have to offer
Privacy Policy
1. Commitment and General Framework
AIM LIFE, Lda. (hereinafter AIM Cancer Center), as the entity responsible for the processing of personal data in the context of its clinical and business activity, undertakes to ensure, with rigour, effectiveness and security, the protection of all personal data that it collects and processes on a daily basis. This Privacy Policy clearly describes how we process your personal data and how you can exercise your rights as the data subject. AIM Cancer Center carries out all its activities in compliance with the General Data Protection Regulation (GDPR), with Law No. 58/2019 of 8 August (the national law implementing the GDPR) and other applicable sectoral legislation, namely in the health sector.
The security and privacy of personal data are paramount for AIM Cancer Center. We implement appropriate technical and organisational measures to protect data against loss, misuse or unauthorised access, and we periodically review these measures to ensure continued compliance with best practices and legal requirements. AIM Cancer Center reserves the right to update or amend this Privacy Policy; any substantial changes will be communicated through appropriate means. Regular consultation of this Policy is recommended so that you remain informed about how we protect your privacy.
In addition to providing virtual oncology care, AIM Cancer Center also develops corporate health programmes (AIM Corporate Health), training courses in various health areas, and participates in scientific research projects.
2. Personal Data and Data Subjects
What is personal data?
Personal data is any information, of any nature and regardless of format, relating to an identified or identifiable natural person. A person is considered identifiable if they can be identified directly or indirectly, in particular by reference to an identifier (for example, a name, identification number, location data, online identifiers, or one or more elements specific to their physical, physiological, genetic, mental, economic, cultural or social identity).
Who are the data subjects whose data we process?
Within the scope of AIM Cancer Center’s activity, personal data of a wide range of subjects is processed, including natural and legal persons (the latter to the extent they include data of representatives or employees). Without prejudice to other persons who may be covered, the main data subjects (non-exhaustively) are:
- Users/Clients (patients of clinical services) and their employees or representatives (when the client is a legal person);
- Employees of partners or service providers of AIM Cancer Center;
- Workers, job applicants or interns of AIM Cancer Center;
- Participants in events organised or promoted by AIM Cancer Center;
- Visitors to AIM Cancer Center’s premises (including occasional visitors, speakers, suppliers, etc.);
- Also included: participants in corporate health programmes and workplace wellbeing initiatives; trainees or registrants in training courses promoted by AIM; participants in scientific research projects conducted or co-organised by AIM.
3. What Personal Data We Collect and How
AIM Cancer Center only collects personal data that is adequate, relevant and limited to what is strictly necessary in light of the specific purposes of processing (in accordance with the GDPR principle of data minimisation). Collection may occur by different means and at different times, namely:
- orally (e.g., in telephone support or via video call),
- in writing (through forms, registration sheets, contracts or other physical documents), or
- digitally (through the institutional website and other online platforms of AIM Cancer Center).
Collection in person at our premises only occurs in exceptional cases, as AIM Cancer Center primarily provides services remotely.
As a rule, we collect your data directly, although in some situations we may obtain data through duly authorised third parties or in the context of partnerships (e.g., receiving laboratory results from external providers, professional references for candidates, etc.).
Categories of personal data processed:
Depending on the relevant purpose, we may collect and process the following categories of personal data:
- Identification data – such as full name, marital status, place of birth, date of birth, identification document number (Citizen Card or equivalent) and National Health Service (SNS) number, where applicable;
- Contact data – such as address, email address, telephone/mobile number;
- Academic and professional data – such as qualifications, CV history, current professional situation or position/role held (only for staff, employees of partner entities or applicants for jobs/internships);
- Financial and billing data – such as Tax Identification Number (NIF), IBAN, health insurance or health subsystem details (if applicable for payment of care), billing and transaction information;
- System usage and electronic location data – such as IP addresses, access logs to AIM Cancer Center’s IT systems or Wi-Fi network (where provided), records of use of devices or applications made available by AIM Cancer Center, etc.;
- Images and sound – namely, image (and sound, if applicable) recordings obtained in the context of training, events or videoconferences promoted by AIM Cancer Center (with prior notice) and images captured by CCTV surveillance systems installed in our premises, as described further in Section 10 of this Policy;
- Health data (sensitive personal data) – information relating to your physical or mental health status, clinical history, test results, diagnoses, treatments and other data included in your patient clinical record, as well as other special category data under the GDPR (such as genetic data or biometric data for identification, where and when applicable). Due to their highly sensitive nature, these data are processed exclusively in the context of providing healthcare or managing the clinical record, with special confidentiality and security safeguards (as detailed later in this Policy). Note that AIM Cancer Center does not, as a rule, collect special categories of data unrelated to the clinical context (such as religious, philosophical or political beliefs, sexual life, ethnic origin or trade union membership), except where strictly necessary and within the context of providing healthcare, and always under the appropriate legal exceptions.
