Privacy Policy


1.    Our commitment

For MDS  GROUP (hereinafter, "MDS”), the privacy and  the personal data protection of its customers and other data subjects are essential. 

For this reason, MDS is determined to comply with all applicable legislation in matters of personal data protection, respecting the fundamental principles and the data subjects’ rights.

This Privacy Policy complements other contractual provisions and information that may be provided by MDS to the data subjects with whom it relates, as well as other policies and regulations created for data protection.

MDS advises you to read this Policy and other documents that may be transmitted or communicated to you and that concern the privacy and your personal data protection, updates of which will be made available at mdsgroup.com.

To find out more about the entities in MDS Group, go to:

https://www.mdsgroup.com/pt/empresas-do-grupo-mds/



2.    MDS's position on the processing of your personal data             

The data controller will be the MDS company that provides the service and offers the products, which in this scope decides which data is collected, the means of processing and the purposes for which the data is used. 

In certain cases, MDS will act as a processor, processing your data on behalf of another entity, which will act as the data controller, which will be the case namely with insurance companies, when MDS provides them with services within the scope of the management and performance of an insurance contract to which the data subject is a party (for example, for the purposes of claims management).

In such cases, we recommend that you consult the privacy policy and/or other information on the processing of your data with the data controllers.


3.    Key concepts

3.1  What are personal data?

Personal data means any information, whatever the nature or on whatever format, relating to an identified or identifiable natural person. an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.



3.2  Who are the data subjects of the personal data processed by MDS? 

Data subjects are the natural persons to whom the personal data concern.

For example, as a data controller, MDS may process personal data whose data subjects are its customers (natural persons), who contract the services and products distributed by MDS, its former customers and potential customers, as well as service providers or potential service providers. As a processor, MDS may process personal data whose data subjects are insurance policyholders, beneficiaries or insured persons, in accordance with a given insurance contract, or persons appointed as witnesses in the event of claims.



3.3  What personal data is processed by MDS?

MDS may process the following categories of personal data:

a) Identification data (e.g., name, address, place of birth, nationality, dual nationality, identity card, sex, date of birth, telephone contact, e-mail address, taxpayer number, marital status, profession);

b) Claims registration data for life insurance (e.g. death certificate, certificate of inheritance, medical report, receipt from the mortuary agency, accident occurrence report, autopsy report and results of alcohol and toxicology tests, payment order to be filled in by the beneficiary, proof of IBAN);

c) Claims registration data for health insurance (e.g. insured person's health history, medical reports, supporting documents to the claim's settlement);

d) Claims registration data for work accidents insurance (e.g. date of insurance activation and description of the claim, due date, insurance charges, extras, gratifications, food allowance, supporting data for claim's settlement);

e) Claims registration data for personal accidents insurance (e.g. description of the claim, medical information, supporting documentation to the claim, legal beneficiaries); 

f) Claims registration data for motor vehicle insurance (e.g. claims’ reports data, amicable accident declaration report, identification of injured third parties, identification of witnesses);

g) Claims registration data for other insurance (e.g. claims’ reports data);

h) Identification data of the insured object (e.g. type of vehicle, type of aircraft, type of boat, registration number, model, year of manufacture, chassis number, date of registration, cylinder capacity, power seat number, policy number, identification of other insured items, such as jewellery, pieces of art, housing, household contents or animals);

i) Billing data (e.g. NIB/IBAN, bank, swift, signature, name of account holder, address, policy number); 

j) Health and lifestyle data (e.g. information on lifestyle habits such as diet, sport, alcohol consumption, tobacco use, biometric indexes, illness history); and 

k) Call recording data (e.g., call logs and recording, including voice recording and number recording). 

MDS only processes the special categories of data mentioned above as a processor for insurance companies. 



4.    How is your personal data collected?

Personal data may be collected through the following means:

a) Email

b) Website;

c) Chatbot;

d) Whatsapp business if you accept the terms and conditions of this network, to which MDS is unrelated;

e) Other digital communication tools;

f) Telephone calls; and

g) In person.

