Data Protection Policy
1. Who is responsible for the processing of your data?
The person responsible for data processing relating to the management of the patient web portal and the APP is Identisoft Lda., with registered office at Rua das Leiras, Lote 25 4705-002 Braga.
For the purposes of our data protection policy, the contact telephone number is 253 414 330. Our entity has appointed a Data Protection Officer, who can be contacted by email geral@identisoft.pt.
Likewise, we inform you that, in the processing of data for the management of the patient's web portal and the APP, there are no entities Co-Responsible for the Treatment.
2. What type of data do we have about you and how did we obtain it?
The categories of personal data that Identisoft Lda. processes about its patients are:
- Identification data;
- Postal or electronic addresses;
- Image.
Likewise, we inform you that, due to the characteristics of the processing of data about our patients, we process the following data in special categories: Data related to health (medical records).
We have obtained all the data mentioned above directly from you through the presentation of a commercial offer, contractual proposal, etc. by providing us with identification data and other information necessary to carry out the purpose of the contractual relationship between the parties. It will be your obligation to provide us with updated data in case of modification.
3. How long will we keep your data?
Personal data relating to patients that Identisoft Lda. collects through the different contact and/or information collection forms will be kept as long as its deletion is not requested by the interested party. The data provided by our patients will be kept as long as the commercial relationship between the parties is maintained, respecting in any case the minimum legal retention periods.
In any case Identisoft Lda. will keep your personal data for the period of time that is reasonably necessary taking into account our needs to respond to questions that arise or resolve problems, make improvements, activate new services and comply with the requirements that required by applicable legislation.
4. For what purpose and on what basis of legitimacy do we process your data?
The personal data provided, including health data, will be processed for the purpose of offering you the health service provided by our entity (performing diagnostic imaging tests), requested by you or, where applicable, the Mutual Fund, Hospital, Health Center and/or Health Professional from which you come, being able to have the results through the patient's website or App with prior authorization.
The legal basis for the processing of your data is based on compliance with the contractual obligations derived from the request for healthcare made by you or by the entity from which you are derived and on compliance with the obligations. imposed by Law 41/2002 of November 14, on patient autonomy and rights and obligations regarding clinical information and documentation. The personal data provided will be kept for a minimum period of 5 years, pursuant to art. 27 of the aforementioned Law 41/2002, after which said data will be canceled.
For access to the patient's website and/or our App, the basis of legitimacy will be their express consent.
We are not going to create commercial profiles based on the information provided and consequently we will not make automated decisions about you based on a commercial profile.
5. To which recipients will your data be communicated?
Identisoft Lda. will never share your personal data with any third party company that intends to use it in its direct marketing actions, except in the event that you have expressly authorized us to do so.
We inform you that we can provide your personal data to Public Administration bodies and competent Authorities in those cases that Identisoft Lda. receives a legal request from said Authorities or in cases that, acting in good faith, we consider that such action is reasonably necessary to comply with a judicial process; to respond to any claim or legal demand; or to protect the rights of Identisoft Lda. or its clients and the general public.
Personal data, including health data, will be transferred, where appropriate, to the Mutual Fund, Hospital, Health Center, Red Cross or health professional who, where appropriate, has made the request for health assistance for the continuity of said healthcare and the charging for our services under the collaboration agreements established between said entities and our Center.
The data strictly necessary for the billing of the health service provided under the collaboration agreements established with said companies will also be communicated to the insurance entity from which, where appropriate, it is derived. Regarding the communication of the results of the tests carried out to said insurance companies, they will only be carried out in those cases in which there is legal authorization to do so or with the express consent of the patient.
Identisoft Lda. may provide your personal data to third parties (e.g. Internet service providers that help us manage our website or carry out the contracted services, computer support and maintenance companies, logistics companies, agencies). and tax and accounting advice, etc.). In any case, these third parties must maintain, at all times, the same levels of security as Identisoft Lda. in relation to your personal data and, when necessary, they will be bound by legal commitments in order to keep your personal data private. and secure, and in order to only use the information following specific instructions from Identisoft Lda..
We inform you that our entity does not carry out international transfers of data regarding patient management.
6. What are your rights as affected or interested?
Any person has the right to obtain confirmation as to whether Identisoft Lda. is processing personal data that concerns them or not.
Specifically, interested parties can request the right of access to their personal data, as well as receiving it in a common format and machine reading if the processing is carried out by electronic means (right of portability).
Likewise, interested parties may request the right to rectify inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
Complementarily, in certain circumstances, interested parties may request the limitation of the processing of their data, or in certain circumstances and for reasons related to their particular situation, interested parties may exercise their right to oppose the processing of their data. Identisoft Lda. will stop processing the data, except for compelling legitimate reasons, or the exercise or defense of possible claims or in those exceptions established in the applicable regulations.
Likewise, we inform you that you have the right to withdraw your consents at any time, without affecting the legality of the treatment based on the consent prior to its withdrawal.
The User is also informed that at any time they can exercise the aforementioned rights by writing to us using the contact information that appears in Section 1, 'Controller' of this Data Protection and Privacy policy. from Identisoft Lda. In any case, the entity reserves the right to request a supporting document from the applicant in order to verify their identity and only in those cases where said verification cannot be carried out by other means.
You will also have the right to file a claim with the CNPD, especially when you have not obtained satisfaction in the exercise of your rights.
National Data Protection Commission
Av. D. Carlos I, 134, 1º - 1200-651 Lisbon
Tel.: (+351) 213 928 400
Email: geral@cnpd.pt
7. Data protection of website users.
In accordance with the current Regulation (EU) 2016/679, Identisoft Lda. informs that the personal data of the Users of the website (such as the data provided to us through the completed forms and the metadata associated with said forms: date, time of sending, IP of sending, etc.) will be processed for the processing activity indicated in each data collection form on our website by Identisoft Lda.. Said processing of your data will be protected by your own consent. By pressing the “SEND” button, the User consents to the processing of their data by Identisoft Lda..
Likewise, we inform you that, except for legal obligation or express consent on your part, Identisoft Lda. will not transfer your data to third parties.
Likewise, the User is informed that at any time they can exercise the rights of access, rectification or deletion of data, as well as having other rights recognized in this document and regulated in Regulation (EU) 2016/679, by contacting in writing to us using the contact details that appear in Section 1, 'Data Controller'.
On the other hand, in accordance with the provisions of Law 34/2002, of July 11, on Information Society Services and Electronic Commerce, Identisoft Lda. undertakes not to send advertising via email without having first obtained the express authorization of the recipient. The User may object to the sending of advertising by checking the corresponding box.
8. Other information of interest about our privacy policy
8.1 Security Measures: Identisoft Lda. adopts the security levels required by current European and Spanish regulations on data protection, taking into account the state of the art, application costs and nature, scope, context and purposes of the processing described, as well as the risks of varying probability and severity for your rights and freedoms as an individual.
8.2 Processing of minors' data: Under EU Regulation 2016/679 and LOPDGDD 3/2018, minors over 14 years of age can give their consent to contracting data services. the information society, such as registering in a forum, completing a contact form, etc. However, it will be the responsibility of Identisoft Lda. to verify the veracity of the age indicated by the minor. For the processing of data of minors under 14 years of age, said data collection will always be carried out with the express consent of the parents or legal guardians.
8.3 Modifications to our Data Protection and Privacy Policy: Occasionally, Identisoft Lda. may make modifications and corrections to this section of the Data Protection Policy. Please check this section regularly to see any changes that may have occurred and how they may affect you.
8.4 Why is it necessary to accept this Data Protection and Privacy Policy? This section provides you in an easily accessible way with all the necessary information so that you can know the type of data that Identisoft Lda. maintains about its patients, the purposes pursued, the rights that data protection regulations recognize for you as an affected person. and how to exercise said rights. Therefore, with the deliberate sending of your personal data through our means of contact and/or with the beginning of the commercial relationship with our company, we consider that you recognize and accept the processing of your personal data as described in this policy. This personal information will only be used for the purposes for which you have provided it to us or certain national or regional regulations enable us to do so. In any case, we must warn you that a refusal on your part to provide us with certain requested data could hinder the development of the contractual relationship between the parties with possible serious consequences when providing the various services contemplated within the commercial contract entered into with the contracting party. If you have any questions in relation to this section of the Data Protection Policy for patients of Identisoft Lda., please contact the company using the address provided in Section 1, 'Data Controller' and we will be happy to assist you. assist you and respond to any additional questions you may want to ask us.
9. Applicable legislation
This Data Protection Policy will be governed at all times by the provisions of Spanish and European legislation on the protection of personal data and privacy.
