reasons for processing personal data and in which situations
5.1 Data processing under the responsibility of RCG Herco
As controller (controller), RCG Herco should only process Personal Data in the following situations:
a. For the execution of a contract or for carrying out preliminary procedures at the request of the customer.
Within the scope of providing services and/or offering products that the customer intends to hire, RCG Herco will process Personal Data in the following cases:
i. Customer or potential customer request: Request for quote; Telephone Order Management; Order Management via Website/SmartZap/WhatsApp; Order Management through the RCG Herco Application; Submission of Proposal; Submission of Request for Issue; Denunciations / Complaints; Ethical Lines; Geolocation Requests; Confirmation of Age of Age Data; Password request, new card, card unlocking and issue of Invoice; Sending a request for issuance; proposal, policy, insurance card or invoice; Requests in general regarding health and dental insurance; Life Insurance Adhesion Proposal.
ii. Contract performance: Client management; Commercial management; Contract Management; Registration Management; Endorsement Management; Policy Issuance Management; Premium Collection Management; Policy Renewal Management; Portfolio analysis / Loss ratio; Physical File of Insurance Contract; Insurance Contract Digital File; Confirmation of Majority Data.
iii. Claim follow-up: Management of expectation and/or actual Claim; Accident report; Evidence of losses / damages suffered, Evidence of amounts claimed, Video surveillance.
iv. Corporate Risks: Claims Service; Claim Expectation; Finding of Damages; Check the amounts claimed;
b. To handle requests:
RCG Herco also processes your Personal Data to comply with contractual clauses, when necessary, prior and express consent must be requested, to meet the established legal requirements, for the following processes: Commercial Prospecting / Market study; User management of websites or social networks; Management of Health, Life and Dental Insurance invoices; Registration Change Health, Life and Dental Insurance; Apportionment of Monthly Health and Dental Insurance (Pre and Post Payment); Apportionment of Health and Dental Insurance Co-participation; Personal Health Declaration – DPS; Letter of Travel Insurance and Life Insurance; Medical Reimbursement Management, therapies, among other health/dental coverage; Statement of income tax to the insured; Movement of Insurance for invoice verification; Life insurance membership proposal; Life Insurance Sinister; Directing information to retired policyholders (slips/statements); Invoice extension due to customer inconsistency.
c. In order to comply with legal and regulatory obligations, RCG Herco is subject to:
i. In the exercise of its activity, RCG Herco is subject to certain legal and regulatory obligations, the fulfillment of which implies the need to process Personal Data, such as controls of events carried out on behalf of Politically Exposed Persons, to Prevent and Combat Money Laundering Money and Financing of Terrorism.
ii. For computerized systems, it is necessary to carry out: Access Control to Installations; Geolocation; Access controls and analytical actions.
iii. To comply with labor laws; Contract Management; Leave Management; Benefits Management, including but not limited to medical/dental expense reimbursements.
iv. For assistance in judicial, extrajudicial or arbitration proceedings in which the customer is sued.
v. Requests from public, regulatory and supervisory bodies of Municipal, State and/or Federal origin.
d. To ensure the best service to your customers:To ensure the best customer service and to comply with applicable legislation, RCG Herco will carry out: Analysis of Commercial Information; Internal Electronic Communication Management; Tax Information File; Portfolio and Claims Analysis; Market studies.
e. Data processing when subcontracted
In the event that RCG Herco acts as a subcontractor, that is, the Personal Data are the initial responsibility of other entities, the data received will be treated only for these purposes and in accordance with the instructions transmitted to it in the treatment contract.
f. Processing of personal data and potential recipients of personal data.
In order for RCG Herco to be able to fulfill all its duties and provide the best service possible, it may communicate or give access to its customers’ Personal Data to other entities.
RCG Herco will only communicate or give access to Personal Data to the following entities:
- Service providers contracted by RCG Herco.
- Companies with which insurance or reinsurance contracts have been concluded; and
- Public authorities, such as Tax Authorities or Judicial Courts.
RCG Herco will only communicate Personal Data that is essential for the provision of contracted services or for the fulfillment of legal obligations to which it is subject.
In some cases, RCG Herco may carry out international transfers of your Personal Data. In this case, RCG Herco will ensure that the country or international organization receiving the Personal Data provides the same adequate degree of protection as that provided for in the LGPD, and that these data transfers are carried out in strict compliance with the provisions of the general data protection law (Law nº 13.709, of August 14, 2018), and that adequate guarantees are implemented to ensure the protection of customer data.
6. Period of processing of personal data
RCG Herco will deal with the necessary personal data of customers during the period of provision of services and will keep some information for compliance with specific and applicable laws.