 

The data collected is processed and stored in computerised form and in strict compliance with personal data protection legislation, being stored in specific databases created for this purpose by MDS or its processors.

Some of the personal data collected on the website are of mandatory fulfilment and, if this data is missing or insufficient, MDS may not be able to provide you with the services or information you have requested. In each specific case, MDS will inform you of the mandatory nature of providing the personal data in question.

 

5. Indirect collection of your personal data

It is possible that MDS has collected your personal data through third parties or other means, even if you are not an MDS client.

This may be the case, for example, when your contact details are provided by a family member or third party, when you are a beneficiary of certain insurance, when you are an employee of an MDS client or when you are a board member of a legal person that is an MDS client.

Whenever MDS collects your data through third parties or other means, MDS will endeavour to provide you with information regarding the processing of your personal data at the earliest opportunity.



6.    Reasons why we process your data and in what situations.

6.1  Data processing as data controller

As data controller, MDS only processes personal data on the following lawfulness and for the following purposes:


6.1.1. For the performance of a contract concluded with you or in order to take steps prior to entering into a contract at your request

Recording and proving commercial transactions and pre-contractual information, which includes, but is not limited to:

  • responses to requests for information from clients or potential clients, agents or potential agents; 
  • simulation requests for the presentation of insurance proposals;
  • monitoring the management and performance of the contract, which includes, among other things, presenting insurance proposals in accordance with the client's interests; 


6.1.2. To fulfil the legal obligations to which MDS is subject    

In carrying out its business, MDS is subject to certain legal and regulatory obligations, which fulfilment may imply the need to process your personal data, such as:

  • Compliance with obligations of withholding, payment or declaration for tax purposes; 
  • Compliance with legal obligations arising from requests from public authorities (e.g. Insurance Supervisory Authority, Pension Funds and Courts);
  • Compliance with procedures for preventing and combating money laundering and terrorist financing.


6.1.3. To fulfil MDS' legitimate interests

MDS uses your personal data to develop, improve and promote its services and to defend its legal rights and interests, including: 

Betterment of service quality, which includes:

  • Carrying out market studies; 
  • Analysing the customer service provided;

Marketing and communication, which includes:

  • Sending communications to clients and former clients about MDS products and services; 
  • Analysing and managing requests made on the websites and other channels;

Claims management and monitoring of judicial processes, which includes:

  • Analysing and monitoring claims submitted by clients regarding MDS services; 
  • Analysing and monitoring litigation or pre-litigation processes in which MDS is a party;

Development of predictive models, which includes:

  • Analysing customer identification data and information relating to insurance contracts entered into by customers in order to develop statistical models designed to adjust the sending of communications relating to MDS products and services to the client's interests and to identify development opportunities for new products or services. MDS will not adopt any decision based on profiling that produces legal effects in their clients or that affects them in a similar way.

Video surveillance of MDS premises

  • To protect persons and property.


6.1.4. To meet your choices, based on your consent MDS also processes your personal data for: 

  • Commercial prospecting (e.g. communicating about MDS products and services to persons who are not clients or former clients of MDS);
  • Improving the Quality of Service (e.g. when recording calls and conversations in digital communication tools).

6.2  Data processing as a processor

When MDS acts as a processor, i.e. on behalf of other entities, in particular insurance companies, the purposes for which the personal data is processed will be determined by those entities as data controllers. In such cases, MDS will process your personal data only for these purposes and in accordance with the instructions given to it by these data controllers. In these cases, you are advised to consult the privacy policy of the Data Controller whenever you need additional information on data processing. 


7. Transmission of personal data and possible recipients of your personal data

In order for MDS to fulfil all its duties and provide you with the best possible service, it may have to communicate or provide access to your personal data to other entities, among which the following stand out:

  • Service providers who provide services to MDS as processors (e.g. data center management, call centers). 
  • Insurance and/or reinsurance companies, as this communication is indispensable for obtaining quotes and, subsequently, concluding the insurance or reinsurance contract;
  • Entities from the MDS business group;
  • Public authorities, such as Tax Authorities or Judicial Courts.

