1. Data Protection and Privacy Commitment

Cuidamos em Casa recognizes and safeguards the fundamental rights of personal data protection and privacy, committing to comply with the General Data Protection Regulation (GDPR) and other applicable legislation, jurisprudence, guidelines, and recommendations for personal data protection, privacy, and information security. To fulfill its legal obligations, Cuidamos em Casa has implemented a Personal Data Protection System and an Information Security System, ensuring regulatory compliance and demonstrating institutional responsibility in data protection and information security matters. Additionally, it has appointed a Data Protection Officer and is committed to the training and education of all employees who handle personal data. Cuidamos em Casa is effectively committed to complying with the fundamental principles of data protection and privacy, namely lawfulness, fairness, transparency, data minimization, purpose and storage limitation, accuracy, integrity, and confidentiality.

2. Definitions

Personal data: any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Personal Data Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Cookies: referred to as “Testemunhos de Conexão” in Portuguese, are small text files containing information considered relevant that devices used to access the Internet (computers, mobile phones, or portable mobile devices) load, through the Internet browser (“browser”), when a website is visited by the User.

3. Who is the Data Controller?

B. Braun – Cuidamos em Casa, abbreviated as Cuidamos em Casa, with Tax ID number 514920980, is the entity responsible for processing your personal data and may, in the course of its activity, use entities subcontracted by it for specific purposes.

4. How can you contact the Data Controller?

The Data Controller can be contacted through the following means:

• Postal Address: Rua General Humberto Delgado, Nº 20 B, Lj A, 2860-467 Moita;
• General Email: cuidamosemcasa.pt@bbraun.com;
• General Phone: + 351 211 953 351;
• Website: www.cuidamosemcasa.pt

5. How can you contact the Data Protection Officer?

For any information, complaints, incident reporting or exercise of data protection and privacy rights, or for any matter related to data protection and information security, Users, Service Recipients, and Patients interacting with Cuidamos em Casa can:

• Directly contact the Data Protection Officer via email at protecaodedados_avitum.pt@bbraun.com, describing the subject of the request and providing an email address, a telephone contact number, or a correspondence address for response; or
• Contact any Cuidamos em Casa unit or service point, requesting communication with the Data Protection Officer.

6. How are your Personal Data collected?

Personal data are collected through Cuidamos em Casa channels, namely through forms, websites, computerized systems, and applications.

7. What are the purposes and legal bases for collecting and processing your Personal Data?

According to data protection principles, Cuidamos em Casa can only process your personal data for specific purposes and if it has a legal basis to do so. Cuidamos em Casa uses your data for the following purposes and based on the following grounds:

• Based on the execution of a contract to which the data subject is a party, we process your data for the following purposes:
  • (i) provision of services to Users, namely in consultations;
  • (ii) management of the contractual and post-contractual relationship with Users, Service Recipients, and Patients, including the management of personal information of Service Recipients considered necessary for communication management purposes.

• Based on pre-contractual measures, we process your data for the following purposes:
  • (i) management of the pre-contractual relationship of Users, Service Recipients, and Patients;
  • (ii) response to budget requests;
  • (iii) in the context of application processes, for recruitment.

• To comply with legal obligations, we process your data for the purposes of:

  • (i) complaint management;

  • (ii) compliance with other legal and regulatory obligations, namely tax and accounting.

• Based on the legitimate interest of Cuidamos em Casa in wanting to provide you with an increasingly better service, we process your data for the purposes of:

  • (i) information dissemination or promotional actions;

  • (ii) communication actions, namely to promote the dissemination of new features or new services

  • (iii) statistical purposes.

In particular, the website provides a reserved area that contains specific privacy information for users who are authorized to access the referred area.

8. How do we process your Personal Data?

Cuidamos em Casa processes personal data manually or in an automated and computerized manner, including file processing and possible profile definition, within the scope of managing the pre-contractual, contractual, or post-contractual relationship with Users, Service Recipients, or Patients.

9. What Personal Data is collected and processed?

Cuidamos em Casa processes personal data of Users, Service Recipients, Patients, and possibly members of their respective households, as well as data of visitors to its facilities.

Cuidamos em Casa, within the scope of its activities, collects and processes the following personal data:

• identification data;
• contact data;
• professional data;
• billing data;
• traffic data and access control.

The following data may also be processed:

• biometric data, namely through video surveillance systems or other biometric systems that are installed;
• data relating to health or genetic data, in the case of health service provision activities.

10. For how long is your Personal Data kept?

Personal data will only be kept for the period necessary for the purposes that motivated its collection, without prejudice to compliance with applicable rules on archiving for tax and accounting purposes.

11. With whom do we share your Personal Data?

The provision of services by Cuidamos em Casa to its Users, Service Recipients, or Patients may involve the use of services from subcontracted third-party entities, Joint Controllers, or other Data Controllers, including entities based outside the European Union, and data sharing may occur in these situations. In these circumstances and whenever necessary, Cuidamos em Casa will only use entities that present sufficient guarantees of implementation of appropriate technical and organizational measures in a way that the processing meets the requirements of applicable standards, with such guarantees being formalized in a contract signed between Cuidamos em Casa and each of these third parties. There may also be communication of data to comply with legal obligations, execute contracts, or pursue legitimate interests. Any transfer of personal data to a third country or an international organization will only be carried out within the framework of compliance with legal obligations or guaranteed compliance with applicable Community and national legal standards in this matter.

