Privacy Policy

Last updated: April 7, 2026

RT Medical Systems Ltda. (“RT Medical,” “we,” “us”) is committed to protecting the privacy and personal data of all users of our products, services, and digital platforms. This Privacy Policy describes how we collect, use, store, share, and protect your personal data in compliance with Brazil’s General Data Protection Law (LGPD — Law No. 13,709/2018) and the European Union’s General Data Protection Regulation (GDPR — Regulation EU 2016/679).

1. Who we are

RT Medical Systems is a Brazilian medical technology company that develops software solutions for diagnostic imaging, radiation therapy, and clinical information management. Our products include PACS, RIS, quality control platforms, and artificial intelligence solutions applied to radiology.

  • Legal entity: RT Medical Systems Ltda.
  • Tax ID (CNPJ): 27.811.939/0001-92
  • ANVISA AFE: 8.19324-1
  • Address: Av. Othon Gama D’Eça, 900, Centro, Florianópolis — SC, 88015-240, Brazil

2. When RT Medical acts as Controller and as Processor

Controller: RT Medical acts as data controller when you visit our website, contact us, subscribe to our communications, attend our events, or use our services directly.

Processor: when our software — such as PACS, RIS, or quality control platforms — processes patient data on behalf of hospitals, clinics, or diagnostic centers, RT Medical acts as a data processor. In these cases, the healthcare institution is the controller and determines the purposes and means of processing patient data.

3. Personal data we collect

3.1 Browsing data

When you visit our website, we automatically collect: IP address, browser type, operating system, pages visited, date and time of access, and referring URL.

3.2 Contact and registration data

When you fill out forms, request demonstrations, or communicate with us: name, email address, phone number, institution name, job title, and area of expertise.

3.3 Client and business partner data

For contract performance and service delivery: company information, billing details, platform access credentials, and technical support records.

3.4 Health data (sensitive data)

Our software may process health data — such as DICOM images, radiology reports, and clinical patient data — exclusively on behalf of and under the instructions of the healthcare institutions that are the controllers of such data. RT Medical does not access, use, or share this data for its own purposes.

4. Purposes of processing

We use your personal data for the following purposes:

  • Providing, operating, and improving our products and services
  • Responding to inquiries and providing technical support
  • Sending communications about product updates, events, and relevant content (with your consent)
  • Complying with legal and regulatory obligations, including ANVISA requirements
  • Ensuring the security of our systems and preventing fraud
  • Generating aggregated and anonymized analyses for continuous improvement of our services

5. Legal bases for processing

The processing of personal data by RT Medical is based on the following legal grounds, pursuant to LGPD (Articles 7 and 11) and GDPR (Articles 6 and 9):

  • Consent (LGPD Art. 7(I) / GDPR Art. 6(1)(a)) — marketing communications and newsletters
  • Performance of a contract (LGPD Art. 7(V) / GDPR Art. 6(1)(b)) — service delivery and technical support
  • Compliance with a legal obligation (LGPD Art. 7(II) / GDPR Art. 6(1)(c)) — ANVISA regulatory requirements and tax obligations
  • Legitimate interests (LGPD Art. 7(IX) / GDPR Art. 6(1)(f)) — information security, fraud prevention, and product improvement
  • Protection of health (LGPD Art. 7(VIII) / GDPR Art. 9(2)(h)) — where applicable to the processing of health data for the benefit of the data subject

6. Data sharing

RT Medical may share your personal data with:

  • Service providers: companies that assist us in operating our systems (hosting, cloud infrastructure, data analytics), always under contractual terms that ensure data protection
  • Business partners: authorized distributors and representatives, to the extent necessary to fulfill your request
  • Public authorities: when required by law, regulation, or court order

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

7. International data transfers

Your personal data may be transferred to other countries when we use cloud infrastructure services. In such cases, we implement appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission and ANPD, and we ensure that the destination country provides an adequate level of data protection or that equivalent contractual safeguards are in place, in accordance with LGPD Article 33 and GDPR Chapter V.

8. Data retention

Your personal data is stored for the period necessary to fulfill the purposes described in this policy, in accordance with applicable legal and regulatory timeframes. After this period, data is securely deleted or anonymized. Data related to tax and regulatory obligations (ANVISA) may be retained for up to 5 years after the end of the contractual relationship.

9. Information security

We implement technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or improper disclosure, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Role-based access control and secure authentication
  • Continuous security monitoring and incident response
  • Regular backups and business continuity plans
  • Staff training in data protection best practices

10. Cookies and similar technologies

Our website uses cookies and similar technologies for the following purposes:

  • Essential cookies: ensure proper website functionality
  • Performance cookies: analyze how visitors use the website (Google Analytics)
  • Marketing cookies: deliver relevant content based on your interests

You can manage your cookie preferences at any time through your browser settings. Disabling non-essential cookies does not affect the core functionality of the website.

11. Your rights

In accordance with the LGPD and GDPR, you have the following rights regarding your personal data:

  • Confirmation of the existence of processing
  • Access to your personal data
  • Correction of incomplete, inaccurate, or outdated data
  • Anonymization, blocking, or deletion of unnecessary or excessive data
  • Data portability to another service provider
  • Deletion of data processed based on consent
  • Information about data sharing with third parties
  • Withdrawal of consent at any time
  • Review of automated decisions that affect your interests
  • Objection to data processing (when based on legitimate interests)

To exercise your rights, please contact us using the email provided in Section 13.

12. Children’s data

Our products and services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that data from a minor has been inadvertently collected, we will promptly delete it.

13. Data Protection Officer (DPO)

For questions about this policy, to exercise your data subject rights, or to report any privacy-related concerns, please contact our Data Protection Officer:

  • Email: dpo@rtmedical.com.br
  • Address: Av. Othon Gama D’Eça, 900, Centro, Florianópolis — SC, 88015-240, Brazil

You also have the right to lodge a complaint with the Brazilian National Data Protection Authority (ANPD) or, for data subjects located in the European Union, with the competent supervisory authority in your country.

14. Changes to this policy

This policy may be updated periodically to reflect changes in our practices, products, or applicable legislation. We recommend that you review this page regularly. The date of the last update is indicated at the beginning of this document.