Data protection is a subject our organisation takes very seriously. You can view and use the pages of our website without having to give any personal data; however, if you wish to use the services available through our website, personal data can be required and processed. If personal data processing is necessary and there is no legal basis for it, we will ask for your consent.
Processing of personal data, such as name, address, e-mail address or telephone number of a data subject, as well as by electronic identification, must always be in compliance with the General Data Protection Regulation (GDPR), and in accordance with the specific data protection of the country and applicable regulations of our company. By means of this data protection declaration, this organisation informs the general public as to the nature, the intention and purpose of the personal data that is collected, used and processed. In addition, data subjects are informed of their rights through this data protection declaration.
As a data protection officer, the organisation has implemented several technical and organisational measures in order to guarantee the most complete protection of the personal data processed through this site. However, there can ultimately be security gaps in the transmission of data on the Internet and therefore absolute protection cannot be guaranteed. For this reason, data subjects are free to transfer their personal data through alternative means, e.g. by email.
The organisation encourages you to reread the privacy declarations of the sites to which links are created from this site, so that you can understand how these sites collect, use and share your information. Our organisation’s site is not responsible for privacy declarations or other contents on sites other than that of our company and other sites it owns.
Data Protection Officer
For the purpose of the General Data Protection Regulation (GDPR), other laws of data protection applicable in the Member-States of the European Union and other provisions related to data, the identification of the Data Protection Officer is required.
Our details are:
Clínica Cris Piessens
Rua dos Caliços, Cerro Malpique
Edifício Caliços do Mar
Algarve – PORTUGAL
Tel. 289 589 783
Anyone using the site can contact the data protection officer at any time for any questions and suggestions regarding data protection.
By means of a cookie, the information and offers on our site can be optimised with the user in mind. The cookies allow us to recognise the users of our site, as previously mentioned. The objective of this recognition is to make the site easier to use.
The data subject can, at any time, prevent the configuration of cookies through our site by means of a corresponding configuration of the web browser being used and can therefore permanently block the configuration of cookies. Additionally, previously-defined cookies can be removed at any time through a web browser or other software programs. This is possible on all of the most popular web browsers. If the data subject deactivates the configuration of cookies on the web browser being used, some of the features on our site might not be fully available.
Data collection and general information
Our site collects a series of data and general information when a data subject or automated system visits the site. The server’s log files store this data and general information. Data collection can be (1) the types of browsers and versions being used; (2) the operating system being used by the accessing system; (3) the site from which the accessing system reaches our site (the so-called referrers); (4) sub-sites; (5) data and time of visit to the site on the Internet; (6) website address (IP address); (7) access provider to the Internet access system and; (8) any other data and information that can be used in the case of attacks on our information technology systems.
By using this data and general information, the organisation does not draw conclusions about the data subject. On the contrary, this information is necessary in order to (1) deliver the content of our site correctly; (2) optimise the content of our site as well as its advertising; (3) guarantee the long-term viability of our information technology systems and the technology of the site; and (4) supply the necessary information to police authorities for criminal processing in the case of a cyberattack. Therefore, the organisation statistically analyses data and information collected anonymously, in order to increase the data protection and security of our company and guarantee an excellent level of protection for the personal data we process. The anonymous data of the file logs of the server are stored separately from all of the personal data supplied by the user.
Requests for contact by the site
The site has information that allows for fast electronic contact with our company, as well as direct communication with us, which includes a general email address. If a data subject contacts the data protection officer by email or the contact form, the personal data transmitted by the person concerned will automatically be stored. This personal data voluntarily transmitted by a data subject to the data protection officer is stored for the purpose of processing or contacting the data subject. This personal data is not transferred to third parties.
Procedures for deleting and blocking personal data
The data protection officer will process and store the personal data of the person concerned for the period necessary to achieve the purpose of the storage, or, as long as allowed by European legislation or other legislators in laws or regulations to which the data protection officer is subject.
If the purpose of the storage is not applicable, or if a period of storage prescribed by European legislation or other competent legislator has expired, the personal data is routinely blocked or deleted in accordance with legal requirements.
