ERS Registration Number – E129481
Operating License - 11464/2016
The new General Regulation for the Protection of Personal Data (RGPD) – Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, effective from the 25th of May 2018, with direct application to all legal or natural entities, public or private, that process personal data of natural persons in all EU countries, revokes the current Data Protection Law, and defines new rules guaranteeing and strengthening protection, processing and freedom circulation of personal data, with the aim of avoiding serious situations of breach of such data.
The purpose of this document is to establish and make known the rules and mechanisms for guaranteeing the privacy of all personal data received and stored by the company, within the scope of its commercial and work activity, namely informing you about which categories of personal data we collect the purpose and legal basis of data processing, with whom we share the data, the period of maintenance of the data, the rights that you have and how you can exercise them and the obligations in case of data breach.
Leonardo & Pimenta - Medical Services Ltd.
R. Pines 206A
What is personal data and what personal data do we collect and use
Personal Data is any information that can identify a natural person.
We collect and use personal data within the scope of the company's commercial activities, as well as in labor relations (in the case of our employees) established. There are several types of personal data that we use, namely:
Identification data (eg name, identification numbers, nationality, date and place of birth);
Contact details (for example: address, telephone, email address);
Family status (for example: Number of descendants, tax status);
Education (level of education);
Bank and financial details (IBAN, NIB, credit ceilings);
We do not collect sensitive data – biometric data, genetic data, health data, racial or ethical data, data relating to life or sexual orientation, political opinions, religious or philosophical beliefs, with the exception of union membership (applicable only to employees due to compliance with legal obligations).
Indirect collection of other data
We may indirectly have access to personal data from:
Legal representatives or agents;
Employees of our customers, suppliers, service providers and partners
All these data will be treated with the same security and privacy.
What is the foundation and purposes
Based on the prior consent of the holder of the personal data, which must be free, informed and unambiguous;
When the processing of data corresponds to a legitimate interest on the part of the company with a view to developing our activity and providing our services, as well as its labor relations;
Compliance with all legal, regulatory and judicial obligations
When the processing of personal data is necessary to comply with all legal, regulatory and judicial obligations to which the company is subject.
Pre-contractual due diligence, execution and management of contracts
Request your consent for specific treatment outside this scope
The use of personal data is necessary in particular to:
Management and monitoring of customers/suppliers;
Marketing activities, such as: presentation of products/services, sending “News Letters”, promotional campaigns and actions, satisfaction surveys, market research, profile analyses.
Fulfillment of all legal, regulatory or judicial obligations that the company is obliged to in the commercial and labor sphere;
Administrative, accounting and financial management;
Billing and litigation management;
Control of access to facilities;
With whom we share personal data
In order to fulfill the purposes described above, it may be necessary to share your data with:
Official, Regulatory, Judicial and Police Entities
To comply with all legal obligations, as well as participation in programs and support.
Service providers and subcontractors
It may be necessary to share personal data with third parties within the scope of the activity and according to each objective, such as, for example, insurance companies, health and safety at work companies, travel agencies, training companies, technical assistance companies, support for e-commerce activities, hosting our websites, among others.
In these cases we may share your data with these partners to optimize our products and services
Customers and Suppliers
Some personal data of employees, within the scope of the functions that each employee performs, may have to be shared with customers and suppliers.
What are the retention periods for personal data?
Personal data will be kept for an indefinite period of time, that is, until the data subject requests its total or partial deletion or withdraws its consent, provided that this request does not conflict with the fulfillment of contractual or legal obligations and regulations that the company is obligated to.
What are the rights of the holders of personal data
The holder of personal data, in accordance with the applicable rules, has the right to information, access, rectification, deletion, limitation, objection and portability of data, as well as to contest automatic decisions and withdraw consent.
Right to information, access, and rectification
The data subject may, at any time, access the data provided to us, request its rectification, as well as obtain information regarding its treatment, and we undertake to follow up on it within a maximum period of 30 days.
right to disposal
The right to deletion is also recognized, with personal data being deleted, within the aforementioned period, from the date of request, provided that there are no valid legal grounds for its conservation.
Right to limitation and objection
You can request the limitation, as well as oppose the processing of personal data, namely, when the data are processed for direct marketing purposes.
Personal data portability
The holder has the right to request the company, when legally permissible, to send his personal data to another organization, unless this transfer, due to its extension, implies high means and costs.
When applicable, the data subject has the right to contest automatic decisions such as the definition of profiles, requesting the human intervention of the Data Responsible.
Withdraw your consent
The data subject may withdraw his consent, to the extent legally permissible. This situation does not compromise the legality of the treatment carried out up to that date.
If the holder wishes to exercise his rights as written above, he may do so by registered letter or by e-mail to the contacts presented below. Proof of the holder's identity is essential to guarantee the security and confidentiality of the process.
Leonardo & Pimenta - Medical Services Ltd.
R. Pines 206A
Please note that if there are legal norms or imperatives that override these rights, the company will respond on the impossibility and the grounds for not being able to comply with the request, within a maximum period of 30 days.
The data subject may complain to the National Data Protection Commission – CNPD (www.cnpd.pt).
The company, valuing the trust that the data subject places in us when granting their consent, has adopted the appropriate technical, physical and organizational measures to the RGPD ensuring that personal data are duly protected against unauthorized or illegal use, alteration, access or unauthorized disclosure, accidental or purposeful destruction and loss.
Lisbon, May 24, 2018