All information collected through the use of the website (including, for example, data submitted via contact forms or pre-booking of appointments) will be used exclusively for the purposes communicated at the time of collection (e.g., responding to your contact, processing your registration or booking the requested appointment) and to improve the user’s browsing experience on the website. For information regarding the use of cookies or similar technologies on our website and application, please consult our Cookies Policy available online.
4. Lawful Bases for Processing
Why (and on what legal basis) do we process your personal data?
All personal data processing carried out by AIM Cancer Center has a valid lawful basis under Article 6 of the GDPR (or Article 9, in the case of special categories of data, as explained below). Specifically, depending on the purpose, processing will be based on one of the following lawful bases:
- Consent of the data subject: when you have given free, explicit, informed and specific consent for your data to be processed for a particular purpose. For example, we will request your prior consent to use your email address to send informative newsletters, or to process personal data for marketing activities or to promote events not directly related to contracted services. You may withdraw your consent at any time, as explained later under your rights.
- Performance of a contract or pre-contractual steps: when processing is necessary for entering into, performing and managing a contract to which the data subject is party, or for steps at the data subject’s request prior to entering into a contract. For example, we will use the personal data necessary to draft and perform healthcare service contracts (or other services) with our users and clients, to effect employment contracts with our employees, or service contracts with suppliers and partners. This also includes processing indispensable in the pre-contractual phase (e.g., processing job/internship applications, preparing quotes for health services before contracting).
- Compliance with legal obligations: when processing is necessary to comply with legal obligations to which AIM Cancer Center is subject. In such situations, your data will be processed to the extent necessary to comply with applicable laws and regulations, national or European Union. For example, we may be required to communicate personal data to public health entities or regulatory authorities (such as the Central Administration of the Health System – ACSS, the Health Regulatory Authority – ERS, or the Directorate-General for Health – DGS), to the tax authority, social security, courts or police authorities, in cases provided by law. Likewise, in the employment context, we process data to comply with obligations arising from the Labour Code and tax and social security legislation (e.g., mandatory communications to Social Security, the Labour Compensation Fund, the Labour Authority, among others).
- Legitimate interests of the controller or of third parties: when processing is necessary for the purposes of legitimate interests pursued by AIM Cancer Center or by third parties, provided that the rights, freedoms and guarantees of the data subject do not prevail. This basis may apply, for example, to ensuring physical security of premises, assets and people (CCTV and access control, out of a legitimate interest in protecting everyone involved), to preventing fraud and safeguarding IT systems (interest in protecting our activity from unauthorised access or cyberattacks), or to needs relating to the exercise or defence of rights in legal proceedings (legitimate interest in defending ourselves or asserting rights in disputes) where we are not otherwise legally obliged to retain such data. In any case in which we rely on legitimate interest, we will carry out a prior assessment to confirm that our interest does not excessively conflict with the rights of the data subjects.
- Processing of special categories of data (sensitive data): with regard to health data or other sensitive data that we may process, note that the lawful basis will not, as a rule, be the data subject’s consent, but rather the legal exceptions provided in Article 9(2) GDPR. Specifically, AIM Cancer Center processes users’ health data because it is necessary for preventive medicine, diagnosis, provision of health care or treatment, or management of health systems, under Article 9(2)(h) GDPR, and in compliance with national legislation that imposes the duty of professional secrecy on health professionals. Thus, health data are processed exclusively by or under the responsibility of professionals subject to confidentiality duties (doctors, nurses, diagnostic technicians, etc.), and the explicit consent of the data subject is not required for such processing in the context of providing health care, as this is based on special legal provisions and professional obligations. This clarification is aligned with the GDPR and Law 58/2019 (Art. 29) and aims to ensure that the data subject understands that, for legal reasons and quality of care, they cannot refuse the processing of essential clinical data by invoking lack of consent, save in strictly applicable situations (for example, processing outside the clinical scope, such as certain research projects or marketing activities, which will only occur with consent if health data are to be processed).
