Shopping cart
Privacy Policy
1. Objective
The purpose of this privacy policy is to establish the rules for the processing of personal data carried out by AESINTRA, in the legitimate exercise of its activity as an Employer Association.
From this, it can be seen that AESINTRA complies with the General Data Protection Regulation (GDPR) and with the principles contained therein relating to the processing of personal data, as well as with other national and European legislation in force, relating to the protection of personal data.
2. Data Controller and DPO (Data Protection Officer)
AESINTRA is the Data Controller, as it holds the power of decision over what data is collected, the means of processing, and the purposes for which the personal data is processed.
The contact details of the Data Controller are as follows:
Address: Rua Capitão Mário Pimentel, 17 B, 2710-589 Sintra
Phone: 219 106 283 | 932 323 348
E-mail Address: geral@aesintra.pt
AESINTRA has appointed a DPO who monitors the compliance of the processing of personal data with the legislation in force, is the point of contact for clarifying questions related to data protection by personal data subjects, cooperates with the National Data Protection Commission (CNPD) in its capacity as a supervisory authority, provides information and advises AESINTRA on its obligations regarding privacy and data protection.
The DPO acts independently and is not subject to any instructions from the Data Controller and is obliged to maintain secrecy and confidentiality with regard to the performance of their duties in the area of data protection.
The appointment of a DPO does not exempt AESINTRA from its responsibility as Data Controller.
The DPO’s contact details are:
Address: Rua Capitão Mário Pimentel, 17 B 2710-589 Sintra
Phone: 219 106 283 | 932 323 348
E-mail: dpo@aesintra.pt
3. Commitment
AESINTRA is committed to acting in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 – General Data Protection Regulation (GDPR) and other applicable data protection legislation, namely the national legislation that complements the GDPR, and as such to communicate transparently about the personal data collected and the type of processing it performs, to protect the security, privacy and confidentiality of personal data, to provide adequate mechanisms for data subjects to exercise their rights over that data, to provide security systems designed to prevent the access, modification, destruction or addition of personal data by unauthorized third parties and that allow for the detection of possible information deviations, and organizational measures designed to maintain the control of personal data by its owners.
4. Basic Concepts
Personal Data is any information that, regardless of its nature or support, directly or in combination with other data, allows a natural person to be identified.
Therefore, Personal Data Subjects are natural persons identified or identifiable, directly or indirectly, through any information that concerns them.
Data Processing is the operation or set of operations performed on personal data by manual or automated means, including among others the collection, storage, use, copying and transfer of personal data.
Some personal data are, under the General Data Protection Regulation (GDPR), considered sensitive data, that is, they are classified as “Special Category Data”.
AESINTRA processes special category data, as it processes “Health Data”, defined in the Regulation as “personal data related to the physical or mental health of a natural person, including the provision of health services, which reveal information about their health status”.
Health data is restricted to access by health professionals (technicians with adequate training and legally qualified to carry out an activity with a direct impact on people’s health) in the provision of healthcare to data subjects.
5. Protection of Personal Data
AESINTRA considers the confidentiality of personal data to be one of the fundamental pillars in building relationships of trust with employees, collaborators, suppliers, partners, members, potential members and any other personal rights holders who are otherwise related to it.
In this sense, AESINTRA has implemented organizational measures, policies, procedures, processes and security systems adequate to protect personal data, namely access control mechanisms for information systems and personal data and security systems (e.g. firewalls, antivirus).
6. Rights of Personal Data Subjects
In the table below, the personal data subject, whose data is processed by AESINTRA, will find a list of the rights conferred by law in that capacity, duly accompanied by a brief description of each one.
| Rights of Personal Data Subjects | Description of the Right |
|---|---|
| Access | Consists of the right to obtain confirmation as to whether or not personal data concerning them, and which was provided to AESINTRA, is being processed, and if so, the right to access it and the respective processing conditions. |
| Rectification | Consists of the right to have AESINTRA rectify your personal data that is inaccurate or incomplete. |
| Objection | Consists of the right of the data subject to object at any time and for reasons related to their particular situation to the processing of their personal data by AESINTRA based on the legitimate interest of the latter or of third parties. |
| Erasure | Consists of the right to obtain the erasure of their personal data which is no longer necessary for the purpose for which it was collected and processed, or to withdraw consent for all personal data if that is the sole legal basis for the data processing. |
| Portability | Consists of the right of the data subject to receive the personal data they have provided to AESINTRA and the respective processing conditions, in a structured, commonly used and machine-readable format, as well as the right to demand the transmission of this data to another data controller. |
| Restriction | Consists of the right to obtain the restriction of data processing in the following situations: (a) if you have contested the accuracy of your personal data and did so for a period that allowed AESINTRA to verify its accuracy; (b) if the data processing is unlawful and you object to its erasure; (c) if AESINTRA no longer needs the personal data for the purposes of processing, but this data is required by you for the purposes of establishing, exercising or defending a right in a judicial process; (d) if you have exercised the right to object and during the period of evaluation by AESINTRA. |
| Right to be forgotten | Consists of the right to request the erasure of your personal data held by AESINTRA, provided there are no valid reasons for its retention. |
| Not to be subject to exclusively automated decisions | Consists of the right to request human intervention or to contest decisions based on fully automated processing of personal data that may produce significant effects on your legal or private life, except for exceptions arising from current legislation. |
| Complaint to the CNPD | Consists of the right of the data subject to file complaints with the CNPD – National Data Protection Commission (www.cnpd.pt) regarding the protection of their personal data and the rights related to it. |
7. Categories and Types of Personal Data processed by AESINTRA
Below, a table presents, on one hand, the categories and types of personal data we process and, on the other, the means of collecting personal data.
