Kundenbereich
Angebot anfordern

Datenschutz- und Persönlichkeitsschutzrichtlinie

This Privacy and Personal Data Protection Policy (hereinafter referred to as the “PRIVACY POLICY”) applies generally to the collection and processing of personal data provided by clients, prospective clients, users and service beneficiaries – hereinafter referred to solely as the “DATA SUBJECT” – of the services rendered, both offline and online, by MEDAL- Gestão e Mediação de Seguros, Lda, registered with the Portuguese Insurance and Pension Funds Supervisory Authority (ASF) under no. 407154810/3, corporate tax number (NIPC) 503550035, with its registered office at Rua Dr. Teófilo Braga, 3ª – 1º, 8500-668 Portimão, hereinafter referred to as “MEDAL”.

This includes, in particular, data collected through forms, websites, simulators, proposals, documents or other means (hereinafter referred to as “DOCUMENTS”), whether in paper or electronic format, used to enable contact with MEDAL. This Policy also applies to the exercise of rights by the DATA SUBJECT in relation to such data, in accordance with the applicable legislation, including but not limited to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation – GDPR).This PRIVACY POLICY is of a general and abstract nature. Accordingly, the information herein may be supplemented or partially replaced by other policies, notices or specific information that may be provided by MEDAL in the context of certain categories of personal data processing.r website address is: https://www.medal.pt.

1. Controller of personal data

A MEDAL, whose activity is regulated by Decree-Law no. 144/2006 of 31 July, and the corresponding ASF regulations, acts in accordance with the agreements, protocols, arrangements or conventions established with INSURANCE COMPANIES (undertakings authorised by the competent authority of an EU Member State to conduct insurance business), hereinafter referred to as “INSURERS”.

Depending on the circumstances, MEDAL may interact with INSURERS through various business models and operational frameworks, which may impact the purposes and means of processing personal data of the DATA SUBJECT. As such, MEDAL may act, for the purposes of data protection legislation, as a “controller”, “processor” or “joint controller” of the PERSONAL DATA provided by the DATA SUBJECT when completing DOCUMENTS, whether directly or through third parties, or generated by MEDAL in the context of pre-contractual contacts, or during the conclusion, performance, renewal or termination of an insurance contract or operation, or resulting therefrom.

Provision of such PERSONAL DATA is a necessary requirement for pre-contractual steps, as well as for the conclusion and performance of the insurance contract through MEDAL. Failure to provide such data may prevent the INSURERS, with MEDAL’s intervention, from accepting the contract.

PERSONAL DATA will be processed by MEDAL, as controller, processor or joint controller, strictly for the purposes set out in Article 4 below and in full compliance with applicable data protection law.

2. Data protection contact

For any matters relating to the protection of PERSONAL DATA, please contact:

Postal address:

Data Protection Contact

Rua Dr. Teófilo Braga, 3ª – 1º 8500-668 Portimão;Email: info@medal.pt

3. Processing of personal data

PERSONAL DATA provided in the relationship with MEDAL are processed in compliance with the applicable legal principles, namely:

  • processed lawfully, fairly and transparently;
  • collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes;
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • accurate and, where necessary, kept up to date, with appropriate measures taken to ensure that inaccurate or incomplete data are erased or rectified;
  • stored in a form that permits identification of data subjects only for as long as is strictly necessary and legally permitted for the purposes for which they were collected or subsequently processed.

4. Purposes, legal basis and retention periods

PERSONAL DATA are processed for the following purposes, on the legal bases indicated below, and are retained strictly for the periods necessary for those purposes, as described:

PurposeLegal BasisRetention Period
Execution and management of the insurance contract and mediation services, including pre-contractual steps with MEDAL’s involvement.Presentation, proposal, conclusion and execution of the insurance contract, pre-contractual procedures and support for its management, particularly in the event of a claim, with the intervention of MEDAL.Legitimate interest of the data controller or third parties in identification, risk assessment, information, clarification and advice on solutions and products.Consent of the DATA SUBJECT.Compliance with legal and regulatory obligations.Until expiry of the statutory limitation period for obligations arising from the insurance contract and mediation activity.
Prospection and commercial activityConsent of the DATA SUBJECT.Legitimate interests in the development and growth of the activity of the data controller or third parties.Up to one year after termination of the contractual/legal relationship. 
Compliance with legal obligations, namely with supervisory, tax, fiscal, or judicial authorities, among others.Compliance with legal and regulatory obligations.Legitimate interests in controlling the activity of the data controller or third parties.For the declaration, exercise or defence of rights in legal proceedings.Legal deadline applicable at any given time for each legal and judicial obligation to be fulfilled.Until the
expiry of the limitation period or expiry date for the exercise of rights.


5. Recording of telephone calls

Telephone calls between the DATA SUBJECT and MEDAL may be recorded, with prior information and consent of the DATA SUBJECT, for the purposes of managing pre-contractual and contractual relations, fulfilling legal obligations, serving as evidence of communications, improving service quality, or for quality control. Recordings will be retained in accordance with the periods set by the Portuguese Data Protection Authority (CNPD), namely Deliberation no. 1039/2017.

6. Health data

In the case of certain risk coverages to be transferred from the sphere of the DATA SUBJECT (namely, in health insurance, personal accident insurance or others), which fall within the category of special and sensitive data, the submission, proposal, conclusion or performance of the insurance contract, with the legal and/or contractual involvement of MEDAL, involves or may involve the processing of data relating to the health of the DATA SUBJECT, whether in the context of the pre-contractual relationship, for identification, analysis of the proposed risk and setting of the contractual conditions, or in the context of the management of the contractual relationship, use of the cover, claims management and, likewise, in renewal processes and contractual amendments. MEDAL processes the data in question, whether as “controller”, “processor” or “joint controller”, for the purposes indicated above, on the basis of the consent of the DATA SUBJECT or of his/her representative, without prejudice to cases in which the processing is based on another lawful ground (such as for the purposes of complying with obligations and exercising specific rights of MEDAL, of the INSURERS, of third parties or of the DATA SUBJECT him/herself, in the field of labour law, social security and social protection, to the extent that such processing is permitted by the law of the European Union or of the Member States, or by a collective agreement that provides adequate safeguards for the fundamental rights and interests of the DATA SUBJECT). In such cases, acceptance by the INSURERS, with the involvement of MEDAL, of the insurance contract in question depends on the possibility of processing data relating to the health of the DATA SUBJECT; otherwise it is not feasible to carry out the analysis of the proposed risk, conclude the insurance contract, transfer the risk, place and accept the intended cover, or even maintain the contract in force with the INSURERS.

7. Communication of data

The PERSONAL DATA may be disclosed to other companies that are in a relationship of ownership or control (Group), already established or to be established, which MEDAL is or will become part of, whose identification and contact details may, at any time, be requested from the Personal Data Protection Contact, as identified in Article 2 above. Such data may be processed by other entities in relation to which MEDAL acts, as the case may be, as “processor” or “joint controller”, by those to whom MEDAL has subcontracted its processing, as well as by its co-insurance intermediaries or Persons Directly Involved in the Insurance Mediation Activity (PDEAMS). The PERSONAL DATA may also be processed by other INSURERS or co-intermediaries within the framework of claims settlement.

For the purposes described and in compliance with a legal obligation, the PERSONAL DATA may be transmitted to judicial, administrative, supervisory or regulatory authorities, as well as to entities that lawfully frame or carry out data compilation activities, fraud prevention and combat measures, market studies or statistical or technical–actuarial studies.

8. Collection of data from other sources

A MEDAL may collect information relating to the DATA SUBJECT that is considered relevant for the assessment of the risk to be insured and for the establishment, by the INSURERS, with the intervention of MEDAL, of the contractual conditions of the insurance, from publicly accessible sources, public bodies, industry associations, existing IT platforms, or specialised companies, in order to supplement or verify the information provided by the DATA SUBJECT. This is carried out within the scope of managing the pre-contractual and contractual insurance relationship through MEDAL, including the exercise of insurance mediation activity under the specifically applicable legislation, in compliance with the duties of information, clarification, transmission, advice, assistance, and record-keeping imposed by such legislation.