5. Purposes of Processing Personal Data
The personal data collected by AIM Cancer Center are intended for specific, explicit and legitimate purposes, communicated at the time of collection or in this Policy. We do not process your data in a manner incompatible with these purposes. Below we present the main purposes of processing by AIM Cancer Center, indicating in each case the respective lawful basis:
- Provision of health care and clinical management: includes booking appointments, performing tests, diagnosis, treatment and clinical follow-up in the context of the relationship with the user. Lawful basis: performance of the health services contract with the data subject (necessary to provide the requested service) and compliance with legal obligations in the health area; where health data are involved, the legal exception of Art. 9(2)(h) GDPR also applies, as described above, not requiring consent.
- Preparation, negotiation and performance of commercial or employment contracts: management of contracts with clients, service providers, suppliers, employees and other parties, including payment processing, invoicing, human resources management, etc. Lawful basis: necessity for performance of a contract or pre-contractual steps (Art. 6(1)(b) GDPR) and, where applicable, compliance with legal obligations (for example, labour and tax obligations).
- Organisation and management of events and training activities: registration and participation of interested parties in events, training, workshops or initiatives promoted by AIM Cancer Center, including attendance management, issuing of certificates and use of images where authorised. Lawful basis: depending on the case, the data subject’s consent (e.g., for the use of images or sending invitations) or performance of a contract (if the event is part of a requested service).
- Management and execution of corporate health programmes (within AIM Corporate Health): including communication with participants and contracting companies.
- Conduct and monitoring of scientific research projects: including data collection and analysis for study purposes, always based on informed consent and/or other applicable lawful bases.
- Distribution of newsletters and marketing communications: sending informative newsletters and communications about services, campaigns or events of AIM Cancer Center that may be of interest to the data subject. Lawful basis: explicit consent of the data subject for this purpose (Art. 6(1)(a) GDPR), obtained, for example, upon voluntary subscription to the newsletter. The data subject may withdraw consent at any time, after which they will no longer receive such communications.
- Physical security of people and facilities: monitoring and access control of AIM Cancer Center’s premises, CCTV in signposted areas, logging of entries and exits, and implementation of security measures aimed at protecting staff and other visitors, as well as assets and infrastructure. Lawful basis: legitimate interest of the controller to prevent incidents, protect people and property and deter unlawful practices (Art. 6(1)(f) GDPR); compliance with legal obligations in private security (where applicable, e.g., Law 34/2013) and, if applicable, protection of vital interests (Art. 6(1)(d), in emergencies). (See Section 10 below for details on CCTV).
- Management of IT systems and information security: maintenance and monitoring of our information technology systems, including management of user accounts, backups, prevention of fraud, intrusion or cyberattacks, and ensuring service continuity. Lawful basis: legitimate interest in protecting the network and systems (Art. 6(1)(f)) and compliance with legal obligations on data security (e.g., GDPR security duties, notably Art. 32).
- Exercise of rights in legal proceedings and response to legal requests: use of personal data as necessary to initiate, exercise or defend legal or administrative claims, whether by AIM Cancer Center or in cooperation with authorities (for example, responding to court orders, warrants or requests from the CNPD). Lawful basis: legitimate interest in safeguarding our rights (Art. 6(1)(f)) and/or compliance with a legal obligation (Art. 6(1)(c)), as the case may be. Where special category data are strictly necessary for this purpose (e.g., health data to evidence steps in court), the basis will also fall under the exception of Art. 9(2)(f) GDPR (necessary for the establishment, exercise or defence of legal claims).
- Compliance with specific legal obligations: processing data to meet sector-specific obligations, for example reporting obligations to health authorities, registration and maintenance of clinical records, compliance with tax and accounting obligations, or cooperation with regulatory bodies. Lawful basis: compliance with legal obligations (Art. 6(1)(c)) – see examples in the section on lawful bases above (communications to ACSS, ERS, Tax Authority, etc.).
