Privacy and Cookies Policy
X-CLINIC’S PRIVACY POLICY AND PROCESSING OF PERSONAL DATA
- Us and our commitment:
X-CINIC is a brand of N.R.D. – Nucleo de Radio-Diagnostico S.A., a company incorporated as a public limited company, which hereafter will be referred to as X-CLINIC, dedicated to providing services in the health sector.
Taking into account the proportionality and adequacy imposed by the capacity to allocate the resources and technical means at its disposal, X-CLINIC is committed to protecting its customers and employees, as well as users of the various media and platforms, whether physical or digital, especially paper files, digital files and websites in use or to be implemented, with regard to their privacy and the processing and circulation of their personal data.
We ask you to please read this Privacy Policy carefully, as providing your personal data, either in person or when accessing the aforementioned website, implies that you know and accept the conditions contained herein and their processing for the lawful and legitimate purposes provided for by law.
X-CLINIC expressly reserves the right to amend this Privacy Policy at any time, with the result being duly published by the same means.
- Our personal data collection devices and media in use:
We store, edit and manage the following personal data media
- IT system consisting of a set of software solutions supported by a set of hardware devices and other similar solutions, including email services and other external digital repositories and communication solutions.
- Paper files stored in cupboards and shelves in rooms with restricted access;
- Website – www.xclinic.pt
- Personal and material scope of this Privacy Policy:
This privacy policy binds X-CLINIC exclusively with regard to the personal data it collects, processes and circulates.
The same policy or similar will also be assumed, by means of contracts entered into with X-CLINIC, by the entities that process the same personal data on behalf of X-CLINIC.
The provision through this website of other links to other websites unrelated to X-CLINIC is done in good faith and in the interest of the user, and X-CLINIC cannot be held responsible in any way for the collection, processing and destination of data on these websites, nor for the reliability, accuracy, lawfulness and functionalities available there, and therefore this privacy policy does not apply to them.
X-CLINIC considers it obligatory and will assume for all intents and purposes, without the possibility of proof to the contrary, that you have read the privacy policies of all the websites you access.
- Concept of personal data:
Personal data means any information or record of any nature and regardless of its support or format, namely sound, image, writing, chirograph or characteristic, relating to an identified or identifiable natural person.
An identifiable person is one who can be directly or indirectly identified by reference to one or more specific pieces of personal data, taken alone or in combination, in particular their physical, physiological, psychological, economic, ethnic, cultural, geographical, social identity or their location.
- The entity responsible for processing personal data:
The entity responsible for the collection and processing of personal data is X-CLINIC, which, in the context of its relations with the holder of the personal data, establishes, always on a lawful and legitimate basis, which data are collected, the means of processing and the purposes of such collection and processing.
- Types of personal data collected and processed:
As part of its activity, X-CLINIC collects and processes the following:
- Personal data necessary for the provision and/or receipt of services to its customers and/or from its suppliers, processing in this context data such as name, tax identification number, address, telephone number and email address, among others that are strictly necessary, proportionate and lawful.
- Personal data necessary for the performance of the employment or service contract entered into with its employees, processing in this context data such as name, identification document number and other data, tax identification number, household composition, social security number, address, telephone numbers and email address, health data, access data, location data, among others that are strictly necessary, proportionate and lawful.
- Personal data necessary to comply with legal obligations, both towards public and private entities, processing data such as name, identification document number and other data, tax identification number, household composition, social security number, address(es), telephone numbers and email addresses, health data and other strictly necessary, proportionate and lawful data.
- Data necessary for the management of customers and suppliers, the contracting and management of the contractual relationship with customers and suppliers, the adequacy of the provision of services appropriate to the needs and interests of the Customer, including the sending of suggestions, information and marketing actions, publicizing campaigns, promotions, advertising and news about services and/or products, carrying out market research and/or satisfaction surveys, the management of complaints, treating in this context, address(es), telephone numbers and e-mail addresses, among others that are strictly necessary, proportionate and lawful.
- All personal data necessary for the exercise of X-CLINIC’s rights within the scope of the relationships referred to in the previous items, and in the pursuit of its activity and legitimate interest, in particular, accounting, tax and administrative management, litigation management, judicial evidence, fraud detection, revenue protection and auditing, network and systems management, control of information security and physical security, and security of facilities.