Data protection and processing for website visitors
The data protection officer will collect and process the personal data of website visitors for the purpose of processing and saving the information. The processing can also be done electronically. It is considered to be electronically if a visitor sends corresponding documents by email or by a form on the website to the data protection officer. If the data protection officer enters into a processing contract with a website visitor, the data sent will be stored for the purpose of processing the contract in accordance with the legal requirements. If no processing contract is signed with the visitor by the data protection officer, the documents will automatically be deleted two months after notification of the decision to refuse, as long as no other legitimate interest of the data protection officer opposes the deletion. A legitimate interest in this case could be, among others, an onus of proof of a procedure under the General Act on Equal Treatment (AGG).
Information on data protection for Facebook
On this site, the data protection officer integrated components of Facebook, which is a social network.
A social network is a place to share interests on the Internet, an online community, which generally allows users to communicate amongst themselves and interact in a virtual space. A social network can act as a platform for exchanging opinions and experiences, or allow the Internet community to supply personal information or information related to business. Facebook allows its users to create private profiles, upload photos and create networks by means of friend requests.
The company that operates Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. For residents outside of the United States or Canada, the data protection officer is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
For each visit made to one of the individual pages of this website, operated by the data protection officer, and in which a component of Facebook (Facebook plug-ins) has been integrated, the web browser in the technology system of information of the person in question is automatically asked to download the display of the corresponding component of Facebook through Facebook itself. A general view of all of the plug-ins of Facebook can be seen on https://developers.facebook.com.docs/plugins/. During the course of this technical process, Facebook collects information on which specific page of our site was visited by the user.
If the data subject is connected to Facebook at the same time, Facebook will detect all of the connections to our website by the data holder – and for the entire time the user visits our website – as well which specific pages were visited. This information is collected through Facebook’s tools and associated with the respective Facebook account of the data subject. If the person in question clicks one of the Facebook buttons integrated into our website, such as the “Like” button, or if the data subject makes a comment, Facebook will correspond this information to the personal Facebook account of the data subject and store the personal information.
Through its tools, Facebook will continuously receive information about visits to the site, made by the data subject, as long as there is a connection to Facebook throughout the period of the visit to the site. This process will occur even if the subject does not click on the Facebook icon. If the data subject does not want this transmission of information to Facebook, it can be avoided by logging off Facebook before visiting our website.
The data protection guidelines published by Facebook, available at https://facebook.com/about/privacy/, supply information about collection, processing and use of personal information by Facebook. The configuration options offered by Facebook to protect data privacy are also explained. Further to this, various configuration options are available to allow for the elimination of transmission of data to Facebook. These measures can be used by the data subject in order to eliminate the transmission of data to Facebook.
Data protection information regarding the application and use of Google Analytics (with anonymisation function)
On our website, the data protection officer integrated the Google Analytics component (with anonymisation function). Google Analytics is a web analytics service. Web analytics is a process that collects and analyses data about the behaviour of visitors to sites. A Web analytic service collects and conciliates data about the site from which a user started (the so-called referrer), which subpages were visited or how frequent and for how long the subpage was viewed. The analysis of the Web is used mainly for the optimisation of a website and for cost-benefit analysis of advertising on the Internet.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy., Mountain View, CA 94043-1351, United States. For residents in Europe, the data protection officer is in Ireland.
For web analysis by Google Analytics, the data protection officer uses “gat. anonymizelp” app. By using this app, the IP of the Internet connection of the data subject is abbreviated by Google and anonymised when logging on to the site from a Member State of the European Union or other Contracted State to the Agreement on the European Economic Area.
The objective of the component of Google Analytics is to analyse the traffic on the site. Amongst other things, Google uses the data and information collected to evaluate the use of the Improxy site and to supply other services related to the use of the site on the Internet.