- Other ancillary or complementary purposes: we may process data for the continuous improvement of our services (e.g., anonymised or minimally invasive satisfaction surveys), for internal audit and compliance activities, or in the context of corporate transactions (e.g., transfer of data in the event of a merger or demerger, always respecting applicable lawful bases). In such situations, we will assess the applicable lawful basis on a case-by-case basis (legitimate interest, legal obligation or consent, depending on the nature of the processing) and will inform the data subjects as required.
In any event, AIM Cancer Center guarantees that it does not process data for purposes incompatible with those described here, nor does it carry out solely automated decisions producing significant effects on data subjects without the proper lawful basis and prior information (note: currently, AIM Cancer Center does not carry out profiling or significant automated decisions about users or clients, since clinical decisions always involve qualified human intervention; should this scenario change in the future, data subjects will be informed accordingly).
6. Personal Data Retention Period
AIM Cancer Center processes and retains your personal data only for the period strictly necessary to pursue the specific purposes of processing, in compliance with legally required or advisable time limits. This means that, once the purpose for which the data was collected has been achieved, we will delete or anonymise such data, unless there is a legal obligation to keep it for an additional period or another legitimate basis for retention.
General retention rules: In many cases, the duration of processing will coincide with the duration of the contractual relationship or the service provided. Thus, if we have a contract with you (for example, a contract for the provision of health care or an employment contract), your essential personal data will be retained for as long as that contractual relationship lasts. Subsequently, some data may continue to be retained for the time necessary to comply with post-contractual or legal obligations (for example, warranty periods, legal limitation periods or the pendency of legal proceedings). We also have legal obligations imposing minimum retention periods for certain types of data: for example, personal data in billing documents must be kept for 10 years to comply with tax and accounting obligations (under Portuguese tax legislation). We may also retain certain data while there are pending legal proceedings, complaints or debts relating to data subjects, for the period necessary until final resolution of such situations (ensuring their timely deletion thereafter). Once the applicable periods expire, we will proceed with the secure deletion or irreversible anonymisation of the data.
Retention of CCTV images: Images collected by our CCTV systems on the premises are retained for a maximum period of 30 (thirty) days from capture. This period complies with national private security legislation and CNPD guidelines, which as a rule limit the retention of CCTV recordings to 1 month (except where an incident occurs justifying longer retention for evidentiary purposes). Thus, after 30 days, recordings are automatically deleted, except if a relevant incident occurred during that period (for example, a loss, theft or other unlawful act) that justifies retaining the specific recording for a longer period, limited to the need to deliver it to the competent authorities or to support legal proceedings. In such exceptional cases, the relevant images will be kept only for the additional time necessary and will be deleted as soon as the purpose of the extraordinary retention ceases.
In general, we maintain internal documentation defining the retention periods applicable to each category of data under our care, taking into account legislation and the supervisory authority’s recommendations (CNPD). We seek to ensure that, once the purpose has been fulfilled and the necessary or legally required period has elapsed, personal data are effectively deleted or anonymised. If, for technical or operational reasons, it is not possible to immediately delete/anonymise certain backup data, we will isolate and protect them until deletion is feasible. If you have questions about the specific retention periods applicable to your personal data, you may contact us for further clarification.
7. Rights of Data Subjects
As a data subject, you have a set of rights regarding the data you have provided to us or that we have collected about you. AIM Cancer Center values these rights and provides means to exercise them, under the applicable legislation. In summary, you have the right to:
- Right of Access: obtain confirmation as to whether personal data concerning you are being processed by AIM Cancer Center and, where applicable, access such data and information associated with the processing (purposes, categories of data, recipients to whom the data have been or will be disclosed, envisaged retention periods, existence of rights to rectification/erasure/objection, source of the data, and where applicable the existence of automated decision-making). Upon request, we will provide you with a copy of the personal data undergoing processing, in a commonly used electronic format or other suitable format.
- Right to Rectification: request correction or updating of your personal data if they are incorrect, outdated or incomplete. It is important that the data we process about you are accurate and current; therefore, we appreciate being informed whenever there is a need to change, for example, your contact address or other relevant details.
