Version of February 27, 2019
1. MeritPosition Engagement
The protection of privacy and personal data is an essential commitment MeritPosition makes with the users (“Users”) of its services, as well as with the evaluated professionals (“Professionals”).
2. Data Processing Controller and Data privacy Processor
The controller responsible for collecting and processing your personal data will be MeritPosition that provides you with the support for the management and healthcare service provision, and therefore decides which data to collect, processing means to be used and the purposes of such data.
3. Personal data, data subject and types of personal data
What are personal data?
Personal Data are any piece of information, of any type and on any support, related to an identified or identifiable natural person. The person is considered to be identifiable if he/she can be directly or indirectly identified, for example, by name, ID number, location data, an electronic identifier or other means that may allow the identification of such natural person.
Who are the data subjects?
The users, the natural persons to whom data are concerned, that use the WEB GERICAREPRO application, particularly but not limited to, the residents in residential structures for elderly people, in long-term care or palliative care units, or the users under home care.
On the other hand, the Professionals of residential structures for the elderly, long-term care or palliative units, as well as entities providing home care support, may also have their data processed under the scope of assessement of the healthcare services provided and products used.
Accordingly, MeritPosition informs that it equally protects personal data and respects the rights of both the residents/users and Professionals.
What kind of data do we process?
|Identification and contacts||Full name, place and date of birth, marital status, phone number, email|
|Other ID data||Number of national ID card and expiry date, Social Security and National Health System; name and email of contact relative|
|Profile||Job, Education, Socioeconomic Assessment|
|Health||Medical and surgical history, general functioning, reason for institutionalization, advance decision (living will), medication on admission, regular medication, treatments, allergies, habits, photos of wounds|
|Other health data||Family Physician|
4. Grounds, Purposes and Duration of Personal Data Processing
On what grounds can MeritPosition process your personal data?
Consent: when it previously receives your consent in writing and if such consent is given in a free, informed, specific and clear way. An example: your consent for your health data to be processed; or
Contract fulfilment and pre-contractual measures: when personal data processing is necessary to sign, fulfill and manage a contract signed with MeritPosition, for example, for the provision of services; or
Compliance with legal obligations: when personal data processing is necessary to comply with a legal obligation to which MeritPosition is bound; or
Legitimate interest: when personal data processing corresponds to a legitimate interest of MeritPosition or third parties, for example, to improve the quality of the service provided.
For what purposes and how long does MeritPosition process your personal data?
Your personal data are processed by MeritPosition only during the time period needed to ensure the functioning of the WEB GERICAREPRO application. By the end of its keeping period, MeritPosition will eliminate or anonymise data whenever they are not to be kept for a different purpose.
What are the terms to process and keep personal data?
MeritPosition will process and keep your personal data for as long as you maintain a contractual relationship with the residential structures for the elderly, the units of long-term healthcare or of palliative care, as well as with the entities providing home care.
5. Means and moment of personal data collection
When and how do we collect your personal data?
We collect personal data when you buy the WEBGERICAREPRO application.
6. Rights of the data subject
What are you rights?
According to the General Data Protection Regulation (“GDPR”) and the applicable national law, you have a series of rights related to your personal data:
Right of access – the right to confirm which of your personal data are being processed and to get information about them, for example, to what purposes are they processed, storing period, among others.
Right to rectification – the right to ask for a rectification of your personal data that may be inaccurate or to complete data that are incomplete.
Right to erasure or “right to be forgotten” – the right to have your personal data erased, as long as there are no grounds for its keeping, for example, in cases where MeritPosition has to keep data to comply with a legal obligation or because it has any ongoing legal proceedings.
Right to portability – the right to receive the data you provided us by means of current digital format and machine readable format, or to request the direct transmission of your personal data to another entity that has become the new controller of your personal data, when technically feasible.
Right to Withdraw Consent – the right to withdraw your consent, at any moment, for personal data processing.
Right of Object – the right to object processing on grounds of legitimate interest, as long as there are no compelling or legitimate reasons overriding your interests, rights and freedoms, or to defend a right in legal proceedings.
Right of Restriction – the right to request the limitation of personal data processing, in the form of: (i) suspension of processing or (ii) limiting the processing scope to some data categories or processing purposes; whenever you exercise the right to rectification or object about the personal data in question under the scope of an unlawful processing; or when personal data are no longer needed for any purpose other than the declaration, exercise or defense of a right in legal proceedings.
Right to Complain – the right to lodge a complaint with the supervisory authority, the Portuguese CNPD, in case you consider MeritPosition has not complied with GDPR or the national law applicable in what concerns your personal data.
How can you exercise your rights?
Exercising your rights is free of charge, unless it is a clearly unfounded or excessive request, in which case a reasonable fee may be applied based on administrative costs.
The information shall be provided in written form, but if so required, it can be provided orally. In this case, MeritPosition will verify your identity by means other than orally.
The answers to requests shall be provided within a maximum delay of 30 days, unless it is a particularly complex request.
Use the following address to exercise your rights: firstname.lastname@example.org.
7. Transmission of Personal Data
In which circumstances is there a transmission of your personal data to other entities, subcontractors or third parties?
Your personal data may be transmitted to subcontrators so they can process them in the name and on behalf of residential structures for the elderly, long-term care or palliative units, as well as of entities providing home care support, with their authorization. In this case, MeritPosition will take the necessary technical and organizational measures to ensure that subcontractors respect and protect the personal data of residents/users and Professionals.