The main objective of current data protection legislation is to protect people against possible misuse of information about them by others. It is the SENILIFE Medical Institute's policy to ensure that all employees and service providers at the SENILIFE Medical Institute are aware of the requirements of data protection legislation in relation to their individual responsibilities.
The Law covers personal data, whether carried out on a computer or in certain manual files.
The SENILIFE Medical Institute is obliged to respect the data protection principles enshrined in law. These principles require that personal data must:
1. be treated fairly and legally;
2. be carried out only for specified purposes and not used or disclosed in any form incompatible with those purposes;
3. be adequate, relevant and not excessive;
4. be accurate and kept up to date;
5. not be kept longer than necessary for the specific purpose;
6. be processed in accordance with the rights of the data subject;
7. be kept safe;
8. not be transferred outside the European Economic Area unless the recipient country guarantees an adequate level of protection.
Definitions and guidance on these principles can be found here.
The law defines the rights relating to stored personal data. It provides individuals with the right to access data about themselves (subject to the rights of third parties). It also includes the right to seek compensation through the courts for damages suffered due to inaccuracy or the unauthorized destruction or improper disclosure of data. Information on how to make a request for access to personal data under the Law can be obtained from geral@senilife.pt
Under the law, data processing includes any activity related to the data involved. All employees or other persons who have access to or use personal data have a responsibility to exercise care in processing the data and to ensure that such information is not disclosed to any unauthorized person. Examples of data include lists of addresses and contact details, as well as individual files. Any processing of such information must be done in accordance with the principles described above. In order to comply with the first principle (fair and lawful treatment), at least one of the following conditions must exist:
• The individual has given their consent to the treatment;
• The processing is necessary for the performance of a contract with the individual;
• Processing is necessary for a legal obligation;
• The processing is necessary to protect the individual's vital interests;
• The processing is necessary to perform public functions;
• Processing is necessary to pursue the legitimate interests of the controller or a third party (unless it could harm the interests of the individual).
In the case of sensitive personal data, which includes information about racial or ethnic origins; political beliefs; religious or other beliefs; union membership; health; sex life; criminal allegations, prosecutions or convictions, there are additional restrictions and explicit consent will normally be required.
Regarding security, SENILIFE's data controller must take appropriate technical and organizational measures against unauthorized or illegal processing of personal data and against the accidental loss or destruction or damage of personal data. Employees and other persons must be aware that guidelines and regulations relating to the security of manual filing systems and the preservation of secure passwords for computer-based access to pertinent data must be strictly observed.
Employees should also note that personal data should not normally be provided to parties outside the SENILIFE Medical Institute. Special regime applicable to data exchange between SENILIFE and regulatory entities. For more information, please contact geral@senilife.pt.
Data restriction with regard to the transfer of material outside the European Economic Area, personal data about an individual placed on the world wide web is likely to contravene the provisions of the Act. It is important that all those who prepare web pages, mailing lists and the like, are aware of these provisions, and seek advice if in doubt.
Failure to comply with the provisions of the Law may make the SENILIFE Medical Institute, or in certain circumstances, the individuals involved, liable to prosecution, as well as giving rise to civil liability. Individuals are encouraged to familiarize themselves with the general data protection aspects contained in SENILIFE's guidance on the Law referred to above and with any specific measures recommended by SENILIFE or its department relevant to the particular nature of their work.
SENILIFE Medical Institute keeps its records updated during the certification period.
This guidance covers photos or videos (images) of people for purposes defined in the activity of the Senilife Medical Institute, namely within the scope of training and defibrillation programs.
Personal data
If the image can be used to identify an individual and tell you something about them it is likely to be personal data for the purposes of the Data Protection Act. People can obviously be identified from names, but they can also be identified from contextual information e.g. the caption says: ‘This photo shows the graduates of course A’.
The following examples will help you identify the issues you need to consider.
Photos of specific individuals/groups
When an image is clearly of an individual or group of individuals, who are the focus of the image, consent will be required to use it. Although the Data Protection Act does not specify that consent must be in written form it is strongly recommended that written consent be obtained so that you have a record in case of subsequent disputes.
Consent forms must clearly and completely explain how the image will be used and how long it will be retained e.g.
I give permission for the SENILIFE Medical Institute to use my photograph and written profile to be used in [Training] and other promotional materials for which I may be suitable. Images will be kept and used in advertising for up to X years.
Signed
print name
Meeting
Photos where individuals inadvertently appear in the background
It will not normally be necessary to obtain specific permission from anyone appearing incidentally in the background of publicity photos where they are clearly not the focus of the image.
