Privacy Policy
The company Gagliardini & Patricio Lda, hereinafter referred to as "GPMédicos", values the trust that its clients (companies and individuals) place in it and respects the privacy of their Personal Data. This Privacy Policy has been prepared to inform you of the policies and practices for protecting personal data that is made available to us, or that has been obtained, through the services associated with this Privacy Policy.
This Privacy and Cookies Policy governs the processing of users' personal data (hereinafter referred to as "User" or "Users") collected in connection with the use of the website at www.gpmedicos.com (hereinafter referred to as "Site") or through the App, by GPMédicos , and reflects our institutional concerns regarding the privacy and processing of Users' personal data.
Personal data processing means any operation or set of operations performed on personal data, whether or not performed by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, as well as blocking, erasure or destruction.
Providing personal data while browsing the Site implies knowledge and express acceptance of the conditions contained in this Privacy and Cookies Policy.
Our services include our websites, newsletters, online sales, and healthcare services provided in clinics or at the client's premises, subject to professional confidentiality. This Privacy Policy is subject to review. If material changes are made to how we use your Personal Data, we will notify you by sending an email to the last email address you provided to us, or by posting prominent notices on our website about the changes. Changes may be immediately effective for new users of our services, unless otherwise indicated in the notice.
Last updated 24-03-2025
Who is responsible for processing your data?
GPMédicos (GAGLIARDINI & PATRICIO LDA), with registered office at Rua da Alegria 857, 4000-047, Porto and with NIPC 509562760, is the entity responsible for processing personal data collected through our website or App.
What type of personal data is requested?
Accessing and browsing the Site may not necessarily imply the provision of personal data. However, certain functionalities on the Site involve the provision of personal data (for example, if you wish to submit a contact form to formulate your questions and suggestions), in forums or blogs, or even when scheduling services or purchasing products.
Personal or business data is requested, such as:
Identification data: name and surnames, identification document (citizen card/passport/CPF), profile photo, handwritten signature, your user identification and password.
Biometric data: stroke, pressure and speed of the electronic signature.
Contact details: telephone number, email address and address for contact purposes.
Personal characteristics: age, gender, profession and your preferences regarding our services or products.
Economic and financial data: your card or bank account details and your address for billing purposes, when you contract a payment service.
Interaction and navigation information: interaction and navigation via the web and apps, and IP address.
Data related to the services you contract: complete address information if services are provided at your address and information derived from the contracted service (e.g., saved search filters), among others.
For training activities offered by GPMédicos, the following personal data may be requested: Full name, employment status, qualifications, date of birth, mobile phone number, email, address (you can just enter the locality), nationality, place of birth (district), place of birth (municipality), identification document number, tax identification number, validity of the identification document, employer, and job title. This data is essential for issuing the certificate through the SIGO platform.
What are personal data used for?
GPMédicos processes personal data for the purpose of managing contacts with Users, especially to address their requests/questions/complaints/suggestions. This data is used to communicate with our users and clients, to present commercial proposals, send informative newsletters or promotions, and sell new services and products.
There is a series of data that we request as "mandatory," as they are necessary to provide you with the services you request. The list of services we offer includes:
- Registration as a Registered User on the Web and Apps. Note that this service implies the sending of any transactional communication related to its operation or the operation of any other contracted service (these transactional communications will be related to the management and resolution of possible technical incidents, notifications in case of modification of the contracting conditions, or for the management of any eventual complaint you may need to make about the contracting of services).
- Service to save and manage your searches as a User, whether or not you are registered.
- Web and App advertising service. Additionally, we will process your data to issue invoices for services rendered, if applicable.
- Scheduling of services requested by the client
- Purchase of products by clients
- Purchase of training services
How do we collect your personal data?
We automatically collect various types of aggregated, anonymous, and other information from devices (e.g., mobile phone, computer, laptop, tablet) used to access our Services (“Usage Data”). The Usage Data we collect may include unique device identification, browser type and version, operating system, date/time stamp, IP address, domain name, referring URLs, statistics on the number of website visitors, number of pages visited, clickstream and navigation data, as well as user response rates. We may also use technologies, vendors, or partners to assist us in logging browser events.
Personal Data may be collected:
• Through our website, by filling out forms
• Via email
• By telephone contact
• In person
Personal data transmitted through these means is treated with due confidentiality.
Regarding the preservation of personal data...
Personal data collected that is necessary to respond to your requests/questions/complaints/suggestions will be kept for the period strictly necessary for that purpose, and may always be kept, in the event of pending litigation, until the final judgment of the case.
Health-related data is collected only in a clinical context, in our healthcare facilities or in the context of providing occupational health and safety services to client companies. This data is kept in accordance with applicable legislation in a clinical file.
Certified training requires the retention of records of the training provided until the audit by the certifying entity. After the audit, GPMédicos proceeds to eliminate records older than five years.
Do we share your personal data?
GPMédicos may transmit Users' personal data to third parties when such data communications are necessary or appropriate (i) in light of applicable law, (ii) in compliance with legal obligations/court orders, (iii) as determined by the National Data Protection Commission or other competent supervisory authority, or (iv) to respond to requests from public or governmental authorities.