- Right to Erasure (or “right to be forgotten”): request deletion of your personal data, in cases where this is legally admissible. This right may be exercised, for example, when the data are no longer necessary for the purpose that motivated their collection, when you withdraw consent (in cases where processing is based solely on consent) or when you object to processing based on legitimate interest and there are no overriding legitimate grounds for the processing. Please note, however, that this right is not absolute – it may not be possible to immediately erase certain data if a legitimate basis for retention remains (such as compliance with a legal retention obligation or the need to preserve data for the exercise of rights in legal proceedings). In such cases, we will inform you of the reasons for the impossibility of deletion and ensure that the data remain blocked for unrelated purposes.
- Right to Restriction of Processing: obtain restriction of the processing of your personal data, temporarily suspending it, in situations provided for by the GDPR – for example, while the accuracy of the data is contested (following a rectification request) or the lawfulness of processing is under discussion (following an objection), or when AIM Cancer Center no longer needs the data but you request their retention for the establishment, exercise or defence of legal claims. When processing is restricted, data (other than storage) may only be processed with your consent or for very limited purposes (as per Art. 18 GDPR).
- Right to Data Portability: receive the personal data you have provided to us, in a structured, commonly used and machine-readable format, and transmit those data to another controller, or request, where technically feasible, that AIM Cancer Center transfer them directly to another entity indicated by you. This right applies only when processing is based on consent or on the performance of a contract and is carried out by automated means.
- Right to Object: object, on grounds relating to your particular situation, to processing of your personal data based on the controller’s legitimate interest. In that case, we will assess your request and cease the processing in question, except where we have compelling legitimate grounds to continue or where the data are necessary for the establishment, exercise or defence of legal claims. Additionally, you always have the right to object, at any time and without justification, to the processing of your data for direct marketing purposes, including profiling related to such marketing. If you exercise this right to object in the context of marketing, we will immediately cease using your data for that purpose.
- Right to Withdraw Consent: where processing is based solely on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of any processing carried out previously based on the consent given. If you withdraw consent for a specific purpose, we will cease processing your data for that specific purpose (e.g., stop sending newsletters), but we may continue to process the same data for other purposes if we have another lawful basis to do so.
In addition, you have the right not to be subject to decisions based solely on automated processing (including profiling) that produce effects in your legal sphere or similarly significantly affect you, except in legally provided exceptions. Note: AIM Cancer Center does not use exclusively automated decision-making on users’ data that meets the materiality criteria of Art. 22 GDPR, so this right, although recognised, is somewhat theoretical in our context (all clinical and service decisions involve qualified human intervention). Should we implement any such automated decision-making system in future, we will inform data subjects and ensure compliance with the additional legal requirements.
How can you exercise your rights? Exercising your rights is free of charge (except in cases of manifestly unfounded or excessive requests, in which case we may charge a reasonable fee or refuse, under Art. 12(5) GDPR) and can be done at any time. To exercise any of the rights above, you should submit a clear written request, accompanied by information allowing us to confirm your identity (for example, full name and, if necessary, a copy of an identification document, solely to verify you are indeed the data subject). This request may be sent by:
- Email: to [email protected];
- Written communication: by letter sent to AIM Cancer Center’s postal address (addressed to the Data Protection Officer) or delivered in person at our premises, against receipt;
- Online form: if AIM Cancer Center provides a data protection-dedicated form on the website, you may use it (currently, the main channels are those indicated above).
We will do our best to respond to your request promptly and within a maximum period of 1 month from receipt, as provided by the GDPR. In situations involving particularly complex or multiple requests, this period may be extended by up to 2 months, in which case we will inform you of this need within the first month. Our response will be in writing (usually by email, unless otherwise requested) and will include the information provided for by law. If, for any reason, we cannot comply with your request (for example, due to a conflict with current legal obligations), we will provide a clear justification.
Finally, please remember you also have the right to lodge a complaint with the Supervisory Authority if you believe that AIM Cancer Center’s processing of your data breaches the GDPR or other data protection rules. In Portugal, the supervisory authority is the CNPD – Comissão Nacional de Proteção de Dados (website: www.cnpd.pt). However, we encourage you to contact us directly first (yourself or via our DPO) so that we can clarify or resolve your issue promptly – we are committed to protecting your data and addressing any concern you present in good faith.
8. Communication of Data to Third Parties and Processors
With whom do we share your personal data? In the course of our activity, and strictly for the defined purposes, your personal data may be communicated to third parties where necessary or mandatory. We ensure such sharing occurs within the limits of the law and of this Policy, and that we only provide recipients with the information indispensable for each legitimate purpose. The main categories of recipients or third parties to whom we may disclose data (as applicable in each case) are:
- Public authorities and official bodies: including government or regulatory entities in the health sector (e.g., Ministry of Health, DGS, ACSS, ERS), judicial or police authorities, judicial bodies or independent administrative authorities (such as the CNPD, Tax Authority, Social Security, Labour Authority), where such communication is required by law or necessary to comply with legal/regulatory obligations.
- Other healthcare providers or entities in the health sector: where it is necessary to involve clinical analysis laboratories, partner clinics or hospitals, referred doctors or other external health professionals in the provision of care to the user. In such situations, sharing health data will be carried out with the knowledge and/or at the request of the user themself (for example, referral to another specialist, request for an external complementary test) and under the duty of medical confidentiality, ensuring that the recipient is likewise bound to secrecy. Similarly, if the user is covered by health insurance or a health subsystem and requests its activation, we may communicate the strictly necessary billing and clinical information to the insurer or paying entity, for the purposes of payment/reimbursement of the services provided.
- Financial entities and insurers: banks, payment processors, health or workers’ compensation insurers, pension funds, and other similar entities, where processing so requires. For example, to collect clinical services we may send payment references to banks or payment operators; in case of an employee’s work accident, we must notify the respective insurer with details of the claim; if a user’s health insurance is activated, we may confirm to the insurer certain treatment data to validate coverage. Such communications will always be made on an appropriate lawful basis (performance of the insurance contract, legal obligation or legitimate interest, depending on the context).
- External consultants and research sponsors: in specific circumstances, we may need to share some personal data with legal advisors, auditors, experts or other consultants under confidentiality (for example, in the context of quality audits, compliance assessments or legal defence), or – with the prior consent of the data subject where required – with sponsor entities of clinical trials or research projects in which the user participates (in these cases, data will be pseudonymised or anonymised whenever possible).
- Service providers (processors): partners and external companies that provide services to AIM Cancer Center and may need to process personal data on behalf of AIM Cancer Center (thus acting as processors, under Art. 28 GDPR). These include, for example: information technology services (systems maintenance, database hosting, cloud service provider), document archiving and digitisation services, certified document destruction companies, IT and telecommunications support services, private security companies (where guards may have real-time access to CCTV images), mailing or logistics services, among others necessary to our activity. In such cases, AIM Cancer Center enters into written contracts with such entities, imposing data protection obligations equivalent to those we observe, including duties of confidentiality, appropriate technical and organisational security measures, and the guarantee that they will act only under our explicit instructions. In short, processors cannot use the data for their own purposes and are legally and contractually bound to protect the personal data entrusted to them. AIM Cancer Center carefully selects such partners and only uses entities that offer sufficient guarantees of compliance with data protection standards.
In any sharing of data with third parties, AIM Cancer Center follows the principle of data minimisation, transmitting only the data that are adequate, relevant and limited to what is strictly necessary to fulfil the specific purpose. Where required by law, we will seek your prior consent or give you the opportunity to object to a particular transfer.
9. International Data Transfers
As a rule, AIM Cancer Center processes and stores personal data on servers located within the European Economic Area (EEA) or in countries that ensure a level of protection equivalent to that of the EU. However, in certain specific cases, it may be necessary to transfer some personal data outside the EEA – for example, if we use cloud services or digital platforms whose servers are located in third countries, or if it is necessary to send information to a healthcare institution in a third country at the request of the data subject.
In such cases of international transfer, AIM Cancer Center strictly complies with the applicable legal provisions (Articles 44 to 49 GDPR), ensuring that the transfer only occurs to countries considered to provide an adequate level of protection by the European Commission or through the implementation of appropriate safeguards (such as the European Commission’s Standard Contractual Clauses, binding rules applicable to the processor, or a specific international agreement). We will provide any additional relevant information to the data subject where necessary and will suspend any transfer of data outside the EU if the required conditions of security and lawfulness are not met.