Google Analytics places a cookie on the technology system of the data subject. The definition of cookies is explained above. With the configuration of the cookie, Google is able to analyse the use of the entity’s site. For each connection made to one of the individual pages of this site of the Internet, operated by the data protection officer and in which a component of Google Analytics has been integrated, the Web browser in the information technology system of the data subject will automatically send the data by means of a Google Analytics tool for the purpose of online advertising and payment of commissions to Google. During this technical process, Google acquires knowledge of personal information, such as the IP address of the data subject, which allows Google to know the origin of the visitors and clicks and, subsequently, to create commission agreements.
The cookie is used to store personal information, such as visit time, the location from which access was made and the frequency of visits to the site by the user. For each visit to the site, this personal data, including the IP address used by the data subject, will be transmitted to Google in the United States of America, where it is stored by Google. Google can pass on the personal data collected by means of a technical process to third parties.
The data subject can, as mentioned above, block the configuration of cookies on the site, at any time, by the corresponding adjustment of the web browser being used and by this means, permanently deny the configuration of cookies. This adjustment in the web browser will also block Google Analytics from installing a cookie on the information technology system of the user. Besides this, the cookies already placed by Google Analytics can be deleted at any time by the Web browser or through other programs.
Further information and methods of data protection applicable to Google can be obtained on https://www.google.com/intl/pt-BR/policies/privacy and on http://google.com/analytics/terms/us/html. Google Analytics is explained in the following link: https://google.com/analytics/.
Legal basis for processing
Art. 6 )1) of the GDPR serves as a legal basis for processing operations for which we gain consent for a proposal for specific processing. If the processing of personal data is necessary for the execution of a contract to which the data subject is a party, such as when the processing operations are necessary for supplying goods or any other service, the processing is authorised based on article 6, no. 1, b GDPR. The same applies to those processing operations that are necessary for executing pre-contractual measures, such as in the case of consultations about our products or services. Our company is subject to a legal operation for which the processing of personal data is necessary, such as complying with tax obligations, based on art. 6 (1) lit. c GDPR. In rare cases the processing of personal data can be necessary for protecting the vital interests of the data subject or another individual. This would be the case, for example, if a visitor was injured in our company and his/her name, age, health insurance data or other vital information had to be transmitted to a doctor, hospital or other entity. This action and the respective processing would be based on art. 6 (1) lit. of the GDPR. Lastly, data processing operations can be based on no. 1 of article 6 of the GDPR code. This legal basis is used for processing operations not covered by other judicial foundations mentioned above, if the processing is necessary for legitimate purposes sustained by the entity or a third party, unless these interests are annulled by interests or rights and fundamental freedoms of the person in question who requests personal data protection. Such processing operations are particularly admissible because they are specifically mentioned by the European legislative authority. It is considered that a legitimate interest could be assumed if the data subject is a client of the data protection officer (considering 47th, phrase 2, GDPR).
Legitimate interests of the company and third parties
Based on article 6, no. 1 of the GDPR, the legitimate interest is to do business, currently and in the future, in favour of the well-being of all of its employees and shareholders.
Storage period of personal data
The criteria used to determine the storage period of personal data is the respective legal retention period. At the end of this period, the corresponding data is routinely deleted, unless it is necessary for compliance of a contract or the start of a contract.
Supplying personal data as an obligatory or contractual requisite: requisite necessary for entering into a contract; obligation of the data subject to supply personal data; possible consequences of failing to supply such data.
We wish to clarify that the supplying of personal data is partially required by law (e.g. tax regulations) or can also result from contractual clauses (e.g. information about a contractual partner). Sometimes, in order to finalise a contract, it might be necessary for a data subject to supply us with personal data, which must later be processed by our organisation. The data subject is, for example, obliged to supply personal data when our organisation signs a contract with the data subject. As a consequence, the non-availability of personal data would mean the non-conclusion of the contract. Before personal data is supplied by the data subject, he or she must contact any staff member, who will clarify to the data subject whether the disposition of the personal data is required by law or contract or if it is necessary for completing the contract, if there is an obligation to supply personal data and the consequences for failing to do so for finalising the contract.
Automatic decision makers
As the responsible entity, we do not use automatic decision makers nor automatic profiling.
Alterations to this declaration
Last update: 18/01/2019