CMIL – Clínica Médica Internacional de Lisboa, with registered office at Avenida Sidónio Pais, Nº14, R/C Esquerdo, 1050-214 Lisboa, registered with the Commercial Registry Office of Lisbon, holder of registry number and tax number 503108227, promotes the protection of the confidentiality and privacy of information given to it, ensuring the adequate protection and use of personal data relative to the patients, as well as other individuals whose data is collected. Any and all personal data treatment undertaken at CMIL (considering personal data treatment, an operation or a set of operations carried out on personal data or on personal data sets by automated or non-automated means such as collection, registration, organization, structuring, retention, adaptation or alteration, consultation, use, disclosure by transmission, dissemination or any other form of disclosure, comparison or interconnection, limitation, erasure or destruction of data) or by any other processor contracted by the Controller, is in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, “GDPR”) and in accordance with the following terms:
1. The Controller is CMIL.
2. The contact of the Data Protection Officer (DPO) is: +351 213 513 310.
3. CMIL shall ensure that only suitable and relevant personal data is processed and undertaken to not retain or process data which is not necessary for the legitimate purposes pursued by it.
4. The personal data processing is always performed in accordance with the Law, based on loyalty and transparency before the patient.
5. CMIL undertakes to treat the collected data in a way that guarantees its safety, including protection against unauthorized or illegal treatment and against its loss, destruction or unforeseen damage, and adopting appropriate technical or organizational measures.
6. Personal Data collected and processed by CMIL consist essentially on information regarding the name, date of birth, telephone, mobile phone, email, address, tax identification number, citizen’s card number, user number, health subsystem number and sensitive data (health), other Personal Data may be collected in cases they are necessary or convenient for the rendering of collection of services provided by CMIL.
7. Purposes of data processing:
8. Data storage period:
CMIL will only keep the personal data of its patients for as long as the legitimate purposes for which the data are processed remain, without prejudice to the need to preserve them in order to respond to legal notices , orders or legal proceedings or to comply with legal duties to which CMIL is subject. Upon expiration of the period, CMIL will delete permanently the personal data or apply irreversible anonymization measures. Notwithstanding the foregoing, personal data will generally be stored for 20 years.
9. Recipients of the personal data collected:
10. Data owners have the following rights:
Rights may be exercised by written communication addressed to CMIL, to the following e-mail addresses: lisboa@cmil.pt or cmil@cmil.pt. Patients may also send their questions and complaints to CMIL’s data protection officer via the following address: dpo@cmil.pt, without prejudice to their right to submit a complaint to the National Commission for the Protection of Data (CNPD) regarding the treatment of their data by CMIL.
In order to exercise the rights described above, it is necessary for the data owner to prove his/hers identity before CMIL.
11. Security Measures:
CMIL guarantee to take appropriate technical and organizational measures to protect the data which it is responsible for, to deal with accidental or unlawful interference resulting in unauthorized destruction, alteration, disclosure or access, as well as any other form of illicit treatment.
To this end, CMIL has a set of security technologies and procedures for the protection of users’ personal data against unauthorized access, use or disclosure, such as the storage of personal data collected in computer systems with limited access and located in controlled facilities. In addition, personal information transmitted by users through the website is protected by encryption through the SSL protocol.