Book an Appointment

Privacy Policy

INTRODUCTION

As part of its activity, CETI – Centro de Estudo e Tratamento da Infertilidade, hereinafter referred to as “CETI”, collects personal data related to its Clients only in person, ensuring that its processing is carried out in accordance with the privacy protection rules emerging from Regulation (EU) 2016/679 (GDPR) and other applicable national legislation, as well as in accordance with the confidentiality duties to which CETI is subject.

The data collected corresponds to data provided by the Customers themselves, or Potential Customers, by filling out forms.

RESPONSIBLE FOR DATA PROCESSING

​The entity responsible for processing is CETI, as it is responsible for determining the purposes and means of processing its Customers’ personal data.

TYPE OF DATA PROCESSED BY CETI

Information about your health; including: reason for the consultation/act, personal history (childhood illnesses, immunizations, habits, gynecological history, allergies, medication, active diseases, inactive diseases), family history (most frequent situations – diabetes, HTA, TP, cancer, alive/deceased, cause of death), clinical examination, diagnoses, additional tests, referral, alerts (diabetes, hypertension, etc.), blood group; prescribed medications, identification of the prescriber, code of the prescription place and prescription data and special reimbursement scheme; act and signature of the episode performed, start and end date of the episode, episode status, health professional who performed the episode, number of episodes, type of episode, indication of whether there are results of the episode and identifier of these results. Genetic data, racial or ethnic origin and data relating to sexual life and sexual orientation.

In order to provide its services, CETI will necessarily have to collect data relating to your health and, in certain cases, genetic data, data relating to your racial or ethnic origin and data relating to your sex life or sexual orientation. As this is a “special category of data”, CETI will observe the most stringent protection requirements set out in the GDPR regarding the processing of such data, both in relation to the appropriate lawful grounds for their processing and in relation to the implementation of appropriate technical and organisational measures to ensure the protection of such data, minimizing its processing, restricting access to such data and ensuring its security.

PURPOSES OF PROCESSING

CETI uses your data mentioned above to schedule appointments, schedule examinations, medical diagnosis, to provide health care and auditing. The data collected will be based on the need for processing for the purposes of preventive medicine, medical diagnosis, provision of health care or treatments.

Data relating to your health will only be processed by or under the responsibility of professionals bound to confidentiality, to the strict extent necessary to provide health care, and may be communicated to your family members only in circumstances expressly provided for in the Law in force.

DATA SHARING

CETI uses other entities to provide certain services. This provision of services may occasionally involve access by these entities to the personal data of its Clients.

CETI ensures that such subcontractors offer sufficient guarantees for the implementation of appropriate technical and organizational measures so that the processing meets the requirements of applicable law and ensures the security and protection of the rights of data subjects, under the terms of the subcontracting agreement concluded with said subcontractors.

CETI may also transmit personal data of its Customers to third parties, when such data communications are necessary or appropriate (i) in light of applicable law, (ii) in compliance with legal obligations/court orders, (iii) to respond to requests from public or governmental authorities.

CETI may transmit your personal data to the Health Regulatory Authority, the National Council for Medically Assisted Procreation (CNPMA), ACSS, the Shared Services of the Ministry of Health (SPMS), INFARMED or Regional Health Administrations, Courts, Solicitors, criminal police bodies or the Public Prosecutor’s Office when notified to do so or when necessary to comply with legal obligations, as legally provided for.

RIGHTS OF PERSONAL DATA SUBJECTS

Under applicable law, Customers, holders of personal data, have the following rights:

(a) Right to Information, which consists of the right of Customers to be informed by CETI, among other aspects, about the purpose of data processing, to whom they may be communicated, what rights they have and under what conditions they may exercise them, as well as what data they must provide;

(b) Right of Access, which consists of the right of Customers to access their personal data that they have provided, without restrictions, without delays or excessive costs, as well as to know any available information about the origin of such data;

(c) Right to Rectification, which consists of the right of Customers to demand that their data is accurate and up to date, and may request its rectification from CETI;

(d) Right to Erasure (or “to be forgotten”), which consists of the right of Customers to demand the erasure of their personal data from CETI’s records when they are no longer used for the purposes for which they were collected, without prejudice, however, to the retention periods imposed by law;

(e) Right to Object, which consists of the right of Customers to object, at their request and free of charge, to the processing of their personal data;

(f) Right to Portability, which consists of the right of Customers to receive the personal data they have provided to CETI, in a structured, commonly used and machine-readable format, and to transmit this data to another data controller.

(g) Right to Restriction of Processing, which consists of the right that Customers have to, in certain circumstances, request that CETI restrict the processing of their data, namely (i) when they contest the accuracy of their personal data, for a period that allows CETI to verify its accuracy; (ii) if the processing is unlawful and the Customer opposes the erasure of the data, requesting, instead, the limitation of its use; or (iii) when CETI no longer needs the Customer’s personal data for processing purposes, but such data is required by the Customer for the purposes of declaring, exercising or defending a right in legal proceedings;

(h) Right to complain to the CNPD, which consists of the right to submit, without prejudice to any other administrative or judicial remedy, a complaint to a supervisory authority, in particular in the Member State of his/her habitual residence, place of work or place where the infringement was allegedly committed, if the data subject considers that the processing of personal data concerning him/her infringes the GDPR and other applicable national legislation. In Portugal, the supervisory authority is the National Data Protection Commission.

To exercise any of their rights, including to access their data or request its rectification, deletion or oppose its processing under the terms of the law, Customers must, by letter, contact CETI: Avenida da Boavista, nº 2300, 3º, 4100 -118 Porto.

DATA STORAGE PERIOD

Your data will be kept by CETI in strict compliance with applicable legislation, and will be stored in specific databases created for this purpose. Such data will be kept in a format that allows the identification of data subjects only for the period necessary for the purposes for which they are processed. The period of time during which the data is stored and kept varies according to the purpose for which the information is used. There are, however, legal requirements that require data to be kept for a certain period of time. To this extent, data relating to your health will be kept in accordance with the legislation applicable to the archiving of hospital documentation.

DATA PROTECTION OFFICER

To obtain any clarification related to this Privacy and Cookies Policy, the Customer/User may contact CETI’s Data Protection Officer by email to the address rgpd@ceti.pt or by letter sent to CETI: Avenida da Boavista, nº 2300, 3º, 4100 -118 Porto.

Customers may also, if they wish, submit complaints or requests for information to the National Data Protection Commission, which is the national supervisory authority for the purposes of the General Data Protection Regulation and applicable national law.

SECURITY MEASURES

CETI undertakes to adopt appropriate technical and organizational measures to protect the data for which it is responsible for processing against accidental or unlawful interference that leads to unauthorized destruction, alteration, disclosure or access, as well as any other form of unlawful processing.

To this end, CETI has a set of security technologies and procedures to protect users’ personal data against unauthorized access, use or disclosure, such as the storage of personal data collected in computer systems with limited access and located in controlled facilities.

CHANGES TO THE PRIVACY POLICY

CETI reserves the right to, at any time, make adjustments or changes to this Privacy Policy, with such changes being duly publicized by CETI.