Privacy notice
Clínica Dossiê is a small, non-commercial editorial project: a verification register of São Paulo plastic & aesthetic surgery, scored on a public, reproducible protocol. The site itself is mostly published data; the only personal data it gathers comes through one form. This page sets out exactly what that form delivers, what becomes of it, and what you can ask about your own data, under Brazil's General Data Protection Law (LGPD, Lei nº 13.709/2018).
Who is responsible
The operator of clinicadossie.com is the controlador (data controller) for anything this page concerns, under the LGPD. To ask a question or exercise your rights, write to hello@clinicadossie.com.
What the form collects
There is one way to reach us, and it is the form. It asks for the minimum —
- Your name, so a reply can address you.
- A contact detail (a messenger or email), so the reply has somewhere to go.
- A message — the practice to check, the entry to correct, or the right-of-reply you wish to file.
No account, no password, no payment details, no hidden profile. To blunt automated abuse, the time of sending is stored next to a salted SHA-256 hash of the originating IP address; the plain IP and any device traits are never kept.
What is refused on purpose
- No tracking cookies. Visits are counted with self-hosted, cookieless analytics served first-party from this domain; nothing follows you between sites.
- No advertising pixels, no remarketing tags, no marketing beacons.
- No automated profiling and no automated decision with a legal effect on you.
- Nothing sold, rented, or passed on.
Basis for processing
Handling your name, contact and message after you submit the form is done to act on your own request, with your consent given by submitting it, under the LGPD. The IP hash that protects the form serves a legitimate security purpose. The identity, CRM-SP registration and RQE specialty-status data of the surgeons shown in the register are drawn from official public-access sources (the CFM portal — CRM-SP and RQE — the public SBCP directory, the CNES facility register and the entity's active CNPJ).
How long it is kept
- Form messages and the thread they begin: kept while the matter is open, then for 24 months as a record, and deleted after. A message that leads nowhere is removed after 12 months.
- IP hashes: kept 90 days, then erased.
Your LGPD rights
You keep the rights the LGPD guarantees — access, correction, anonymisation or deletion, portability, information about with whom data is shared, and withdrawal of consent — over everything you send. One email to hello@clinicadossie.com sets any of them in motion, and you will hear back. You may also turn to the data-protection authority, the ANPD (Autoridade Nacional de Proteção de Dados).
Where it is stored
The site is served over the São Paulo (Cloudflare) network. In the rare case that a further processor (email provider) operates outside Brazil, the transfer relies on contractual clauses and the safeguards that party publishes.
Changes
If the handling of data changes in any way that matters, this page is updated and the "Updated" date above moves with it.