Photos of large crowds/events
When an image does not focus on an individual or group of individuals, it is unlikely to be personal data. Furthermore, it may not be possible to obtain consent from each individual. However, it is good practice to ensure that there are clear signs around the venue indicating which publicity photos are being taken.
Web publishing
Publishing an image on the web is a potential release to the world at large. Particular care must therefore be taken to obtain appropriate consent where the image constitutes personal data. If in doubt you should err on the side of caution and not publish the image.
VIPs
It may not be appropriate to ask VIPs to complete consent forms, in which case obtaining verbal consent should be sufficient.
Children
Although the Data Protection Act does not specify an age limit, where images of children are to be taken it is important to obtain written consent from the child's parents/guardian.
EMAIL MANAGEMENT GUIDANCE
The ease of creating and distributing email, coupled with the sheer volume of messages that are expected, to handle this volume can inevitably lead to problems. Messages containing sensitive material can be sent to the wrong person, while confidential information is often inadvertently found in the middle of a long chain of forwarded messages. Both could result in breaches of the Data Protection Act. Below are some key points to consider when using email.
Before drafting a new email, take a few moments to consider whether email is the most appropriate means of communication in this case (for example, might a brief phone call be preferable?). Remember that emails are potentially disclosable documents.
Think carefully before selecting 'Reply all' or when sending messages to large groups of users.
Be very careful how you express yourself, especially if you feel pressured about the topic, avoid subjective comments or jokes that can be easily misinterpreted. Remember the message will be read by someone else (and potentially the person you are referring to) who may not appreciate your ‘personality’ or opinions.
Remember that sending an email from your SENILIFE Medical Institute account is similar to sending a letter on the SENILIFE Medical Institute's letterhead, so do not say anything that could discredit or embarrass the SENILIFE Medical Institute.
Email is inherently insecure. Consider the security of email messages in a similar way to a message on a card meaning anyone along the distribution chain could begin to see what you said, and it could even end up in someone else's hands.
Consider the sensitivity of the message you want to send. You can protect confidential information by placing it in an encrypted attachment.
Make sure the ‘subject’ field of your message is meaningful, clear and unambiguous. When you use the 'reply' option, check that the subject field (usually filled in for you in these circumstances) still accurately reflects the content of your message.
Try restricting yourself to one topic per message, sending multiple messages if you have multiple topics, rather than using one message to cover a wide range of topics. This makes it easier to extract relevant information upon requests from the regulator or data controller.
Think carefully about whether you need to reproduce a message in full when responding to this. Whenever possible, be selective in the parts you include in your answer.
Be careful when forwarding other people's email messages. Consider whether they would be expecting your email(s) to be disseminated more widely, whether it is appropriate to do so and if in doubt, check with them first.
Do not resend attachments with a response unless necessary.
Provide an “out of office” message when you are away, with details on whether urgent messages should be sent.
Any form of information request carried out by the SENILIFE Medical Institute, be it an Information Request or an Access Request subject to under the Data Protection Act may well cover emails received/sent by employees across the company . It is for this reason that emails must be managed in line with all other information to which they relate and, if necessary, maintained as part of the permanent record of the SENILIFE Medical Institute, and not just stored locally on individual PCs or laptops.
In order to fulfill its contractual obligations and legal responsibilities, the SENILIFE Medical Institute needs to process personal data relating to its employees, including ‘sensitive’ personal data, which includes information relating to health, racial or ethnic origin, and criminal convictions. All such data will be processed in accordance with the provisions of the Law and the SENILIFE Medical Institute Policy on Data Protection. For the purposes of the law, the term ‘processing’ includes the initial collection of personal data, the exploitation and use of this data, as well as access and disclosure, until final destruction. In certain circumstances, the provisions of the Law allow the SENILIFE Medical Institute to process an employee's personal data, and, in certain circumstances, sensitive personal data, without their explicit consent. More information about which data is recorded and the purposes for which it is processed is presented below.
Contractual responsibilities
The contractual responsibilities of the SENILIFE Medical Institute include those arising from the employment contract. Data processed to meet contractual responsibilities includes, but is not limited to, data relating to: payroll; bank account; postal address; sickness benefit; maternity; remuneration and emergency contacts.
Statutory responsibilities
Statutory responsibilities of the SENILIFE Medical Institute are those imposed on the SENILIFE Medical Institute by legislation. Data processed to meet statutory responsibilities includes, but is not limited to, data relating to: tax; national insurance; Statutory sick pay; statutory maternity pay; Family leave; work permits.