We may also use or disclose Personal Data if we believe, in good faith, that such use or disclosure is necessary: (a) to help identify any person attempting to invade or damage our websites or other property rights; (b) to investigate, prevent or mitigate illegal activities; (c) to comply with applicable law; (d) to respond to valid subpoenas and warrants served.
GPMédicos may also transmit and receive your data to/from subcontracted entities for the aforementioned purposes, under the terms of the contracts entered into with them. We share your Personal Data with third parties exclusively under the terms described in this Privacy Policy, as authorized by the user or permitted or required by applicable law. We may share your Personal Data with our suppliers, vendors, agents, contractors, or other companies or individuals who provide services to us or act on our behalf (“Service Providers”). We require our Service Providers to protect your Personal Data with the same or equivalent safeguards as this Privacy Policy. By using our Services and providing us with your Personal Data, you consent to the international transfer of your Personal Data. We do not sell, rent, or trade your Personal Data to third parties for their own business or marketing purposes unless explicit user consent is obtained.
Important: The website www.gpmedicos.com includes a platform for interaction between members through its online Forum and through Chat tools, among others. Members can choose and manage their interactions in their profile settings. They can also choose to have a completely private profile by selecting this option in their profile account after logging in or at the time of registration on the website. This option is available at any time on the website, in the member's profile, after logging in with their profile details. If the member does not choose a completely private profile, they may interact with other members or receive interactions from community members. GPMédicos is not involved in these interactions and is not responsible for them except within the scope of its legal obligations.
How do we protect and safeguard your personal data?
We have a number of security measures in place to protect your Personal Data from unauthorized access, disclosure, alteration, or destruction. While no online service can guarantee the absolute security of your Personal Data, we are committed to implementing strong physical, technical, and administrative safeguards. These procedures include the use of firewalls, secure connections on our websites, and often the use of Secured Socket Layers (SSLs) to encrypt pages that collect Personal Data. Personal Data is stored on servers with restricted access, and physical access to our servers requires individual authorization and authentication. Access to Personal Data is only permitted to authorized employees or collaborators, subject to our code of conduct.
How can I update my personal information?
Users can log in to the website www.gpmedicos.com and modify, update, or even delete their personal data.
Users have the right to access, rectify, and request the deletion of their Personal Data in accordance with applicable law. To the extent permitted by law, you also have the right to object to certain data processing practices or revoke previously granted consent; in this case, you must do so in writing to the contacts below, preferably by registered letter with acknowledgment of receipt. For the purpose of modifying, updating, or deleting your personal data or any other right, you should contact us via email at dpo@gpmedicos.pt. We will respond to your request for access to your Personal Data within 30 days. Please note that we may be obliged to retain this information and not delete it (or retain the information for a specific period of time, in which case we will comply with your deletion request after fulfilling these requirements).
User Rights:
Under applicable law, the User may, at any time, request access to their personal data, as well as its rectification, erasure or restriction of processing, data portability, or object to its processing – provided the legally established conditions are met – through (i) in-person contact at GPMédicos company units, (ii) by telephone to the Contact Center, (iii) by contacting the Data Protection Officer (hereinafter, “DPO”) of GPMédicos via email at dpo@gpmedicos.pt.
Access to health data must be made to the GPMédicos DPO by email at dpo@gpmedicos.pt describing the subject as "Data Protection". Under current law, you may request that access to your health data be carried out by a qualified physician. Therefore, if that is your wish, you should expressly state this in your request using the email address mentioned above. Your rights under applicable data protection law consist of:
Right of Access: the right to confirm whether or not your personal data is being processed by GPMédicos Health Units, as well as the right to access your personal data and certain information, including obtaining a copy of your personal data being processed. This right does not prejudice the rights and freedoms of third parties, namely the trade secrets and intellectual property rights of GPMédicos Health Units themselves;
Right to Rectification: the right to obtain from GPMédicos Health Units the rectification of inaccurate personal data concerning you, as well as the right to complete your data if it is incomplete;
Right to Erasure: the right to request the erasure of your data in certain cases, in particular, if your personal data is no longer necessary for the purpose that motivated its collection or processing. This right does not prejudice compliance with the legal obligations to retain personal data incumbent upon GPMédicos Health Units;
Right to Restriction of Processing: the right to request the restriction of the processing of your data in certain cases, namely, if the processing is unlawful and if you object to the erasure of the data, requesting instead the restriction of its use;
Right to Data Portability: the right to receive your personal data that you have provided to GPMédicos Health Units, in a structured, commonly used and machine-readable format, including the right to transmit this data to another controller;
Right to Object, which means that, in certain cases (e.g., when your personal data is processed for direct marketing purposes), you may object at any time, for reasons relating to your particular situation, to the processing of your data.
Under the law, you are also guaranteed the right to withdraw your consent for the processing of data that is not necessary for the management of access and use, through the aforementioned means, whenever the processing is based on consent. Under the law, you have the right to withdraw your consent at any time, which does not, however, invalidate the data processing carried out up to that date based on the consent previously given.
