Future Healthcare Group, founded in 2003, is a private company with Portuguese capital, with headquarters at Avenida Marechal Craveiro Lopes nº 6 in Lisboa, whose mission is to provide its clients with access to the best health conditions, life and well-being.
Future Healthcare SA and UnlimitedCare SA (owner of the trademark Saúde Prime), hereinafter FH Group, are part of this group.
The aim of this document is to define a data protection policy that frames and publicises the principles of the protection and processing of personal data, respecting and following Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, General Regulation on Data Protection. The FH Group has access to two types of data: personal data and health data.
Personal data can be defined as information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, electronic identifiers or one or more specific items to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Health data is personal data relating to the physical or mental health of a natural person, including the provision of health services, which reveal information about his or her state of health.
2. DATA PROTECTION OFFICER
For data protection purposes, there is a Data Protection Officer (DPO) who should be contacted whenever necessary at one of the following addresses:
Avenida Marechal Craveiro Lopes nº6 – Campo Grande 1700-284 Lisboa
The DPO has several responsibilities, in particular to:
- Inform and advise the data controller, subcontractors and all company employees handling personal data;
- Check whether the General Regulation on Data Protection is being applied, as well as this Policy;
- Cooperate with the supervisory authority.
The DPO always bears in mind the nature, scope, context and purposes of the operations to which the data collected by the FH Group is subject to.
3. DATA COLLECTION
The data collected by the FH Group is appropriate, relevant and limited to its activities. It may be collected in person, by telephone, e-mail or in writing, always with the consent of the data subject. Definition of consent: a free, specific, informed and explicit expression of will by which the data subject (or his/her legal representative) agrees, by a declaration or unequivocal positive act, that personal data concerning him/her will be processed.
In the context of client data management, the personal data collected is only transmitted to the entities in charge of providing the services covered by the contract, with the sole and exclusive purpose of carrying out and executing the services contracted by the data subject of the personal data.
4. CATEGORY OF PERSONAL DATA WE PROCESS
Some of the personal data that we request has a mandatory character, so without it, it will not be possible for us to provide the product and/or service. In these cases, the client will always be informed of this obligation.
How we use your data:
|- Personal data (Name, identification and contact details)||
At the time of a simulation
In the process of subscribing to a product
When you create an account on our website
|- Details of the subscribed product / service (Policy Nº., type)||
In the process of subscribing to a product
|- Health Data||
In the process of subscribing to a product that requires the processing of this data
|- Claims Data||At the time of settling claims, within the scope of the product to which you subscribed|
|- Financial data||At the time of collection, within the scope of the product to which you subscribed|
|- Contacts you make with us through the available means of contact (email, telephone contact, letters)||At the time you contact our services and/or are contacted by our services|
|- When you make a complaint||At the time you submit a complaint to us and while it is being managed|
|- Your comments and/or messages on our Social Networks||At the time you publish on our Social Networks, using your profile and in this way share your details|
|- Your comments and/or messages in our Satisfaction Surveys||
As the time you voluntarily and deliberately share your opinion on our products/services, the Client accepts that his assessment becomes public and grants the FH Group and its duly authorised partners the right to use, for commercial and advertising purposes, for all media, always guaranteeing his privacy, since the data will always be anonymised.
5. DATA PROCESSING
Data processing is lawful, fair, transparent and secure and can only exist if at least one of the following situations occurs:
- The data subject has given his or her consent to the processing of his or her data for the purposes to which it is subject to and may at any time withdraw it as easily as he or she has granted it;
- The processing is necessary for the performance of a contract to which the data subject is party;
- The processing is necessary for the fulfilment of a legal obligation;
- The processing is necessary in order to defend the vital interests of the data subject or of another natural person;
- The processing is necessary for civil service purposes;
- The processing is necessary for the purposes of legitimate interests pursued by the controller.
Since the FH Group deals with special categories of personal data - related to health, they are only processed in the following cases:
- If explicit consent is given for one or more specific purposes, it may be withdrawn at any time, with the same ease with which it was given; it should be noted that withdrawal of consent does not compromise the lawfulness of data processing but may condition some future service.
- If the processing is necessary for legislative purposes;
- If the processing is necessary to protect the vital interests of the data subject or natural person;
- If the processing is carried out by a foundation, association or other body maintaining the appropriate guarantees;
- If the processing relates to data which has been made public by the data subject;
- If the processing is necessary for legal proceedings;
- If the processing is necessary for public reasons;
- If the processing is necessary for the management of health systems and services;
- If the processing is necessary for scientific research, historical or statistical purposes.
The purpose and retention period of the data are indicated in the following table:
|Purpose||Legal Basis||Retention period|
|Pre-contractual and contractual relationship management, including quality control of services provided||
Pre-Contractual and Contractual Diligences.
Legitimate interest of the data controller in risk assessment as well as in the level of quality of service.
Consent of the data subject.
|As long as the contractual relationship exists, or the effects thereof in respect to legal obligations arising from it|
|Product development||Legitimate interest to develop by the data controller||Minimum period necessary for the purposes for which the collection was carried out.|
Interest in growth by the data controller.
With the consent of the data subject
|Minimum period necessary for the purposes for which the collection was carried out|
|Assessment of services provided||With the consent of the data subject||Minimum period necessary for the purposes for which the collection was carried out|
|Compliance with Legal Obligations, Management Control and Anti-Fraud||
Legitimate interests for controlling the activity by the data controller, including prevention of losses due to fraud.
For the statement, exercise or defence of rights in judicial proceedings.
Legal timeframe applicable at each time for each of the Legal Obligations to be fulfilled.
Until the expiry of the limitation or time period for the exercise of rights
6. SECURITY IN DATA PROCESSING
The FH Group applies all appropriate technical and organisational measures for the protection and security of personal data, ensuring the confidentiality, integrity, availability and resilience of processing systems and the ability to access data in a timely manner in the event of a physical or technical accident. To ensure the security of processing, in addition to pseudonymisation and encryption of personal data, the FH Group has processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures.
7. RIGHTS OF THE DATA SUBJECT
The data subject has several rights, in particular:
- Have access to your data through a clear and simple language. These may be provided in writing, orally or by electronic means provided that the data subject´s identity is proven;
- Rectification of data concerning yourself;
- Erasure of data without undue delay where the data is no longer required for the purpose of collection, the data subject withdraws consent, the data has been processed unlawfully or has to be erased under a legal obligation;
- Data portability, i.e. receiving the personal data you have given to a controller or the data being transmitted directly between controllers;
- Limitation of processing of your data, at any time;
- Object to the processing of your data, unless the controller has legitimate reasons that override the interests or rights of the data subject or for legal effects;
- Complain to the Comissão Nacional de Proteção de Dados (Portuguese Data Protection Authority);
Where there is a change to personal data, the controller must confirm that change to the data subject.
8. TRANSFER OF DATA TO THIRD COUNTRIES
The protection of personal data, which is transferred outside the European Economic Area by the FH Group, is ensured in compliance with the laws in force and with this policy.
The FH Group has a subcontracting relationship with other entities where, through a contract, it agrees on the duration, nature and purpose of the data processing used by these entities.
The FH Group data controller ensures that the subcontracting entities have sufficient conditions to carry out technical and organisational measures for data processing and to ensure the protection of the rights of the data subjects.
11. MODIFICATIONS TO THE PERSONAL DATA PROTECTION POLICY
The Data Protection Policy may be modified at any time without prior notice. The amended Policy comes into force as soon as it is published on the website.
If you have any questions, please do not hesitate to contact one of the following addresses:
Morada: Av. Marechal Craveiro Lopes, n.º 6 - Campo Grande, 1700-284 Lisboa
Telephone: 217 81 82 83
Updated on 13-07-2020