Privacy policy

Privacy Policy

Health Connection

Privacy Policy

The protection of the personal data of our patients and visitors is a priority for Health Connection. This policy explains how we collect, use, protect and retain personal data in the context of providing healthcare services and the use of our services.

The processing of personal data is carried out in accordance with the General Data Protection Regulation (GDPR) and other applicable legislation in Portugal.

If you do not agree with the terms of this policy, we recommend that you do not provide your personal data.

1. Data Controller

The Data Controller responsible for the processing of personal data is:

Health Connection
Av. José Gomes Ferreira, Ed. Atlas I
Miraflores, Portugal

Telephone: +351 214 101 429
Email: geral@saudecoluna.com

For matters related to data protection you may contact:

Email: dpo@saudecoluna.com

2. Personal Data Collected

Health Connection may collect and process the following personal data:

Identification Data

  • Full name

  • Date of birth

  • Tax identification number (NIF)

  • Address

Contact Information

  • Telephone number

  • Mobile phone number

  • Email address

Professional Information

  • Profession

  • Employer

Other Information

  • Marital status

  • Number of children

  • Clinical photographs when applicable

3. Health Data (Sensitive Data)

In the context of providing healthcare services, clinical data classified as sensitive data may be collected, including:

  • Reason for consultation

  • Symptom history

  • Records of pain or physical limitations

  • Health-related habits and behaviors

  • Known medical diagnoses

  • Clinical assessment and treatment progress records

This data is processed exclusively by authorized professionals and strictly for clinical purposes.

4. Methods of Data Collection

Personal data may be collected through:

  • Questionnaires completed by patients

  • Forms available on the website

  • Email communications

  • Telephone contact

  • Social media channels associated with the clinic

  • Internal clinical record and treatment management systems

5. Purpose of Data Processing

Personal data is processed for the following purposes:

Provision of Healthcare Services

  • clinical assessment

  • functional diagnosis

  • monitoring of treatment progress

Appointment Management

  • scheduling and confirmation of appointments

  • communication with patients

Patient Communication

  • sending information related to consultations

  • sending medical reports or clinical documentation

  • communications related to clinic activities

The processing of health data is carried out within the scope of providing healthcare services and fulfilling applicable legal obligations.

6. Processing of Children’s Data

When the processing involves minors, personal data is collected and processed only with the consent of parents or legal guardians.

7. Access and Sharing of Data

Access to personal data is restricted to clinic professionals who require such information to perform their duties.

Personal data may also be processed by external service providers acting as data processors (such as IT service providers or clinical software platforms), ensuring full compliance with GDPR obligations.

Data may also be disclosed when required by law or by judicial order.

8. Information Security

Health Connection implements appropriate technical and organizational measures to protect personal data against:

  • unauthorized access

  • misuse

  • loss or destruction

  • unauthorized disclosure

These measures include access control to systems, information security mechanisms and internal confidentiality procedures.

In the event of a personal data breach that may pose a risk to data subjects, the situation will be reported to the competent authority and to the affected individuals when applicable.

9. Data Retention

Personal data is retained only for the period necessary to fulfill the purposes for which it was collected and to comply with applicable legal obligations.

Clinical data may be retained for the period necessary to ensure continuity of healthcare and compliance with legal obligations associated with clinical activity.

10. Rights of Data Subjects

Under the GDPR, data subjects have the right to:

  • access their personal data

  • rectify inaccurate data

  • request deletion of data where applicable

  • restrict processing

  • data portability

  • object to data processing

Requests may be made through the contact details provided in this policy.

Requests will be answered within a maximum period of 30 days after verification of the identity of the requester.

11. Right to Lodge a Complaint

If you believe that the processing of your personal data does not comply with applicable legislation, you have the right to lodge a complaint with the:

Portuguese Data Protection Authority (CNPD – Comissão Nacional de Proteção de Dados)

12. Updates to the Privacy Policy

Health Connection may update this Privacy Policy whenever necessary.

The updated version will be made available through our official communication channels.