The above applies, mutatis mutandis, to the exercise of rights by the holder of parental responsibilities, on behalf of and for the account of data subjects who are under 16 years of age.
Cookies:
Cookies are small information files that are stored on your computer or mobile device through your browser. These files allow the Site to "remember" your actions and preferences for a certain period of time, namely your username, chosen language, font size, and other display settings. This is why, when you browse the pages of a website or application, or return to a website or application you have already visited, they do not, in principle, need to indicate your preferences again. The cookie identifies your browser on the server, enabling the storage of information on your device. This technology serves various purposes, such as helping to determine the usefulness, interest, and number of uses of our Site, allowing the user faster and more efficient navigation, eliminating the need to repeatedly enter the same information. Most browsers are set to accept cookies, although it is possible to configure the browser to refuse all cookies or to indicate when a cookie is being sent. When you browse the Site and the cookie is accepted, on a subsequent visit to the Site our internet server will recognize your computer or mobile device. Therefore, when you browse the pages of a website or application, or return to a website or application you have already visited and for which you have given consent to the use of cookies, you do not, in principle, need to re-enter your preferences or data that you have already provided. Like most websites, in order for them to function correctly, we occasionally install small files called cookies or connection tokens on your computer. GPMédicos uses cookies to distinguish you from other users when using the Site. These technologies help us provide a better experience whenever you browse the Site, allowing you to improve the Site itself. By changing the settings on your computer or mobile device, the user of the websites or applications can enable or disable the acceptance of cookies.
Security Measures:
GPMédicos employs the best means to protect Users' personal data against unauthorized access via the Internet. For this purpose, we use security systems, rules and other procedures to ensure the protection of personal data, as well as to prevent unauthorized access to data, its misuse, disclosure, loss or destruction.
Personal information must be collected, processed and used: a) On the basis of a contractual and confidential relationship with the individual or legal entity in question; b) With the written consent of the individuals involved; c) To the extent that is legally possible or required.
Data collection must be carried out for specific purposes and be limited to the information necessary for the type of activity in question, and may not include, except with the prior consent of the data subject, personal data relating to philosophical or political beliefs, party and trade union affiliation, religious faith, private life, racial or ethnic origin, health or sex life. The personal data collected must be accurate and updated as necessary, with appropriate measures being taken to ensure that inaccurate and incomplete data are deleted or corrected. Where possible and when considered advantageous, information should be anonymous, and pseudonyms may be used. In the event of the transfer of personal information and/or its storage media, special security measures must be taken.
The circulation of your health information is logically separated from your other personal data of an administrative nature, and is encrypted. The database servers are protected by passwords and firewalls. Frequent backups of the information contained in the database are performed and kept in a location accessible only to the system administrator or their team, whose members are bound by professional secrecy.
However, it is the Users' responsibility to ensure that the computer or mobile device used to access the non-sensitive personal data we obtain on our website or App is adequately protected against malicious software, computer viruses and worms. Additionally, Users should be aware that, without the adoption of adequate security measures (for example, secure configuration of the browser, updated antivirus software, firewall software and not using software of dubious origin), the risk of personal data and passwords being accessed by unauthorized third parties is increased.
What are the main rules for the use of personal data and its protection?
All employees are individually responsible for complying with applicable legal provisions relating to personal data. Management is also responsible for implementing structures and ensuring adequate resources for the proper functioning of the Data Protection Policy. Employees must ensure that data collection processes comply with the Data Protection Policy. Employees have an obligation to ensure data confidentiality as an integral part of their duties as stipulated in their employment contract. Failure to comply with these obligations may have disciplinary consequences, and all breaches of the Data Protection Policy must be reported to Management.
What are the employees' obligations?
The employee undertakes to report to Management, within a maximum of 24 hours, any personal data breach that comes to their attention, regardless of their responsibility, under penalty of disciplinary, civil and criminal liability.
The employee must also: a) Describe the nature of the personal data breach, including, if possible, the categories and approximate number of data subjects affected, as well as the categories and approximate number of personal data records involved; b) Communicate the name and contact details of the data protection officer or other contact point where further information can be obtained; c) Describe the likely consequences of the personal data breach; d) Describe the measures taken or proposed by the controller to remedy the personal data breach, including, if applicable, measures to mitigate its potential negative effects. You can find more information on this topic in the Code of Conduct on this website.
What are the management's responsibilities?
Management must ensure that personal data breaches are reported to the supervisory authority without undue delay and, whenever possible, within 72 hours of becoming aware of them. Management must ensure that personal data breaches are communicated to the data subject without undue delay when the breach is likely to result in a high risk to the rights and freedoms of natural persons. All employees of Gagliardini & Patrício Ltda (GPMédicos) must comply with the obligations arising from the contract and the regulations governing it, and respect the current code of conduct. Management is responsible for ensuring compliance with data protection regulations by providing information to all company employees in this area. Management will also be responsible for identifying risks and proposing opportunities for improvement related to the Data Protection Policy. You can find more information on this topic in the Code of Conduct on this website.