PRIVACY AND DATA PROTECTION POLICY

1. INTRODUCTION

The Future Healthcare Group was established in 2003 and is a private company held by Portuguese capital, with its registered office in Avenida Marechal Craveiro Lopes nº 6 in Lisbon, with the mission of providing its clients with the best conditions for health, life and well-being.
This group includes Future Healthcare SA and UnlimitedCare SA (owner of the TouristCare trademark), hereinafter called Grupo FH.

This Privacy Policy is applicable to all of Grupo FH.

This document aims to formulate a data protection policy which sets out and communicates the principles for the protection and processing of personal data, and respects and complies with Regulation (EU) 2016/679 of the European Parliament and Council of 27th April 2016, General Data Protection Regulation..

Grupo FH has access to two types of data: personal data and health data.

Personal Data can be defined as information about a natural person who is directly or indirectly identified or identifiable, particularly through an identifier, such as a name, identification number, location data, electronic identifiers or one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person..

Health Data is personal data related to the physical or mental health of a natural person including the provision of health services, which shows information about their state of health..

2. DATA PROTECTION OFFICER

For data protection there is a Data Protection Officer (DPO) who should be contacted whenever necessary at one of the following addresses:
Este endereço de email está protegido contra piratas. Necessita ativar o JavaScript para o visualizar.
Avenida Marechal Craveiro Lopes nº6 – Campo Grande 1700-284 Lisboa

The DPO has various responsibilities, including to:

  • Inform and advise the data controller, data processors and all company employees who process personal data;
  • Check whether the General Data Protection Regulation and this Policy are being applied;
  • Co-operate with the supervisory authority.

The DPO always bears in mind the nature, scope and purpose of the operations to be carried out with the data collected by Grupo FH.

3. DATA COLLECTION

The data collected by Grupo FH is appropriate to its activities, and is pertinent and limited. It may be collected personally, by telephone, email or in writing, but always with the consent of the data subject.
Definition of consent: freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she (or his or her legal representative) accepts the processing of personal data relating to him or her with a statement or with a clear affirmative action..

For the management of the client’s data, the personal data collected is only transmitted to the entities in charge of providing the services in the contract, for the single and exclusive purpose of fully executing and implementing the services contracted by the data subject.

4. DATA PROCESSING

Data is processed in a lawful, fair, transparent and secure way and may only take place in one or more of the following situations:

  • The data subject consents to the processing of their data for the purposes for which it is intended, and may withdraw the data at any time as easily as it was given originally;
  • The processing is necessary for the implementation of a contract in which the data subject is a party;
  • The processing is necessary for compliance with a legal obligation;
  • The processing is necessary to defend the vital interests of the data subject or another natural person;
  • The processing is necessary for the exercise of a public function;
  • The processing is necessary for the legitimate interests pursued by the data controller.

In view of the fact that Grupo FH processes special categories of personal data – related to health – processing only takes place in the following cases:

  • If there is explicit consent for one or more specific purpose, and consent may be withdrawn at any time as easily as it was given originally;Note that the withdrawal of consent does not compromise the lawful nature of the data processing, but may condition services in the future.
  • If the processing is necessary for compliance with legislation;
  • If the processing is necessary to protect the vital interests of the data subject or natural person;
  • If the processing is done by a foundation, association or other organisation, maintaining the appropriate guarantees;
  • If the processing is of data which has been made public by the data subject;
  • If the processing is necessary for legal proceedings;
  • If the processing is necessary on the grounds of public policy;
  • If the processing is necessary for the management of health systems and services;
  • If the processing is necessary for the purposes of scientific, historic or statistical research.

The purpose and the storage period of the data are indicated in the following table.

Purpose Legal Basis Storage Period

Management of the pre-contractual and contractual relationship, where the quality control of the services provided is included

Pre-contractual and Contractual actions.

Legitimate interest of the data controller in the assessment of risk and level of quality of the service.

Consent of the data subject

For the duration of the contractual relationship or its effects with respect to the legal obligations under the same
Product development

The data controller’s legitimate interest in development

Minimum period necessary to pursue the purpose of collecting the data
Marketing

The data controller’s interest in growth, with the consent of the data subject

Consent of the data subject

Minimum period necessary to pursue the purpose of collecting the data
Compliance with legal obligations, management control and anti-fraud measures

The data controller’s legitimate interest in the control of activities, including the prevention of losses by fraud.

For the declaration, exercise or defence of rights in legal proceedings.

Legal period applicable at any moment for each legal obligation to be fulfilled.

Until the end of the period for the prescription or limitation of the exercise of rights.

5. SECURITY OF DATA PROCESSING

Grupo FH applies all appropriate technical and organisational measures for the protection and security of personal data, guaranteeing the confidentiality, integrity, availability and resilience of the processing systems and the capacity for prompt access to data in the case of a physical or technical accident. To guarantee the security of the processing, in addition to the pseudonymisation and coding of personal data, Grupo FH also has procedures to regularly test, appraise and assess the efficiency of technical and organisational measures.

6. RIGHTS OF THE DATA SUBJECT

The data subject has various rights, as follows:

  • Access to their data in a clear and simple language. It can be provided in writing, orally or by electronic means as long as the identity of the data subject has been proved;
  • Rectification of data relating to them;
  • Deletion of the data, without unjustified delays, whenever the data is no longer necessary for the purpose for which it was collected, the date subject withdraws their consent, the data has been processed illicitly or has been deleted to comply with a legal obligation;
  • Portability of the data, or rather, to receive the personal data that was given to a data controller or that the data is transmitted directly between data controllers;
  • Limitation of the processing of their data at any moment;
  • Opposition to the processing of their data, except where the data controller has legitimate reasons which prevail over the interests or rights of the data subject, or for legal purposes;
  • Complain to the Comissão Nacional de Proteção de Dados (National Commission for Data Protection);

Whenever there is any change to personal data, the data controller should confirm this change to the data subject.

7. TRANSFER OF DATA TO THIRD COUNTRIES

The protection of personal data transferred to countries outside the European Economic Space by Grupo FH is ensured, and complies with the laws in force and with this policy.

8. DATA PROCESSOR

Grupo FH has a sub-contracting relationship with other entities, where, through a contract, the duration, nature and purpose of the data processing used from these entities is agreed. The data controller for Grupo FH guarantees that the data processors sub-contracted have sufficient conditions to implement the technical and organisational measures for data processing and for ensuring that the data of the data subjects is protected.

9. COOKIES

Future Healthcare uses cookies on their websites as a tool for providing a better experience for the user. For further information about their use on the websites, consult the Cookies Policy.

10. CHANGES TO THE PERSONAL DATA PROTECTION POLICY

The Data Protection Policy may be modified at any moment, without warning. The amended Policy comes into effect as soon as it is published on the website.

11. CONTACTS

If you have any queries do not hesitate to contact Grupo FH at one of the following:
Morada: Av. Marechal Craveiro Lopes, n.º 6 - Campo Grande, 1700-284 Lisboa
Mail:  Este endereço de email está protegido contra piratas. Necessita ativar o JavaScript para o visualizar.
Telefone: 217 818 283 (call to portuguese national landline)
Fax:  213 519 032

^