Privacy Policy and Data Protection

Howden Brasil considers the electronic registers and personal data left by you (“Data subject”) in the use of the different websites and services (“Services”) of HOWDEN BRASIL to be extremely relevant, with this Privacy Notice serving to regulate, in a simple way , transparent and objective, what personal data will be collected, as well as when and how they can be used.

This document applies to Services related to any of the brands and activities of HOWDEN BRASIL, understanding as such all those listed on the official website of HOWDEN BRASIL, at and, encompassing all its products.

In addition, this document is aimed at HOWDEN BRASIL customers and the public, and it basically encompasses the ways in which we process personal data from those individuals. If you are an employee, collaborator, or supplier of HOWDEN BRASIL, or if you are participating in any project or specific activity with HOWDEN BRASIL, you must look for the respective privacy notice issued by HOWDEN BRASIL, or the person responsible for your hiring at HOWDEN BRASIL, to provide you with the applicable terms and inform you about your rights in relation to your personal data.

In case of additional questions or requests, please contact our Data Protection Officer at the e-mail address: [email protected]

To better illustrate how we process data, we present a summary of our Privacy and Personal Data Protection Policy (“Policy”): 

Processing agent



Role in processing

Predominantly controller

Nature of data processed

Personal data provided by the Data Subject and/or collected automatically. 

Main purposes of processing

HOWDEN BRASIL uses personal data, above all, for insurance quotes, whether health or car, among others, as well as, within the scope of the contractual relationship, to facilitate the administrative and financial transactions of the contracted products. In addition, we use personal data to comply with legal or regulatory obligations imposed by regulatory bodies such as SUSEP. If the relationship is intermediated by a policyholder (employer) we may have access to personal data from the use of health plans - which is allowed by Resolution 389 of the ANS - to carry out occupational health management. 


Howden Brasil in the exercise of its activities may receive and transfer data with Health Plan Operators, Insurers, risk management and occupational health management companies 

Data Protection

Appropriate security, technical and administrative measures to ensure the security of personal data, such as a personal data governance system.

Your rights

Confirmation of the existence of processing, access, correction, etc. 

This Policy may be updated at any time by HOWDEN BRASIL, by means of a notice on the website and/or by email, if the Data subject has chosen to receive communications from HOWDEN BRASIL.

I. Definitions

If you have any questions about the terms used in this policy, we suggest consulting the table below:



Personal data

Any information relating to a natural person, directly or indirectly, identified, or identifiable

Sensitive personal data

Special category of personal data concerning racial or ethnic origin, religious belief, political opinion, membership of a trade union or of a religious, philosophical, or political organization, concerning health or sex life, genetic or biometric data concerning a natural person

Data subject

natural person to whom the personal data refer, such as former, present, or potential customers, employees, contractors, business partners and third parties



all operations carried out with personal data, such as those referring to: the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, diffusion, or extraction


process through which the data loses the possibility of direct or indirect association with an individual, considering the reasonable technical means available at the time of processing

II. What Data We Use

HOWDEN BRASIL may collect the information actively entered by the Data subject at the time of contact or registration, and also information collected automatically when using the Services provided directly by the Data subject or by an intermediary company that has authorization to transfer the data, as in the case of policyholder (Employer).

The Data subject will be able to access, update and complement his data, as well as may request the deletion of his data collected by HOWDEN BRASIL, by contacting the Data Protection Officer through the e-mail address: [email protected]. We will make an effort to answer you in the shortest possible time, respecting the retention periods established by law.

III. How We Use Data

The personal data processed by HOWDEN BRASIL have as their predominant purpose the establishment of a contractual bond or the management, administration, provision, expansion, and improvement of the Services to the Data subject, adapting them to their preferences and tastes, as well as the creation of new services and products to be offered to Data subjects.

HOWDEN BRASIL may centralize the personal data collected, which may be used in other HOWDEN BRASIL Services, respecting the purposes set forth herein and the consent of the Data subject, whenever required by law.

HOWDEN BRASIL, in some cases, may also process personal data when necessary to comply with a legal or regulatory obligation imposed by SUSEP, such as that provided for in Circular 445, which imposes controls to combat money laundering, which requires the processing of personal data , among other regulations.

In addition, HOWDEN BRASIL may also process personal data based on its legitimate interest (or the legitimate interest of another company in the group) for purposes of supporting and promoting the company's activity such as marketing campaigns or to carry out the heart process of any product or service, always within the limit of what is expected by the Data subject, and never to the detriment of their interests, rights and fundamental freedoms.