Management responsibilities
management responsibilities of the SENILIFE Medical Institute are those necessary for the organizational functioning of the SENILIFE Medical Institute. Data processed to fulfill management responsibilities includes, but is not limited to, data relating to: recruitment and employment; training and development; teaching; search; absence; disciplinary issues; health and safety; security, including CCTV; email address and telephone number; magnetic cards; and criminal convictions.
Sensitive personal data
The law defines ‘sensitive personal data’ as information about racial or ethnic origin; political opinions; religious or other similar beliefs; union membership; physical or mental health; sex life; criminal proceedings or convictions. In certain limited circumstances, the law allows the SENILIFE Medical Institute to collect and process sensitive personal data, without requiring the employee's explicit consent.
(A) The SENILIFE Medical Institute will process data about an employee's health where it is necessary, for example, to record absence from work due to illness, for payments, to make appropriate referrals to the Occupational Health Service, and make any workplace arrangements or adjustments in the case of disability. This processing will not normally take place without the employee's knowledge and consent.
(B) Except in exceptional circumstances, the SENILIFE Medical Institute will process data about an employee's racial and ethnic origin, their sexual orientation or their religious beliefs only when they have volunteered such data and only for the purposes of monitoring and supporting policies of equal opportunities of the SENILIFE Medical Institute and related provisions.
(C) Data on an employee's criminal convictions will be held as necessary.
Disclosure of personal data to other bodies
In order to fulfill its contractual and management responsibilities, the SENILIFE Medical Institute may, from time to time, need to share an employee's personal data with one or more entities. In such cases, entities will be obliged to process the data in accordance with the provisions of the Law.
For the execution of the employment contract, the SENILIFE Medical Institute is obliged to transfer personal data of an employee to third parties, for example, to external accounting service providers.
In order to fulfill its statutory responsibilities, the SENILIFE Medical Institute is obliged to provide some of an employee's personal data to government departments or agencies for example, providing salary and tax data to the state.
The SENILIFE Medical Institute will display the employee's email address and telephone number in the contact list for customers and service providers, which is accessible to Internet users, including those in countries outside the European Economic Area (EEA). Employees should be aware that many countries outside the EEA do not have data protection legislation, or have different data protection or privacy regimes, and so may not always protect your personal data to the same standard as in the EEA. Requests to have an email address and/or telephone number omitted from the list must be addressed to the Data Officer and must be approved by your Head of Department.
Keep personal data up to date
The law requires the SENILIFE Medical Institute to take reasonable steps to ensure that any personal data it processes is accurate and up to date. It is the responsibility of the individual employee to inform the SENILIFE Medical Institute of any changes to the personal data they have provided during employment.
Asking for information
Under the law, it is possible for individuals to request access to any of their personal data held by the SENILIFE Medical Institute, subject to certain restrictions. A request to disclose such information is called an access request. These requests must be addressed to the data manager at the SENILIFE Medical Institute or via email geral@senilife.pt.
About this policy
This policy explains what types of personal information will be collected when you visit the SENILIFE Medical Institute website, and how this information will be used. Please note that this policy applies to main web pages of the SENILIFE Medical Institute (i.e. those starting with www.senilife.pt).
All partners and service providers of the SENILIFE Medical Institute run and maintain their own websites. These sites may have their own privacy policy or provide additional information related to their activities, which will replace or supplement this Privacy Policy. For more information about the web presence structure of the SENILIFE Medical Institute, please contact us via email geral@senilife.pt.
If you follow a link to any other website, please check their policies before submitting any personal information to those websites.
The information collected
In some parts of the website, you may be asked to provide certain limited personal information in order to enable us to provide certain services (requests for information, etc.). The SENILIFE Medical Institute may store this information manually or electronically. By providing this information you agree that the SENILIFE Medical Institute will use the information for the purposes for which it was provided. The information provided will be kept for as long as necessary to fulfill this purpose.
In some parts of the website, you may be asked to provide certain limited personal information in order to enable us to provide certain services (requests for information, etc.). The SENILIFE Medical Institute may store this information manually or electronically. By providing this information you agree that the SENILIFE Medical Institute will use the information for the purposes for which it was provided. The information provided will be kept for as long as necessary to fulfill this purpose.
