GENERAL DATA PROTECTION POLICY

1. Purpose and regulatory framework

This General Data Protection Policy defines the principles, rules, and procedures observed by Clínica Baía, a dental clinic based in Portugal, in the context of personal data processing, as the data controller, pursuant to Article 4(7) of Regulation (EU) 2016/679 of April 27 (General Data Protection Regulation – GDPR).

The protection of the privacy and personal data of its patients, professionals, and other data subjects is a fundamental priority for Clínica Baía. To this end, Clínica Baía has adopted a set of Data Protection Policies that transparently regulate the collection, use, storage, and security of personal data processed in the context of its clinical, administrative, and institutional activities.

This policy has been drawn up in accordance with the GDPR and Law No. 58/2019 of August 8, as well as other applicable national and European legislation on the protection of personal data, without prejudice to special rules relating to the health sector.

 

2. Scope of application

This policy applies to all processing of personal data carried out by Clínica Baía, namely relating to:

  • Patients/Users;
  • Employees;
  • Service providers;
  • Healthcare professionals;
  • Job applicants;
  • Website users;
  • Visitors to the premises.

 

3. Treatment principles

Clínica Baía undertakes to process personal data in accordance with the principles set out in Article 5 of the GDPR, namely:

  • Lawfulness, fairness, and transparency, ensuring that processing is based on a valid legal basis;
  • Purpose limitation, with data collected for specific, explicit, and legitimate purposes;
  • Data minimization, restricting processing to what is strictly necessary;
  • Accuracy, ensuring that data is kept up to date;
    Storage limitation, keeping data only for as long as necessary;
  • Integrity and confidentiality, ensuring data security;
  • Accountability, demonstrating compliance with the GDPR.

 

4. Legal basis for processing

The processing of personal data by Clínica Baía may be based, depending on the case, on the following legal grounds:

  • Consent of the data subject;
  • Execution of a contract or pre-contractual procedures;
  • Compliance with a legal obligation;
  • Protection of vital interests;
  • Exercise of public interest functions in the area of health;
  • Legitimate interest of Clínica Baía.

 

5. Rights of data subjects

Clínica Baía guarantees data subjects the effective exercise of the rights provided for in Articles 15 to 22 of the GDPR, upon written request, namely:

a) – Right of access
The owner of the personal data has the right to obtain confirmation from Clinica Baía that the data concerning him or her is or is not being processed and, if so, to access his or her personal data and access the information provided for by law. If you want more than one copy of your personal data being processed, Clinica Baía may charge a fee for this service to cover administrative costs.

 

b) – Right to rectification
The data subject has the right to obtain from Clinica Baía, without undue delay, the rectification of inaccurate or incomplete personal data concerning him or her.

 

c) – Right to erasure (Right to be forgotten)
The data subject has the right to ask Clinica Baía to erase their data without undue delay, and Clinica Baía has the obligation to erase personal data when one of the following reasons applies:
  – The personal data is no longer necessary for the purpose for which it was collected or processed;
  – The owner has withdrawn their consent for data processing (in cases where processing is based on consent) and there is no other basis for such processing;
  – The owner objects to the processing and there are no prevailing legitimate interests that justify the processing.

 

d) – Right to restriction of processing
The data subject has the right to obtain from Clinica Baía the restriction of processing, if one of the following situations applies:
  – Contest the accuracy of personal data, during a period that allows Clinica Baía to verify its accuracy;
  – The processing of data is lawful and the data subject opposes the erasure of their personal data and requests, instead, the restriction of its use;
  – Clinica Baía no longer needs the personal data for processing purposes, but this data is required by the data subject for the purposes of declaring, exercising, or defending a right in legal proceedings;
  – In the event of opposition to processing, until it is verified that the legitimate reasons of the data controller prevail over those of the data subject.

 

e) – Right to data portability
The data subject has the right to receive the personal data concerning him or her that he or she has provided to Clinica Baía, when the latter uses automatic means for processing, in a structured, commonly used, and machine-readable format, and the right to transmit those data to another controller.
When exercising their right to data portability, the data subject has the right to have personal data transmitted directly between controllers, where technically feasible.

f) – Right to object
The data subject has the right to object to the processing of their personal data when the processing is carried out in the legitimate interest of Clinica Baía or third parties, for the purposes of direct marketing or profiling. Clinica Baía will cease processing personal data in the event of opposition, unless there are compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or to support the exercise or defense of legal claims.

 

g)Right not to be subject to automated individual decision-making, including profiling
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, where such a decision is necessary for entering into, or performing, a contract between the data subject and the data controller, unless the data subject has given consent to the processing for that purpose.

h) – Right to withdraw consent
If consent is legally required for the processing of personal data, the data subject has the right to withdraw consent at any time, although this right does not compromise the lawfulness of the processing carried out on the basis of the consent previously given, nor the subsequent processing of the same data, based on another legal basis, such as compliance with the contract or legal obligation to which Clinica Baía is subject.

 

i) – Right to complain

If you believe that your data is not being processed in accordance with applicable legislation, namely European and national legislation, we remind you that you have the right to lodge a complaint with a supervisory authority (National Data Protection Commission). Please see: https://www.cnpd.pt/bin/duvidas/queixas_frm.aspx

 

6. Technical and organizational measures

Clínica Baía adopts technical and organizational measures appropriate to the risk, including access controls, internal confidentiality policies, employee training, and IT security mechanisms.

 

7. Data Protection Policy for Doctors and Healthcare Professionals

This policy regulates the processing of personal data of dentists, dental hygienists, and other healthcare professionals working at Clínica Baía.

The following can be treated:

  • Personal identification data;
  • Professional, academic, and professional association registration data;
  • Contractual data;
  • Tax, banking, and contribution data;
  • Data necessary for compliance with legal and regulatory obligations.

The data is processed for:

  • Management of professional or contractual relationships;
  • Compliance with legal, tax, and labor obligations;
  • Ensuring the quality and safety of healthcare;
  • Compliance with ethical duties.

Healthcare professionals are subject to increased confidentiality obligations, in accordance with the law and the respective codes of ethics, and data is processed only when strictly necessary.

 

8. Data Protection Policy in Recruitment Processes

This policy regulates the processing of personal data in the context of recruitment and selection processes carried out by Clínica Baía.

Data provided by candidates is processed, namely:

  • Identification and contact details;
  • Academic and professional resume;
  • Cover letters and references.

The data is processed for the purpose of evaluating applications, managing the recruitment process, and potentially entering into a contract, based on pre-contractual procedures or the applicant’s consent.

The data of unsuccessful applicants is only kept for the period strictly necessary for the process or for the legally permissible period, after which it is deleted or anonymized.

Candidates may exercise their rights under the GDPR by sending a written request to Clínica Baía.

 

9. Website Data Protection Policy

This policy regulates the processing of personal data carried out through the Clínica Baía website, as well as in the context of electronic communications made through this medium.

The following may be collected through the website:

  • Identification data (name);
  • Contact details (email, phone number);
  • Data provided in contact or appointment forms;
  • Technical data, such as IP address, browser type, and browsing data.

The data collected through the website is intended for:

  • Responding to contact and clarification requests;
  • Managing appointment requests;
  • Providing information about services;
  • Complying with legal obligations;
  • Ensuring the technical functioning and security of the website.

The website may use cookies necessary for its operation and, with consent, analytical or functional cookies, in accordance with applicable legislation. Users can manage their preferences at any time.

Data is only kept for the period necessary for the purposes for which it was collected, and appropriate security measures are taken to protect against unauthorized access.

 

10. Video Surveillance Policy

Clínica Baía has a video surveillance system designed exclusively for the protection of people, property, and facilities, as well as for the prevention and suppression of illegal activities.
The processing of personal data through video surveillance is based on the legitimate interest of Clínica Baía and complies with the terms of the GDPR and applicable national legislation, namely Law 58/2019 of August 8 and Law 34/2013 of May 16.

  • The cameras are properly marked;
  • No images are captured in areas reserved for privacy;
  • Recordings are kept for 30 days;
  • Access to images is restricted and properly controlled.

The exercise of data subjects’ rights is ensured in accordance with the GDPR, without prejudice to the limitations provided for by law.

Scroll to Top