The new General Regulation on Personal Data Protection (RGPD) – Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, in force from 25 May 2018, with direct application to all legal or natural, public or private entities that process personal data of individuals in all EU countries, repeals the current Data Protection Act, and defines new rules ensuring and strengthening the protection, processing and free movement of personal data, in order to avoid serious situations of violation of such data.
Clinica Cerejeira & Leão, complying with the new General Regulation on Personal Data Protection (RGPD) and defending its security, adopted new common principles and rules that are part of the document Company Privacy Policy, which we transcribe below:
COMPANY PRIVACY POLICY
This document aims to establish and make known the rules and mechanisms to guarantee the privacy of all personal data received and stored by the company within the scope of its commercial and labor activities, namely to inform you about which categories of personal data we collect, the purpose and legal basis of data processing, with whom we share the data, the data maintenance period, the rights you have and how you can exercise them, and the obligations in case of data violation.
The Privacy Policy of the company is shared through all available communication media and applies to all information collected through the company’s website, Social Networks (Facebook, LinkedIn), as well as, information that you share or have shared with us personally, in meetings, interviews, by phone, SMS, email, letter or other means of correspondence. The processing of personal data will be carried out by the company.
If you wish to obtain additional information or clarify any questions about our Privacy Policy and Treatment of Personal Data, you may address your questions by letter or e-mail:
Clinica Cerejeira & Leão
A/C Data Protection Officer/Privacy Policy
Rua de Camões, Nº 115 – R/C
4000-144 Porto | Portugal
E-mail: [email protected]
What is personal data and what personal data we collect and use
Personal data is any information that can identify a natural person.
We collect and use personal data in the scope of the commercial activities that the company carries out, as well as in the labor relations (in the case of our employees) that are established. There are several types of personal data that we use, including:
Identification data(for example: name, identification numbers, nationality, date and place of birth);
Contact data (e.g. address, telephone, e-mail address);
Family status(e.g.: No. of children, tax status);
Education(level of education);
Bank and financial data (IBAN, NIB, credit limits);
We do not collect sensitive data – biometric data, genetic data, health data, racial or ethical data, data concerning life or sexual orientation, political opinions, religious or philosophical beliefs, with the exception of union membership (applicable only to employees due to compliance with legal obligations).
Indirect collection of other data
We may indirectly have access to personal data of:
Family members;
Legal representatives or proxies;
Members of the company;
Employees of our customers, suppliers, service providers and partners
All these data will be treated with the same security and privacy.
What is the foundation and the purposes
Foundation
Consent
Based on the prior consent of the holder of the personal data, which must be free, informed and unambiguous;
Legitimate Interest
When the processing of the data corresponds to a legitimate interest on the part of the company with a view to developing our activity and the provision of our services, as well as its labor relations;
Compliance with all legal, regulatory and judicial obligations
When the processing of personal data is necessary to comply with all legal, regulatory and judicial obligations to which the company is subject.
Pre-contractual procedures, execution and management of contracts
To request your consent for specific processing outside this scope
Purposes
The use of personal data is necessary in particular for
Customer/supplier management and follow-up;
Marketing activities, such as: presentation of products / services, sending “News Letters”, campaigns and promotional activities, satisfaction surveys, market research, analysis of profiles.
Fulfillment of all legal, regulatory or judicial obligations that the company is obligated to in the commercial and labor areas;
Administrative, accounting and financial management;
Training management;
Management of collections and litigation;
Claims management;
Access control to facilities;
Recruitment processes;
Internship processes;
- With whom we share personal dataIn order to fulfill the purposes described above it may be necessary to share your data with
Official, Regulatory, Judicial and Police Entities
To comply with all legal obligations, as well as to participate in programs and support.
Service providers and subcontractors
It may be necessary to share personal data with third parties within the scope of the activity and in function of each objective, such as, for example, insurance companies, health and safety services companies, travel agencies, training companies, technical assistance companies, support to e-commerce activities, hosting of our sites, among others.
Business partners
In these cases we may share your data with these partners to optimize our products and services
Customers and suppliers
Some personal data about employees may be shared with customers and suppliers in order to perform the functions that each employee performs.
These entities, if in the EU, will have the responsibility to comply with the RGPD but the company will take all possible measures to ensure that all entities with whom it shares personal data respect our Privacy Policy and therefore protect the personal data entrusted to them.
What are the retention periods for personal data
The personal data will be kept for an indefinite period of time, that is, until the owner of the data requests its total or partial elimination or withdraws his consent, provided that this request does not conflict with the fulfillment of contractual or legal and regulatory obligations to which the company is obliged.
What are the rights of the personal data subjects?
The holder of personal data, in accordance with the applicable regulations, has the right to information, access, rectification, elimination, limitation, objection and portability of data, as well as to challenge automated decisions and to withdraw their consent.
Right to information, access, and rectification
The holder of the data may, at any time, access the data provided, request their rectification, as well as obtain information regarding their treatment, and we undertake to follow up on this within a maximum period of 30 days.
Right to erasure
The right to erasure is also recognized, and personal data will be deleted within the period mentioned above, from the date of the request, provided that there are no valid legal grounds for its retention.
Right to limitation and objection
You may request limitation as well as objection to the processing of personal data notably when the data are processed for direct marketing purposes.
Portability of personal data
You have the right to request the company, where legally permissible, to transfer your personal data to another organization, unless such a transfer would involve substantial resources and expense.
Automatic decisions
Where applicable the data subject has the right to object to automated decisions such as profiling, by requesting human intervention by the Data Controller.
Withdrawing your consent
The data subject may withdraw his or her consent to the extent legally permissible. This does not affect the legality of the processing carried out until that date.
If the holder wishes to exercise the above rights, he may do so by registered letter or e-mail to the contacts shown below, being essential, to ensure security and confidentiality in the process, the proof of identity of the holder.
Clinica Cerejeira & Leão
A/C Data Protection Officer/Privacy Policy
Rua de Camões, Nº 115 – R/C
4000-144 Porto | Portugal
E-mail: [email protected]Please note that if there are legal rules or imperatives that override these rights the company will respond on the impossibility and grounds for not being able to comply with the request within 30 days.
The data subject may complain to the National Commission for Data Protection – CNPD (www.cnpd.pt).
The company appreciating the trust that the data subject places in us by giving his consent, has adopted the technical, physical and organizational measures appropriate to the RGPD ensuring that personal data are adequately protected against unauthorized or unlawful use, alteration, unauthorized access or disclosure, accidental or intentional destruction and loss.
The Privacy Policy of the company applies to its employees, to entrepreneurs in individual name and will be extended also to legal persons where it is concerned the processing of personal data of managers, legal representatives and / or their employees.
The company reserves the right to change its Privacy Policy due to legislative changes or by force of its activity.