PRIVACY AND PERSONAL DATA PROTECTION POLICY

The AMADO CLINIC healthcare establishment is committed to complying with the General Data Protection Regulation (GDPR), as well as, in this regard, with the Constitution of the Portuguese Republic (CRP), the Data Protection Act (LPD) and other special legislation on the protection of personal data, ensuring the protection of personal data and strengthening the relationship of trust with the client.

This Privacy and Personal Data Protection Policy is intended to provide information on the data collected and the corresponding purpose and processing carried out.

If you have any questions regarding the processing of your personal data, please contact us at the following address: info@amadoclinic.pt.

By making their personal data available to the AMADO CLINIC healthcare establishment, the data subject authorizes it to be processed in accordance with this Privacy and Personal Data Protection Policy.

Data controller

AAA SERVIÇOS, LDA., NIPC 515543802, with registered office at Avenida Álvares Cabral, n.º 25A, 1250-015 Lisboa, owner of the healthcare establishment AMADO CLINIC.

What is personal data?

Under the terms of the GDPR, personal data is any information relating to an identified or identifiable natural person (data subject).

An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, electronic identifiers (IP address, cookies) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Personal data collected

AMADO CLINIC collects different categories of data:

  • Data that identifies you, such as your name, gender, date of birth, tax identification number, social security number, health user number, citizen card number and its expiration date or image;
  • Communication data, which includes, for example, telephone number, e-mail address and address (town, zip code, country, district, county, parish);
  • Private life data, such as profession and professional situation, family doctor, spouse’s name, father’s name, mother’s name (for example in the case of a minor), data related to health insurance or subsystem;
  • Data on third parties who are authorized to make decisions on your behalf, or who should be contacted in case of urgency;
  • Information about health data and health care you have received or will receive;
  • Payment details.

How your data is collected

  • When you contact us;
  • When you establish a relationship with us in the context of providing a service;
  • When you post comments or images on our social media pages; or When you send us personal information in any way.

Collection purposes and legal bases

The collection of personal data is for the purposes of executing contracts entered into with clients for the provision of health care and services, prevention or preparation of diagnoses and/or provision of health treatments, management of administrative services, namely for scheduling or rescheduling appointments and treatments, invoicing, accounting and auditing, marketing and other commercial communications, quality control, statistical studies, gaining a better understanding of client preferences, as well as for contact purposes.

The collection of your personal data is based on the law, the pre-contractual and contractual relationship, payment management, customer support, compliance with legal obligations, consent of the data subject and legitimate interests. We may also process your data, with your consent, to carry out teleconsultations, publish photographs or videos for the purpose of internal and external dissemination of our activity, for example on social networks, as well as for marketing purposes or sending newsletters.

Personal data relating to your health will only be processed by professionals bound by confidentiality and to the extent necessary.

How long and how well personal data is stored

We process and retain your personal data only for the period necessary to achieve the respective purposes, to respond to your needs, your requests or to comply with legal obligations, varying according to the category of data.

We may also retain some of your personal data to the extent that it is necessary to administer or enforce our rights, in particular through recourse to the courts.

In cases where the client has given their consent to the processing of their personal data, we will retain it in accordance with the consent given or until that consent is revoked.

Who we share your data with

We may use other companies to provide certain services, and we may pass on information and data about data subjects to third parties, such as accounting and IT companies, competent authorities, legal service providers, consultants and others.

We hereby guarantee that, in such situations, these third parties will have limited access to the data subjects’ information, restricted only to what is necessary to carry out the contracted tasks and that they are subject to the same guarantees of confidentiality.

Likewise, we may communicate your personal data when required to do so by law, in the context of legal proceedings or in the context of investigations into suspicious activity.

Security measures

We have developed appropriate technical and organizational mechanisms and measures to maintain the confidentiality and secrecy of your personal information, taking into account that the information collected includes sensitive data under the terms of the GDPR, in order to guarantee a level of security appropriate to the risk and to protect personal data against destruction, loss, alteration, unauthorized disclosure or accidental or illegal access.

To this end, we have implemented various measures such as limited access to clinical files (in physical or digital archives), strong passwords and keeping anti-virus software up to date. Furthermore, any employee of the AMADO CLINIC healthcare establishment who has access to your personal data is subject to the duty of secrecy and confidentiality.

Data Subject Rights

In accordance with the GDPR, Data Subjects may at any time exercise their right to information, access, rectify, erase and transfer their personal data, as well as to limit and object to the processing thereof, including the revocation of consent. To do so, they should contact us at info@amadoclinic.pt.

Understand your rights:

a) Right to information: you have the right to clear, transparent and understandable information about how we use your personal data.

b) Right of access: you can access your personal data that we process and store. In these cases, we will provide you with information about the personal data being processed. Please note, however, that the right of access is not unlimited, and must be articulated with data protection legislation (and may therefore be rejected when, for example, access may harm the rights and freedoms of third parties) and health law legislation (for example, in cases where it is unequivocally demonstrated that access to information may be harmful to the patient, the requested information may not be provided – therapeutic privilege). Access can be via a doctor if requested.

c) Right to rectification: you have the right to rectify your personal data without undue delay, provided that you have provided it yourself, if it is incorrect, out of date or if you wish to complete it.

d) Right to erasure/right to be forgotten: the data subject can request that we erase their data. However, please note that this is not an absolute right, as we may have legal grounds, such as legally prescribed retention periods, or legitimate interests for retaining your personal data.

e) Right to object: you can object to the processing of your data on grounds relating to your particular situation. This can happen in relation to processing for scientific, statistical or historical research purposes, unless the processing is necessary for reasons of public interest.

f) Right to revoke your consent to data processing at any time: you can withdraw your consent to data processing when such processing is based on your consent. Please note that the right to revoke consent does not affect the lawfulness of processing based on consent given prior to its revocation.

g) Right to data portability: The data subject shall have the right to receive personal data concerning him or her which he or she has provided to a controller in a structured, commonly used and machine-readable format and the right to transmit such data to another controller.

h) Right to restriction of processing: you have the right to request the restriction of the processing of your data if you dispute the accuracy of the data, if the processing is unlawful and you do not wish to erase your data, but only to limit it, if the data is no longer considered necessary or if you have exercised the aforementioned right to object.

These rights, like any others, must be exercised reasonably and in good faith by the holder.

Final notes

  • By using our services you agree to our Privacy and Data Protection Policy.
  • The Data Subject guarantees that the personal data communicated to us is correct and accurate and undertakes to notify us of any alteration or modification to it and assumes sole responsibility for any loss or damage caused by the erroneous, inaccurate or incomplete communication of their data.
  • Please be aware that when you provide personal information online, there is a risk that third parties may intercept and use this information, so for your privacy, we recommend that you do not include sensitive or confidential personal data through our website and in the emails you send us. In doing so, you are solely responsible for any resulting leakage or damage.
  • We also inform you that it is the responsibility of the users of our social networks to guarantee and ensure that the devices and equipment used to access them are adequately protected against harmful software, computer viruses and worms. We therefore suggest that you keep your browser, operating system and antivirus software up to date.
  • If you would like to contact us to obtain information about your rights or raise any questions about how we use your information, please contact us at info@amadoclinic.pt. However, if you remain dissatisfied, you can contact the National Data Protection Commission, whose contact details can be found at www.cnpd.pt.

Changes to this Privacy and Personal Data Protection Policy

We may make changes or updates to this Privacy and Data Protection Policy at any time, so we invite you to consult this document regularly.