| Categories of Personal Data | Types of Personal Data Processed |
|---|---|
| Identification and Contact Data | Full Name, Personal Identification Document Number, Tax Identification Number, Signature, Photograph, Voice Recordings, Social Security Number, Driving License, TVDE Driver’s License. |
| Contact Data | Address, Telephone Contact, Email Address. |
| Biographical Data | Date of Birth, Sex, Nationality, Place of Birth, Marital Status. |
| Financial Data | Monthly Salary, IBAN and NIB of the Bank Account, Debit/Credit Card Number. |
| Professional Data | CV, Training Certificate, Academic Qualification Certificate. |
| Opinions and Preferences | Comments on Social Media, Responses to Satisfaction Surveys. |
| Website Usage | Pages visited, Information about the Equipment Used (e.g., IP address, geographic location, browser used). |
| Content | Information contained in the clinical reports written by AESINTRA’s health professionals regarding their patients. Information contained in interviews conducted for the Jornal da AESINTRA. |
| Health Data | Complete Clinical History, i.e., past and present, any complementary clinical diagnostic tests (namely x-rays, clinical analyzes, among others) and clinical records obtained through clinical observation performed by a work medicine doctor and a curative medicine doctor (e.g., weight, height, age, blood pressure, electrocardiogram result). |
| Segments and Profiles | Commercial segment, propensity for acquiring goods or services. |
| Means of Personal Data Collection | Personal Data Collection Vehicles within each Means of Collection |
|---|---|
| Data Provided by the Data Subject | Provided directly by the subjects (members, patients, trainees, entrepreneurs, etc.), in the completion of the member registration form, in the SEPA direct debit authorization form, in the training registration form, in the exchange of electronic communications with AESINTRA, in response to satisfaction surveys, in CPE projects. |
| Data Collected within the Scope of Services provided by AESINTRA | Health and Safety at Work Contracts, Food Safety Contracts, Various Training Courses. |
| Data Obtained Through Third Parties | Schools, Institutions. |
| Profiling | Data produced by AESINTRA through the application of analytical models to personal data related to the provision of services supplied by AESINTRA. |
| Cookies | Collected through the use of the AESINTRA website. For more information on the type of cookies used and the data collected, consult the cookie policy published on the website www.aesintra.pt |
8. How AESINTRA processes Personal Data
The processing of personal data corresponds to the operation or set of operations performed on personal data, namely the collection, organization, storage, use, rectification, erasure, consultation, copying and transfer.
Data processing is carried out physically and/or electronically by AESINTRA, for the purpose of analyzing, deciding, managing and proving operations arising from and related to the execution of contracts entered into within the scope of its activity, for the fulfillment of legal obligations to which AESINTRA and/or the Personal Data Subjects are bound, for the pursuit of their legitimate interests, for the declaration, exercise or defense of a right in a judicial process or whenever personal data is requested by courts when acting in the exercise of their jurisdictional function.
AESINTRA only processes personal data with due legal basis, and subject to prior information of the respective subjects.
Data processing is always carried out by AESINTRA in a lawful, legitimate, transparent and strictly necessary manner for the specific purposes.
Consent of Personal Data Subjects:
AESINTRA may process personal data for other purposes different from those contemplated in the previous paragraph when it obtains from the subjects due prior, express, written consent, through an informed, free and specific action for the purposes of the personal data subject.
Obligation to Provide Personal Data:
Within the scope of AESINTRA’s contractual and commercial relationships, it is mandatory and necessary to present and collect certain personal data from employees, service providers, suppliers, partners, members, potential members and any other personal rights holders who are otherwise related to it, for the fulfillment of contractual obligations, pre-contractual diligence or others arising from current legislation.
In general, if such data is not presented and provided, AESINTRA will have to refuse to enter into a contract that initiates the labor, commercial or professional relations between the parties.