MDS will only communicate personal data that is indispensable for the provision of the contracted services or the fulfilment of legal obligations to which it is subject.

In some cases, MDS may have to transfer your personal data internationally (i.e. outside the European Union), particularly when the insurer is located outside the European Union.

However, if data is transferred to third countries that do not belong to the European Union or the European Economic Area, MDS will comply with the law, namely with regard to the suitability of the country of destination, the personal data protection and the requirements that apply to these transfers, and personal data will not be transferred to jurisdictions that do not offer guarantees of security and protection.


8.    For how long will your data be processed and stored?

MDS will only process your personal data for the purposes indicated above and only for as long as is necessary to fulfil those purposes.

The retention periods for your personal data are as follows:

In situations where MDS acts as a processor, it is the Data Controller who sets the retention period.

Purpose

Retention period

Recording and proving commercial transactions and pre-contractual information

General time period of 30 days, from the recording of the call or conversations on digital communication tools.

In the case of conclusion of distance contracts, the applicable time period will correspond to the duration of the contract, and this period may be extended by the time necessary to fulfil all the obligations arising from the contract.

Monitoring the management and performance of the contract

Duration of the insurance contract.

Commercial prospection

1 year, from when the data subject's contact details are obtained.

Response to a contact request from potential MDS Agents

1 year, from when the data subject's contact details are obtained if a commercial relationship is not established. In other situations, for as long as the commercial relationship is maintained..

Marketing and communication

2 years (plus current year) since the last interaction. 

Claims management and monitoring of lawsuits

For the duration of the dispute or claim and the corresponding limitation period.

Development of predictive models

Duration of the insurance contract or until you object to the processing.

Betterment of service quality

General time period of 1 year

In the case of recording calls or conversations in digital communication tools for this purpose, these will be kept for a period of 30 days.

Fulfilment the legal obligations

10 years for the fulfioment of tax obligations;

7 years for the fulfilment of obligations regarding the prevention of money laundering and terrorist financing.

Ohter legal time period defined by law, if applicable.

Video surveillance to the purpose of protecting people and property

30 days from image capture


9.    Automated individual decision-making

MDS does not adopt automated individual decision-making, i.e. decisions taken solely on the basis of the automated processing of your personal data and which produce legal effects in you or significantly affect you in a similar way.

Should MDS adopt this type of decision-making, you will be informed of this fact, as well as the rationale underlying such decisions and the importance and possible consequences of such processing for the data subject.


10.  Rights of the personal data subjects

10.1 Which are the rights?

10.1.1 Right of access
Whenever you request it, you have the right to obtain confirmation as to whether your personal data is processed by MDS, as well as information regarding such processing (e.g. which are the purposes of the processing, who are the recipients of your data and how long your data will be stored).

You also have the right to obtain a copy of your personal data processed by MDS.

10.1.2 Right to rectification

Whenever you consider that your personal data is incorrect or incomplete, you can request that it be rectified or completed. 

10.1.3 Right to erasure

In certain situations, you can request the erasure of your personal data. In such cases, MDS will delete your data, unless it is necessary for any of the following purposes:

i.  exercising the right of freedom of expression and information; 

ii.  compliance with a legal obligation which requires processing and that applies to MDS;

iii.  reasons of public interest in the area of public health;

iv.  archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, in so far as the exercise of the right to erasure seriously impair the achievement of the objectives of that processing; or

v.  establishment, exercise or defence of legal claims.

 

10.1.4 Right to restriction of processing

In certain cases, you can request MDS to restrict access to personal data or to suspend processing activities. This will be the case, for example, in cases where you contest the accuracy of your personal data, for a period of time that allows MDS to verify its accuracy, or in cases where you have objected to the processing, until it is ascertained whether MDS's legitimate interests prevail over yours.



