PRIVACY AND PERSONAL DATA PROTECTION POLICY

Safira Cabete – Fisiatria Lda, NIPC 510557511, registered office: Rua Álvaro Miranda, Nº 15, 4710-442 Braga, Portugal, is the entity responsible for the processing of your personal data.

Under the GDPR, personal data is any information relating to an identified or identifiable natural person (“data subject”). A person is considered identifiable when they can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, electronic identifiers (IP address, cookies), or one or more elements specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.

The following categories of data may be collected:

• Identification data: name, gender, date of birth, tax identification number, social security number, national health service user number, ID card number and expiry date, or image.

• Contact data: telephone number, email address, physical address (locality, postal code, country, district, municipality, parish).

• Private life data: profession and professional situation, family doctor, spouse’s name, father’s name, mother’s name (for minors), information related to health insurance or healthcare subsystems.

• Emergency and authorised third-party data: individuals authorized to make decisions on your behalf or to be contacted in case of emergency.

• Health data: medical information regarding health conditions, diagnosis, treatments received or to be received.

• Payment data: information related to billing and payment processing.

Your data may be collected when:

• You contact us directly;

• You establish a contractual relationship with us within the scope of healthcare service provision;

• You post comments or images on our social media pages; or

• You send us personal information by any means.

The collection of personal data is carried out for the purposes of executing contracts entered into with clients for the provision of healthcare services, including prevention or preparation of diagnoses and/or the provision of medical treatments; managing administrative services, namely the scheduling or rescheduling of appointments and treatments; invoicing, accounting, and auditing; marketing communications and other commercial communications; quality control; statistical studies; gaining a better understanding of client preferences; as well as for contact purposes.

The legal bases for the collection of your personal data include the law, pre-contractual and contractual relationships, payment management, customer support, compliance with legal obligations, the data subject’s consent, and legitimate interests.

We may also process your data, based on your consent, for the performance of teleconsultations, for the publication of photographs or videos for the purpose of internal and external communication of our activity, including on social media, as well as for marketing purposes or the sending of newsletters.

Personal data relating to your health will only be processed by professionals bound by confidentiality and only to the extent necessary.

We process and retain your personal data only for the period strictly necessary to fulfil the intended purposes, respond to your needs, meet your requests, or comply with legal obligations. Retention periods vary depending on the category of data and applicable legal requirements.

Some data may be retained for longer periods when strictly necessary to exercise or defend legal claims.

When processing is based on your consent, the data will be retained until the consent is withdrawn

We may engage other companies for the provision of certain services, and we may also transmit information and personal data of the data subjects to third-party entities, such as accounting and IT companies, competent authorities, legal service providers, consultants, and others. We hereby guarantee that, in such situations, these third parties will have limited access to the data subjects’ information, restricted solely to what is necessary for the performance of the contracted tasks, and that they are bound by the same confidentiality obligations. Likewise, we may disclose your personal data when required by law, within the scope of judicial proceedings, or during investigations of suspicious activities.

We have developed appropriate technical and organisational mechanisms and measures to maintain the confidentiality and security of your personal information, taking into account that the information collected includes sensitive data under the GDPR, and to ensure a level of security appropriate to the risk, protecting personal data against destruction, loss, alteration, unauthorised disclosure, or accidental or unlawful access. To this end, we implement several measures, such as restricted access to clinical records (whether in physical or digital form), the use of strong passwords, and keeping antivirus software up to date.

In accordance with the GDPR, Data Subjects may exercise, at any time, the right to be informed, as well as the rights of access, rectification, erasure, and transfer of their personal data, as well as the right to restrict or object to their processing, including the right to withdraw consent. To exercise these rights, you should contact us at: cabetesafira@gmail.com.

​

Understand your rights:

​

• Right to information: you have the right to obtain clear, transparent and understandable information about how we use your personal data.

• Right of access: you may access your personal data that we process and store. In such cases, we will provide you with information regarding the personal data undergoing processing. Please note, however, that the right of access is not unlimited and must be reconciled with data protection law (which may justify refusal, for example, when access may prejudice the rights and freedoms of third parties) and with healthcare legislation (for example, in situations where it is unequivocally demonstrated that access to information may be harmful to the patient — therapeutic privilege). Access may also be provided through a physician if you so request.

• Right to rectification: you have the right to have your personal data rectified without undue delay, provided that the data were supplied by you, whenever such data are incorrect, outdated, or incomplete.

• Right to erasure / right to be forgotten: you may request the deletion of your personal data. However, please note that this is not an absolute right, as there may be legal grounds for retaining your data, such as legally required retention periods or legitimate interests.

• Right to object: you may object to the processing of your personal data for reasons related to your particular situation. This may occur in respect of processing for scientific, statistical or historical research purposes, unless such processing is necessary for reasons of public interest.

• Right to withdraw consent at any time: you may withdraw your consent to the processing of your data when such processing is based on consent. Please note that the withdrawal of consent does not affect the lawfulness of processing based on consent previously given.

• Right to data portability: you have the right to receive your personal data, which you have provided to a data controller, in a structured, commonly used and machine-readable format, and the right to transmit those data to another controller.

• Right to restriction of processing: you have the right to request the restriction of processing of your data if you contest its accuracy, if the processing is unlawful and you do not wish your data to be erased, but only restricted, if the data is no longer necessary for the purposes of processing, or if you have exercised the right to object as described above.

These rights, like any others, must be exercised reasonably and in good faith by the data subject.

• By using our services, you agree to our Privacy and Data Protection Policy.

• The Data Subject guarantees that the personal data communicated to us are true and accurate and undertakes to notify us of any changes or modifications to such data, assuming exclusive responsibility for any losses or damages resulting from the erroneous, inaccurate, or incomplete communication of their information.

• We remind you that when providing personal information online, there is a risk that third parties may intercept and misuse such information. For your privacy, we strongly recommend that you do not include sensitive or confidential personal data through our website or in the emails you send us. Should you choose to do so, any resulting data breach or damage will be your sole responsibility.

• We also inform you that it is the responsibility of users of our social media pages to ensure that the devices and equipment used to access them are adequately protected against harmful software, computer viruses, and worms. Therefore, we suggest that you keep your browser, operating system, and antivirus software updated.

• If you wish to contact us to obtain information about your rights or raise any questions regarding how we use your information, you should contact us at cabetesafira@gmail.com
  . However, if you remain dissatisfied, you may contact the Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados), whose contact details can be found at www.cnpd.pt

We may implement changes or updates to this Privacy and Personal Data Protection Policy at any time, and therefore we encourage you to review this document regularly.

​

Date: 10/12/2025

​

Management Signature: