Benfica Clinic Privacy Policy

Within the scope of its activity, the Benfica Clinic needs to collect and process the personal data of its users within the scope of providing services. In fact, in the context of providing health care or treatment, including preventive medicine, medical diagnosis, and health service management, the processing of users' personal data is indispensable.

This Privacy Policy aims to help the people we process data from, namely the users ("Data Subjects) to understand what personal data we collect, how and why we use it, to whom we disclose it and how we protect your privacy when using our services.

In this sense, the Benfica Clinic adopts the conducts and implements the necessary mechanisms to ensure strict compliance with the legislation on the protection of personal data that is in force at all times, namely, Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR") and Law No. 58/2019, of August 8, which ensures the implementation, in the national legal system, of the GDPR (together "Data Protection Regime").

The filling out of our forms and the provision of data directly or indirectly imply knowledge and acceptance of the conditions of this Privacy Policy, and any other specific terms, policies, and conditions relating to the services provided.

Personal data is any information of any nature and regardless of its support, including sound and image, relating to an identified or identifiable individual ("data subject"). A person is considered identifiable if he/she can be identified directly or indirectly, namely by reference to an identification number or more specific elements of his/her physical, physiological, psychic, economic, cultural, or social identity.

Personal data may be of a more sensitive nature in certain situations, classifying them in the GDPR as "special categories of data". These may relate to the racial or ethnic origin of their holder, their political opinions, religious or philosophical beliefs, genetic information, biometric identifiers, sex life, sexual orientation, or their health.

"Health-related data" is personal data related to the physical or mental health of a natural person, including the provision of health services, that reveal information about his/her past, present, or future health status. This includes, for example, (i) any particular number, symbol, or sign assigned to a natural person to uniquely identify him or her for health care purposes; information obtained from testing or examinations of a body part or a body substance, including from genetic data and biological samples; (ii) any information about, for example, an illness, disability, risk of disease, medical history, clinical treatment, or physiological or biomedical status of the data subject, regardless of its source, for example, a doctor or other health care professional, a hospital, a medical device or an in vitro diagnostic test.

The Benfica Clinic collects and processes personal data necessary for the provision of integrated health care, including for the management of the systems and services of the Benfica Clinic, whether they are collected directly at the Benfica Clinic, at any other Benfica Group facilities by employees of the Benfica Clinic or the Benfica Group who provide services to the Benfica Clinic, or at the facilities of Benfica Clinic partners with whom we have established protocols for this purpose.

The Benfica Clinic is especially concerned with the protection of the rights of minors, and therefore the collection of personal data from minors under the age of 18 is subject to the consent of the respective parental responsibility holders.

Categories of personal data we handle

Special categories of personal data
When providing our services, we will necessarily have to collect data relating to your health and, in some cases, genetic data, data related to your racial or ethnic origin, and data related to your sexual life or sexual orientation. Such information is considered, under the terms of the GDPR, as "special categories of data", and therefore the Benfica Clinic will comply with the most demanding protection requirements laid down in the GDPR concerning the processing of such data, both concerning the appropriate grounds of lawfulness for their processing, and concerning the implementation of appropriate technical and organizational measures to minimize their processing, restrict access to such data and ensure their safety.

There are, however, increased requirements for the processing of special categories of personal data, so that particularly sensitive data may be processed only in certain cases, in particular where the data subject has given their explicit consent, where the processing is necessary in order to defend the vital interests of a data subject incapable of giving their consent, to declare, exercise, or defend a right in judicial proceedings, or when processing is necessary for preventive medicine, medical diagnosis, the provision of health care or treatment, or the management of health systems and services.

Purposes of collecting your personal data
The Benfica Clinic processes this data in accordance with the applicable legislation, for several purposes, including:

The personal data collected are processed in strict compliance with the applicable legislation and stored in a specific database created for this purpose. Such data shall be kept in a format that allows identification of the data subjects only for the period necessary for the purposes for which they are processed.

The period for which data are stored and retained varies according to the purpose for which the information is used. There are, however, legal requirements that require data to be retained for a certain period. Thus, and whenever there is no specific legal requirement, the data will be stored and maintained only for the period necessary for the purposes for which they were collected, as identified above.

Under the terms of the applicable legislation, the data subject may request at any time the following rights:

• Right of access - Benfica Clinic ensures the existence of means allowing the data subject to have access to the personal data that the entity holds on the data subject.


• Right to rectification - Benfica Clinic ensures the existence of means that allow the data subject to rectify their personal data, if they are incorrect/inexact, or complete them if they are incomplete.


• Right to erasure "right to be forgotten": - Benfica Clinic ensures the existence of means that allow the data subject to request the erasure of their personal data when any of the following circumstances occur:
  
  • When the data is no longer necessary for the purposes for which they were collected or otherwise processed;
  • When the data subject withdraws his consent to the processing of his data and there is no other legal basis for the processing;
  • When the data subject exercises his right to object and no other legitimate grounds are prevailing for processing;
  • When personal data has been unlawfully processed;
  • When the data must be deleted to comply with a legal obligation applicable to the entity as a controller; or
  • When the data has been obtained in the context of the direct offer of information society services to minors.


• Right to object - The Benfica Clinic ensures the existence of means that allow the data subject to object specific personal data processing for specific purposes listed below, without prejudice to directives or laws in force:
  • Performance of public interest tasks for the pursuit of a legitimate interest of the controller or a third party;
  • Guarantee that the purpose of the processing is compatible with the purpose for which the data was initially collected, including the definition of profiles;
  • Sending marketing communications or processing for targeted advertising, based on the legitimate interests of the Benfica Clinic.


• Right to restriction of processing - The Benfica Clinic ensures the existence of means that allow the data subject to request the restriction of the processing of their personal data.


• Right to data portability - A The Benfica Clinic ensures the existence of means that allow the data subject to request that a copy of their personal data be sent to another controller. This data is transmitted in a digital and structured format.

Data subjects may exercise their rights by writing to Benfica Clinic at infoclinica@slbenfica.pt or to the following address:
Clínica do Benfica
Avenida Eusébio da Silva Ferreira
1500-313, Lisboa

In accordance with the applicable legislation, you are also guaranteed the right to withdraw your consent to the processing of data for which your consent is the basis for the legitimacy of the processing. To this end, you have the right to withdraw your consent at any time, which shall not, however, invalidate the processing carried out until that date based on the consent previously given.

Additionally, you may also submit a complaint to the Benfica Group Data Protection Officer to the following e-mail address dpo@slbenfica.pt.

Without prejudice to any other means of administrative or judicial appeal, the data subject has the right to submit a complaint to the national supervisory authority ("CNPD") or any other competent supervisory authority under the terms of the law, if he/she considers that his/her data is not being processed legitimately by the Benfica Clinic, under the terms of the applicable legislation and this Policy.

The Benfica Clinic implements a set of procedural and technological measures to ensure the safety of the processing of personal data carried out by the Benfica Clinic or by companies hired by it. Procedures and security controls are defined at both physical and digital levels, to ensure data integrity and access control and that only authorized users have access to the data. The Benfica Clinic adopts measures to safeguard the security of personal data, including protection against illegitimate access, appropriation, tampering and/or unauthorized disclosure, improper disposal and dissemination of malicious software (computer viruses), adopting the appropriate technical and organizational measures for this purpose. The Benfica Clinic uses protection measures such as encryption with SSL (Secure Sockets Layer) for the transmission of information by the Client to safeguard privacy and security in the transmission and storage of personal data.

Any communication or message sent by the Client by e-mail, the transmission of files and files, inclusion of data, or any other form of unsolicited communication and, provided it does not contain instructions to the contrary, shall be considered non-confidential and free of any restrictions of use.

The Benfica Clinic uses other entities to provide certain services or to develop partnerships to provide the best possible service to data subjects. Eventually, such service provision or established partnership may imply access by these entities to the personal data of data subjects. This will be the case of entities that provide computer systems support services, certain suppliers of medical equipment, providers of clinical services in certain services, consulting firms and law firms, and third parties that manage the physical archive of the Benfica Clinic, partner hospitals and clinics, pharmacies, among others.

Any processor of the Benfica Clinic will process the personal data of the data subjects on behalf of the Benfica Clinic, under the strict obligation of following our instructions. The Benfica Clinic shall ensure that such processor provides enough guarantees that appropriate technical and organizational measures are taken so that the processing complies with the requirements of the applicable legislation and ensures the safety and protection of the rights of the data subjects, under the data processing agreement executed with the processors.

The Benfica Clinic may also communicate personal data to third parties, such as Insurance Companies when it deems such communications necessary or appropriate (i) considering the applicable legislation, (ii) in compliance with legal/regulatory obligations/judicial orders, (iii) to answer requests from public or governmental authorities, as well as (iv) in the scope of partnerships it has established.

In any of the situations mentioned above, the Benfica Clinic undertakes to take all reasonable measures to ensure the actual protection of the personal data it handles.

The Benfica Clinic undertakes to ensure the security and integrity of data in the cross-border transfers (outside the European Economic Area) and to inform the data subjects of this transfer whenever it occurs. Additionally, the Benfica Clinic is responsible for implementing the necessary mechanisms to obtain the legal basis to execute any cross-border transfer, whenever applicable (for example, the celebration of the Standard Contractual Clauses approved by the European Commission).

You may contact the Benfica Clinic for further information on the processing of your personal data, as well as any questions related to the exercise of your rights under the applicable legislation and those referred to in this Privacy Policy, through the following contacts:

Phone: 217 107 066

E-mail: infoclinica@slbenfica.pt

Address:
Estádio do Sport Lisboa e Benfica
Av. Eusébio da Silva Ferreira – Porta 18
1500-313 Lisboa

The Benfica Clinic reserves the right, at any time, to make changes or updates to this Privacy Policy. We suggest that you check this Privacy Policy regularly to be aware of any changes.