Privacy policy
1. Scope of Application
This Privacy Policy applies exclusively to the collection and processing of personal data carried out by Clínica Dr Paulo Cardozo, Lda. (the CLINIC) for informational and commercial purposes, thereby enabling the promotion of its activities, whilst also aiming to ensure that the use of the website proceeds smoothly and without inconvenience.
2. Personal Data
What is personal data?
Personal data means any information, of any nature and in any format, including sound and image, relating to an identified or identifiable natural person.
A person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to their physical, physiological, psychological, economic, cultural, or social identity.
3. Data Controller
The CLINIC is the entity responsible for the collection and processing of personal data belonging to USERS, deciding the categories of data to be processed, how such data is to be handled, and the purposes for which it is used.
4. Types of Data Collected
The CLINIC will collect the following categories of personal data:
a) User data, namely:
(i) first name
(ii) surname
(iii) email
(iv) telephone
5. How Will We Use Your Personal Data?
The CLINIC will use the personal data you provide to us for the following purposes:
- To analyse and respond to your messages and enquiries.
- For the operation and management of the WEBSITE.
- For the adaptation, improvement, and modification of services, in particular through the identification of usage trends, or to determine the effectiveness of promotional campaigns.
These personal data processing operations are an essential tool for your satisfaction and for the CLINIC's activities, and are carried out in accordance with applicable legislation and best practices.
Your personal data will not be reused for purposes other than those previously identified or that are unrelated to those for which it was originally collected.
6. What Are the Legal Bases for Processing the Personal Data We Collect?
The personal data processed by the CLINIC has specific legal bases, depending on the purposes for which it is intended.
| Purpose | Legal Basis |
|---|---|
| To analyse and respond to your messages, customer support and information requests | Consent for that specific purpose. |
| For the operation and management of the WEBSITE | Consent for that specific purpose (cookies) — Legitimate interests pursued by the CLINIC |
| For the adaptation, improvement and modification of services, in particular through the identification of usage trends, or to determine the effectiveness of promotional campaigns | Consent for that specific purpose (cookies) |
7. What Personal Data Do We Collect?
The personal data collected and processed by the CLINIC is limited to that which is necessary and appropriate for the purposes stated above.
| PURPOSE | DATA |
|---|---|
| To analyse and respond to your messages and information requests | Name, Email and Phone |
| For the operation and management of the WEBSITE | Cookie data |
| For the adaptation, improvement and modification of services, in particular through the identification of usage trends, or to determine the effectiveness of promotional campaigns | Cookie data |
8. How Do We Collect Your Personal Data?
We will collect your personal data through the forms available on the WEBSITE, as well as through the communication it establishes with your device and the email messages you send us.
Your personal data is collected through your device in the following ways:
- Through your Newsletter subscription;
- Through your browser;
- Through cookies;
- Through pixel tags and other similar technologies;
- IP address;
- Through your User data.
The CLINIC will not sell, rent, or share your personal data with third parties, except in the cases clearly identified in this Privacy Policy.
The CLINIC's services are not directed at minors, and personal data of minors is not intentionally processed.
The data referred to is collected only after the Users' consent has been obtained, and is processed in accordance with the law, stored in appropriately secure and protected databases, and will under no circumstances be used for any purpose other than that for which consent was obtained.
9. Cookies
What are cookies?
"Cookies" are small pieces of information that can help identify your browser and store information such as User settings and preferences.
10. What Are Pixel Tags and Other Similar Technologies?
10.1. Pixel tags (also known as web beacons and clear GIFs) may be used in connection with certain services to, for example, track the actions of service users (including email recipients), measure the success of marketing campaigns, and compile statistics on the use of the Services and response rates.
10.2. To find out more about the pixel tags and other similar technologies we use, please consult our Cookie Policy.
11. How Do We Protect Your Personal Data?
11.1. Your personal data is kept secure through the adoption of various technical and organisational security measures, which ensure that only those Members of Staff and processes that are required to access personal data may do so, in accordance with rules established for that purpose.
11.2. To protect your personal data, we only use data centre providers that offer us adequate and documented security measures, including assurances that your personal data is stored on servers maintained in controlled environments with restricted access.