In short, if your data must be transferred outside Portugal/the EU, we will ensure they remain protected to European standards, keeping you informed as provided by law. For more details on international data transfers (or to obtain a copy of the safeguards implemented), you may contact us through the available channels.
10. Video Surveillance and Physical Security on the Premises
AIM Cancer Center uses CCTV systems on its premises, in strategic areas of access and public circulation (for example, main entrances, reception, corridors with restricted access, car parks), with the aim of ensuring the security of people and property, preventing the occurrence of unlawful incidents and deterring crime within the monitored perimeter. The existence of CCTV cameras is duly signposted via clear notices placed in the monitored areas, containing the information required by law (camera pictogram and brief indication of the purpose and responsible entity). This measure ensures that all staff and other visitors are informed in advance of image capture, in compliance with Law No. 34/2013 (private security regime) and CNPD guidance on video surveillance.
Purpose and lawful basis: The sole purpose of video surveillance is security – protecting employees, visitors and the facilities against theft, vandalism, violence or other security emergencies. We do not use the images for any other purpose (for example, worker performance control or monitoring visitors for reasons unrelated to security). The main lawful basis for this processing is AIM Cancer Center’s legitimate interest in ensuring security (Art. 6(1)(f) GDPR), combined with the legal authorisation under private security legislation that allows CCTV installation in private establishments to protect persons and property. In certain situations, processing (viewing and handing over recordings) may also be necessary for compliance with a legal obligation (e.g., responding to a request from police or judicial authorities within a criminal investigation).
Camera locations: For security reasons, we do not publicly disclose the exact location and number of cameras installed. However, we can confirm that cameras cover only common and public-access or security areas on AIM Cancer Center’s premises, and no cameras are installed in private areas such as private offices, toilets, private waiting rooms or other places where there may be a high expectation of privacy. Cameras are positioned so as not to capture unnecessary images of public roads outside (except where strictly necessary to cover entrances) nor interiors of third-party spaces.
Access to images: CCTV recordings are stored securely with restricted access. Only persons authorised by AIM Cancer Center, in the context of their security or administrative functions (for example, the security officer or administrative management), or possibly the subcontracted private security company (if monitoring is outsourced), may access recordings, and always under strict confidentiality obligations. Access occurs only when necessary (e.g., to verify a reported security incident). All such persons are bound by legal and contractual duties of secrecy regarding the images. In the event of a relevant incident, the pertinent images may be provided to the competent authorities (law enforcement or courts), upon lawful request, for investigative purposes. The recordings are not in any case made publicly available nor used internally for purposes unrelated to security.
Retention periods: As mentioned in Section 6, CCTV recordings are retained for a maximum of 30 days from capture, after which they are automatically deleted (overwritten), unless an incident justifying longer retention is detected within that period. If, for example, a theft or other relevant event captured by the cameras is reported, the images necessary to evidence that event may be isolated and retained for an additional period, strictly until the conclusion of the related investigation or legal proceeding, after which they will be immediately deleted. This procedure is aligned with applicable law and best sector practices, ensuring we do not retain CCTV data longer than necessary.
Data subject rights regarding images: Any data subject may contact us to request access to CCTV images in which they may appear (right of access, insofar as this does not affect the rights of third parties), as well as to exercise the other rights mentioned in Section 7 (for example, objection or restriction, where applicable). Note that, for technical and security reasons, requests for access to CCTV recordings must indicate the approximate date, time and location where the data subject was under surveillance, so that we can identify whether images depicting them exist. We must also ensure that a data subject’s access does not compromise the privacy of third parties appearing in the images – if necessary, we may apply masking (“blur”) to third parties or invite the data subject to view the images in person on our premises, in a controlled environment. Early deletion of recordings may also be requested but will only be carried out if it does not conflict with our legitimate security interests or legal obligations (for example, where the images are no longer necessary because the data subject has proven that capture was irregular). All requests will be assessed case by case, according to the law, and should be addressed to our Data Protection Officer, via the contacts below.
Note: Since AIM Cancer Center is a virtual clinic that provides oncology care mostly remotely and digitally, a user’s physical presence at AIM Life’s premises is an exceptional, residual situation. For this reason, within this section, it is not expected that the data processed will predominantly concern users as data subjects.
