1. Our commitment

For the MDS Group (hereafter "MDS"),privacy and protection of its clients' personal data and the data of any otherdata subjects are of key significance.

Therefore, MDS is committed to complyingwith all applicable legislation on matters of personal data protection,upholding fundamental principles and data subjects' rights. This Privacy Policycomplements other contract provisions and information that may be provided byMDS to its clients, as well as other policies and directives that may becreated for the purpose of data protection.

MDS recommends that you read this Policy aswell as other documents that may be provided or relayed to you on the privacyand protection of your personal data; document updates will be made availableon mdsinsure.com.

To get to know the entities operating underthe MDS Group, kindly visit https://www.mdsinsure.com/en/mds-group/


2. The MDS position on processing yourpersonal data

The entity responsible and accountable fordata processing will be the company, MDS, which provides services and productsto you and, as such, decides on the data to gather, processing methods andpurposes for your data, in the cases identified by item 4below.

In certain cases, MDS will act as asubcontractor, processing your data on behalf of another entity that shall bethe one accountable for data processing, which will happen namely withinsurance companies when MDS provides them services connected with themanagement and execution of an insurance contract to which the data subject isa party (for example, for claims management).

In such cases, we recommend that you readthe privacy policy and/or any other information on the processing of your dataprovided by the entity that is accountable for data processing.

3. Essential Concepts

a) What is personal data?

Personal data is any information of anynature, on any medium, concerning a natural person, identified or identifiable.Identifiable is any person that may be identified, directly or indirectly, andparticularly with reference to an identifier, such as a name, an identificationnumber, location data, electronic identifiers, or one or more specific elementsof physical, physiological, genetic, mental, economic, cultural or socialidentity of that person.

b. Who are the data subjects of the personaldata processed by MDS?

Data subjects are the natural persons whomthe personal data concerns. For example, as the entity responsible forprocessing, MDS may process personal data whose data subjects are its clients(natural persons) that purchase services and products from MDS; its formerclients; and its potential clients. As a subcontractor, MDS may processpersonal data whose data subjects are policyholders, beneficiaries or insuredpersons, according to a given insurance contract, or persons named witnesses inthe event of a claim.

c. What personal data does MDS process?

MDS only gathers and processes data asnecessary to provide quality service to you, in order to provide products andservices that best address your needs and perform to the highest standard anyservice you may have contracted, and to comply with its obligations as asubcontractor.

MDS will also process personal datanecessary to fulfilling legal obligations it is subject to, or to pursue itsown legitimate interest. As a service provider, MDS processes the followingpersonal data categories: 

  • Identification data related to thepolicyholder, persons insured, injured parties and beneficiaries, as applicable(e.g., name, address, place of birth, nationality, citizenship/doublecitizenship, national identity card number, gender, date of birth, phonenumber, email address, tax ID number, marital status, occupation);
  • Claims records in the life line (e.g.,death certificates and records, inheritance claims, medical reports, funeraldirectors' receipts, accident reports, autopsy reports, drug andalcohol test reports, payment order to be filled by beneficiary, proof ofIBAN);
  • Claims records in the health line (e.g.,insured's medical history, medical reports, support documents for claimregularization);
  • Claims records in the workplace accidentline (e.g., date insurance was activated and accident description,remuneration, premiums, extras, gratifications, food allowance, support datafor claim regularization);
  • Claims records in the personal accidentline (e.g., accident description, medical information, support documents on theaccident, legal beneficiaries);
  • Claims records in the auto line (e.g., AutoDAA accident report data, identification of injured third parties, witnessidentification);
  • Claims records in other lines (e.g.,accident report data);
  • Identification data for the insured object (e.g.,vehicle type, aircraft type, vessel type, registration number, brand/make,model, year of manufacture, chassis number, registration date, cylindercapacity, number of seats, engine power, policy number, identification of otherinsured objects, such as jewellery, artworks, household, household effects oranimals);
  • Charge/collection data (e.g., NIB/IBAN,Swift code, signature, account holder, address, policy number);
  • Health and lifestyle data (e.g., lifestyleinformation, such as eating habits, sports, alcohol consumption, smokinghabits, biometric indicators, clinical history); and
  • Records of telephone call data (e.g.,records and recordings of telephone call, including voice recordings and telephonenumber records).