The retention periods of the Personal Data of customers and other Holders of Personal Data and Sensitive Personal Data will comply with the following deadlines:
Finality | Data type |
Execution of a contract or to carry out preliminary procedures at your request. | Policyholder data for Insurance; Beneficiary Data; Dependent Data; Data from users of websites and social networks; Geolocation; Data and information about the claim, including images; Billing data. |
To fulfill customers’ requests. | Medical/hospital reimbursement applicant data Health Insurance; Claim adjustment for reimbursement/indemnity purposes; Data from Holders of Personal Data and Sensitive Personal Data regarding their insured assets; Data for Dental Insurance; Beneficiary data; Dependent Data; Third Party Data; Health Data; Call recording, Contractual Data of Customers/Suppliers/Partners; Supplier Risk Data; Claims Service: Business Risks – Fleet / Business / Transport Claims; Claims Service: Business Liability Risks and Claims Service: Business Risks – Life Claims. |
Compliance with legal and regulatory obligations to which RCG Herco is subject. | Employee Data; Dependent Data; Employee health data; Unionization data; Geolocation Data; Data from Labor Complaints. |
To ensure the best service delivery. | Employee Data; Customer Data, Service Provider Data; Homeland Security Images, Electronic Communication Properties; Biometric Data. |
Data processing when subcontracted. | Policyholder data for Insurance; Beneficiary Data; Dependent Data; Data from users of websites and social networks; Geolocation; Data and information about the claim, including images. |
Conservation period | |
To ensure compliance with all applicable laws, the retention period will be: Civil Code – 10 years after termination of the contractual relationship Tax Law – 2 years from the termination of the contract; 5 years from launch, for tax and social security information sent to the Tax Authorities; or 10 years after the end of the contractual relationship Insurance of Goods – 10 years, counting from the end of the term of the contract; Personal Insurance – 20 years, counting from the end of the term of the contract. Corporate documents and acts: 5 years from the expiration of the power of attorney or the dissolution of the company. For other situations not previously specified above, such as prospecting for new customers, for example, the documents will be kept for a period of 5 (five) years. |
7. Automated individual decisions
RCG Herco does not adopt automated individual decisions, that is, decisions taken exclusively based on automated processing (without human intervention) of the Personal Data of customers or other Holders of Personal Data and Sensitive Personal Data, which produce effects in its legal sphere or the significantly affect in a similar way. In the event that RCG Herco adopts said decisions, RCG Herco will provide, whenever requested, clear and adequate information regarding the criteria and procedures used for the automated decision, observing the commercial and industrial secrets of RCG Herco itself and of the 3rd. In this case, Data Holders will be entitled to request the review of decisions taken solely on the basis of automated processing of Personal Data that affect their interests.
8. Rights of the holders of personal data
The Holder of Personal Data and Sensitive Personal Data has the right to obtain from RCG Herco, in relation to their respective Personal Data processed by RCG Herco, at any time:
a) confirmation of the existence of treatment;
b) access to data;
c) correction of incomplete, inaccurate or outdated data;
d) anonymization, blocking or deletion of data that is unnecessary, excessive or treated in violation of the provisions of the General Law for the Protection of Personal Data (Law No. 13,709, of August 14, 2018);
e) portability of data to another service or product provider, upon express request and observing commercial and industrial secrets, in accordance with and subject to future regulations of the National Data Protection Authority;
f) deletion of Personal Data that are processed based on the consent of the Holder of Personal or Sensitive Data, except in the cases provided for in art. 16 of the General Data Protection Law (Law nº 13.709, of August 14, 2018) and when the treatment is necessary for the fulfillment of a legal or regulatory obligation by RCG Herco, exclusive use by RCG Herco in anonymized form or based on other treatment hypotheses provided for in item 6 (Reasons for processing Personal Data and in which situations) other than consent;
g) information from public and private entities with which RCG Herco shared data;
h) information on the possibility of not providing consent (in the cases where this is necessary) and on the consequences of the refusal;
i) revocation of consent;
j) holder may object to treatment carried out based on one of the hypotheses of waiver of consent, in case of non-compliance with the provisions of this Policy.
The Holder of Personal Data and Sensitive Personal Data also has the right to file a petition in relation to his Personal Data against RCG Herco before the National Authority for the Protection of Personal Data or consumer defense organizations if he considers that the Data Processing Personal Data and Sensitive Personal Data has been done in violation of this Privacy Policy or applicable law.
Means of requests from the holder of personal data
Holders of Personal Data and Sensitive Personal Data may exercise their rights through the following channels made available by RCG Herco:
Person in charge of processing personal data (DPO) – Mauro Vitiello
– Contact Us Form.
– Letter: you can exercise your rights by letter, addressed to RCG Herco and sent to Avenida Dra. Ruth Cardoso, 8501 – 29º andar – Pinheiros, São Paulo – SP, CEP 05425-070 – A/C. Mauro Vitiello.
9. Indirect receipt of personal data
RCG Herco may receive Personal Data and Sensitive Personal Data through third parties or an intermediary company, for the purpose of providing services described in item 5 of this Privacy Policy, in which case the same treatment of the information will be given, as if received of the Holder of Personal Data and Sensitive Personal Data, thus applying all items provided for in this Privacy Policy.
