Privacy Portal

Our compromise

Your privacy is important to us at RPH Group. In this way, we are committed to treating your information and personal data with complete security and transparency.

It is our duty to keep your data safe and ensure their confidentiality and integrity while they are with us, affirming our group’s commitment to security and transparency in the processing of personal data, as provided for in the General Law for the Protection of Personal Data.


Access our Privacy Statement

The Privacy Notice is directed to RPH GROUP customers and other holders whose data is processed in our units, digital channels or by other companies of the group and its branches. This aims to present the main information about the processing of personal data carried out by RPH GROUP, such as: collection, processing and storage.


Rights of Holders

At RPH we take your privacy seriously and that is why we have established contact channels so that you can exercise your rights guaranteed by the LGPD.

the existence of data processing
access to your personal data
Incorrect or outdated personal data
data deemed unnecessary or excessive
your data to other providers
your personal data*When there is no other law limiting the action.Some laws and regulations in force may prevent the immediate deletion of your data, requiring compliance with the retention established by them. Consult us to find out more.
whether your data is shared with other organizations or third parties
your personal data when possible
the consent given
with the National Data Protection Authority if you identify that a treatment is illegitimate

GSH makes an exclusive channel available to all its holders, where you can obtain information and make requests regarding your data and the way in which they are treated, just access the link below:


Data Protection Officer

Faced with the need to appoint a Person in Charge for the processing of personal data (Art. 41 of Law No. 13,709 – General Law for the Protection of Personal Data). The Person in Charge for the Processing of Personal Data is responsible for ensuring compliance with the LGPD in the environment of RPH and its subsidiaries, ensuring that the processing of personal data is always carried out properly and will be the communication channel between the Controller, the Holders of Data and the National Data Protection Authority – ANPD.

Whenever you need to ask questions, make suggestions or file complaints, please contact our Supervisor, via email:


  • What is LGPD?

The General Law for the Protection of Personal Data (LGPD) or Law nº 13.709/2018, created rules for the protection of personal data of Brazilians, in digital and physical means, with the aim of guaranteeing the fundamental rights of freedom and privacy of the data subjects. .

It also establishes hypotheses for the processing of personal data to be considered legitimate.

  • What are personal data?

This is information that can directly or indirectly identify you, such as name, CPF, email, telephone, IP number, website browsing history, geolocation, among other information that can identify you.

  • What is the processing of personal data?

The nomenclature “processing of personal data” is defined for all actions that can be performed with information, such as: collecting, accessing, updating, storing, archiving, reproducing, evaluating, classifying, extracting, communicating, sharing, transferring, eliminating , between others.

  • Who is the data subject?

The holder is you, owner of your own personal information. The LGPD brought power to citizens to control their data, strengthening the exercise of freedom of expression, access to information and rights to privacy, honor and image.

  • Who are the treatment agents?

These are natural or legal persons (companies) that collect, use, share or perform any other activity with personal data for economic purposes. They must behave as guardians of personal data in their environments and, therefore, have a duty to carry out processing activities in accordance with the purposes provided for in the LGPD.

There are two categories of treatment agents:

Controller: is responsible for making decisions about how personal data will be processed, as well as defining its purpose.

Operator: person or company contracted, for commercial purposes, by the Controller to perform some service at his request. He will treat the data following the instructions of the Controller and always in compliance with the Law.

  • Who watches over the protection of personal data in Brazil?

The Law established the National Data Protection Authority, also known by the acronym ANPD, to regulate all data processing activities in Brazil. It has the power to inspect companies and receive denouncements and/or complaints made by holders.