Notwithstanding compliance with legal rules or legitimate orders from competent authorities regarding the storage and transmission of data, X-CLINIC only processes personal data necessary for its activity, to the fair and strict extent required by the nature of the contractual or other relationship established with the data subject, or their prior, legitimate, lawful and informed consent, if any.
- When and how personal data is collected:
X-CLINIC collects personal data in person, in writing and by telephone.
As a rule, personal data is collected when the relationship or collaboration, contractual or otherwise, necessary for the pursuit of X-CLINIC’s activity, between X-CLINIC and the data subject begins.
Our website can collect spontaneous applications, membership requests, appointment requests, contact forms and consult clinical results, where users are directed to a website of the laboratory where the studies were carried out.
It is also possible, through a login previously created in person at X-CLINIC’s premises, to access them.
Requests and forms will be sent directly to our email server via an encrypted connection and will only be available to the person responsible within each department.
Whenever necessary, the information will be made available for evaluation and processing by a person responsible for each specific department.
Some personal data is compulsory and necessary for the normal and legal start of the relationship or collaboration, and if this data is missing or insufficient, the relationship or collaboration will not start or continue, in which case X-CLINIC will inform the data subject of this compulsory and necessary nature.
Apart from data of this nature, data on any public list and data that may be used in the legitimate interest of X-CLINIC, your data will only be collected and processed if and for the purposes to which you have previously consented, in a free, informed, specific and unequivocal manner, by means of a written or oral declaration or by validating an option, namely for communications arising from the provision of the service, in which case the other rules of this privacy policy will apply.
If you wish to stop receiving these communications, you can object at any time.
The data collected will be processed documentarily, either on paper or digitally, in strict compliance with the legislation governing the protection of personal data, being stored and contained in paper files and/or a specific database, created and managed for this purpose and with restricted and exclusive access to X-CLINIC employees who necessarily have to process them in the pursuit of its activity.
Under no circumstances will the data collected be used for any purpose other than that for which consent was given by the data subject, if this is necessary, or for the lawful and legitimate purpose for which it was collected.
- Purposes for collecting and processing personal data:
In general, the personal data collected is for the purpose of managing clients, suppliers and employees, contracting and managing the contractual relationship with clients, suppliers and employees, receiving and/or providing the contracted services/supplies, adapting the provision of services/supplies to the needs and interests of the Client, communications arising from the provision of the service, carrying out market research and/or satisfaction surveys, complaints management, accounting, tax and administrative management, litigation management, judicial evidence, fraud detection, revenue protection and auditing, network and systems management, control of information security and physical security, security of premises, compliance with legal obligations and for other purposes for which X-CLINIC has a legitimate interest under the law.
When the data is collected, or when you request it, you will be informed in more detail about how we process your data.
- Storage periods for your personal data:
Where there is a specific legal requirement to retain data for a minimum period of time, this will be observed by X-CLINIC.
X-CLINIC will keep your personal data stored for the minimum period of time strictly necessary for the purpose for which the information is collected and processed, after which it will be deleted.
- Right of access, rectification, opposition, erasure, limitation and portability of your personal data:
X-CLINIC guarantees data subjects the right to access, rectify, oppose, erase, restrict and port their personal data.
These rights can be exercised by calling 217 22 15 70/71 (national landline), or by sending a written communication to the postal address Avenida Columbano Bordalo Pinheiro, nº 11-B, r/c 1070 – 060 Lisboa or the e-mail address x-clinic@xclinic.pt.
If you consider it appropriate, you can file a complaint with the National Data Protection Commission – Av.
D. Carlos I, 134 – 1.º, 1200-651 Lisboa – Tel: +351 213 928 400 – Fax: +351 213 976 832 – e-mail: geral@cnpd.pt
- Measures we take to ensure the security of your personal data:
X-CLINIC observes the best practices, for which it adopts the technical and organizational measures appropriate to the risk, in the field of security and protection of personal data, having for this purpose approved and implemented a demanding plan of compliance with the objectives, the Law and the interest of the holders of personal data, capable of safeguarding the protection of the data made available to us by all those who in some way relate to us, in order to protect them against their dissemination, loss, misuse, alteration, unauthorized processing or access, as well as against any other form of illicit processing.
Thus, the digital or paper personal data collection form(s), whether filled in at X-CLINIC’s physical premises or on the website(s) (which require encrypted browser sessions) or with one of X-CLINIC’s employees, are stored securely in our physical repositories and digital systems.
All the personal data that you provide us with about yourself is stored in a datacenter owned by X-CLINIC or its subcontractor, covered by all the advanced physical and logistical security measures that we believe are essential for the protection of your personal data.
Despite these security measures, we would like to warn everyone who surfs the Internet that they should adopt additional security measures, such as ensuring that they use a PC and a browser that are up-to-date in terms of security patches, properly configured, with an active firewall, antivirus and anti-spyware, and making sure that the sites they visit are authentic, avoiding websites whose reputation they do not trust.
Whenever, in the legitimate and lawful pursuit of X-CLINIC’s business objectives, X-CLINIC adopts measures to monitor its employees, particularly with regard to access control, working hours, tasks and productivity, movement and transportation, not only will those concerned have prior knowledge of the respective implementation – and, whenever legally necessary and lawful, their consent will be requested – but the tools used for this purpose will ensure the same level of security for the personal data they collect and process.
This compliance and security plan includes the existence of a designated Personal Data Protection Officer who is responsible, among other things, for verifying this Privacy Policy, keeping the rules for processing personal data clear and communicating with the supervisory authorities, guaranteeing that all those who entrust X-CLINIC with the processing of their personal data are effectively aware of how it processes them and what rights they have in this regard.
- The designated personal data protection officer:
X-CLINIC has appointed a data protection officer who can be contacted directly by letter sent to the postal address Av.
Columbano Bordalo Pinheiro Nº 11 Rc, A/B 1070-060 Lisboa or by email to x-clinic@xclinic.pt.
- Communication of data to other entities, subcontractors or third parties:
X-CLINIC may use subcontractors to collect and process data for the same purposes, obtaining from these entities, by contract, a guarantee of reputation and an obligation to develop the appropriate technical and organizational measures to protect the data and ensure the defence of the rights of the data subjects.
In certain circumstances determined by law, certain personal data may have to be communicated to public authorities, such as tax authorities, courts and security forces.
In this way, any of these subcontractors will process the personal data of our Customers, in the name and on behalf of X-CLINIC, under the obligation to adopt the technical and organizational measures appropriate to the risk in order to protect personal data against accidental or unlawful destruction, accidental loss, alteration, dissemination or unauthorized access and against any other form of unlawful processing.
- Transfer of personal data:
The pursuit of X-CLINIC’s activity may involve the transfer of your data outside of Portugal.
In this event, X-CLINIC will strictly comply with the applicable legal provisions, in particular as regards determining the reliability and suitability of the destination country with regard to the protection of personal data and the requirements applicable to such transfers.
- Cookies:
“Cookies” are small software tags that are stored on your computer via your browser. As a rule, they only retain information related to your preferences and therefore do not include personal data that is processed by X-CLINIC.
Whenever this is not the case, the user will always be asked for consent to provide them, in accordance with the law.
- Disclaimer:
X-CLINIC is the brand under which N.R.D. – Nucleo de Radio-Diagnostico S.A. operates, which owns the brand and respective logos mentioned on this website.
Other names may be mentioned on this website, being trademarks, registered or not, of third parties, and their property, which are referred to for information and identification purposes only.
The information contained on this website is authored and provided by X-CLINIC, and its contents may be altered without prior notice.
Accordingly, any appropriation or attempted appropriation of any content or information on this website, for whatever purpose, is expressly prohibited.
X-CLINIC may take legal action in the event of any of the situations described above.
- Responsibility Policy:
The purpose of this website is to provide general information about X-CLINIC and its activity.
No content on this website may be considered as a means to establish professional relationships, to provide services, or to sell products of any kind.
Users of this website should not use or disclose the information contained therein without first consulting an X-CLINIC professional.
X-CLINIC is not liable to any users of this website for any damages arising from the use or disclosure of the information contained therein.
This website may contain links to other websites.
These links are provided for the convenience of users only.
X-CLINIC is not responsible for the content of any websites linked to from this website.
- Acceptance of the Terms and Conditions of Use
Access to and use of the X-CLINIC website is subject to these Terms and Conditions of Use.
Any use of the site or the services included in it implies full acceptance of the Terms and Conditions of Use in force at that time.