Privacy Policy

The privacy and protection of personal data are of paramount importance to Horizon Servitas and are effectively practiced across all our business processes, by all employees, and in our relationships with clients, suppliers, third parties, service providers, and business partners.

For this purpose, we have developed this Privacy Policy to inform data subjects about how we process and protect personal data and how we ensure rights related to privacy and data protection.

In addition to this Privacy Policy, Horizon Servitas maintains an internal Information Security and Data Protection Governance Program, which includes the continuous development and maintenance of an Information Security Policy and a Data Protection Policy.

Who We Are

We are Horizon Servitas, registered under CNPJ numbers 29.234.610/0001-31 and 83.618.009/0001-98, a service company specialized in Claims Adjustment and Expert Assessments for Insurance Companies, with over 45 years of market experience and headquarters located in Blumenau, State of Santa Catarina, Brazil.

We do not represent or hold any other companies or corporate registrations within our corporate group.

General Information and Principles

This Privacy Policy complies with the privacy and data protection requirements established by Brazilian Law No. 13,709 of August 14, 2018 (Brazilian General Data Protection Law – LGPD).

The concepts, terms, and definitions applied herein are those set forth in Article 5 of the LGPD.

Horizon Servitas observes the following principles in its Privacy Policy and internal governance program:

  1. Purpose: Personal data processing shall occur only after a clear purpose has been defined, duly recorded, and supported by a lawful basis.
  2. Adequacy: Processing shall be compatible with the defined purpose.
  3. Necessity: Data collection shall be limited to the minimum necessary to achieve the intended purpose.
  4. Free Access: Data subjects shall have access to information regarding the processing and security of their personal data.
  5. Data Quality: Data shall be accurate, relevant, and up to date.
  6. Transparency: Clear and precise information shall be provided regarding data processing activities.
  7. Security: Technical and administrative measures shall be continuously implemented and improved.
  8. Prevention: Measures shall aim to prevent data security incidents.
  9. Non-Discrimination: Data shall not be used for discriminatory, unlawful, or abusive purposes.
  10. Accountability: Effective controls and mechanisms shall demonstrate compliance with data protection measures.

What Are Personal Data

The LGPD applies to information related to an identified or identifiable natural person and does not apply to legal entities.
Personal data include, but are not limited to, names, identification numbers, and contact information.
For the purposes of this Policy, personal data refers to all data used in insured individuals’ processes.

Purposes and Legal Bases for Processing Personal Data

Horizon Servitas processes personal data only after defining a specific purpose and lawful basis.

All processing activities are documented in our Record of Processing Activities (RoPA), including data categories, systems used, international transfers, and data sharing.

Personal data are processed, among others, for:

1. Contractual and operational activities
2. Consent-based activities
3. Legitimate interest
4. Legal and regulatory compliance
5. Credit protection
6. Exercise of legal rights
7. Public policy requirements
8. Research activities
9. Protection of life and health
10. Fraud prevention and data subject security

Data Collection

Personal data are collected exclusively through corporate systems and official channels approved by the Data Protection Officer.
No personal data are collected through personal communication tools.
Only data strictly necessary for the defined purpose are collected.

Data Storage and Access

Personal data are stored and accessed solely through approved corporate resources, protected by technical and administrative information security controls.
Data are retained only for the period necessary to fulfill their purpose and lawful basis and may thereafter be anonymized, deleted, or retained under a new lawful basis.

International Data Transfers

Horizon Servitas operates in Brazil. However, clients such as insurers and reinsurers may be headquartered abroad and may transfer reports containing personal data under their sole responsibility. Horizon Servitas does not control such transfers.

Data Sharing

Personal data may be shared with other controllers or processors only for specific purposes and lawful bases, under formal agreements, and through secure channels.

Data Retention and Deletion

Personal data are retained only as long as necessary and may be:

  1. Anonymized
  2. Retained for another lawful purpose
  3. Deleted irreversibly

Cookies and Digital Tracking

Horizon Servitas websites and systems may use essential and optional cookies. Optional cookies require consent and are used solely for statistical and experience improvement purposes. No personal data are collected through cookies.

Information Security Management

Horizon Servitas maintains an Information Security Management System based on ISO/IEC 27001 and a Privacy Information Management System based on ISO/IEC 27701, supported by internal policies and continuous improvement practices.

Data Subject Rights

Data subjects may exercise rights including access, correction, anonymization, deletion, portability, consent withdrawal, and review of automated decisions.

Requests should be directed to the Data Protection Officer.

Cookies and Digital Tracking

Horizon Servitas websites and systems may use essential and optional cookies. Optional cookies require consent and are used solely for statistical and experience improvement purposes. No personal data are collected through cookies.

Information Security Management

Horizon Servitas maintains an Information Security Management System based on ISO/IEC 27001 and a Privacy Information Management System based on ISO/IEC 27701, supported by internal policies and continuous improvement practices.

Data Subject Rights

Data subjects may exercise rights including access, correction, anonymization, deletion, portability, consent withdrawal, and review of automated decisions.

Requests should be directed to the Data Protection Officer.

Data Protection Officer

The Data Protection Officer (DPO) of Horizon Servitas is Mr. Laureano Dalla Costa. Contact: laureano@horizonsts.com.br

Policy Updates

This Privacy Policy may be updated at any time. The current version is 7.0, published on November 24, 2025.

Applicable Law and Jurisdiction

This Policy is governed exclusively by Brazilian law. The courts of the company’s headquarters shall have exclusive jurisdiction.

Talk to us!