12. What security measures do we apply?

Cuidamos em Casa applies appropriate technical and organizational measures to ensure a level of security appropriate to the risk, counting on the collaboration of all Users, Service Recipients, and Clients for the safe use of all channels, recommending that they keep access codes secret, not sharing them with third parties. Additionally, in the particular case of computer applications used to access channels, they should maintain and keep access devices in secure conditions and follow the security practices recommended by manufacturers and/or operators, especially regarding the installation and updating of necessary security applications, including, among others, antivirus applications.

Cuidamos em Casa, on the other hand, works to ensure that all subcontracted entities assume the obligation to adopt security measures at the organizational and technical level necessary to protect the confidentiality of personal data, as well as to prevent unauthorized access, loss, or destruction of personal data.

13. Internal Norms and Organizational Instructions on Data Protection

Cuidamos em Casa regulates the execution of data processing activities by its employees through internal norms and organizational instructions, following the terms of the Organizational “Guidelines”, more specifically Guideline 228, applicable in B. Braun Group companies headquartered in the European Union (EU), including the European Economic Area (EEA) or when a Regulator of a B. Braun company located outside the EU/EEA processes personal data of EU citizens.

14. How Can Data Subjects Exercise Their Rights?

Users, Service Recipients, or Clients of Cuidamos em Casa can, as personal data subjects, at any time, request the exercise of their data protection and privacy rights, namely withdrawing consent, requesting access, rectification, erasure, portability, restriction, or objection to processing, which requests will be analyzed and responded to in accordance with the law.

Any request to exercise data protection and privacy rights must be addressed in writing by the respective data subject to the Data Protection Officer, using the “Form for Exercising the Rights of Personal Data Subjects”, which is accessible at any Cuidamos em Casa service point, and can also be requested to be sent by email, through a request to the Data Protection Officer at the email address protecaodedados_avitum.pt@bbraun.com.

15. How Can I Complain or Send Suggestions?

Users, Service Recipients, or Clients have the right to submit complaints, either by registering the complaint in the Complaints Book or by submitting a complaint to the National Data Protection Commission through the contacts available at www.cnpd.pt.

Users, Service Recipients, or Clients can also send suggestions via email to the Data Protection Officer at the email address protecaodedados_avitum.pt@bbraun.com.

16. How Can Personal Data Breach Incidents Be Reported?

Cuidamos em Casa has implemented an incident management system in the scope of data protection and information security. If any User, Service Recipient, or Client wishes to report the occurrence of any situation of personal data breach that accidentally or unlawfully causes destruction, loss, alteration, disclosure, or unauthorized access to personal data transmitted, stored, or otherwise processed, they can contact the Data Protection Officer of Cuidamos em Casa or use Cuidamos em Casa’s general contacts. For this purpose, you can use the “Personal Data Breach Incident Reporting Form”, which is accessible at any Cuidamos em Casa service point, and can also be requested to be sent by email, through a request to the Data Protection Officer at the email address protecaodedados_avitum.pt@bbraun.com.

Cuidamos em Casa has also implemented a Permanent Contact Point for managing information security and cybersecurity incidents. If any User, Service Recipient, or Patient wishes to report an information security incident or a cybersecurity incident, they can contact the Permanent Contact Point of Cuidamos em Casa through the email address: jose.carvalheiro@bbraun.com. The “Information Security or Cybersecurity Incident Reporting Form” is available, which can be accessed at any Cuidamos em Casa service point, and its delivery by email can also be requested through the Permanent Contact Point.

For this purpose, various security measures are adopted to protect personal data against dissemination, loss, misuse, alteration, unauthorized processing or access, as well as against any other form of unlawful processing.

Users, Service Recipients, or Patients are solely responsible for keeping access codes secret, not sharing them with third parties, and, in the particular case of computer applications used to access the channels, they must maintain and keep access devices in secure conditions and follow the security practices recommended by manufacturers and/or operators, particularly regarding the installation and updating of necessary security applications, including, among others, antivirus applications.

If there is a need to subcontract services to third parties that may have access to the personal data of Users, Service Recipients, or Patients, Cuidamos em Casa’s subcontractors will be obliged to adopt organizational security measures and protocols and the necessary technical measures to protect the confidentiality and security of personal data, as well as to prevent unauthorized access, loss, or destruction of personal data.

17. Cookies Policy

Regarding the use of Cookies by Cuidamos em Casa, please consult our Cookies Policy – Cuidamos em Casa.

18. Changes to This Policy

Cuidamos em Casa reserves the right to make adjustments or changes to this Policy at any time, and these changes will be duly publicized.

19. Versions of This Policy

Version of This Policy: Version 2

Date: 22-07-2024

To consult previous versions of this Policy, please send a request by email to protecaodedados_avitum.pt@bbraun.com.