VITRA CLINIC
The new General Regulation on the Protection of Personal Data (GDPR) – Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, in force since May 25, 2018, with direct application to all collective or natural entities, public or private, that process personal data of natural persons in all EU countries, repealed the previous Data Protection Law, and defines new rules guaranteeing and reinforcing the protection, processing and free movement of personal data, with the aim of avoiding serious situations of data breach.
The company 1013, Lda., complying with the provisions of the new General Regulation for the Protection of Personal Data (GDPR) and defending its security, adopted new principles and common rules that are part of the Company's Privacy Policy document, which we transcribe below:
The purpose of this document is to establish and make known the rules and mechanisms for guaranteeing the privacy of all personal data received and stored by the company, within the scope of its commercial and work activity, namely informing you about which categories of personal data we collect, the purpose and legal basis of data processing, with whom we share the data, the period of data maintenance, the rights you have and how you can exercise them and the obligations in the event of a data breach.
The company's Privacy Policy is shared through all available communication media and applies to all information collected through the company website, Social Networks (Facebook, LinkedIn), as well as information that you share or have shared with us in person, in meetings, interviews, by telephone, SMS, email, letter or other means of correspondence. The processing of personal data will be carried out by the company.
If you wish to obtain additional information or clarify any doubts about our Privacy Policy and Processing of Personal Data, you can direct your questions by letter or email:
Rua Jacinto Correia,
Edifício Atrium, 8400-398 Lagoa
Faro - Portugal
E-mail: info@vitraclinic.com
Personal Data is any information that can identify a natural person.
We collect and use personal data within the scope of the company's commercial activities, as well as in the employment relationships (in the case of our employees) that are established. There are several types of personal data that we use, namely:
• Identification data (for example: name, identification numbers, nationality, date and place of birth);
• Contact data (e.g. address, telephone, email address);
• Family situation (for example: Number of descendants, tax status);
• Education (level of education);
• Banking and financial data (IBAN, NIB, credit ceilings);
• We do not collect data relating to life or sexual orientation, political opinions, religious, ethical or philosophical convictions, with the exception of trade union membership(applicable only to employees due to compliance with legal obligations).
• We do not collect, without specific consent, sensitive data resulting from clinical questionnaires and anamnesis, which includes various health data, such as biometric data, genetic data, race, history and clinical history, allergies, etc., and, in case of specific consent , with the sole purpose of diagnosing and possibly treating the clinical situation of the holder of personal data.
We may indirectly have access to personal data from:
• Relatives;
• Legal representatives or agents;
• Members of the company;
• Employees of our customers, suppliers, service providers and partners.
All this data will be treated with the same security and privacy.
B
• Consent
Based on the prior consent of the holder of personal data, which must be free, informed and unambiguous;
• Legitimate interestWhen the processing of data corresponds to a legitimate interest on the part of the company with a view to developing our activity and providing our services, as well as its employment relationships;
• Compliance with all legal, regulatory and judicial obligations
When the processing of personal data is necessary to comply with all legal, regulatory and judicial obligations to which the company is subject.
• Pre-contractual due diligence, execution and management of contracts
• Consent of the holder of personal data for specific processing outside this scope
Purposes
The use of personal data is necessary in particular to:
• Management and monitoring of customers/suppliers;
• Diagnosis and possible treatment of the clinical situation of the holder of personal data
• Marketing activities, such as:presentation of products/services, sending “Newsletters”, campaigns and promotional actions, satisfaction surveys, market research, profile analyses.
• Compliance with all legal, regulatory or judicial obligations to which the company is obliged in the commercial and labor sphere;
• Administrative, accounting and financial management;
• Training management;
• Collections and litigation management;
• Complaints management;
• Access control to facilities;
• Recruitment processes;
• Internship processes
In order to fulfill the purposes described above, it may be necessary to share your data with:
• Official, Regulatory, Judicial and Police Entities to comply with all legal obligations, as well as participation in programs and support.
• Service providers and subcontractorsIt may be necessary to share personal data with third parties within the scope of the activity and depending on each objective, such as, for example, insurance companies, occupational health and safety service companies, travel agencies, training companies, technical assistance companies, support for e-commerce activities, hosting our websites, among others.
• Business partnersIn these cases we may share your data with these partners to optimize our products and services.
• Customers and SuppliersSome personal data of employees, as part of the performance of the functions that each employee performs, may have to be shared with customers and suppliers.
These entities, if they belong to the EU, will have the responsibility to comply with the provisions of the GDPR, but the company will take all possible measures within its power to ensure that all entities with which it shares personal data respect our Privacy Policy and, therefore, protect the personal data entrusted to them.
Personal data will be stored for an indefinite period, that is, until the data subject requests its total or partial deletion or withdraws its consent, provided that this request does not conflict with the fulfillment of contractual or legal and regulatory obligations to that the company is obliged.
The holder of personal data, in accordance with applicable standards, has the right to information, access, rectification, deletion, limitation, objection and portability of data, as well as to contest automatic decisions and to withdraw their consent.
• Right to information, access and rectification
The data subject may, at any time, access the data provided to us, request its rectification, as well as obtain information regarding its processing, and we undertake to followup within a maximum period of 30 days.
• Right to deletion
The right to deletion is also recognized, with personal data being deleted within the aforementioned period, counting from the date of the request, provided that there are no valid legal grounds for its conservation.
• Right to limitation and objection
You can request limitation, as well as oppose the processing of personal data, particularly when the data is processed for direct marketing purposes.
• Portability of personal data
The holder has the right to request the company, when legally permissible, to send their personal data to another organization, unless this transfer involves high means and costs.
• Automatic decisions
When applicable, the data subject has the right to contest automatic decisions such as profiling, requesting human intervention from the Data Controller.
• Withdraw your consent
The data subject may withdraw their consent, to the extent legally permissible. This situation does not compromise the legality of the processing carried out up to that date.
If the holder wishes to exercise his or her rights written above, he or she may do so by registered letter or by email to the contact details set:
Rua Jacinto Correia,
Edifício Atrium, 8400-398 Lagoa
Faro - Portugal
E-mail: info@vitraclinic.com
It should be noted that if there are rules or legal imperatives that override these rights, the company will respond regarding the impossibility and the reason for not being able to comply with the request, within a maximum period of 30 days. The data subject may complain to the National Data Protection Commission – the CNPD(www.cnpd.pt).
The company, valuing the trust that the data subject places in us when granting their consent, has adopted the technical, physical and organizational measures appropriate to the GDPR, ensuring that personal data is duly protected against unauthorized or illegal use, alteration, access or unauthorized disclosure, accidental or purposeful destruction and loss.
The company's Privacy Policy applies to its employees, individual entrepreneurs and will also be extended to legal entities whenever the processing of personal data of managers, legal representatives and/or their employees is involved.
The company reserves the right to change its Privacy Policy in light of legislative changes or due to its activity.
If you would like to make an appointment, whatever your needs, we will be happy to welcome you. We are open from Monday to Friday from 9am to 7pm, come and see the clinic and our dedicated team!