How the information collected is used
Personal information provided to the SENILIFE Medical Institute will only be used for the purposes indicated when the information is requested. Personal information will not be sold to third parties, or provided to direct marketing companies or other organizations without your permission. The personal information collected and/or processed by the SENILIFE Medical Institute is carried out in accordance with the provisions of the Data Protection Law.
Demographic and statistical information about user behavior may be collected and used to analyze the popularity and effectiveness of the SENILIFE Medical Institute website. Any disclosure of this information will be in aggregate form and will not identify individual users.
How we store the information collected
The information you provide will normally be stored on our secure servers. However, we work with third parties, some of which operate certain features of the Site. Therefore, the information we collect may be collected or transferred to a destination outside the European Economic Area (“EEA”). This information may be processed by employees operating outside the EEA who work for us or one of our partners or service providers. By submitting personal information, you agree to this transfer, storage and processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.
We may disclose your personal information to third parties if we are required to disclose or share such information in order to comply with any legal obligation or to protect the rights, property or safety of SENILIFE Medical Institute, its members or others.
How we use “cookies”
Most of our web pages use “cookies”. A cookie is a small file of letters and numbers that we place on your computer or mobile device, if you agree. These cookies allow us to distinguish you from other users of our website, which helps us to provide you with a good experience when browsing our website and also allows us to improve our website.
For more detailed information about the cookies we use on the main web pages of the SENILIFE Medical Institute (i.e. those at www.institutomedicosenilife.pt) and the purposes for which we use them, please contact us via email geral@ senilife.pt. Please refer to the individual web pages for more information about the use of cookies on other web pages in the domain.
Access to information
The Data Protection Act gives the right to access information held about individual people. For more information about this right and how to exercise it, contact us via email geral@senilife.pt
Changes to our Privacy Policy
Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email.
Contact
Any questions about privacy on this website should be sent by email to geral@senilife.pt or forwarded to Senilife's data manager.
Cookie declaration
This statement explains how we use cookies on the Instituto Médico SENILIFE web pages (those at www.institutomedicosenilife.pt).
For more information about the web presence structure of the SENILIFE Medical Institute, contact us via email geral@senilife.pt. For information about what types of personal information will be collected when you visit the website, and how that information will be used, please see our security policy.
How we use cookies
Most of our web pages use “cookies”. A cookie is a small file of letters and numbers that we place on your computer or mobile device, if you agree. These cookies allow us to distinguish you from other users of our website, which helps us to provide you with a good experience when browsing our website and also allows us to improve our website.
Types of cookies we use
We use the following types of cookies:
· Strictly necessary cookies – these are essential to allow you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies, the services you requested, such as forms and others, cannot be provided;
· performance cookies – these cookies collect information about how visitors use a website, for example, which pages visitors go to most often, and whether they receive error messages from web pages. These cookies do not collect information that identifies a visitor. All information that these cookies collect is aggregated and therefore anonymous. It is only used to improve the way the website works; and
· Functionality cookies – these cookies allow the website to remember the choices you make and provide optimized, more personal features. For example, these cookies may be used to remember changes you make to text size, fonts, and other parts of web pages that you can customize. They may also be used to provide services you have requested, such as watching a video or commenting on a blog. The information collected by these cookies may be anonymous and cannot track your browsing activity on other websites.
Specific cookies we use
Cookies can be set either by the SENILIFE Medical Institute website (“first-party cookies”), or by a third-party website (“third-party cookies”). The tables below identify the cookies we use and explain the purposes for which they are used.
However, we continue to collect information about third-party cookies and the tables below are based on work to date. Therefore, we may update the information contained in this section over time.
Cookies First Part
Cookie | Name | purpose | Other information |
|
| These cookies are used to maintain session state (i.e. remember whether you are logged in or not). | |
Google Analytics | _utma _utmb _utmc _utmz | These cookies are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve the site. Cookies collect information anonymously, including the number of visitors to the website, where visitors came to the website from and the pages visited. |
Third-party cookies
Provider | Name | purpose | Other information |
Google Maps | NID PREF khcookie | These cookies are used by Google to track how many people are using its maps. |
Other information
For SENILIFE Medical Institute web managers:
Most browsers allow some control of most cookies through the browser settings.
To opt out of being tracked by Google Analytics across all website visits http://tools.google.com/dlpage/gaoptout
Changes to our Cookie Statement
Any changes we may make to our Cookie Statement in the future will be published on this page and, where appropriate, notified.
Any concerns about data protection issues should be sent by email to geral@senilife.pt, in case of particular urgency you should directly approach the person responsible for data protection at SENILIFE.