Privacy Policy | Instituto Priorit

1. Data Controller

Instituto Priorit, based at Rua Visconde de Pirajá, 572 - Suite 1208 - Ipanema - ZIP 22410-002 - Rio de Janeiro - RJ, Brazil, is the data controller responsible for the personal data collected through this website.

General contact: contato@institutopriorit.com.br

2. Data Protection Officer (DPO)

Instituto Priorit has appointed a Data Protection Officer (DPO) who can be contacted regarding any questions related to the processing of your personal data or to exercise your rights.

DPO contact: dpo@institutopriorit.com.br

3. Personal Data Collected

Through the pre-registration form on this website, we collect:

Full name of the patient and legal guardian
Municipality of residence and patient age
Relationship to the patient
Email address and phone number
Therapies and activities of interest (health data — special category)
How you heard about Instituto Priorit

Automatically collected data

IP address and approximate geolocation data
Browser type and operating system
Pages visited and visit duration
Cookies (as per Section 13)

4. Purpose of Processing

The personal data collected is used exclusively for:

Keeping users informed about Instituto Priorit services and masterclasses
Understanding therapeutic needs for appropriate service planning
Ensuring priority in scheduling assessments after the clinic opens
Sending communications related to Instituto Priorit services
Complying with applicable legal obligations

5. Legal Basis for Processing

The processing of your personal data is based on the following legal grounds under the LGPD (Brazilian General Data Protection Law - Lei n. 13.709/2018) and, where applicable, the GDPR (Regulation (EU) 2016/679):

Consent of the data subject (Art. 6(1)(a)) — given when filling out the pre-registration form
Explicit consent for health data (Art. 9(2)(a)) — for information about therapies of interest
Legitimate interest of the controller (Art. 6(1)(f)) — for service improvement and statistical analysis
Compliance with legal obligations (Art. 6(1)(c)) — when applicable

6. Data Sharing with Third Parties

Your personal data may be shared with the following categories of recipients, strictly to the extent necessary for the stated purposes:

Web hosting and technology infrastructure providers (Cloudflare)
Transactional email service providers
Instituto Priorit healthcare professionals involved in service planning
Competent authorities, when required by law

Safeguards applied

All providers are selected based on adequate data protection guarantees
Data processing agreements (DPAs) are concluded under the LGPD and, where applicable, Article 28 of the GDPR
Data is never sold, transferred, or used for third-party commercial purposes

7. International Data Transfers

Instituto Priorit is based in Brazil. Any international transfers of personal data are carried out with the following safeguards:

Standard Contractual Clauses approved by the European Commission (Art. 46(2)(c) GDPR)
Transfer Impact Assessment (TIA)
Supplementary technical and organisational measures to ensure data protection

Transfers to service providers

Cloudflare, Inc. (USA) — under the EU-U.S. Data Privacy Framework
Other providers are assessed on a case-by-case basis regarding data protection guarantees

8. Data Retention

Personal data is retained only for the period strictly necessary to fulfil the purposes for which it was collected:

Pre-registration data: retained during the preparation period and up to 24 months after the opening, unless consent is renewed
Contact data for communications: until the data subject withdraws consent or requests erasure
Data for legal compliance: for the period required by applicable legislation
Consent records: retained for 5 years for evidentiary purposes

After the stated periods

Data is securely and irreversibly deleted
Or anonymised for exclusively statistical purposes

9. Data Subject Rights

Under the LGPD and, where applicable, the GDPR, as a data subject you have the following rights:

Right of access — obtain confirmation and a copy of processed personal data (Art. 15)
Right to rectification — correct inaccurate or incomplete data (Art. 16)
Right to erasure ("right to be forgotten") — request deletion of data (Art. 17)
Right to restriction of processing — restrict processing in certain circumstances (Art. 18)
Right to object — object to processing based on legitimate interest (Art. 21)
Right to data portability — receive data in a structured, machine-readable format (Art. 20)
Right to withdraw consent — at any time, without affecting the lawfulness of prior processing (Art. 7(3))

How to exercise your rights

Send an email to dpo@institutopriorit.com.br with the subject "Exercise of Data Protection Rights"
Include your full name and the right you wish to exercise
We will respond within a maximum of 30 days

Right to lodge a complaint

With the ANPD (Brazilian National Data Protection Authority) — www.gov.br/anpd

10. Automated Decision-Making and Profiling

Instituto Priorit does not use solely automated decision-making processes, including profiling, that produce legal effects on the data subject or similarly significantly affect them.

The selection of therapies and services is always carried out by qualified healthcare professionals based on an individual assessment.

11. Protection of Children's Data

As Instituto Priorit services are directed at children and young people, we treat this matter with special care:

Data of minors is always collected through the legal guardian (parent or tutor)
Consent for processing data of minors is provided by the holder of parental responsibility
Health data of minors is processed with enhanced security measures
Access to data of minors is restricted to strictly necessary professionals
Legal guardians may exercise all rights provided under the LGPD and GDPR on behalf of the minor

Under applicable legislation

LGPD (Art. 14): processing of children and adolescent data must be carried out in their best interest, with specific consent from at least one parent or legal guardian
GDPR (Art. 8): where applicable, consent rules for minors vary by EU member state

12. Data Security

We adopt appropriate technical and organisational measures to ensure the security of personal data, including:

Data encryption in transit (TLS/HTTPS) and at rest
Access controls based on the principle of least privilege
Monitoring and logging of access to personal data
Regular staff training on data protection
Security incident response procedures
Periodic security and vulnerability assessments

In case of a data breach

The ANPD will be notified within a reasonable timeframe, under Article 48 of the LGPD
Affected data subjects will be informed when the breach is likely to result in a high risk to their rights

13. Cookies

This website uses cookies to ensure its proper functioning and to improve the user experience.

You can manage your cookie preferences at any time through the cookie panel available on the website
Disabling non-essential cookies does not affect the basic functionality of the website

Essential cookies

Required for the basic functioning of the website (session, language preferences, cookie consent)
Do not require prior consent
Duration: session or up to 12 months

Analytics cookies

Used to understand how visitors interact with the website
Require prior consent
Duration: up to 24 months

14. Changes to This Policy

Instituto Priorit reserves the right to update this Privacy Policy at any time, particularly to adapt it to legislative or regulatory changes.

In the event of significant changes, users will be informed through the website or by email, if they have provided their email address.

We recommend regularly checking this page to stay informed about our data protection practices.