In its commitment to protecting the personal data security of Users, Promptly takes the most appropriate measures to protect the personal data contained in the Platform against its dissemination, loss, destruction, misuse, alteration, treatment, or unauthorized access and/or illicit:
Access restricted to your personal data based on the criterion of "need to know" and only within the scope of the purposes communicated;
Use of Secure Sockets Layer (SSL) certificate to ensure security and privacy in the transfer of data between the server and the user;
Authentication mechanisms for entry into the system and for carrying out specific acts of loading health information;
To ensure security in the identification, a validation email and/or code sent directly to the user's personal contact is used;
Protection of information technology systems through the use of secure servers, such as the AWS server, which ensures compliance with the standards of data protection, firewalls, and encryption in communication and data access;
Adoption of the practices included in the ISO 27001 standard is the standard and international reference for the management of Information Security and the structure par excellence in information protection;
Adoption of encryption practices and pseudonymization of data, with special security measures regarding health data;
Access to health data only by a health professional due to the duty of confidentiality;
Logical and physical separation of health data from other personal data and different access profiles due to the nature of the data;
Duty of confidentiality of all Promptly professionals or for them to provide services and maintenance of the obligation of confidentiality even after the termination of the activity to Promptly or to provide services and maintenance of the obligation of confidentiality even after the termination of the service of activity for Promptly;
Adoption of a code of conduct / internal regulation or rules binding on the company with regard to the protection of personal data;
Anonymization (whenever its adoption does not obviate the pursuit of a lawful, legitimate, and delimited purpose).
However, it is the Users' responsibility to ensure that the computer equipment through which they access the Platform is adequately protected against harmful software and computer viruses or other forms of improper access by third parties.
Data Management and Responsibility
The processing of personal data by Promptly is governed by the following principles in accordance with the GDPR: a) legality, fairness, and transparency in the processing of data; b) limitation of purpose; c) minimization of data; d) accuracy; e) conservation limitation; f) integrity and confidentiality; g) responsibility.
Promptly Software Solutions for Health Measures, Lda. ("Promptly") is the entity responsible for the processing of users' personal data, being able, in some exceptional cases and respecting the information duty, to act as a subcontractor of entities and/or health units Promptly acts as subcontractor regarding the use of the Platform through the "Medical" Profile with respect to the responsibility of the personal data of the patients inserted by the Physician, being responsible for the treatment to the institution where the doctor carries out his activity or to him if in private medical activity.
Purposes of treatment
The data processed in the scope of the use of the Platform are collected at the time of registration of the Platform by the User and each time the User accesses the Platform through their login.
Promptly will treat the data of the User and/or data subject, either manually or automated, for the following specific purposes:
Registration on the Promptly Platform
Improve access to the User's information regarding the reported disease;
To improve the services provided in the health area, in particular, of the reported disease;
Ensure continuity of care and treatment guides for the reported disease(s) and monitoring of services provided by health care providers;
Extend scientific knowledge in the area of results reported by the User, comparing and designing common patterns of responses, using for this purpose and whenever appropriate to the accomplishment of the same anonymized data;
The data of the holders will not be treated for any other purpose that does not observe the purposes thus described.
Within the scope of this Platform, Promptly handles data relating to User identification and health data. Promptly recognizes the special character of health data and applies them to the safety, technical and organizational measures appropriate to its protection.
The processing of the personal data contained in the Platform is based on the prior consent of the data subject, and this consent can be withdrawn at any time through the email: email@example.com, or by written request to Promptly - Helpdesk, to the address Rua das Condominhas, n.º 15, 4150-222 Porto. The withdrawal of consent does not compromise the lawfulness of the treatment prior to the same made on the basis of the previously given consent.
Rights of data subjects
As the owners of personal data, the User may, at any time and for free, exercise their rights of access, rectification or erasure, limitation, portability and opposition of their data, through the email: firstname.lastname@example.org or upon written request to Promptly-Helpdesk, to the address Rua das Condominhas, n.º 15, 4150-222 Porto.
If you exercise any of these rights, Promptly will analyze it and respond within a maximum of one month. The time limit may be extended by up to two months, subject to Article 12 (3) of the GDPR where necessary, taking into account the complexity of the application and the number of applications, in which case the data subject to be informed of the extension and the reasons for the delay within one month from the date of receipt of the request. If the request submitted by the data subject is not followed up, the data subject must be informed, without delay and within one month of the date of receipt of the request, of the reasons for the delay and the possibility of submitting a complaint to a supervisory authority and bring legal action.
If the data subject submits the request by electronic means, and unless otherwise requested by the data subject, the information must be provided in an electronic format in common use.
However, you are hereby informed that if you believe that Promptly has violated or may have violated your data protection rights, you may submit a complaint to the National Data Protection Commission.
The User may also contact the Data Protection Officer ("Data Protection Officer" or "DPO") of Promptly on all matters related to the processing of their personal data and the exercise of their rights through the email: email@example.com, or upon a written request addressed to Promptly - under the care of Marco Carvalho, to the address Rua das Condominhas n.º 15, 4150-222 Porto.
With regard to the right to erase the data and in view of the identified purpose of clinical research, under Article 89 of the GDPR, the GDPR may be restricted, in accordance with Article 17 (3) (d) of the GDPR, only to the extent that such erasure of the data is likely to make it impossible or seriously detrimental to the attainment of the objectives of that treatment.
Report a vulnerability
If you have any questions about these Terms and Conditions of Use, you should send a request for clarification to Promptly through the Promptly helpdesk service at the following email address: firstname.lastname@example.org
Promptly guarantees Platform Users respect for their privacy, as well as the protection and security of their personal data.