11.3. Likewise, when you browse the WEBSITE, we protect your data using encryption, such as Transport Layer Security (TLS), a security protocol that protects internet communications. Your password is stored using a one-way hash and cannot be retrieved or disclosed by any person, including the CLINIC — it can only be reset.
11.4. Although we take the precautions and measures we deem appropriate to protect the personal data you provide to us and that we collect, it is important to be aware that no security system is impenetrable.
12. How Long Do We Retain Your Personal Data?
12.1. Your personal data will be retained for as long as necessary for the purposes for which it was collected, as set out in this Privacy Policy.
| PURPOSE | MAXIMUM RETENTION PERIOD |
|---|---|
| To analyse and respond to your messages, customer support and information requests | 2 years |
| To send you newsletters or other publications you have requested and/or that may be of interest to you | 7 years |
| For the operation and management of the WEBSITE | 2 years |
| For the adaptation, improvement and modification of services, in particular through the identification of usage trends, or to determine the effectiveness of promotional campaigns | 2 years |
12.2. Where the law prescribes a specific or mandatory retention period, that period will apply. In all other cases, personal data will be retained for no longer than the periods indicated above, which the CLINIC considers sufficient to fulfil the stated purposes.
12.3. Upon expiry of the retention period, all collected personal data will be deleted.
13. How Can You Exercise Your Rights?
13.1. The law grants you the right to request the exercise of the following rights: access, rectification, erasure, portability, restriction of processing, and objection.
13.2. You also have the right to lodge a complaint with the competent supervisory authority — in Portugal, the Comissão Nacional de Proteção de Dados (CNPD).
www.cnpd.pt
13.3. To exercise the rights set out above, please contact the CLINIC at the following email address: geral@clinicapaulocardozo.pt.
13.4. Should you request the deletion of some or all of your personal data, certain requested services may no longer be available to you. The CLINIC will retain only the personal data necessary to comply with its legal obligations.
14. When Do We Share Data with Third Parties?
14.1. The CLINIC may engage third parties to provide certain services, such as maintenance, technical support, marketing, billing, or payment management, and these parties may have access to some personal data, in particular that which is necessary for the contracted purposes.
14.2. The CLINIC ensures that entities with access to personal data are reliable and offer strong data protection guarantees, and that no data beyond what is necessary for the provision of the contracted service is ever transmitted to them. The CLINIC remains responsible for the personal data made available.
14.3. The CLINIC may also share your data with the following entities: companies within the business group to which it belongs and with which it has commercial partnerships; or other partners outside the business group (with your prior consent).
14.4. The CLINIC may also transmit data to third parties in the context of investigations, enquiries, and judicial and/or administrative proceedings, where duly ordered to do so by a court of law.
15. Third-Party Websites
15.1. The WEBSITE may contain links to other websites, which may collect and process your personal data. Such processing is the sole responsibility of the owners of those websites, and the CLINIC bears no responsibility for their policies and/or practices.
16. Data Transfers Outside the European Union
16.1. Should data transfers to third countries outside the European Union occur, the CLINIC will comply with the applicable legal rules, in particular those relating to the adequacy of the destination country's personal data protection framework, and will not transfer personal data to jurisdictions that do not offer adequate security and protection guarantees.
17. Minors
17.1. The WEBSITE is not directed at persons under the age of 16, and we therefore ask that they do not provide us with personal data via the WEBSITE, application, social media, or email.
18. Sensitive Personal Data
18.1. The CLINIC requests that you do not send or disclose to us any sensitive personal data, that is, information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, data concerning health, or data concerning sexual life or sexual orientation.
18.2. Should you nonetheless send or disclose such categories of personal data, they will be immediately deleted.
19. Changes to the Privacy Policy
19.1. The CLINIC reserves the right to adjust or amend this Privacy Policy at any time, and any such changes will be duly publicised.
20. Our Contact Details
Should you have any queries or questions relating to this Privacy Policy, please contact us in writing via email at: geral@clinicapaulocardozo.pt.
Last updated: 07/06/2023