1. Controller Identification
This website and the associated services are operated by Consciênciavaliativa Unipessoal Lda (NIF: 517409241), hereinafter referred to as "Paulo Morais" or "The Entity". The Entity acts as Data Controller under the General Data Protection Regulation (Regulation (EU) 2016/679 - GDPR).
2. Collected Data and Lawfulness of Processing
The Entity collects personal data (Name, Email, Phone and Medical History) strictly necessary for the execution of its services. Processing is based on the following legal bases (Article 6 of the GDPR):
- Contract Performance: For the management of bookings, physical assessments, and prescribing osteopathy treatments or training.
- Explicit Consent: For the processing of health-related data (Medical History), validated at the time of registration, in accordance with Article 9 of the GDPR.
- Legitimate Interest and Legal Obligation: For billing and taxation purposes, in accordance with applicable laws in the European Union and Portugal.
3. Retention Period
Your personal data will be kept only for the strictly necessary period: tax data will be kept for a legal period of 10 years; health data and clinical history will be kept securely for 5 years after the last consultation, after which they will be anonymized or securely destroyed.
4. Cookies and Tracking Technologies
We use essential cookies necessary for the operation and navigation of the website (no consent required under the ePrivacy Directive). Additionally, we use analytical cookies to improve the browsing experience, the latter being activated exclusively through your Prior Consent collected via a cookie banner.
5. Data Sharing and International Transfers
The Entity does not sell or share your data with unauthorized third parties. However, data may be shared with essential technical partners operating as Data Processors, such as billing systems or hosting infrastructures (e.g. Google Firebase). Any transfer of data outside the European Economic Area (EEA) is duly safeguarded by the adoption of Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring a level of protection equivalent to that of the GDPR.
6. Security and Confidentiality
We apply strict technical and organizational measures, such as SSL/TLS encryption protocols and strict controls on access to databases, to guarantee the pseudonymization, confidentiality, and protection against unauthorized access, loss, or misuse of information.
7. Data Subject Rights
Under the European Union GDPR, the data subject enjoys not only control over their information, but the following rights:
- Right of Access and Transparency: To request and obtain knowledge about whether your information is subject to processing and to obtain the respective copies.
- Right to Erasure (Right to be Forgotten): To demand the elimination of your data when there is no legal justification.
- Right to Restriction, Rectification and Portability: To update outdated data or obtain the export of structured data in a common format.
To exercise any of these rights, we request contacting the DPO (Data Protection Officer) available at email: pt@pmorais.pt.
8. Right to Lodge a Complaint with a Supervisory Authority
If you consider that there has been any irregularity in the processing of your data, you have the natural right to present a complaint to the National Data Protection Commission (CNPD) or other European supervisory authority.
9. Complaints Book
In accordance with Portuguese consumer law legislation, we provide digital access to the Electronic Complaints Book. You can easily access it in the footer of this page on the website.