MDS also processes these personal datacategories where the data subjects are underage.

MDS only processes the special datacategories indicated above, meaning, data pertaining to your health, biometricdata or genetic data, as a subcontractor.

4. Reasons to processyour data, and when

a) Data processing when MDS is accountable forprocessing Wherever MDS is accountable for data processing, it only processespersonal data in the following situations:

 i. To perform the terms of a contract with youor to pursue pre-contract diligence and efforts at your request

To render services and provide products theclient may wish to contract, MDS may need to process your personal data. Thiswill occur, for instance, in the following cases:

  • Record and proof of commercial transactionsand pre-contract information, which includes, among others:

- answers to requests for informationoriginated by clients or potential clients
- requests for estimates so we mayquote/propose insurance policies;

  • Monitoring contract execution andperformance, which includes, among other things, quotes on insurance policiesin accordance with the client's interests;


ii. Compliance with legal obligations MDS mustadhere to

While conducting its business, MDS is boundby legal and statutory obligations the adherence to which may entail the needto process your personal data:

  • For tax withholding purposes, tax paymentsor reports for tax purposes;
  • To comply with legal obligations originatedby requests from the authorities (e.g., Insurance and Pension Fund SupervisoryAuthority, and Courts of Law);
  • To comply with procedures on matters ofprevention and combat against money laundering and funding for terrorism.

 iii. To pursue MDS's own interests

 MDS uses your personal data to develop,improve and promote its services and protect its legal rights and interests,including: 

  • Improvement of service quality, whichincludes:

- conduction of market surveys;
- analysis of customer service on telephonecalls; 

  • Marketing and communication, whichincludes:

- sending communications to clients andformer clients on MDS products and services;
- analysis and management of requests madeover websites and other channels.

  • Management of complaints and monitoring oflegal proceedings, which includes:

- analysis and monitoring of complaintsregistered by clients with regard to MDS services;
- analysis and monitoring of contentiouscases that MDS is a party to;

iv. To satisfy your own choices

MDS will also process your personal datawhen you have provided explicit prior consent to that end, and when thatconsent meets all legal requisites. This will occur in the following cases:

  • Commercial prospecting (e.g., communicationon MDS products and services to people who are not clients or formerclients of MDS),
  • Improvements to Service Quality (e.g., whenwe record telephone calls).



b) Data processing as a subcontractor

When MDS acts as a subcontractor, meaning,on behalf of other entities, specifically insurers, the purpose of personaldata processing will be determined by such entities as the ones accountable forthe processing. In such cases, MDS will process your personal data only tothose purposes and in accordance with the instructions conveyed to it by the entitiesaccountable for data processing.

5. Transfer of personal data and possiblerecipients for your personal data

For MDS to fulfil all its duties andprovide you with the best possible service, you may have to communicate, orgive other entities access to your personal data.  MDS will only communicate or give access toyour personal data to the following entities:

- Service providers that render services toMDS (e.g., services contracted with third parties for the provision of datacentre management services);

- To insurance and reinsurance companies withwhich insurance or reinsurance contracts have been entered into; and

- Public authorities such as the TaxAuthority or Courts of Law.

MDS will only communicate personal dataindispensable to the provision of contracted services or indispensable to the fulfilmentof legal obligations it is subjected to. In some cases, MDS may have to carry outinternational transfers of your personal data (i.e., to territories outside theEuropean Union).

Should the European Commission declarethrough an adequacy decision that the country located outside the EuropeanUnion in question guarantees a level of data protection equivalent to thatarising from European Union legislation, the data transfer will have such anadequacy decision for its basis.

You may look up existing adequacy decisionsat www.eur-lex.europa.eu.

