Privacy Policy and
Personal Data Protection

Graceful Existence - Unipessoal Lda., Tax Identification Number (NIPC) 515943371, headquartered at Rua das Quintas, Nº 26, Santa Joana, 3810-557, owner of the healthcare establishmen

Under the RGPD, personal data is considered to be any information relating to an identified or identifiable natural person (the data subject). A natural person is deemed identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifiers (IP address, cookies), or to one or more factors specific to that natural person’s physical, physiological, genetic, mental, economic, cultural, or social identity.

The healthcare provider Andreia Brito – Physiotherapy and Mental Health Clinic collects different categories of data:

• Identification data, such as your name, gender, date of birth, tax identification number, social security number, healthcare user number, citizen card number and respective expiry date, or image;

• Communication data, including, for example, telephone number, email address, and home address (locality, postal code, country, district, municipality, parish);

• Private life data, such as profession and employment status, family doctor, spouse’s name, father’s name, mother’s name (for example, in the case of a minor), and information related to health insurance or healthcare subsystems;

• Data regarding third parties who are authorized to make decisions on your behalf or who must be contacted in case of emergency;

• Health information, including healthcare services you have received or will receive;

• Payment data.

• When you contact us;

• When you establish a relationship with us within the scope of the provision of a service

• When you post comments or images on our social media pages; or

• When, in any way, you send us personal information.

The collection of personal data is intended for the execution of contracts concluded with clients for the provision of healthcare services, prevention or preparation of diagnoses and/or provision of treatments, management of administrative services — namely for scheduling or rescheduling appointments and treatments, billing, accounting and auditing, marketing communications and other commercial communications, quality control, statistical studies, gaining a better understanding of clients’ preferences, as well as for contact purposes.

​

The legal bases for collecting your personal data are the law, pre-contractual and contractual relationships, payment management, customer support, compliance with legal obligations, the data subject’s consent, and legitimate interests.

​

We may also process your data, with your consent, for carrying out teleconsultations, publishing photographs or videos for the purpose of internal and external dissemination of our activity (for example, on social media), as well as for marketing purposes or sending newsletters.

Personal data related to your health will only be processed by professionals bound by confidentiality and only to the extent necessary.

We process and retain your personal data only for the period necessary to achieve the respective purposes, to respond to your needs and requests, or to comply with legal obligations, which may vary depending on the category of data.

​

We may also retain some of your personal data insofar as it is necessary to administer or enforce our rights, namely through judicial proceedings.

​

In cases where the client has provided consent for the processing of their personal data, we will retain such data in accordance with the consent given or until that consent is withdrawn

We may engage other companies to provide certain services, and we may also disclose information and data of data subjects to third-party entities such as accounting and IT companies, competent authorities, legal service providers, consultants, and others. We guarantee that, in such cases, these third parties will have limited access to the data subjects’ information, restricted solely to what is necessary for performing the contracted tasks, and that they are subject to the same confidentiality obligations.

​

Likewise, we may disclose your personal data when required by law, within the scope of judicial proceedings, or in the context of investigations into suspicious activities.

We have developed appropriate technical and organizational mechanisms and measures to maintain the confidentiality and privacy of your personal information, taking into account that the information collected includes sensitive data under the GDPR. These measures are designed to ensure an adequate level of security relative to the risk and to protect personal data against destruction, loss, alteration, unauthorized disclosure, or accidental or unlawful access.

​

To this end, we have implemented several measures, such as restricted access to clinical records (in physical or digital format), the use of strong passwords, and keeping antivirus software up to date. Furthermore, any employee of the healthcare provider Andreia Brito – Physiotherapy and Mental Health Clinic who has access to your personal data is bound by a duty of confidentiality and secrecy.

In accordance with the GDPR, Data Subjects may exercise, at any time, the right to be informed, as well as the rights to access, rectify, erase, and transfer their personal data, as well as to restrict and object to its processing, including the right to withdraw consent. To do so, they should contact us atandreiafpab@gmail.com.

​

Understanding your rights:

a) Right to information: You have the right to obtain clear, transparent, and understandable information about how we use your personal data.

b) Right of access: You may access your personal data that we process and retain. In such cases, we will provide you with information regarding the personal data subject to processing. However, please note that the right of access is not unlimited and must be articulated with data protection legislation (which may, therefore, be denied when, for example, access may jeopardize the rights and freedoms of third parties) and health law (for instance, in cases where it is unequivocally demonstrated that access to information could be harmful to the patient, the requested information may not be provided – therapeutic privilege). Access may be granted through a physician if you so request.

c) Right to rectification: You have the right to rectify your personal data, without undue delay, provided that you yourself supplied such data and they are incorrect, outdated, or incomplete.

d) Right to erasure / right to be forgotten: You may request that we erase your personal data. However, please note that this is not an absolute right, as we may have legal grounds (such as legally required retention periods) or legitimate interests to retain your personal data.

e) Right to object: You may object to the processing of your data for reasons related to your particular situation. This may apply to processing for scientific, statistical, or historical research purposes, unless processing is necessary for reasons of public interest.

f) Right to withdraw consent at any time: You may withdraw your consent to data processing when such processing is based on your consent. Please note that the withdrawal of consent does not affect the lawfulness of processing based on consent given prior to its withdrawal.

g) Right to data portability: You have the right to receive the personal data concerning you that you have provided to a controller, in a structured, commonly used, and machine-readable format, and the right to transmit those data to another controller.

h) Right to restriction of processing: You have the right to request restriction of processing of your data where you contest the accuracy of the data, if the processing is unlawful and you do not want your data erased but only restricted, if the data are no longer needed, or if you have exercised the right to object as described above.

The above rights, like any others, must be exercised reasonably and in good faith by the data subject.

• By using our services, you agree to our Privacy and Data Protection Policy.

• The Data Subject guarantees that the personal data communicated to us are true and accurate and undertakes to notify us of any change or modification thereof, assuming sole responsibility for any losses and damages caused by erroneous, inaccurate, or incomplete communication of their data.

• Please be aware that by providing personal information online, there is a risk that third parties may intercept and use such information. For your privacy, we therefore recommend that you do not include sensitive or confidential personal data through our website or in the emails you send us. If you do, any resulting data breach or damage will be your sole responsibility.

• We further inform you that it is the responsibility of users of our social networks to ensure that the devices and equipment used to access them are adequately protected against malicious software, computer viruses, and worms. We therefore suggest that you keep your browser, operating system, and antivirus software up to date.

• If you wish to contact us to obtain information about your rights or to raise any question about how we use your information, you should contact us at andreiafpab@gmail.com . However, if you remain dissatisfied, you may contact the Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados – CNPD), whose contact details can be found atwww.cnpd.pt.

We may implement changes or updates to this Privacy and Personal Data Protection Policy at any time, and therefore we encourage you to review this document regularly.