10. Personal data security protection (security measures, techniques and organizations)
In order to guarantee the protection of the security of the Personal Data and Sensitive Personal Data made available to it, RCG Herco has adopted several security measures, technical and organizational, technologically and commercially acceptable, in order to protect the Personal Data and Sensitive Personal Data against destruction , the loss, alteration, disclosure or unauthorized access to Personal Data and Sensitive Personal Data and against any other form of inappropriate or unlawful treatment.
11. International Transfer of Personal Data
The services provided by RCG Herco require the support of a technological infrastructure that may be established outside of Brazil, such as servers and cloud services (cloud), usually in the United States or Europe, which may be owned or provided by third parties.
If any country that receives the Personal Data and Sensitive Personal Data transferred by RCG Herco does not offer adequate levels of protection for Personal Data, RCG Herco will adopt measures to protect your Personal Data and Sensitive Personal Data, through contractual clauses that impose the same protection measures described in this Privacy Policy.
In addition, RCG Herco is part of a group operating in Europe and also has commercial partners and suppliers that may process Personal Data and Sensitive Personal Data in other countries to meet the purposes set forth in this instrument.
12. Update on the protection of personal data and on the treatment given by RCG Herco
The information contained in this document may undergo changes or adaptations, for due compliance with the law. Therefore, we advise you to always consult the latest version of this document, to stay up to date on your rights and treatment given to the information provided to RCG Herco.
When browsing the site or using RCG Herco applications, carefully read the cookies policy.
13. Responsible for the protection of personal data
If you have any questions, you can contact us using the Contact Us form.
15. Applicable Law and Jurisdiction
This Privacy Policy is governed by Brazilian law and the Central Forum of the Comarca of the Capital of São Paulo – SP is elected, with express waiver of any other forum, however privileged it may be, to resolve disputes that may arise from its terms.
16. Glossary
The terms used in this Policy will have the meanings given below, unless the context otherwise indicates, whether they are used in the plural or singular and in the masculine or feminine:
Collaborator | One who collaborates for the good functioning of RCG Herco, which includes all employees, consultants, among others. |
Consent | A free, specific, informed and explicit expression of will, by which the holder of the personal data accepts, by means of an unequivocal positive statement or act, that the personal data concerning him/her are subject to treatment. |
Personal data | Any information relating to an identified or identifiable natural person. The LGPD considers as personal data those used to form the behavioral profile of a certain natural person, if it can be identified. |
Sensitive Personal Data | Personal data about racial or ethnic origin, religious conviction, political opinion, union affiliation or organization of a religious, philosophical or political nature, data referring to health or sex life, genetic or biometric data, when linked to a natural person. |
Availability | Possibility for a person or a system, duly authorized and upon request, to access personal data when necessary. |
Finality | Carrying out the treatment for legitimate, specific, explicit and informed purposes to the data subject, without the possibility of subsequent treatment in a way that is incompatible with those purposes. |
Contact information | Data requested for identification purposes in the selection and training process: Full name, address, telephone, date of birth, nationality, place of birth, gender, marital status, e-mail, number of identification documents (RG, CPF, CNH, Passport and / or voter registration. |
Contact information | E-mail address and telephone number to contact you about the progress of the selection process and the creation of a proposal, as the case may be. |
Academic information | Information requested to assess compliance with the job requirements. |
Security | Use of technical and administrative measures able to protect personal data from unauthorized access and accidental or unlawful situations of destruction, loss, alteration, communication or dissemination. |
Data Subject | Natural person to whom the Personal Data and Sensitive Personal Data that are subject to Processing refer. |
International data transfer | Transfer of personal data to a foreign country or international organization of which the country is a member. |
Treatment | Any operation carried out with personal data; such as those referring to: access – possibility of communicating with a device, storage medium, network unit, memory, registry, file, etc., in order to receive, supply, or eliminate data. storage – action or result of maintaining or conserving data in a repository. archiving – act or effect of keeping data registered although it has already lost its validity or expired. data with a specific purpose.communication – transmitting information pertinent to data action policies.control – action or power to regulate, determine or monitor actions on data.diffusion – act or effect of disclosure, propagation, multiplication of data.distribution – act or effect of disposing of data according to some established criteria.elimination – act or effect of deleting or destroying data from the repository.extraction – act of copying or removing data from the repository in which it was found.modification – act or effect of alteration of data.processing – act or effect of processing data.production – creation of goods and services from data processing.reception – act of receiving data at the end of transmission.reproduction – copy of pre-existing data obtained through any process.transfer – change of data from one storage area to another, or to a third party.transmission – movement of data between two points by means of electrical, electronic, telegraphic, telephone, radioelectric, pneumatic devices, etc.use – act or effect of data utilization. |
Shared use of data | Communication, dissemination, international transfer, interconnection of personal data or shared treatment of personal databases by public bodies and entities in compliance with their legal competences, or between these and private entities, reciprocally, with specific authorization, for one or more modalities of treatment permitted by these public entities, or between private entities. |