In cases where data transfers are made to countriesor organizations outside the European Union for which there is no adequacydecision by the Committee, MDS will ensure that these data transfers strictlycomply with legal statutes and that adequate guarantees be implemented toensure the protection of your data.

6. For how long is your data processed and kept?

MDS will only process your personal data for the ends stated above and only during the time period necessary to fulfil those ends.

The following are the periods during which we keep your personal data:


 Purpose Type of DataPeriod Kept
Record and Proof of Commercial Transaction and Pre-Contract InformationTelephone call recording data; identification data for policyholder and insured persons, injured parties and beneficiaries; identification data for insured object.General: 90 days counting from the date of call recording;

When contracts are entered into remotely, the applicable time period is the contract period, and we may add to this period as much time as necessary to fulfil all the obligations arising from the contract.

Monitoring of contract management and execution

Identification data for policyholder, insured persons and beneficiaries; identification data for insured object.

Contract duration.

Commercial prospecting

Identification data for data subject, insured persons and beneficiaries; identification data for insured object.

1 year, counting from the date of contact with data subject.

Marketing and communication

Identification data for data subject, insured persons and beneficiaries; identification data for insured object.

1 year after contract expiration or after contact through MDS worksites.

Management of complaints and monitoring of legal proceedings:

Identification data for the policyholder, insured persons, injured parties and beneficiaries; claim record data in the life line; claim record data in the health line; claim record data in the workplace accident line; claim record data in the personal accident line; claim record data in the auto line; claim record data in other lines; health and lifestyle data.

While legal dispute or claim are ongoing.

Improvements to service quality

Identification data for policyholder, insured persons and beneficiaries; telephone call recording data.

General: 1 year;

If we record telephone calls, the recordings will be kept for a period of 90 days.

 Fulfillment of Legal Obligations Identification data for policyholder, insured persons and beneficiaries, payment data10 years for the fulfilment of tax obligations;

7 years for the fulfilment of obligations on matters of prevention of money laundering and terrorism funding.

Do not hesitate to contact MDS through the usual channels if you have questions. These are listed on 8.b below. 

7.  Automated Individual Decisions

MDS does not make automated individualdecisions, meaning, decisions made exclusively on the basis of automatedprocessing of your personal data that will have legal effects or willsignificantly impact you in a similar way.

Should MDS adopt this decision method, yourwill be informed of the fact, as well as the logic underlying those decisionsand the importance and possible consequences to the data subject arising fromthat treatment.


8. Data subjects' rights

a) What rights do you have with regard to theprocessing of your personal data?

i. Right of access

Whenever you request it, you will have theright to obtain confirmation on whether your personal data is processed by MDS,as well as information pertaining to that processing (e.g., to what purposedata is processed, who the recipients are, and how long we keep your data). You also have the right to obtain a copy ofyour personal data that have been the object of processing by MDS.

 ii. Right of rectification

Whenever you consider that your personaldata is incorrect or incomplete, you may request that it be rectified orcompleted.

 iii. Right of erasure

Under certain circumstances, you mayrequest the erasure of your personal data. In such cases, MDS will erase yourdata unless the data is necessary to some of the following purposes:

- exerting freedom of speech and information;

- fulfilment of legal obligation, thatapplies to MDS, demanding processing;

- public interest motives in the publichealth domain;

- public interest archiving purposes,scientific, historical or statistic research insofar as the exertion of theright of erasure gravely impedes the fulfilment of the objectives of suchprocessing; or

- assertion, exercise or defence of a rightin a legal proceeding.


iv. Right to restriction of processing

In certain cases, you may ask MDS torestrict access to personal data or suspend processing activities. This willhappen where, for example, you contest the accuracy of your personal dataduring a period of time allowing MDS to check their accuracy, or where you haveopposed processing, until it is verified whether the legitimate interests ofMDS prevail over yours.

 v. Right to data portability

In the cases provided for by applicablelegislation, you have the right to receive your personal data that you haveprovided to MDS, in a structured, current, automatically-readable format. Youalso have the right to ask MDS to transfer such data to another processor aslong as the transfer is technically possible.

 vi. Right to object

You have the right to object to theprocessing of your personal data at any time, for motives connected with yourown circumstances, when such processing is based on the legitimate interests ofMDS or when processing is conducted with purposes other than the ones for whichthe data has been collected but are compatible with the original purposes fordata collection.