IV. Who We Will Transfer Data to

HOWDEN BRASIL works in partnership with several Companies in Brazil, in this way, it may transfer the information collected through the pages or through contact with the Data subjects, in the following cases:

i. to partner companies and suppliers, in the development of contracted Services, especially with Health Plan Operators and Insurance Companies, depending on the contracted product, with occupational health management companies, with pharmacies, among other companies providing benefits;

ii. to authorities, government entities or other third parties, for the protection of HOWDEN BRASIL interests in any type of conflict, including lawsuits and administrative proceedings;

iii. In the case of transactions and corporate changes involving HOWDEN BRASIL, in which case the transfer of information will be necessary for the continuity of services; or,

v. By court order or at the request of administrative authorities that have legal competence for its request.
Additionally, it is possible that some of the transfers indicated above occur outside Brazil, at which time HOWDEN BRASIL undertakes to do so only to countries that provide a degree of protection of personal data adequate to the provisions of the applicable law; or through the use of guarantees and safeguards such as specific clauses, standard clauses, global corporate standards, among others; as well as upon the specific consent of the Data subject or the observance of the other hypotheses authorized by law.
V. How We Keep Data Secure Security

HOWDEN BRASIL uses reasonable market means and legally required to preserve the privacy of the personal data it collects. Therefore, it adopts several precautions, such as:

1.HOWDEN BRASIL uses standard and market methods to encrypt and anonymize the collected data;
2. HOWDEN BRASIL has protection against unauthorized access to its systems;
3. HOWDEN BRASIL only authorizes previously established persons to access the location where the collected information is stored;
4. Those who come into contact with personal data must undertake to maintain absolute secrecy. Breach of secrecy will entail civil liability and the person responsible will be held accountable under Brazilian law; 
5. Maintenance of the inventory indicating time, duration, identity of the employee or person responsible for access and the object file, based on connection and application access records, as determined in Article 13 of Decree No. 8771/2016.

In addition to technical efforts, HOWDEN BRASIL also adopts institutional measures aimed at protecting personal data, so that it maintains a privacy governance program applied to its activities and governance structure, constantly updated.

Although HOWDEN BRASIL adopts the best efforts in the sense of preserving the privacy and protecting the data of the Data subjects, no transmission of information is totally secure, so that and HOWDEN BRASIL cannot fully guarantee that all the information it receives or sends will not be target of unauthorized access perpetrated through methods developed to improperly obtain information. For this reason, we encourage Owners to take appropriate measures to protect themselves, such as, for example, keeping confidential all Owner names and passwords, being certain that such information is personal, non-transferable, and the Owners' exclusive responsibility.

VI. Retention of Collected Information

In order to protect the privacy of the Data subjects, the personal data processed by HOWDEN BRASIL will be automatically deleted when they are no longer useful for the purposes for which they were collected, or when the Data subject requests its deletion, except if its maintenance is expressly authorized by law or applicable regulation.

However, the information may be kept for compliance with legal or regulatory obligations, transfer to a third party – provided that the data processing requirements are respected – and exclusive use of HOWDEN BRASIL, including for the exercise of its rights in judicial or administrative proceedings.

VII. Your rights

In compliance with the applicable regulations, with regard to the processing of personal data, HOWDEN BRASIL respects and guarantees the Data subject the possibility of submitting requests based on the following rights:

    i. confirmation of the existence of processing;
    ii. access to data;
    iii. the correction of incomplete, inaccurate, or outdated data;
    iv. the anonymization, blocking or deletion of unnecessary, excessive, or non-compliant data;
    v. the portability of your data to another service or product provider, upon express request by the Data subject;
    vi. the deletion of data processed with the consent of the Data subject;
    vii. obtaining information about the public or private entities with which HOWDEN BRASIL transfer your data;
    viii. information about the possibility of not giving your consent, as well as being informed about the consequences, in case of refusal;
    ix. the revocation of consent.

Part of these rights may be exercised directly by the Data subject, from the management of information on his account, while another part will depend on sending a request to our Data Protection Officer through the e-mail address: [email protected] , for further evaluation and adoption of other measures by HOWDEN BRASIL.

The Data subject is aware that the exclusion of essential information for managing his account with HOWDEN BRASIL will result in the termination of his registration, with consequent cancellation of the services then provided.

HOWDEN BRASIL will make every effort to respond to such requests in the shortest possible time, however, justifiable factors, such as the complexity of the requested action, may delay or prevent its rapid response.

Finally, the Data subject must be aware that his request may be legally rejected, either for formal reasons (such as his inability to prove his identity) or legal (such as the request for deletion of data whose maintenance is the free exercise of rights by HOWDEN BRASIL.

VIII. Legislation and Jurisdiction

This Policy will be governed, interpreted, and executed in accordance with the Laws of the Federative Republic of Brazil, especially Law No. 13.709/2018, regardless of the Laws of other states or countries, the Data subject's domicile being competent to resolve any doubts arising from this document.

Updated on August 2nd, 2023