ERS Registration Number – E129481

Operating License - 11464/2016

The new General Regulation for the Protection of Personal Data (RGPD) – Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, effective from the 25th of May 2018, with direct application to all legal or natural entities, public or private, that process personal data of natural persons in all EU countries, revokes the current Data Protection Law, and defines new rules guaranteeing and strengthening protection, processing and freedom circulation of personal data, with the aim of avoiding serious situations of breach of such data.

The company Leonardo & Pimenta - Serviços Médicos Lda., in compliance with the provisions of the new General Regulation for the Protection of Personal Data (RGPD) and defending its security, has adopted new principles and common rules that are part of the Company's Privacy Policy document, which follows we transcribe:

​

COMPANY PRIVACY POLICY

The purpose of this document is to establish and make known the rules and mechanisms for guaranteeing the privacy of all personal data received and stored by the company, within the scope of its commercial and work activity, namely informing you about which categories of personal data we collect the purpose and legal basis of data processing, with whom we share the data, the period of maintenance of the data, the rights that you have and how you can exercise them and the obligations in case of data breach.

The company's Privacy Policy is shared through all available communication media and applies to all information collected through the company's website, Social Networks (Facebook, LinkedIn), as well as to the information you share or have shared with us in person, in meetings, interviews, by phone, SMS, email, letter or other means of correspondence. The processing of personal data will be carried out by the company.

If you would like to obtain additional information or clarify any doubts about our Privacy Policy and the Handling of Personal Data, you can address your questions by letter or email:

Leonardo & Pimenta - Medical Services Ltd.
A/C Data Protection/Privacy Policy Officer
R. Pines 206A
2750-606 Cascais
E-mail: geral@lpclinic.pt

​

What is personal data and what personal data do we collect and use

Personal Data is any information that can identify a natural person.

We collect and use personal data within the scope of the company's commercial activities, as well as in labor relations (in the case of our employees) established. There are several types of personal data that we use, namely:

• Identification data (eg name, identification numbers, nationality, date and place of birth);

• Contact details (for example: address, telephone, email address);

• Family status (for example: Number of descendants, tax status);

• Education (level of education);

• Bank and financial details (IBAN, NIB, credit ceilings);

• We do not collect sensitive data – biometric data, genetic data, health data, racial or ethical data, data relating to life or sexual orientation, political opinions, religious or philosophical beliefs, with the exception of union membership (applicable only to employees due to compliance with legal obligations).

​

Indirect collection of other data

We may indirectly have access to personal data from:

• Relatives;

• Legal representatives or agents;

• Society partners;

• Employees of our customers, suppliers, service providers and partners

All these data will be treated with the same security and privacy.

​

What is the foundation and purposes

Foundation

• Consent

Based on the prior consent of the holder of the personal data, which must be free, informed and unambiguous;

• legitimate interest

When the processing of data corresponds to a legitimate interest on the part of the company with a view to developing our activity and providing our services, as well as its labor relations;

• Compliance with all legal, regulatory and judicial obligations

When the processing of personal data is necessary to comply with all legal, regulatory and judicial obligations to which the company is subject.

• Pre-contractual due diligence, execution and management of contracts  

• Request your consent for specific treatment outside this scope

​

Purposes

The use of personal data is necessary in particular to:

• Management and monitoring of customers/suppliers;

• Marketing activities, such as: presentation of products/services, sending “News Letters”, promotional campaigns and actions, satisfaction surveys, market research, profile analyses.

• Fulfillment of all legal, regulatory or judicial obligations that the company is obliged to in the commercial and labor sphere;

• Administrative, accounting and financial management;

• Training management;

• Billing and litigation management;

• Complaints management;

• Control of access to facilities;

• Recruitment processes;

• Stage processes;

​

With whom we share personal data

In order to fulfill the purposes described above, it may be necessary to share your data with:

• Official, Regulatory, Judicial and Police Entities

To comply with all legal obligations, as well as participation in programs and support.

• Service providers and subcontractors

It may be necessary to share personal data with third parties within the scope of the activity and according to each objective, such as, for example, insurance companies, health and safety at work companies, travel agencies, training companies, technical assistance companies, support for e-commerce activities, hosting our websites, among others.

• Business partners

In these cases we may share your data with these partners to optimize our products and services

• Customers and Suppliers

Some personal data of employees, within the scope of the functions that each employee performs, may have to be shared with customers and suppliers.

These entities, if they belong to the EU, will have the responsibility to comply with the provisions of the RGPD, but the company will take the possible measures in its power to ensure that all entities with whom it shares personal data respect our Privacy Policy and, therefore, protect the personal data entrusted to them.

​

What are the retention periods for personal data?

Personal data will be kept for an indefinite period of time, that is, until the data subject requests its total or partial deletion or withdraws its consent, provided that this request does not conflict with the fulfillment of contractual or legal obligations and regulations that the company is obligated to.

​

What are the rights of the holders of personal data

The holder of personal data, in accordance with the applicable rules, has the right to information, access, rectification, deletion, limitation, objection and portability of data, as well as to contest automatic decisions and withdraw consent.

• Right to information, access, and rectification

The data subject may, at any time, access the data provided to us, request its rectification, as well as obtain information regarding its treatment, and we undertake to follow up on it within a maximum period of 30 days.

• right to disposal

The right to deletion is also recognized, with personal data being deleted, within the aforementioned period, from the date of request, provided that there are no valid legal grounds for its conservation.

• Right to limitation and objection

You can request the limitation, as well as oppose the processing of personal data, namely, when the data are processed for direct marketing purposes.

• Personal data portability

  The holder has the right to request the company, when legally permissible, to send his personal data to another organization, unless this transfer, due to its extension, implies high means and costs.

• automatic decisions

When applicable, the data subject has the right to contest automatic decisions such as the definition of profiles, requesting the human intervention of the Data Responsible.

• Withdraw your consent

The data subject may withdraw his consent, to the extent legally permissible. This situation does not compromise the legality of the treatment carried out up to that date.

If the holder wishes to exercise his rights as written above, he may do so by registered letter or by e-mail to the contacts presented below. Proof of the holder's identity is essential to guarantee the security and confidentiality of the process.

​

Leonardo & Pimenta - Medical Services Ltd.

A/C Data Protection/Privacy Policy Officer

R. Pines 206A

2750-606 Cascais

E-mail: geral@lpclinic.pt

​

Please note that if there are legal norms or imperatives that override these rights, the company will respond on the impossibility and the grounds for not being able to comply with the request, within a maximum period of 30 days.

The data subject may complain to the National Data Protection Commission – CNPD (www.cnpd.pt).

The company, valuing the trust that the data subject places in us when granting their consent, has adopted the appropriate technical, physical and organizational measures to the RGPD ensuring that personal data are duly protected against unauthorized or illegal use, alteration, access or unauthorized disclosure, accidental or purposeful destruction and loss.

The company's Privacy Policy applies to its employees, to individual entrepreneurs and will also be extended to legal persons whenever the processing of personal data of managers, legal representatives and/or their employees is concerned.

The company reserves the right to change its Privacy Policy in view of legislative changes or by virtue of its activity.

​

Lisbon, May 24, 2018