MDS, in such circumstances, will stopprocessing your personal data unless it has legitimate motives to conductprocessing and such motives prevail over your own interests. You may also object, at any moment, underno obligation to justify your decision, to the processing of your data for thepurposes of direct marketing.

  vii. Right not to be subject to automateddecision making MDS does not undertake automated decision making, includingprofile definitions, that will have effects in your legal circumstances oraffect you significantly in a similar fashion.

 viii. Right to withdraw consent

Where data processing is conducted based onyour consent, you may withdraw your consent at any time.

Should you withdraw your consent, yourpersonal data will no longer be processed, except where grounds for continuedprocessing exist, such as a contract, or MDS's legitimate processing, thatpermit continued processing.

ix. Right to lodge a complaint with asupervisory authority

You have the right to lodge complaints withthe pertinent supervisory authority on matters connected with the treatment ofyour personal data.

In Portugal, the pertinent controlauthority is the Comissão Nacional de Proteção de Dados (National DataProtection Committee). To learn more, please visit www.cnpd.pt.



b) How can you exertyour rights?

You can exert your rights over thefollowing channels:

E-mail: You can exert your rights over email by writing to protecaodedados@mdsinsure.com.

Online: You can exert your rights online atmdsinsure.com/pt/politica-de-privacidade

By letter: You can exert your rights byletter address to MDS Corretor de seguros SA, at the following address: Av. daBoavista, 1277/81, Piso 0, 4100-130 Porto, Portugal

Telephone: You can exert your rights overthe phone by calling +351226082410. You will not be charged for exerting yourrights.


9. Indirect collection of your personal data

It is possible that MDS may have collectedyour personal data via third parties or other means even if you are not aclient of MDS's. This may happen whenever your contactdetails are supplied by a relative or a third party, when you are beneficiaryto an insurance policy, when you are an employee at an MDS client's, or whenyou are a member of a governing body of a legal person that is a client ofMDS's. Whenever MDS collects your data via thirdparties or other means, MDS will endeavour to provide you with the informationpertaining to the processing of your data at the earliest opportunity.

10. Security, technical and organizationalmeasures

To guarantee the security of the personaldata made available to MDS, MDS has implemented several security, technical andorganizational measures to safeguard personal data against loss, destruction,alteration, publishing or unauthorized access to personal data and against anyother form of illicit processing. Where MDS contracts with other entities forthe provision of services involving the sharing of personal data, theseentities are obligated to implement the necessary technical and organizationalmeasures so as to safeguard personal data against loss, destruction,alteration, publishing or unauthorized access to personal data and against anyother form of illicit processing


11. Responsibility over services and websites

We recommend that you read the rules on theuse of cookies by MDS websites. You may also read the MDS Cookie Policy here.

MDS websites may contain hyperlinks tothird-party websites, products and services. MDS does not have relationshipswith these third parties, nor are they bound by this Privacy Policy. MDStherefore advises that you inform yourself of the rules established by suchthird parties on the processing of your personal data by addressing these thirdparties directly.

12. Stay up to date on the security of yourpersonal data and processing by MDS

The information on this document may haveto be changed from time to time. Therefore, we recommend that you visit www.mdsinsure.com/pt/politica-de-privacidade/,where such information will be kept updated at all times so you may staycurrent on the processing conducted on your data.

Whenever changes occur with regard to theprocessing of your personal data, MDS will inform you through its website,www.mdsinsure.com/pt/politica-de-privacidade/ or through other habitual channels.

13. More information

You can access information on privacy,security measures and protection of personal data:

Cookie Policy, available at www.mdsinsure.com/pt/politica-de-cookies/

Cookie Policy

This site uses cookies. When browsing the site, you are consenting its use.Learn more

I understood
Discover MDS World