Grupo Lusíadas Saúde and its integrated companies (collectively denominated, “Lusíadas”, “Company” or “We”) strive to ensure the protection of personal data. We are committed to ensuring the confidentiality of the information we collect. Respecting this commitment, we would like you to know why we collect your Personal Data, how we process it, how we protect it, and how you can make further inquiries.
Data Protection Officer
Lusíadas has a Data Protection Officer If you have questions or suggestions regarding our policies or practices for processing Personal Data, please contact us by sending an email to firstname.lastname@example.org, or send your message to the following address:
Grupo Lusíadas Saúde
A/C Encarregado de Proteção de Dados
Rua Laura Alves, 12 - 5º
Collection and processing of data
Should you plan to contact Lusíadas Saúde through the Site, we will collect a set of personal data which will be treated in order to respond to your request/question/suggestion. To this effect, the following data will be collected on the contact form: name, e-mail, phone number, unit of preference, and subject of request. This data will be provided mandatorily, under penalty of not being able to process your request and provide you with a response.
Within this scope, an open field is also available for submission of your request/question/suggestion in which other personal data can be spontaneously provided for you.
For subscribing to the newsletter or to similar marketing campaigns, User's email address will be collected for issuance of marketing materials.
Purpose of Processing Data and Legal Grounds
In order to provide the care requested and to communicate with our clients regarding such services, we collect and process Personal Data, including health-related data, for health care provision, preparation of medical diagnostics and/or health treatments or preventative or occupational health, or for managing health systems and services.
Legal grounds for the Processing of Personal Data include:
- Necessary for medical diagnosis, provision of health care or treatments, and management of systems or health services;
- Necessary for compliance with Company’s legal obligations, including provision of Lusíadas services to patients and clients;
- Necessary for the legitimate interests of the Company;
- Necessary for the establishment, exercise, and defense of a right during a legal proceeding;
- Necessary to protect the vital interests of the holder of the data or other individual;
- Necessary for reasons of public interest regarding public health; or
- If User has provided consent, which can be subsequently withdrawn without prejudice to the legality of processing conducted based on consent previously granted.
With whom do we share your data?
Our health professionals respect the Deontological Codes specific to the professional classes to which they belong, known for extremely high standards with regard to confidentiality. As they work in teams and, in order to provide you with the best health care possible, our health care professionals may share your Personal Data amongst themselves. Should you seek services from a health care provider who is not part of our company, we may share information with your chosen provider’s team of health care professionals, thus ensuring the continuity and quality of services. Data will be transferred back and forth between various Lusíadas Saúde entities in order to facilitate responses to requests/questions/suggestions which you send us through the Site. For example, if your message is related to services provided at a health unit, the request/question/suggestion will be forwarded to the unit in question, for processing and response.
Given the activities we have developed in the area of health care, at times we are obligated by law, and always within its stipulations, to send specific information to public entities, such as the Health Regulatory Entity (ERS). Your data may also be communicated to third parties when transmission is carried out to comply with a legal obligation, a National Data Protection Commission resolution, a resolution of another relevant control entity, or a court order; or even when communication is carried out to protect the vital interests of Users or any other legitimate purpose provided for by law.
Because we belong to one of the largest and most important international health groups (UnitedHealth Group), some of our health professionals and service providers, as well as some of the systems utilized for health care provision or for storing your Personal Data and Health Data may be located outside of Portugal. The Company takes the appropriate steps to ensure that such persons and/or service providers are tied to confidentiality agreements and the Company implements measures, where necessary, such as standard contractual data protection clauses adopted by the European Commission, to ensure that any Personal Data transferred remains protected and secure. You may request a copy of these clauses from the Data Protection Officer, using contact information mentioned above.
Storing of personal data
Personal Data collected must be stored so as to be identifiable only during the period considered appropriate and/or necessary to fulfill the objectives motivating its collection, in accordance with the applicable legislation. The personal data collected necessary for the effects of responding to your requests/questions/suggestions will be stored for the period strictly necessary for this effect, and may be kept longer, in cases of pending litigation, until a legal decision is handed down thus representing closure of the matter.
Data owner rights
In compliance with the GDPR, Users have the following rights under data protection law:
Right of access: Right to confirm whether or not your data is being processed or to object to processing, as well as the right to access your personal data and certain information, including obtaining a copy of your personal data currently being processed. This right does not affect the rights and liberties of third parties, namely business secrets, and the intellectual property rights of controller;
Right to rectification: the right to have inaccurate personal data that concerns you rectified, or completed if it is incomplete;
Right to erasure: Right to have your data erased in certain instances, namely, if your personal data is no longer necessary for the purpose that motivated its collection or processing. This right does not affect controller compliance with legal obligations concerning the retention of personal data;
Right to restrict processing: Right to request that restrictions be placed on the processing of your data in certain instances, namely, if processing is illegal and you are opposed to its erasure, instead requesting that its use be restricted;
Right to data portability: Right to obtain personal data which you have provided to controller, in a structured, commonly used, and machine-readable format, including the right to transfer this data to another controller.
Right to object: This signifies that, in certain instances, (i.e., when your personal data is being processed for the purpose of direct sales), at any moment and for reasons related to your particular situation, you can object to the processing of your data.
Such requests should be directed to the Data Protection Officer, using contact information mentioned above.
The Company may not be able to comply with said request should it place Company in situations of noncompliance with obligations provided for in laws or regulation applicable to it.
When processing of Personal Data is based on consent, such consent may be withdrawn at any moment by the Data Subject, without compromising the legality of processing done under consent previously granted.
The above applies, with the necessary adaptations, to the exercise of rights by the holder of parent or guardian responsibilities in the name and on behalf of data subjects who are less than 16 years of age [or incapable].
Should Client of User become aware of alterations or imprecisions relative to their Personal Data, they should inform us so that we may proceed with respective update or correction.
Should you determine that the processing of Personal Data by our Company does not meet requirements established by law, you may file a complaint to that effect with the National Data Protection Commission, should you understand at any time that the processing of your data is in violation of the legal regime in force.
We guarantee privacy and security in the processing and transmission of User data, maintaining all the technical means at our disposal to avoid loss, misuse, alteration, unauthorized access, and misappropriation of personal data provided or transmitted. Nevertheless, it should be noted that, in circulating data on an open internet network, it is impossible to completely eliminate risk as it relates to unauthorized access and utilization, and therefore User should implement appropriate security measures when navigating Site.
Last updated: January 31, 2019