WHO ARE WE?
DERMOCARE is a registered trademark owned by GRAU CELEBRE – CLINICA DERMOCARE UNIPESSOAL, LDA..
DERMOCARE is committed to protecting the personal data of their customers, any personal data provided while using DERMOCARE products and services, as well as personal data provided in any situation in which it may be processed. This Policy has therefore been drawn up with this in mind, to demonstrate our commitment to respecting the applicable rules for the protection of personal data.
WHY DO WE NEED A PERSONAL DATA PROTECTION POLICY?
In this Policy, we inform our Customers of the general rules for the processing of personal data, which is collected and processed in strict compliance with the provisions of the applicable personal data protection legislation, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“RGPD”).
DERMOCARE respects best practices in the field of security and personal data protection by taking the necessary technical and organisational measures necessary to comply with the RGPD, ensuring that the company processes personal data in a way that is lawful, fair, transparent and limited to the purposes authorized by data owners.
DERMOCARE is committed protecting our customers’ personal data, as well as ensuring it is kept strictly confidential, and has taken the measures it deems appropriate to ensure the accuracy, integrity and confidentiality of personal data, as well as all other rights granted to the respective data holders.
The rules provided in this Data Protection Policy complement the provisions on the protection and processing of personal data, provided for in the agreements our Customers enter into with DERMOCARE, as well as the rules set forth in the terms and conditions that regulate the various products and services provided and duly advertised on the website.
WHAT IS THIS DATA PROTECTION POLICY ABOUT?
This Data Protection Policy applies exclusively to the collection and processing of personal data DERMOCARE is responsible for processing, within the scope of services and products made available to its Customers / Users and in all situations in which DERMOCARE processes this personal data.
DERMOCARE’s website may include links to other websites that are in no way connected to DERMOCARE. These links are provided in good faith, and DERMOCARE can not be held liable for the collection and processing of personal data made through these websites, nor does DERMOCARE take any responsibility for such websites, their accuracy, credibility or the functionalities available within them.
WHAT IS PERSONAL DATA?
Personal data is any information of any nature regardless of the manner in which it is stored, including sound and image, relating to an identified or identifiable natural person.
This relates to any identifiable person that can be directly or indirectly identified by their name, identification number, location data, electronic identifiers or one or more specific factors relating to their physical appearance, physiological, genetic, mental, economic, cultural or social status.
WHAT IS PERSONAL DATA PROCESSING?
The processing of personal data consists of an operation or set of operations carried out on personal data or personal data sets, which may be automated, specifically collection, registration, organisation, structuring, preservation, adaptation, retrieval, consultation, use, disclosure, dissemination, comparison, interconnection, limitation, erasure or destruction.
WHO IS RESPONSIBLE FOR DATA PROCESSING?
The entity responsible for the processing of personal data is DERMOCARE itself which determines the purposes and means of processing applied to this data.
As such, if a personal data holder wishes to contact the data controller, they may do so through the means and contact details indicated below:
Through the website DERMOCARE.pt
Or in a letter addressed to:
ROTUNDA DA CRUZ DE PORTUGAL EDIFÍCIO COLINA
WHO IS THE DATA PROTECTION SUPERVISOR?
The Data Protection Officer plays a relevant role in the processing of personal data, ensuring, among other aspects, that the data is processed in a manner that is consistent with the applicable legislation, verifying compliance with this Data Protection Policy and establishing the clear rules applicable to the processing of personal data, ensuring that all those entrusted with the processing of their personal data are aware of how DERMOCARE processes it and the rights they have to their data.
Therefore, personal data owners may, if they wish, address a letter to the Data Protection Officer regarding matters related to the processing of personal data, using the contact details provided at DERMOCARE.pt/en/contacts to do so.
WHAT TYPES OF PERSONAL DATA ARE PROCESSED?
As part of its operations, DERMOCARE processes the personal data necessary in order to provide services and/or products, as well as processing data such as names, addresses, telephone numbers and e-mail addresses collected from social media sites, as per the most detailed information available to the holders of personal data at the time of collection.
Notwithstanding DERMOCARE’s compliance with legal regulations regarding the preservation and transmission of data for the purposes of investigation, detection, prosecution of serious crimes, as well as any other practices the company is legally obliged to follow, traffic data, geographical location, profile and/or Client / Users consumption will also be processed by DERMOCARE to the extent necessary in order to provide the respective services. Based on their location, profile and/or consumption patterns, Clients will be provided with access to specific functionalities of services, suggestions of content and location-based information services.
Location information may also be legally recorded and transmitted to organisations that are entitled to receive emergency calls, for the purpose of responding to incoming calls.