10.1.5 Right to portability

In the cases provided for in the applicable legislation, you have the right to receive the personal data concerning you that you have provided to MDS in a structured, commonly used and machine-readable format. You also have the right to request that MDS transmit this data to another data controller, provided that this is technically possible.



10.1.6 Right to object

You have the right to object to the processing of your personal data at any time, for reasons relating to your particular situation, when such processing is based on the legitimate interests of MDS or when it is carried out for purposes other than those for which the data was collected, including profiling, but which are compatible with them.

In such cases, MDS will stop processing your personal data unless it has legitimate reasons for doing so and these reasons outweigh your interests.

You can also object, at any time and without the need for justification, to the processing of your data for direct marketing purposes.



10.1.7 Right not to be subject to an automated individual decision-making

MDS does not adopt automated individual decision-making, including profiling, that has a legal effect on you or significantly affects you in a similar way.



10.1.8 Right to withdraw your consent

In cases where data processing is based on your consent, you may withdraw your consent at any time. 

If you withdraw your consent, your personal data will no longer be processed, except if there is another basis, such as the contract or the legitimate interest of MDS, that allows such processing. 



10.1.9 Right to lodge a claim with the supervisory authorit

You have the right to lodge claims with the competent supervisory authority regarding matters related to the processing of your personal data.

In Portugal, the competent supervisory authority is the National Data Protection Commission (Comissão Nacional de Proteção de Dados)



10.2  How can you exercise your rights?

You can exercise your rights through the following channels:

  • E-mail: you can exercise your rights by e-mail, to the address rgpd@mdsgroup.com;
  • Letter: you can exercise your rights by sending a letter to the company you are dealing with at the following address Av. da Boavista, 1277/81, Piso 0, 4100-130 Porto; or
  • Telephone: you can exercise your rights by calling (+351) 226082410.

Exercising your rights is free of charge.


11.  Security measures, technical and organisational

To ensure the protection of the security of the personal data made available to it, MDS has adopted various technical and organisational security measures in order to protect personal data against unauthorised destruction, loss, alteration, disclosure or access to personal data and against any other form of unlawful processing.

In cases where MDS subcontracts the provision of services involving the transfer of personal data to other entities, these entities will be obliged to adopt the necessary technical and organisational measures to protect personal data against the unauthorised destruction, loss, alteration, disclosure or access to personal data and against any other form of unlawful processing.



12.  Liability for services, websites and social networks

We advise you to consult the rules on the use of cookies on MDS websites, and you can also consult the MDS Cookies Policy here: Cookies Policy - MDS Portugal (mdsgroup.pt).

MDS websites may contain links to other websites, products or services of third parties, including social networks and communication channels such as WhatsApp. MDS has no relationship with these third parties, nor are they covered by this Privacy Policy. MDS therefore advises you to find out about the rules defined by these third parties for processing your data with them.

MDS's social media pages are managed by MDS itself and have been created to provide a space for sharing information about the company and the service it provides. In addition, MDS news, launches and actions are also shared there.

MDS is also not responsible for third parties’ content published on these pages.

In order to make good use of these pages, all users must respect the general rules of the respective social networks and the legal information of MDS, which reserves the right to remove comments that may be inappropriate or offensive.

MDS is not responsible for the public sharing of any personal data by the data subject on its social networks.

MDS may not respond to all third parties’ posts , although it aims to respond on a regular basis, according to the relevance of the updates and the pertinence of the topics.

The use of MDS social networks may involve the transmission of data to social networks service providers, which may be based outside the European Union or the European Economic Area. Please note that each social network has its own privacy policy, different from the others, which the user shall consult.



13.  Data Protection Officer

MDS has appointed a Data Protection Officer, who can be contacted via email: rgpd@mdsgroup.com.



14.  Stay up to date on the protection of your personal data and its processing by MDS

The information contained in this document may be subject to change over time. 

Whenever there are changes regarding the processing of your personal data, MDS will inform you through the website https://www.mdsgroup.com/pt/politica-de-privacidade/ or through the other communication channels usually used.

Discover MDS World