Book an Appointment

Privacy Policy

INTRODUCTION

Within the framework of its activity, the CETI – Centre for the Study and Treatment of Infertility, hereinafter referred to as ‘CETI’, collects personal data concerning them from its Clients, only personally, ensuring that their processing is carried out in accordance with the privacy protection rules arising from Regulation (EU) 2016/679 (RGPD) and other applicable national legislation, as well as in accordance with the confidentiality obligations to which the CETI is subject.

The data collected corresponds to the data provided by the Customers themselves, or Potential Customers, by filling in forms.

 

PERSON IN CHARGE OF PROCESSING

​The data controller is the CETI, as it is responsible for determining the purposes and means of processing its Customers’ personal data.

 

TYPE OF DATA PROCESSED BY CETI

Information about your health, including reason for consultation/action, personal history (childhood illnesses, vaccinations, habits, gynaecological history, allergies, medication, active illnesses, inactive illnesses), family history (most common situations – diabetes, HTN, PT, cancer, living/deceased, cause of death), clinical examination, diagnoses, complementary examinations, referrals, alerts (diabetes, hypertension…. ), blood group; drugs prescribed, prescriber identification, prescription location code, prescription data and special reimbursement scheme; procedure and title of the episode performed, episode start and end dates, episode status, health professional who performed the episode, number of episodes, type of episode, indication whether there are any results from the episode and identifier of these results. Genetic data, racial or ethnic origin and data relating to sex life and sexual orientation.

To provide its services, CETI will necessarily collect data relating to your health and, in some cases, genetic data, data relating to your racial or ethnic origin and data relating to your sex life or sexual orientation. As this is a “special category of data”, CETI will comply with the most demanding protection requirements set out in the RGPD regarding the processing of such data, both as regards the appropriate legal bases for their processing and the implementation of appropriate technical and organizational measures minimize their processing, restrict access to such data and guarantee their security.

 

TREATMENT OBJECTIVES

CETI uses your data for the purposes of booking appointments, scheduling examinations, medical diagnosis, providing care and auditing. The data collected will be based on the need for processing for the purposes of preventive medicine, medical diagnosis, care provision or health treatment.

Data relating to your health will be processed only by or under the responsibility of professionals bound by confidentiality, to the extent strictly necessary for the provision of healthcare, and may be communicated to members of your family only in the circumstances expressly provided for by the law in force.

 

DATA SHARING

CETI calls upon other entities to provide certain services. Ultimately, this service provision may involve access by these entities to the personal data of their Customers.

The CETI ensures that these subcontracting entities offer sufficient guarantees for the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the applicable law and ensures the security and protection of the rights of the persons concerned, in accordance with the subcontracting agreement signed with the aforementioned subcontracting entities.

CETI may also transmit the personal data of its Customers to third parties, where such data communications are necessary or appropriate (i) in light of applicable law, (ii) in accordance with legal obligations/court orders, (iii) to respond to requests from public or governmental authorities.

CETI may transmit your personal data to the Health Regulatory Entity, the National Council for Medically Assisted Procreation (CNPMA), the ACSS, the Shared Services of the Ministry of Health (SPMS), INFARMED or the Regional Health Administrations, the Courts, Notaries, criminal police bodies or the Public Prosecutor’s Office when they are informed to this effect or when it is necessary to comply with legal obligations, as provided for by law.

 

RIGHTS OF PERSONS CONCERNED

In accordance with applicable law, Customers who hold personal data have the following rights:

(a) Right to information, which consists in the right of Customers to be informed by CETI, among other aspects, of the purpose of data processing, to whom they may be communicated, what rights they have and under what conditions they may exercise them, as well as the data they must provide;

(b) Right of access, which consists in the right of Customers to access the personal data they have provided, without restrictions, delays or excessive costs, as well as to know any available information on the origin of such data;

(c) Right of rectification, which consists in the right of Customers to demand that their data be accurate and up-to-date, and may request their rectification from CETI;

(d) Right to erasure (or “oblivion”), which consists in the right of Customers to demand the deletion of their personal data from CETI’s records when they are no longer used for the purposes for which they were collected, without prejudice, however, to the retention periods imposed by law;

(e) Right of opposition, which consists in the right of Customers to oppose, at their request and free of charge, the processing of their personal data;

(f) Right to portability, which consists in the right of Customers to receive the personal data they have provided to CETI, in a structured, commonly used and machine-readable format, and to transmit this data to another data controller;

(g) Right to the limitation of processing, which consists of the right of Customers to, in certain circumstances, request CETI to limit the processing of their data, namely (i) when they dispute the accuracy of their personal data, for a period that allows CETI to verify its accuracy; (ii) if the processing is unlawful and the Customer objects to the deletion of the data, requesting, in return, the limitation of their use; or (iii) when CETI no longer needs the Customer’s personal data for processing purposes, but such data is required by the Customer for the purposes of declaring, exercising or defending a legal right;

(h) Right of complaint to the CNPD, which consists of the right to lodge, without prejudice to any other means of administrative or judicial remedy, a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your situation. place of work or the place where the offence is alleged to have been committed, if the data subject considers that the processing of personal data concerning him or her violates the GDPR and other applicable national legislation. In Portugal, the supervisory authority is the National Data Protection Commission.

To exercise any of their rights, including accessing their data or requesting its rectification, deletion or objecting to its processing under the law, Customers should, by letter, contact CETI: Avenida da Boavista, nº 2300, 3º, 4100 -118 Porto.

 

DATA RETENTION PERIOD

Your data will be kept by CETI in strict compliance with applicable legislation, and will be stored in a specific database created for this purpose. This data is kept in a format that allows identification of the persons concerned only for as long as is necessary for the purposes for which it is processed. The length of time for which data is stored and retained varies according to the purpose for which the information is used. There are, however, legal requirements that require data to be kept for a certain period. To this extent, data relating to your health is stored in accordance with the legislation applicable to hospital documentation archives.

 

Data Protection Officer

For any clarification relating to this Privacy Policy and Cookies, the Customer/User may contact CETI’s Data Protection Officer by e-mail at rgpd@ceti.pt or by letter sent to CETI: Avenida da Boavista, nº 2300, 3º, 4100 -118 Porto.

Customers may also, if they wish, lodge complaints or requests for information with the National Data Protection Commission, which is the national supervisory authority within the meaning of the General Data Protection Regulation and applicable national legislation.

 

SAFETY MEASURES

CETI undertakes to adopt appropriate technical and organizational measures to protect the data for which it is responsible against accidental or unlawful interference resulting in destruction, alteration, unauthorized disclosure or access, as well as any other form of unlawful processing.

To this end, CETI has a set of security technologies and procedures to protect users’ personal data from unauthorized access, use or disclosure, such as, for example, the storage of personal data collected in computer systems with limited access and located in controlled facilities.

 

CHANGES TO THE PRIVACY POLICY

CETI reserves the right, at any time, to make readjustments or modifications to this privacy policy, such modifications being duly published by CETI.