DERMOCARE also processes personal, traffic, geographic location, profile and/or consumption data for the purpose of marketing and publicising the goods and services provided by the company, as long as the respective holder has authorised the company to do so.
Personal data will also be processed if the respective holder has authorised the company to do so for the purpose of sharing information about services and lists within the universal service provided by the company, including sharing this information with third parties for the publication of such lists and the provision of information services.
If a Client has given prior consent, it may be withdrawn at any time, though this does not affect the legality of the data processed previously, based on the prior consent provided.
WHEN AND HOW DO WE COLLECT YOUR PERSONAL DATA?
DERMOCARE collects your personal data, via telephone, in writing and via our website, securing, where necessary, the prior consent of the holder of the personal data.
Some personal data is indispensable in order to enter into contracts with us. In the event that a lack of, or insufficient data is provided by the Client, DERMOCARE can not make the product or service in question available to them.
If the data subject is not a DERMOCARE Customer, their personal data will only be processed when made available to DERMOCARE, which could take place when they subscribe to our newsletter, in which case the rules contained within this Data Protection Policy will apply.
The personal data collected can be processed using computerised, and automated, or non-automated means, though strict compliance with the legislation relating to the protection of personal data is always guaranteed, this data being stored in specific databases created specifically for this purpose. In any case, the data collected will not be used for any purpose other than that for which it was collected, or for which the data subject has given their consent.
WHO MAY PERSONAL DATA BE SHARED WITH?
Notwithstanding the addressees indicated throughout this Data Protection Policy, DERMOCARE may communicate a Client’s personal data to an entity for the purposes of complying with legal obligations, specifically to police, judicial, tax and regulatory entities.
WHAT ARE THE PURPOSES OF PROCESSING PERSONAL DATA?
In general, the personal data collected has a basis in managing a contractual relationship, the provision of contracted services and the adequacy of the services to the needs and interests of the Customer. DERMOCARE may also, if legally permissible, use the personal data provided by the holder for other purposes, such as sending suggestions, sharing brand information, publicising campaigns, promotions, advertising and news about the products and/or DERMOCARE services, as well as in order to carry out market research or evaluation surveys.
HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR?
The length of time for which personal data is stored varies according to the purpose for which the information is processed.
Certain legal requirements require us to retain the data for a minimum period of time. Therefore, and whenever there is no specific legal requirement, the data will be stored and kept for the minimum period necessary for the purposes for which it was collected or subsequently processed, as per the terms of the law.
WHAT ARE YOUR RIGHTS AS A DATA HOLDER?
As holders of personal data, Clients are guaranteed, at any time, the right to access, rectify, update, limit and erase their personal data (except the data that is indispensable for the provision of services by DERMOCARE, as duly identified in the Form as being mandatory, or data required to ensure compliance with legal obligations to which the controller is subject), the right to oppose the use of this data for commercial purposes by DERMOCARE and withdrawal of their consent, without compromising the lawfulness of the processing prior to the withdrawal of said consent, as well as the right to data portability.
HOW CAN I ACCESS, RECTIFY, UPDATE, LIMIT, ERASE, OPPOSE THE PROCESSING OF MY PERSONAL DATA, OR WITHDRAW CONSENT?
Notwithstanding the provisions of the RGPD, the holder of the personal data may carry out any of the aforementioned actions directly, or via a written request addressed to the person responsible for data processing, via the contact details available for the purpose in this document, as well as other contact detailss made available by DERMOCARE.
HOW CAN YOU OPPOSE TO BEING CONTACTED FOR MARKETING PURPOSES?
DERMOCARE may contact its Customers in order to share information relating to new products or services by telephone, e-mail, SMS, MMS or any other electronic communications service, if the holder of the personal data has given their consent for DERMOCARE to do so.
If the holder of personal data does not intend to continue receiving such communications, they may withdraw their consent for the use of their data for marketing purposes at any time.
HOW CAN YOU FILE A COMPLAINT?
Notwithstanding complaints made directly to DERMOCARE via the contact details made available for the purpose, Customers can complain directly to the Control Authority, which is the National Data Protection Commission (CNPD), using the contacts made available by the entity for this purpose.
WHICH MEASURES HAVE BEEN ADOPTED BY DERMOCARE TO ENSURE YOUR PERSONAL DATA IS KEPT SAFE?
DERMOCARE is committed to ensuring the protection the personal data it has access to, and has adopted and implemented strict rules in this regard. Every person who accesses them legally must comply with these rules.
With DERMOCARE’s concern and commitment to keeping personal data safe in mind, a number of technical and organisational security measures have been adopted in order to protect the personal data made available to the company from being shared, lost or misused, from any unauthorised access being granted, from the data being altered, processed or accessed, as well as against any from other form of illicit treatment.