11. Technical and Organisational Security Measures
AIM Cancer Center adopts appropriate technical and organisational security measures to protect personal data against destruction, loss, alteration, disclosure or unauthorised access, as well as against any form of accidental or unlawful processing. We are aware of the special sensitivity of much of the data we process (namely health data) and therefore have implemented reinforced safeguards in this area. In general, we highlight the following security measures and practices in place:
- Access control and role-based restriction: Personal data are accessible only to AIM Cancer Center employees or processors who genuinely need such data to perform their functions (need-to-know principle). In particular, clinical and health data of users are accessible only to health professionals directly involved in care (doctors, nurses, technicians) and to support staff under supervision (e.g., administrative staff entering data in the record, or IT technicians maintaining systems), all bound by legal and contractual duties of secrecy and confidentiality. We employ strong authentication systems (unique credentials, robust and periodically renewed passwords, access cards/keys, etc.) to ensure only authorised users access databases or restricted physical areas.
- Training and awareness: All AIM Cancer Center employees, especially those dealing with personal data (particularly sensitive data), receive data protection and information security training periodically. They are also required to sign confidentiality agreements at the start of their duties and strictly comply with internal data protection policies. The privacy culture is reinforced through internal communications, awareness sessions conducted by the DPO and updates whenever necessary, ensuring the duty of professional secrecy and personal data protection are ingrained values across the organisation.
- Technological safeguards: We use reliable security technologies, such as firewalls for network perimeter protection, intrusion detection and prevention systems (IDS/IPS), up-to-date antivirus and antimalware, encryption mechanisms for sensitive data (at rest and in transit, where applicable), and regular backups of critical systems (stored securely with controlled access). Our servers and infrastructures are maintained in data centres with robust physical security controls and redundancy, mitigating risks of failures or unauthorised access.
- Pseudonymisation and minimisation: Wherever possible and appropriate, we use pseudonymisation of personal data, especially in secondary processing contexts (e.g., clinical research or internal statistics), so that data subjects are not directly identifiable without recourse to separate additional information. We maintain minimisation policies that ensure each department or system only collects the data necessary for the intended purpose (avoiding excessive collection) and that such data are stored for the shortest necessary time (as per Section 6).
- Activity logging and audits: We keep log records of access and operations performed in systems processing personal data, particularly in clinical record management systems, to enable monitoring and auditing of unauthorised access or improper data consultation. We carry out periodic internal audits (and, when necessary, independent external audits) to assess compliance of practices with policies and legal requirements, including information security.
- Incident response plans: In the event of a security incident affecting personal data, all employees must immediately report the occurrence to the DPO and senior management, enabling rapid containment and remediation, assessment of risks to data subjects and, where applicable, notification to the CNPD and the affected data subjects, under Articles 33 and 34 GDPR.
- Continuous assessment and review: The implemented security measures are periodically reassessed and updated in light of technological developments, newly identified threats or changes in the risk context. Additionally, for new projects, products or services involving personal data, we apply the privacy by design principle and conduct Data Protection Impact Assessments where the proposed processing is likely to result in a high risk to the rights of data subjects (Art. 35 GDPR).
Through these measures, AIM Cancer Center aims to fully comply with Art. 32 GDPR and other relevant national rules, ensuring a level of security appropriate to the risk. Notwithstanding all efforts, it is important to note that no security system is absolutely infallible; still, we undertake to implement all reasonable diligence to protect personal data and to act promptly should any data breach or suspected breach occur, mitigating any adverse effects.
12. Contacts
National Data Protection Authority: We reiterate that, if you deem it necessary, you have the right to lodge a complaint with the Comissão Nacional de Proteção de Dados (CNPD), the regulatory authority in Portugal for these matters. AIM Cancer Center nevertheless hopes to satisfactorily address all your concerns without the need to involve the CNPD, voluntarily and in good faith complying with best data protection practices.
AIM Cancer Center thanks you for your trust and ensures that the personal data entrusted to it will be processed with a high sense of responsibility, confidentiality and integrity. This Privacy Policy reflects our ongoing commitment to respecting your privacy and strictly complying with the applicable data protection legislation. If you have any questions regarding any content of this Policy or how to exercise your rights, please do not hesitate to contact our DPO or our services. We are at your disposal to assist and clarify, because protecting your data is, for us, as important as providing excellent care.