Privacy Policy - Protection of Personal Data

CMIL – Clínica Médica Internacional de Lisboa, with registered office at Avenida Sidónio Pais, Nº14, R/C Esquerdo, 1050-214 Lisboa, registered with the Commercial Registry Office of Lisbon, holder of registry number and tax number 503108227, promotes the protection of the confidentiality and privacy of information given to it, ensuring the adequate protection and use of personal data relative to the patients, as well as other individuals whose data is collected. Any and all personal data treatment undertaken at CMIL (considering personal data treatment, an operation or a set of operations carried out on personal data or on personal data sets by automated or non-automated means such as collection, registration, organization, structuring, retention, adaptation or alteration, consultation, use, disclosure by transmission, dissemination or any other form of disclosure, comparison or interconnection, limitation, erasure or destruction of data) or by any other processor contracted by the Controller, is in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, “GDPR”) and in accordance with the following terms:

1. The Controller is CMIL.

2. The contact of the Data Protection Officer (DPO) is: +351 213 513 310.

3. CMIL shall ensure that only suitable and relevant personal data is processed and undertaken to not retain or process data which is not necessary for the legitimate purposes pursued by it.

4. The personal data processing is always performed in accordance with the Law, based on loyalty and transparency before the patient.

5. CMIL undertakes to treat the collected data in a way that guarantees its safety, including protection against unauthorized or illegal treatment and against its loss, destruction or unforeseen damage, and adopting appropriate technical or organizational measures.

6. Personal Data collected and processed by CMIL consist essentially on information regarding the name, date of birth, telephone, mobile phone, email, address, tax identification number, citizen’s card number, user number, health subsystem number and sensitive data (health), other Personal Data may be collected in cases they are necessary or convenient for the rendering of collection of services provided by CMIL.

7. Purposes of data processing:

• Opening of patient records in a computerized system – the collection of these personal data is authorized by the holder of the personal data, making the process lawful;
• Billing and collection of the services provided – the collection of these data is necessary for the provision of the contracted service – You are obliged to provide us with your personal data for the performance of the agreement;
• Diagnosis – the collection of these health data is authorized by the holder of personal the data, making the processing lawful;
• Treatment of the patient’s clinical situation – the collection of these health data is authorized by the holder of the personal data, making the processing lawful.

8. Data storage period:

CMIL will only keep the personal data of its patients for as long as the legitimate purposes for which the data are processed remain, without prejudice to the need to preserve them in order to respond to legal notices , orders or legal proceedings or to comply with legal duties to which CMIL is subject. Upon expiration of the period, CMIL will delete permanently the personal data or apply irreversible anonymization measures. Notwithstanding the foregoing, personal data will generally be stored for 20 years.

9. Recipients of the personal data collected:

• Collected personal data may be communicated, for the indicated purposes, to other entities, such as insurance companies, through the utilization of health insurance, or other service providers close related to their field of activity, such as laboratories and imaging centres, partners of the clinic;
• Personal data may also be made available to the courts and other competent authorities, in strict compliance with the provisions of the law, in particular when they are necessary for the resolution of disputes related to billing and for activities related with the protection of public safety, defence and security of the State and to the prevention, investigation or detection of criminal offences;
• CMIL may also use data processors for all or part of the purposes identified above, as well as for the maintenance, accommodation and management of their computer systems and equipment (for example), under the terms allowed by the legislation governing the processing of personal data; processors are obliged to maintain confidentiality and to guarantee the safety of CMIL’s patients data to which they have access, and must not use such data for any other purpose, or for their own benefit, nor to relate them to any other data that they have;
• When subcontracting third parties/processors to the treatment of their patient’s personal data, CMIL will contractually ensure that these entities comply with all legal data protection obligations;
• All processors contracted by CMIL shall be bound to CMIL by means of a written agreement which provides the subject and duration of the data processing, the nature and purpose of the processing, the type of personal data, the categories of data and the rights and obligations of the parties;
• International data transfers may be made to third countries or International organizations in certain cases of partnership between CMIL and other third parties, on which there is a decision by the European Commission on the adequacy of the data. International transfers to countries that cannot guarantee an adequate level of protection will be exceptional and will take place whenever they are essential for the full development of the contractual relationship;
• The choice for the International transfer of data is freely determined by the Patient.

10. Data owners have the following rights:

• Confirm that their data is being processed by CMIL, access to it and information related to its processing (Right of Access);
• Request rectification of inaccurate data (Right of Rectification);
• Request the erasure of the data when, among other reasons, they are no longer necessary for the purposes that have been collected; CMIL will cease to treat the data except for the exercise or the defence of possible complaints (Right of Deletion);
• Request limitation of the processing of their data, in which case they may only be precessed with their consent, except for their preservation and use for the exercise or defence of complaints or for the protection of the rights of another natural or legal person, public interest or of a particular Member State;
• Oppose the processing of your data, in which case, CMIL will no longer treat that data, except for the defence of possible complaints (Right of Opposition);
• To receive in a structured format, in common use and mechanical reading, the personal data that you have facilitated to CMIL or to request CMIL to transmit them directly to another Person in charge when it is technically possible (Portability Law);
• Withdraw consent if the data processing is based on the consent of the holder without prejudice to the lawfulness of the processing based on prior informed consent.

Rights may be exercised by written communication addressed to CMIL, to the following e-mail addresses: lisboa@cmil.pt or cmil@cmil.pt. Patients may also send their questions and complaints to CMIL’s data protection officer via the following address: dpo@cmil.pt, without prejudice to their right to submit a complaint to the National Commission for the Protection of Data (CNPD) regarding the treatment of their data by CMIL.

In order to exercise the rights described above, it is necessary for the data owner to prove his/hers identity before CMIL.

11. Security Measures:

CMIL guarantee to take appropriate technical and organizational measures to protect the data which it is responsible for, to deal with accidental or unlawful interference resulting in unauthorized destruction, alteration, disclosure or access, as well as any other form of illicit treatment.

To this end, CMIL has a set of security technologies and procedures for the protection of users’ personal data against unauthorized access, use or disclosure, such as the storage of personal data collected in computer systems with limited access and located in controlled facilities. In addition, personal information transmitted by users through the website is protected by encryption through the SSL protocol.