Privacy policy and processing of personal data

I- Us and our commitment:

Our “corporate group” or “group of companies engaged in a joint business activity”, as these concepts are defined and considered by Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, namely in its article 4, subparagraphs 19) and 20), is composed of three commercial companies, namely Sepri Medicina no Trabalho, Lda, Sepri Medicina Sinistrados, Lda, and Sepri 24 Serviços de Saúde, Lda. and which hereafter will be referred to as Sepri Group, who are engaged, respectively, in specialized outpatient medical practice activities, general medical practice activities and nursing activities.

Taking into account the proportionality and appropriateness imposed by the capacity to allocate the resources and technical means at its disposal, Grupo Sepri is deeply and genuinely committed to protecting its customers and employees, whether regular or occasional, as well as the users of our various media and platforms, whether physical or digital, in particular paper files, digital files and/or websites in use or to be implemented, with regard to their privacy and the processing and circulation of their personal data.

II- Our personal data collection devices and media in use:

We have, edit and manage the following media for processing personal data

  • IT system consisting of a set of software solutions supported by a set of hardware devices and other similar solutions, including email services and other external digital repositories, including web-based platforms and communication solutions.

  • Paper files stored in cupboards and shelves in rooms with restricted access;

  • Sepri Group website – www.sepri.pt

III- Personal and material scope of this Privacy Policy:

This privacy policy binds the company exclusively with regard to the personal data it collects, processes and circulates.

The same policy or similar will also be assumed, by means of contracts entered into with the Sepri Group, by the entities that process the same personal data on its behalf.

The provision through this website of links to other websites outside the Sepri Group is done in good faith and in the interest of the user, and the Sepri Group cannot be held responsible in any way for the collection, processing and destination of data on these websites, nor for the reliability, accuracy, legality and functionalities available therein, and therefore this privacy policy does not apply to them.

The Sepri Group considers it obligatory and will assume for all intents and purposes, without the possibility of proof to the contrary, that you have read the privacy policies of all the websites you access.

IV- The raison d’être and publication of this Privacy Policy:

In addition to implementing it in its organizational processes, the Sepri Group has drawn up this Privacy Policy with the aim of making available, publicizing and publicizing an instrument explaining the general rules of privacy and processing of the personal data it collects, always in strict compliance with the relevant legislation.

To this end, the text of this privacy policy will be available on paper in a visible place and in digital format on the website www.sepri.pt.

The provisions of this Privacy Policy complement those stipulated in formal or informal contracts with Grupo Sepri.

We ask you to please read this Privacy Policy carefully, as providing your personal data, either in person or when accessing the aforementioned website, implies that you know and accept the conditions contained herein and their processing for the lawful and legitimate purposes provided for by law.

The Sepri Group expressly reserves the right to amend this privacy policy at any time, the results of which will be duly published by the same means.

V- Concept of personal data:

Personal data means any information or record of any nature and regardless of its support or format, namely sound, image, writing, chirograph or characteristic, relating to an identified or identifiable natural person.

Personal data means any information or record of any nature and regardless of its support or format, namely sound, image, writing, chirograph or characteristic, relating to an identified or identifiable natural person.

VI- The entity responsible for processing personal data:

The entity responsible for the collection and processing of personal data is the Sepri Group, a Group of Companies as described above, which, in the context of its relations with the holder of personal data, establishes, always on lawful and legitimate grounds, which data is collected, the means of processing and the purposes of such collection and processing.

VII- Types of personal data collected and processed:

As part of its activity, the Sepri Group collects and processes the following:

  1. Personal data necessary for the provision and/or receipt of services, and/or the supply of products to its customers and/or suppliers, including medical diagnosis, the provision of health care or treatment, or the management of health systems and services provided by or under the supervision of health professionals, processing in this context data such as name, tax identification number, address, health data, telephone number and e-mail address, among others that are strictly necessary, proportionate and lawful.

  2. Personal data necessary for the performance of the employment or service contract entered into with its employees, processing in this context data such as name, identification document number and other data, tax identification number, household composition, social security number, address, telephone numbers and email address, health data, access data, location data, among others that are strictly necessary, proportionate and lawful.

  3. Personal data necessary to comply with legal obligations, both towards public and private entities, processing data such as name, identification document number and other data, tax identification number, household composition, social security number, telephone number(s) and email address, health data and other strictly necessary, proportionate and lawful data.

  4. Data necessary for managing clients/users and suppliers, contracting and managing the contractual relationship with clients and suppliers, adapting the provision of services/supplies to the needs and interests of the Client/user, sending suggestions, information and marketing actions, publicizing campaigns, promotions, advertising and news about services and/or products, carrying out market research and/or satisfaction surveys, managing complaints, dealing with telephone numbers and email addresses, among other strictly necessary, proportionate and lawful matters.

  5. All personal data necessary for the exercise of the Sepri Group ‘s rights within the scope of the relationships referred to in the previous items, and in the pursuit of its activity and legitimate interest, in particular.
    accounting, tax and administrative management, litigation management, judicial evidence, fraud detection, revenue protection and auditing, network and systems management, control of information security and physical security, and facilities security.

Notwithstanding compliance with legal rules or legitimate orders from competent authorities regarding the storage and transmission of data, the Sepri Group only processes personal data necessary for its activity, to the fair and strict extent required by the nature of the contractual or other relationship established with the data subject, or their prior, legitimate, lawful and informed consent, if any.

VIII- When and how personal data is collected:

The Sepri Group collects personal data in person, or via communication from an external entity for which services have been contracted, in writing, by telephone, or via its website www.sepri.pt.

As a rule, personal data is collected when the relationship or collaboration, contractual or otherwise, necessary for the pursuit of the Sepri Group‘s business, between the Sepri Group and the data subject begins.

Our websites can collect spontaneous applications, which will be sent directly to our email server via an encrypted link and will only be available to our human resources managers.
Whenever necessary, a candidate’s information will be made available for evaluation by a person responsible for each specific department, always under the supervision of the human resources managers.

Some personal data is compulsory and necessary for the start and normal and legal development of the aforementioned relationship or collaboration, so that in the absence or insufficiency of this data, it will not start or continue, in which case Grupo Sepri will inform the data subject of this compulsory and necessary nature.

Apart from data of this nature, data included on any public list and data that may be used in the legitimate interest of the Sepri Group, your data will only be collected and processed if and for the purposes to which you have previously consented, in a free, informed, specific and unequivocal manner, by means of a written or oral declaration or by validating an option, namely for the subscription to newsletters or marketing communications, in which case the other rules of this privacy policy will apply.

If you wish to stop receiving these communications, you can object at any time.

The data collected will be processed documentarily, either on paper or digitally, in strict compliance with the legislation governing the protection of personal data, being stored and contained in paper files and/or a specific database, created and managed for this purpose and with restricted and exclusive access to the employees of the Sepri Group who necessarily have to process them in the pursuit of its business.
Under no circumstances will the data collected be used for any purpose other than that for which consent was given by the data subject, if this is necessary, or for the lawful and legitimate purpose for which it was collected.

IX- Purposes for collecting and processing personal data:

In general, the collection of personal data is restricted to the minimum necessary, following the principle of minimization for purposes aimed at managing clients, suppliers and employees, maintaining and managing the clinical file when considered, contracting and managing the contractual relationship with clients, suppliers and employees, receiving and providing the contracted services, adapting the provision of services to the needs and interests of the Client, sending suggestions, information and marketing actions, publicizing campaigns, promotions, advertising and news about the services, carrying out market research and satisfaction surveys, managing complaints, accounting, tax and administrative management, litigation management, judicial evidence, fraud detection, revenue protection and auditing, network and systems management, information security and physical security control, facilities security, compliance with legal obligations and for other purposes for which the law recognizes a legitimate interest of the Sepri Group.
Sepri Group a legitimate interest.

When we collect your data, or when you request it, you will be informed in more detail about how we will process your data.

X- Time limits for keeping your personal data:

Whenever there is a specific legal requirement to keep data for a minimum period of time, this will be observed by the Sepri Group.

The Sepri Group will keep your personal data for the minimum period of time strictly necessary for the purpose for which the information is collected and processed, after which it will delete it.

XI- Right of access, rectification, opposition, erasure, limitation and portability of your personal data:

The Sepri Group guarantees data subjects the right to access, rectify, oppose, erase, limit and port their personal data.

These rights can be exercised by filling in a specific document which can be requested at our premises or by sending a written communication to the postal address Rua Dr. Loureiro Amorim, Nº 7 4704-487 Braga, or, in exceptional cases, to our email address dpo@sepri.pt.
The request to exercise rights via postal or electronic address may result in Grupo Sepri taking additional steps to identify the requesting owner.

If you consider it appropriate, you can file a complaint with the National Data Protection Commission – e-mail: geral@cnpd.pt

XII- Measures we adopt for the security of your personal data:

The Sepri Group observes the best practices, for which it adopts the technical and organizational measures appropriate to the risk, in the field of security and protection of personal data, having approved and implemented a demanding compliance plan with the objectives, the Law and the interest of the holders of personal data, capable of safeguarding the protection of the data made available to us by all those who in some way relate to us, in order to protect them against their dissemination, loss, misuse, alteration, unauthorized processing or access, as well as against any other form of illicit processing.

Thus, the digital or paper personal data collection form(s), whether filled in at the Sepri Group ‘s physical premises or on the website (the latter requiring encrypted browser sessions) are stored securely in our physical repositories and digital systems.

All the personal data that you provide us with about yourself is stored in a data center owned by the Sepri Group or its subcontractor, covered by all the advanced physical and logistical security measures that we believe are essential for the protection of your personal data.

Whenever, in the legitimate and lawful pursuit of the objectives of the Sepri Group‘s activity, it adopts measures to monitor its employees, particularly with regard to access control, working hours, tasks and productivity, movement and transportation, not only will those concerned have prior knowledge of the respective implementation – and, whenever legally necessary and lawful, their consent will be requested – but the tools used for this purpose will ensure the same level of security for the personal data they collect and process.

The aforementioned compliance and security plan includes the existence of a designated Personal Data Protection Officer, who is responsible, among other things, for verifying this Privacy Policy, keeping the rules for processing personal data clear and communicating with the supervisory authorities, guaranteeing that all those who entrust the Sepri Group with the processing of their personal data are effectively aware of how it processes them and what rights they have in this regard.

XIII- The designated personal data protection officer:

The Data Protection Officer’s duties are the responsibility of the designated entity, Sincronideia, Lda., which can be contacted at dpo@sepri.pt, or by telephone on 253 036 727.

XIV- Communication of data to other entities, subcontractors or third parties:

The Sepri Group may use subcontractors to collect and process data for the same purposes, obtaining from these entities, by contract, a guarantee of reputation and an obligation to develop the appropriate technical and organizational measures to protect the data and ensure the defence of the rights of the data subjects.
In certain circumstances determined by law, certain personal data may have to be communicated to public authorities, such as tax authorities, courts and security forces.

In this way, any of these subcontractors will process the personal data of our Customers, in the name and on behalf of the Sepri Group, under the obligation to adopt the technical and organizational measures appropriate to the risk in order to protect personal data against accidental or unlawful destruction, accidental loss, alteration, dissemination or unauthorized access and against any other form of unlawful processing.

XV- Transfer of personal data:

The pursuit of the Sepri Group ‘s activity may involve the transfer of your data outside Portugal.

In this event, the Sepri Group will strictly comply with the applicable legal provisions, particularly with regard to determining the reliability and suitability of the destination country with regard to the protection of personal data and the requirements applicable to such transfers.

XVI- Cookies:

“Cookies” are small software tags that are stored on your computer via your browser. As a rule, they only retain information related to your preferences and therefore do not include your personal data.

Whenever this is not the case, the user will always be asked for consent to provide them, in accordance with the law.