Additionally, third-party service providers that process DERMOCARE clients’ personal data on behalf of DERMOCARE, are under written obligation to adopt adequate technical and security measures that comply with the requirements of current legislation and ensure that data subject rights are protected(in particular, their privacy and client personal data).
In this sense, personal data collected in forms on the DERMOCARE website require Browser sessions to be encrypted. All personal data transferred is then safely stored in DERMOCARE’s systems, which are, in turn, on DERMOCARE’s server, which is covered by all the physical and logical security measures that DERMOCARE considers to be indispensable for the protection of personal data.
In respect of the safety measures adopted by DERMOCARE, DERMOCARE warns all those who surf the Internet that they should take additional security measures, specifically ensuring that their PC and Browser are updated and properly configured in terms of security patches, that they have an active firewall, antivirus and antispyware, and that those surfing the web ensure the authenticity of the sites they visit, and avoid websites they do not trust.
UNDER WHICH CIRCUMSTANCES WILL DERMOCARE COMMUNICATE MY PERSONAL DATA TO OTHER ENTITIES (WHETHER THIRD PARTIES OR SUBCONTRACTORS)?
As a part of its operations, DERMOCARE may use third parties to provide certain services. Sometimes the provision of these services requires that these entities be granted access to the personal data of DERMOCARE Customers. When this is the case, DERMOCARE takes all necessary measures to ensure that entities with access to the data are reputed and provide the highest guarantees that it will be kept strictly confidential, a fact that is duly enshrined in a contract entered into between DERMOCARE and any third party(ies).
Therefore, any entity subcontracted by DERMOCARE may process any Customer personal data on behalf of DERMOCARE, adopting any necessary technical and organisational measures in order to protect the personal data against destruction, whether accidental or illicit, accidental loss, alteration, dissemination or unauthorised access, as well as against any other form of illicit treatment.
In any case, DERMOCARE remains responsible for the personal data made available to it.
UNDER WHICH CIRCUMSTANCES DO WE TRANSFER YOUR PERSONAL DATA?
The provision of certain services by DERMOCARE may involve transferring your data outside of Portugal, including outside the European Union or to International Organisations.
In such a cases, DERMOCARE shall ensure strict compliance with the applicable legal provisions, in particular with regards to determining the suitability of the country(ies) to which it shall send this data, where the protection of the personal data is concerned, as well as the requirements applicable to such transfers, including, where appropriate, entering into the appropriate contractual instruments to guarantee and respect the applicable legal requirements.
CHANGES TO THE DERMOCARE PERSONAL DATA PROTECTION POLICY?
DERMOCARE reserves the right to make adjustments or changes to this Personal Data Protection Policy at any time. These changes will be duly publicised in the various communication channels used by DERMOCARE.
WHAT ARE COOKIES?
“Cookies” are small pieces of software that are stored in the access equipment through a browser. They only store information related to preferences, which does not include personal data.
WHAT ARE COOKIES FOR?
Cookies help determine the usefulness, the interest and the number of uses of websites, allowing for faster and more efficient navigation and eliminating the need to repeatedly enter the same information.
WHAT KINDS OF COOKIES ARE THERE?
Two different types of cookie can be used:
- Permanent cookies – are cookies stored in browsers within the device used to access a website (PC, mobile or tablet) and are used whenever you visit the DERMOCARE website again. They are generally used to direct navigation to the user’s interests, allowing for a more personalised service.
- Session cookies – These are temporary cookies that remain in your browser’s cookie file until you leave the website. The information obtained by these cookies serves to analyse patterns of web traffic, allowing you to identify problems and provide a better browsing experience.
- Strictly necessary cookies – Allows for website navigation and application usage, as well as access to secure areas of the website. Without these cookies, the services required can not be provided.
- Analytical Cookies – Used anonymously for the purpose of collecting data for and analysing statistics in order to improve the functioning of the website.
- Functional Cookies – Save user preferences regarding site usage so you do not have to reconfigure the site each time you visit.
- Third-party cookies – Measure application success and third-party advertising effectiveness. They can also be used to customise a widget using user data.
- Advertising Cookies – Provide users with adverts that match their interests. These cookies are used as a means through which to target advertising campaigns, taking into account user tastes, as well as limiting the number of times you see any one ad, helping to measure the effectiveness of advertising and the success of the way in which the website is laid out.
HOW CAN YOU MANAGE YOUR COOKIES?
All browsers allow users to accept, reject or delete cookies, as well as informing users whenever a cookie is stored, all in the relevant browser settings. Users can configure cookies in the “options” or “preferences” menu of their browser.
Note, however, that by disabling cookies, you may prevent some web services from working properly, as these settings may affect website navigation, whether in part or in full.