RIZO & MENDONÇA LDA., in its commitment to comply with the provisions of Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, has created this Privacy Policy which describes the personal information we may collect, for what purpose we use them and, in general, the processes and ways in which we can treat it.
By providing us with your personal data, you expressly acknowledge that we may use it in the manner set out in this Privacy Policy.
Occasionally, we may need to make changes to the Privacy Policy, for example, due to changes to legal regulations, case law, adaptation of new technologies or other developments in personal data protection or privacy regulations in general. We recommend checking our website periodically to check the most current version of the Privacy Policy.

RESPONSIBLE FOR THE PROCESSING OF YOUR DATA
The entity responsible for the processing of your data is:
RIZO & MENDONÇA LDA.
NIF: 514879050
Address: Rua 1º de Dezembro, número 18, R/c, 8100-615 Loulé (Portugal)
Email: consultas@rizomendonca.pt

COLLECTION OF PERSONAL INFORMATION
We may collect personal information:
– YOURS OR YOUR REPRESENTATIVE (by filling out forms or questionnaires, contacting us by mail, telephone, email or otherwise).
– THIRD PARTIES (e.g., when the company you work for provides their contact information, etc.).
All information you provide to us must be truthful. It is responsible for all the data communicated and must keep the information perfectly updated so that it responds, always, to the real situation. In all cases, the person providing the information will be solely responsible for the false or inaccurate statements made and for the damages caused to RIZO & MENDONÇA LDA. or to third parties due to the information provided. If you provide us with information about other people, you must obtain their consent. If you provide us with other people’s data, you confirm that you have their permission and that they understand how your information will be used.

PERSONAL DATA COLLECTION CHANNELS
We may collect your personal information:
– In person at the service desk
– By means of
– The Rizo & Mendonça website (www.rizomendonca.pt) (including using cookies);
– By phone
-Contact through applications (Whatsapp);
– By e-mail;
– Forms.
Regarding health-related data, these are collected by the health professional in person or remotely (telemedicine). This data is subject to professional secrecy.

PERSONAL DATA COLLECTED
In the context of the processing of personal data, RIZO & MENDONÇA guarantees compliance with the principles of data protection by design and by default. Such commitment implies that the personal data of the data subjects will be limited to those persons who have a need to know them in the exercise of their functions, to the strict extent necessary for the pursuit of the purposes indicated in the following section. Health data will, in accordance with the applicable law, be restricted to doctors and health professionals assigned to the provision of health services and care or to professionals bound by confidentiality obligations. The personal information we collect includes, but is not limited to, the following data:
– Any information you provide to us when using our contact forms, email, phone, WhatsApp or directly through our healthcare professionals. The provision of your personal information is not a mandatory or contractual requirement; however, the required fields are necessary because we need this information to be able to provide you with services.
– For technical security and system diagnostic purposes, in an anonymized or pseudonymized form, RIZO & MENDONÇA may record the IP address (the device’s Internet access identification number, which allows devices, systems and servers to recognize and communicate with each other). This information may be used for web performance analytical purposes.
REGISTRATION AND ARCHIVING OF PERSONAL DATA
All information is recorded in its own computer registry, with individualized, encrypted and secure access control through double authentication and only accessible through intranet.
All paper records are archived in their own secure place and will be gradually transferred to this platform.
PURPOSES OF THE PROCESSING OF PERSONAL DATA
Personal data will be used for the following purposes:
• Provision of healthcare (medical records, medical diagnosis, provision of healthcare or treatment, electronic prescription);

• Customer management and invoicing within the scope of the commercial relationship;

• Communications related to the services provided (scheduling appointments, sending invoices, prescriptions, test prescriptions or statements – by phone, SMS, Whatsapp or email);

• Disclosure of services.

We will only use your personal data for the purposes for which it was collected, unless we reasonably consider that we should use it for some other reason and that reason is compatible with the original purpose.
In the event that we need to use your personal information for unrelated purposes, we will notify you in advance, and explaining to you the legal basis for doing so.
There are cases where the processing is necessary to comply with a legal obligation to which we are subject or is necessary to carry out a task in the public interest.

SECURITY OF PERSONAL DATA
RIZO & MENDONÇA has implemented several technical and organizational measures in order to ensure an adequate level of security of personal data, which are reviewed and updated periodically, as necessary.
RIZO & MENDONÇA undertakes to apply the necessary and appropriate technical and organisational measures for data protection and compliance with the requirements of the GDPR. It also undertakes to ensure that, by default, only personal data that are necessary for each specific purpose of the processing are processed and that such data is not made available without human intervention to an indeterminate number of individuals.

In terms of general measures, RIZO & MENDONÇA adopts the following:
• Restricted access of people to the facilities;
• Awareness and training of personnel involved in data processing operations;
• Physical archiving of paper records in a place with restricted access;
• Phasing out of paper records;
• Use of antivirus, firewall, anti-malware and other intrusion detection mechanisms;
• Use of VPN with 1,024-bit encryption;
• Differentiated access profiles depending on the function/position of the person accessing the information systems (different user profiles, which ensure the logical separation between health data and other data);
• Access to information systems through username and password and double authentication through google authenticator;
• Implementation of password quality rules (minimum length, type of characters and maximum duration of 30 days);
• Monthly deletion of user profiles that terminate their relationship (employment or other) with RIZO & MENDONÇA;
• Detection of unauthorized access;
• Encryption of the personal database;
• Performing periodic backups;
• Regular audits to assess the effectiveness of the technical and organisational measures implemented;
• Mechanisms capable of ensuring the permanent confidentiality, availability and resilience of information systems;
• Mechanisms that ensure the restoration of information systems and access to personal data in a timely manner in the event of a physical or technical incident (in the case of a physical or technical incident, the information is recoverable, through backup, within 2 hours).
• Information and compliance with our website’s cookie policy: www.rizomendonca.pt

COMMUNICATION OF DATA TO THIRD PARTIES
Under the applicable legal terms, RIZO & MENDONÇA may transmit or communicate personal data to other entities in the event that the data subject consents to this or in the event that such transmission or communication is necessary for the execution of a contract established between the data subject and RIZO & MENDONÇA, or for pre-contractual steps at the request of the data subject, in the event that it is necessary for the fulfilment of a legal obligation to which RIZO & MENDONÇA is subject, in the event that it is necessary for the defence of the vital interests of the data subject or of another natural person or in the event that it is necessary for the purposes of pursuing the legitimate interests of RIZO & MENDONÇA or of a third party.
In this sense, we may transmit your personal data to the Entidade Reguladora da Saúde, Administração Central do Sistema de Saúde (ACSS), Serviços Partilhados do Ministério da Saúde (SPMS), INFARMED, SYNLAB PORTUGAL, or the Regional Health Administrations, the Courts, Solicitors, the criminal police bodies or the Public Prosecutor’s Office when notified for this purpose or when this is necessary to comply with legal obligations, in accordance with the law.
In particular, RIZO & MENDONÇA may transmit or communicate personal data to the owner’s family members, only in the circumstances provided for in the legislation in force.
At the time of collecting personal data, RIZO & MENDONÇA provides the data subject with information about the categories of entities to whom, in this case, the data may be communicated.
In any of the above-mentioned situations, we undertake to take all reasonable steps to ensure the effective protection of the personal data we process.

TERM AND RETENTION OF PERSONAL DATA
Your data will be kept for the periods provided for in the applicable legislation. The clinical file and complementary diagnostic tests will be kept for 5 years after the last registration and at the end of this period the process will become a “dead file” and its destruction may take place, due to the ordinary limitation period set out in the Civil Code and the legal nature of the contract for the provision of medical services, at the end of 20 years after the last record made by the doctor in the respective file.
RIGHTS OF THE PERSONAL DATA SUBJECT
Under the law, the holders of personal data have the rights to access, rectify, portability, opposition, erasure of their data.
Your rights in relation to your data are to:
Right of Access: the right to confirm whether or not your personal data is being processed, as well as the right to access your data and certain information, including to obtain a copy of your data in the process of being processed. This right is without prejudice to the rights and freedoms of third parties, including the business secrets and intellectual property rights of the Data Controller; access to your health information can be done directly at CLINICA RIZO & MENDONÇA (through a specific form) or through a doctor (if you so request), including through a third party that you authorize or under the terms of the law.
Right to Rectification: the right to obtain the rectification of inaccurate personal data concerning you, as well as the right to complete your data if it is incomplete.
Right to Data Portability: the right to receive your personal data that you have provided to the Data Controller, in a structured, commonly used and machine-readable format, including the right to transmit such data to another Data Controller.
Right to Object: the right to object, at any time and on grounds relating to your particular situation, to the processing of your data on the basis of the pursuit of the legitimate interests of the controller or the compatibility of the initial processing with the further processing of those data. Or the right to object at any time to the processing of your personal data for direct marketing purposes, which includes profiling for this purpose.
Right to Erasure: the right to request the erasure of your data in certain cases, in particular, if your personal data is no longer necessary for the purpose for which it was collected or processed. This right is without prejudice to compliance with the legal obligations of the Data Controller to retain personal data.
Right to Restriction of Processing: the right to request the restriction of the processing of your data in certain cases, in particular, if the processing is unlawful and if you oppose the erasure of the data, requesting, in return, the restriction of its use.
Under the terms of the law, you are also guaranteed the right, through the means referred to above, to withdraw your consent to data processing for which consent constitutes the basis of legitimacy, which does not, however, invalidate the processing carried out up to that date on the basis of the consent previously given.
If you consider that the way we process your data is not in accordance with the law, you have the possibility, without prejudice to any other administrative or judicial remedy, to lodge a complaint with the National Data Protection Commission or another supervisory authority in this regard.
Please note, however, that if there is a legally imposed rule or obligation that overrides these rights, we will respond to the impossibility of executing the request, indicating the respective reason.
CONTACT
Data subjects who wish to ask questions or complaints related to this Privacy Policy may do so by emailing consultas@rizomendonca.pt or by sending the following address:
RIZO & MENDONÇA LDA.
Rua 1º de Dezembro 18, RC
8100-615 Loulé (Faro), Portugal
CHANGES TO THE PRIVACY POLICY
RIZO & MENDONÇA reserves the right to change this Privacy Policy at any time. In case of change to the Privacy Policy, the date of the last change is indicated on the last page.
Last updated: May 6, 2024