Privacy Policy and Personal Data Protection
The healthcare provider Domi Saúde is committed to complying with the General Data Protection Regulation (hereinafter GDPR), as well as the provisions established in the Constitution of the Portuguese Republic (CRP), the Data Protection Law (LPD), and other specific legislation on personal data protection, ensuring the safeguarding of personal data and reinforcing the relationship of trust with the client.
This Privacy and Personal Data Protection Policy aims to provide information regarding the data collected, its purposes, and the processing carried out.
If you have any questions regarding the processing of your personal data, please contact us at: geral@domisaude.pt.
By providing your personal data to Domi Saúde, the data subject authorizes its processing in accordance with this Privacy and Personal Data Protection Policy.
Data Controller
Domi Saúde Lda., NIPC 515895253, headquartered at Rua José Saramago, Nº. 5-A, B06, Odivelas 1675-180 Pontinha, holder of the healthcare establishment Domi Saúde, is the entity responsible for the processing of personal data.
What is Personal Data?
Under the GDPR, personal data is considered any information relating to an identified or identifiable natural person (the data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, electronic identifiers (IP address, cookies), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Personal Data Collected
The healthcare provider Domi Saúde collects different categories of data:
- Identification data, such as your name, gender, date of birth, tax identification number, social security number, national health service number, citizen card number and its expiry date or image.
- Communication data, including, for example, phone number, email address, and postal address (locality, postal code, country, district, municipality, parish).
- Private life data, such as profession and employment status, family doctor, spouse’s name, father’s name, mother’s name (for example, in the case of a minor), and information relating to insurance or healthcare subsystems.
- Data about third parties authorized to make decisions on your behalf, or who should be contacted in case of emergency.
- Information regarding health data and healthcare services received or to be received.
- Payment data.
How Your Data is Collected
- When you contact us.
- When you establish a relationship with us in the context of service provision.
- When you post comments or images on our social media pages.
- When, in any other way, you send us personal information.
Purposes of Data Collection and Legal Bases
The collection of personal data is intended for the execution of contracts entered into with clients for the provision of healthcare and related services, prevention or preparation of diagnoses and/or the provision of treatments, management of administrative services (namely scheduling or rescheduling of appointments and treatments, billing, accounting, and auditing), marketing communications and other commercial communications, quality control, statistical studies, better understanding of client preferences, as well as for contact purposes.
The legal bases for collecting your personal data are the law, pre-contractual and contractual relationships, payment management, customer support, compliance with legal obligations, the data subject’s consent, and legitimate interests.
We may also process your data, with your consent, for the performance of teleconsultations, publication of photographs or videos for the purpose of internal and external promotion of our activity (for example, on social networks), as well as for marketing purposes or sending newsletters.
Personal data related to your health will only be processed by professionals bound by confidentiality and only to the extent strictly necessary.
Retention and Storage of Personal Data
We process and retain your personal data only for the period necessary to achieve the intended purposes, to meet your needs, your requests, or to comply with legal obligations, which vary according to the category of data.
We may also retain some of your personal data insofar as it is necessary to administer or enforce our rights, namely through judicial proceedings.
In cases where the client has provided consent for the processing of personal data, we retain the data in accordance with the consent given or until such consent is withdrawn.
Sharing of Your Data
We may use other companies to provide certain services, and we may transmit information and data of data subjects to third-party entities, such as accounting and IT companies, competent authorities, legal service providers, consultants, and others. We guarantee that, in such situations, these third parties will have limited access to the data subjects’ information, restricted solely to what is necessary to perform the contracted tasks, and that they are subject to the same confidentiality obligations.
Likewise, we may disclose your personal data when required by law, within the scope of judicial proceedings, or as part of investigations of suspicious activities.
Security Measures
We have developed appropriate technical and organizational mechanisms and measures to maintain the confidentiality and secrecy of your personal information, taking into account that the information collected includes sensitive data under the GDPR, so as to ensure an adequate level of security relative to the risk and to protect personal data against destruction, loss, alteration, unauthorized disclosure, or accidental or unlawful access.
To this end, we implement several measures such as restricted access to clinical records (in physical or digital archives), the definition of strong passwords, and keeping antivirus software up to date. Furthermore, any employee of Domi Saúde who has access to your personal data is bound by confidentiality and secrecy obligations.
Data Subject Rights
In accordance with the GDPR, Data Subjects may, at any time, exercise the right to information, access, rectification, erasure, and portability of their personal data, as well as restrict and object to its processing, including the withdrawal of consent. To do so, they should contact us at geral@domisaude.pt.
Understand your rights:
a) Right to information: you have the right to obtain clear, transparent, and understandable information about how we use your personal data.
b) Right of access: you may access your personal data that we process and store. In such cases, we will provide information about the personal data being processed. Please note, however, that the right of access is not unlimited, as it must be reconciled with data protection legislation (and may therefore be refused when, for example, access may prejudice the rights and freedoms of third parties) and health law (for instance, in cases where it is unequivocally demonstrated that access to the information could be harmful to the patient, the requested information may not be provided – therapeutic privilege). Access may be granted through a physician if you so request.
c) Right to rectification: you have the right to rectify your personal data without undue delay, provided that you are the one who originally provided the data, if such data is incorrect, outdated, or if you wish to complete it.
d) Right to erasure / right to be forgotten: you may request that we delete your personal data. However, please note that this is not an absolute right, as we may have legal grounds (such as legally established retention periods) or legitimate interests for retaining your personal data.
e) Right to object: you may object to the processing of your personal data for reasons related to your particular situation. This may occur, for example, in relation to processing for scientific, statistical, or historical research purposes, unless the processing is necessary for reasons of public interest.
f) Right to withdraw consent at any time: you may withdraw your consent to the processing of data when such processing is based on your consent. Please note that withdrawing consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.
g) Right to data portability: you have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used, and machine-readable format, and the right to transmit those data to another controller.
h) Right to restriction of processing: you have the right to request restriction of processing where you contest the accuracy of the data, where the processing is unlawful and you do not want your data erased but only restricted, where the data are no longer necessary, or where you have exercised the right to object as referred to above.
The above rights, like any others, must be exercised reasonably and in good faith by the data subject.
Final Notes
- By using our services, you agree to our Privacy and Personal Data Protection Policy.
- The Data Subject guarantees that the personal data provided to us is accurate and correct and undertakes to notify us of any changes or modifications thereto, assuming sole responsibility for any losses or damages caused by the erroneous, inaccurate, or incomplete communication of their data.
- Please note that when providing personal information online, there is a risk that third parties may intercept and use such information. For your privacy, we therefore recommend that you do not include sensitive or confidential personal data through our website or in the emails you send us. Should you do so, any resulting breach or damage will be entirely your responsibility.
- We also inform you that it is the responsibility of users of our social networks to ensure that the devices and equipment used to access them are adequately protected against malicious software, computer viruses, and worms. We therefore recommend that you keep your browser, operating system, and antivirus software up to date.
- If you wish to contact us to obtain information about your rights or to raise any questions about how we use your information, you should contact us via geral@domisaude.pt. However, if you remain dissatisfied, you may contact the Comissão Nacional de Proteção de Dados (CNPD), whose contact details can be found at www.cnpd.pt.
Changes to this Privacy and Personal Data Protection Policy
We may implement changes or updates to this Privacy and Personal Data Protection Policy at any time, and we therefore encourage you to consult this document regularly.
Date:
Management Signature:
