MEDGICAL, LDA. places great importance on the protection of your personal data and is committed to respecting your privacy.
In this Privacy Policy, we explain how we collect and process the personal data of everyone who purchases our Service, as well as those who access and use our Website and Platform. We also explain your rights as a data subject.
We aim for this policy to be as clear and transparent as possible, but if anything is unclear, please contact us at [email protected].
LEGAL FRAMEWORK
Your personal data will always be processed in a way that ensures strict compliance with the applicable legislation on the protection of personal data, namely Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, the General Data Protection Regulation ("GDPR"), Portuguese Law no. 58/2019 of 8 August, which implements the GDPR in the Portuguese legal framework, and any other applicable sector-specific legislation.
CONTROLLER OF YOUR PERSONAL DATA
MEDGICAL, LDA., a private limited company registered with the Commercial Registry Office under legal entity number 517.981.130, with registered office at Praça Conde de Agrolongo 123, Edificio GNRation, 4700-312 Braga, Portugal, also referred to as the "Controller", is the entity responsible for the processing of your personal data.
MEDGICAL, LDA. provides, among other things, artificial intelligence software services for medical use, with the goal of optimising medical and clinical workflows and addressing a critical challenge faced by healthcare providers worldwide: excessive administrative burden. In that context, we process your personal data.
Throughout this Policy, references to "MEDGICAL", "we", "us" or "our" refer to MEDGICAL, LDA. We will also refer to "you", meaning the person who visits our Website or uses our Platform and who is the data subject.
If you have any questions about this Privacy Policy or about the way we process your personal data, please contact us. See the "CONTACTS" section below.
PERSONAL DATA
Personal data means any information, regardless of its nature or medium, relating to an identified or identifiable natural person.
Under the GDPR, an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to a name, identification number, location data, online identifier, or to one or more factors specific to that person's physical, physiological, genetic, mental, economic, cultural or social identity.
The information we collect about you, and how we collect it, may vary depending on the services you use, purchase or subscribe to.
We collect only the data we consider essential for browsing our Website and/or using our Platform, providing the services you request, managing your accounts and usage, registering and invoicing your orders, ensuring those services are delivered to you and, where you express interest, informing you about our latest news.
To review the purposes and legal bases for processing your personal data, please see the "PURPOSES AND LEGAL BASES FOR PROCESSING" section below.
CATEGORIES OF PERSONAL DATA
Identification data: name, tax identification number (NIF), date of birth, in the case of a natural person; and, in the case of a legal person, the name of the healthcare institution and NIF.
Contact data: professional address, email address and telephone number.
Purchase and billing data: billing address and IBAN.
Connection and location data: IP address, device type and country from which you access our Website and/or Platform.
PURPOSES AND LEGAL BASES FOR PROCESSING
MEDGICAL processes your personal data on the following legal bases:
Performance of contractual obligations or pre-contractual steps.
Compliance with applicable legal obligations.
For some processing activities, we will need your consent.
Legitimate interests, provided that the need to process personal data is balanced against your interests or your fundamental rights and freedoms.
We use the data you provide to offer you the best possible experience. In particular, we collect and process personal data for:
User communications.
Answering questions.
Information requests.
Service proposals.
Communicating offers, new services, commercial campaigns, satisfaction surveys and other advertising and marketing communications.
The table below identifies some of the purposes for which we collect and process your personal data, with full transparency and appropriate safeguards for security and confidentiality. The data involved are strictly limited to what is necessary for the purposes described below.
| Purpose | Data categories | Legal basis |
| Creating an account on the Platform |
|
Performance of the contract |
| Managing the purchase of our Service through the Website and the Platform |
|
Performance of the contract |
| Sending newsletters and marketing communications | Contact data | Data subject consent |
| Payment processing |
|
Performance of the contract |
| Managing our relationship with the User, including contacts and notice of changes to our terms and conditions |
|
|
| Ensuring the full operation of our Website and Platform |
|
|
SHARING DATA WITH THIRD PARTIES
In the course of providing our Service, we may rely on service providers and intermediaries acting as our processors, who need access to part of your personal data, namely:
IT service providers based in the European Union (EU) or the European Economic Area (EEA).
Electronic payment processing service providers based in the EU or EEA.
These disclosures are made solely for the fulfilment of the purposes for which the data are collected and in accordance with our instructions, in strict compliance with the rules on personal data processing and information security.
We may also disclose your personal data to third parties when:
You have expressly consented to it.
The disclosure is required to comply with a legal obligation or a court order issued by judicial, administrative and/or regulatory authorities.
RETENTION PERIOD
Your personal data will be kept only for as long as necessary to fulfil the purposes that justified their collection or for the periods required by law.
Purchase and billing data will be retained for the duration of the contract and, after termination, may continue to be retained for a reasonable period if you decide to use our services again.
In some cases, to comply with the law, we will have to keep your personal data for the legally prescribed period, for example for tax obligations.
RIGHTS OF THE DATA SUBJECT
We make every effort to ensure that your personal information is accurate, up to date and complete, in line with the purposes for which we use that information.
Under the GDPR, you have the right at any time to access and object to the processing of your personal information, as well as the right to update, correct and erase the data collected by us if they are incomplete, inaccurate, outdated or unlawfully processed. You may exercise these rights by contacting us using the details provided below under "CONTACTS".
We briefly explain your rights in the table below:
| RIGHT TO BE INFORMED | You have the right to receive clear, transparent and easily understandable information about how we use your personal data. |
| RIGHT OF ACCESS | You may request a copy of the data we hold about you. |
| RIGHT TO RECTIFICATION | You have the right to rectify your personal data if they are inaccurate or outdated and/or to complete them if they are incomplete. |
| RIGHT TO ERASURE | You may request the erasure of any personal data being processed at any time. This right is not, however, absolute, since we may have legal grounds to retain your personal data. If that is the case, we will provide you with all necessary information. |
| RIGHT TO OBJECT |
You have the right to object, at any time, to the processing of your personal data on grounds relating to your particular situation. In these circumstances, MEDGICAL may no longer process your data unless we demonstrate compelling legitimate grounds that override your interests, or where processing is required for legal claims. You may also object when the processing is based on consent. However, withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal. |
| RIGHT TO DATA PORTABILITY | You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and the right to transmit those data to another organisation. This applies only to data you provided where the processing is based on your consent or on the performance of a contract and where the processing is carried out by automated means. |
| RIGHT TO RESTRICTION OF PROCESSING |
You may ask that the processing of data be restricted for a certain period, meaning the data cannot be disclosed to third parties, transferred internationally or erased. You may also request that we limit the use of your data to storage only, stop using them for all other purposes, or retain data that would otherwise have to be erased. |
| RIGHT TO LODGE A COMPLAINT WITH THE PORTUGUESE DATA PROTECTION AUTHORITY | You also have the right to lodge a complaint with the supervisory authority in Portugal, the Comissão Nacional de Proteção de Dados, if your rights have been violated or if your personal information has been or is being used in a way that you believe does not comply with the applicable legislation. The contact details of the Comissão Nacional de Proteção de Dados are available here, together with details on how to file a complaint. |
You may exercise any of these rights using the contact details provided below under "CONTACTS".
1. AUTOMATED INDIVIDUAL DECISION-MAKING
We do not expect you to be subject to decisions based exclusively on automated processing that produce legal effects concerning you or similarly significantly affect you. However, we will update this policy if that position changes and notify you accordingly.
2. INTERNATIONAL TRANSFERS
We do not anticipate transferring your personal data outside the EU or the EEA, that is, to a third country. However, should this become necessary, including if we were to use processors based in a third country, we will ensure strict compliance with European rules on data transfers to third countries and provide all necessary information, including the safeguards applicable to such transfer, such as:
Adequacy decisions: where the European Commission determines that a third country offers an adequate level of data protection, personal data may be transferred to that country without the need for any further additional measures.
Appropriate safeguards, such as standard contractual clauses: these contractual commitments were adopted by the European Commission and ensure appropriate protection for personal data transferred outside the EU or the EEA, binding recipients of personal data to certain data protection standards, including the obligation to implement suitable technical and security measures.
3. COOKIES
WHAT ARE THEY?
MEDGICAL uses automatic data collection systems, namely cookies. Cookies are small text files containing relevant information which your access device, such as a computer, mobile phone or tablet, stores through the web browser when you visit a Website. Cookies may be installed or stored in the memory or on the hard drive of your device, retaining information relating to your preferences.
WHAT ARE COOKIES USED FOR?
Cookies help determine the usefulness, relevance and number of visits to a website and provide users with a faster and more efficient browsing experience by reducing the need to repeatedly enter the same information.
Except for strictly necessary cookies, and in order to ensure a better experience and the proper functioning of our Website, cookies are placed only after we have obtained your consent.
WHAT TYPES OF COOKIES DO WE USE?
We use strictly necessary cookies.
WHAT IS THE PURPOSE OF THE COOKIES WE USE?
Strictly necessary cookies: they allow users to browse our Website and access secure areas. Without these cookies, some services you request may not be provided.
COOKIE MANAGEMENT
You may at any time allow, restrict or block the cookies referred to above.
You may also, at any time, allow, restrict or block cookies by configuring your internet browser, such as Internet Explorer, Firefox, Safari, Google Chrome or Opera, in accordance with the relevant browser instructions. Please note that any browser configuration may affect your internet browsing and your access conditions for services that require the use of cookies.
Each browser has different settings, so we recommend consulting your browser's help menu.
SECURITY MEASURES
We are constantly implementing and updating the technical, physical and organisational security measures required to ensure that your personal data are processed with a high level of security. The technical, organisational and physical procedures we have in place ensure the confidentiality of your personal data, protecting them against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access, as well as against other unlawful forms of processing.
Some of the safeguards we use to protect your information include firewalls, data encryption and access controls.
We also take measures designed to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
We have a personal data breach response system in place and take the necessary steps to mitigate potential harm to the rights and freedoms of data subjects. We have also implemented processes to regularly test, assess and evaluate the effectiveness of our technical and organisational measures in order to ensure the security of processing.
Any entity we engage as a processor will be bound by equivalent security measures and will act at all times under our duly documented instructions.
CHANGES TO THIS PRIVACY POLICY
Since practices relating to the processing of personal data may change over time, this Privacy Policy may also be updated accordingly and with the same frequency. We therefore recommend that you review it periodically.
If a significant change is made to this policy, that change will be communicated to the email address you have provided, together with a record of the latest amendment.
CONTACTS
If you have any questions about this Privacy Policy or wish to exercise your rights as a data subject, as described under "RIGHTS OF THE DATA SUBJECT", please contact us at [email protected] or by post at the address indicated under "CONTROLLER OF YOUR PERSONAL DATA".