9. Purposes of Processing and Legal Bases
Below, a table presents, on one hand, the purposes of processing, on the other hand, the method used to achieve that purpose, and finally, the legal bases for the intended purposes.
| Purposes of Processing | Method Used to Achieve the Purpose | Legal Basis |
|---|---|---|
| Provision of Healthcare Services | Collection and registration of data subjects’ health data. | Contract Execution, Performance, and Management. |
| Opening of Member File | Collection and registration of personal data of data subjects, opening of a member file. | Contract Execution, Performance, and Management. |
| Communication in case of need | Collection of personal data of data subjects, communication for administrative or operational reasons. | Contract Execution, Performance, and Management. |
| Preparation of Clinical Reports | Collection and registration of data subjects’ health data, preparation of the medical assistance report. | Contract Execution, Performance, and Management. |
| Management of Contacts and Complaints | Reception, analysis and response to information requests and complaints from data subjects. | Contract Execution, Performance, and Management. |
| Execution of a Labor or Commercial Contract | Collection and insertion of personal data necessary to be included in contracts of different natures. | Contract Execution, Performance, and Management. |
| Accounting | Accounting record. | Compliance with Legal Obligation. |
| Documentary Archive Management | Storage and Organization of paper-based documents in the documentary archive, which constitute mandatory evidence for potential inspection by the Tax Authority or other institutions with inspection capacity. | Compliance with Legal Obligation. |
| Provision of Information to Members | Sending of various informative material in the context of the subscription of services by data subjects. Sending proposals for changes to the conditions of services subscribed by data subjects. | Contract Execution, Performance, and Management, and Legitimate Interest. |
| Service Development | Conducting satisfaction questionnaires regarding the quality of services provided. | Contract Execution, Performance, and Management, and Legitimate Interest. |
| Personalization of Website Experience | Use of persistent cookies to record website Browse activities and preferences. | Prior, Express, Written, Explicit, Informed, Free, and Specific Consent. |
| Direct Marketing | Provision of information or carrying out campaigns, by telephone, SMS, email, to stimulate the use or promote the subscription of services. | Prior, Express, Written, Explicit, Informed, Free, and Specific Consent. |
| Profiling | Collection of data related to age and consumption preferences with a view to directing services to the needs and preferences of members and improving the quality of services provided (e.g., co-financed training). | Prior, Express, Verbal, Explicit, Informed, Free, and Specific Consent. |
10. Outros Fundamentos de Licitude
A AESINTRA tratará ainda dados pessoais sempre que necessário no âmbito da defesa dos interesses vitais do titular dos dados, no âmbito de declaração, exercício ou defesa de um direito num processo judicial ou sempre que os dados pessoais lhe forem solicitados por tribunais quando atuem no exercício da sua função jurisdicional.
11. Prazos de Conservação de Tratamento dos Dados Pessoais
A AESINTRA conserva os dados pessoais pelo tempo necessário e enquanto subsistirem as legítimas finalidades para as quais os dados são tratados com base nos devidos fundamentos de licitude.
Infra, são apresentados em tabela, por um lado os motivos da conservação e por outro lado os tempos de conservação.
Os prazos de conservação dos dados pessoais encontram-se definidos na Política de Conservação, da AESINTRA, que é complementar à presente Política de Privacidade.
| Motivos de Conservação | Tempo de Conservação |
|---|---|
| Cumprimento do Contrato | Período de vigência do contrato. Só se mantêm por períodos superiores à vigência do contrato no caso de ser necessário assegurar direitos ou deveres relacionados com o contrato, com base em interesse legítimo da AESINTRA que o fundamente ou em consentimento dado pelo titular dos dados pessoais. |
| Obrigação Legal, Fiscal ou Regulamentar | Prazos legais de prescrição associados a obrigações legais, fiscais ou regulamentares, ou prazos previstos em legislação especial (ex: 7 anos após relação contratual no âmbito da Lei de Prevenção do Branqueamento de Capitais e Financiamento do Terrorismo). |
12. Sharing of Personal Data
Only employees who need the collected personal data to perform their professional activity have access to it.
If personal data is communicated to third parties, taking into account the grounds for its processing, AESINTRA will inform the personal data subjects.
In case it is necessary to use foreign service providers, AESINTRA will contractually ensure that they comply with all legal obligations regarding data protection.
13. Technical and Organizational Measures Adopted
AESINTRA has implemented technical and organizational measures to protect the personal data for which it is the Data Controller. Thus, it keeps its computer systems updated and has developed procedures that prevent unauthorized access, accidental loss and/or destruction of personal data. It holds annual training sessions, in which the topic of data protection is presented and is an integral part of them.
14. Review and Changes to the Privacy Policy
AESINTRA reserves the right, at any time, to introduce the changes it deems necessary to this privacy policy, in order to better adapt it to the best market practices or to legislative or regulatory changes that may arise. The current version of the policy will always be the one that is printed for consultation at AESINTRA’s headquarters and also on the website www.aesintra.pt
The policy will be reviewed annually or whenever it becomes necessary.
Whenever the changes are relevant and substantive, AESINTRA will make all appropriate and reasonable efforts, using the normal and common communication and contact channels with the data subjects, to bring such changes to their attention.