9. Rights of the data subject

The DATA SUBJECT has the right to request from MEDAL, and through it from the INSURERS, by means of a written request addressed to the Personal Data Protection Contact:

  • Access, under the legally established terms and conditions, to the PERSONAL DATA concerning them and subject to processing;
  • Correction or updating of inaccurate or outdated PERSONAL DATA concerning them;
  • Processing of incomplete PERSONAL DATA when such data are found to be incomplete;
  • Deletion, in cases specifically provided by law, of PERSONAL DATA concerning them;
  • Restriction, under the conditions provided by law, of the processing of PERSONAL DATA concerning them.

By means of a written request addressed to the Personal Data Protection Contact, the DATA SUBJECT also has the right to:

  1. Withdraw the consent given, when the processing of data is based solely on consent;
  2. Object to the processing for reasons relating to their particular situation, when the processing of data is based on the legitimate interest of the “controller” or of third parties;
  3. Receive from the “controller”, “processor” or “joint controller”, in a commonly used digital format and readable automatically, the personal data concerning them that have been provided by them and processed by automated means on the basis of:
    a) consent given by the DATA SUBJECT, or
    b) a contract concluded, and may request, in writing, the direct transmission of such data to another controller, whenever technically feasible.

The DATA SUBJECT may also request from the Personal Data Protection Contact more detailed information, namely regarding the purposes, lawful bases, and retention periods, as well as lodge complaints regarding the processing of their PERSONAL DATA, without prejudice to the possibility of doing so directly with the National Data Protection Commission (CNPD).

10. Security of personal data

A MEDAL adopts appropriate technical and organisational measures to protect PERSONAL DATA against loss, destruction or damage, whether accidental or unlawful, and to ensure that the data provided are protected against access or use by unauthorised third parties. MEDAL guarantees the privacy and security of the transmission of data of its clients and visitors to its website and other IT platforms, where applicable.

11. Automated decisions

In the context of the underwriting and renewal processes of insurance contracts or operations, the INSURERS may use automated decision-making solutions deemed necessary for the conclusion and execution of the respective insurance contract or operation, with the involvement of MEDAL, using information concerning the policyholder or insured persons obtained within the framework of the management of the contractual or pre-contractual relationship, from which decisions regarding the applicable contractual conditions for underwriting or renewal may result. The DATA SUBJECT may also request from the Personal Data Protection Contact more detailed information about the logic underlying the processes in question, within the framework of underwriting and renewal of contracts, through MEDAL, namely concerning the information considered for fully automated decision-making and how it is integrated into the INSURERS’ decision-making process. In all cases where the INSURERS make decisions exclusively based on automated processing of data, the respective processes shall include, at a minimum, mechanisms that allow the data subject to:

  1. express their point of view;
  2. contest the decision; and
  3. request and obtain from the INSURERS, directly or through MEDAL, human intervention in the decision-review process.

12. Cookies

MEDAL may use cookies on its website, where available, to improve the user experience and to allow certain operations to be carried out securely.

13. Changes to the privacy policy

This PRIVACY POLICY may be subject to periodic changes, through publication on the website, where available, or by dissemination through any means that provides a written record, including e-mail or postal mail, without the need for prior and express consent from the DATA SUBJECT.

Any significant changes will be communicated with a level of publicity corresponding to their relevance, either by highlighting them in the online publication or, if the relevance so justifies, by individual communication to the DATA SUBJECTS.

Kundenbereich
Startseite
Für Privatkunden & Familien
Für Firmenkunden
Büro-Finder
Kontaktieren Sie uns
Angebot anfordern

*“ zeigt erforderliche Felder an

Nur erforderlich, wenn der Kundentyp ausgewählt ist
Erforderlich für persönliche Termine und zur Weiterleitung Ihrer Anfrage an die Behörde, die Ihrem derzeitigen oder zukünftigen Wohnort in Portugal am nächsten liegt.
Akzeptierte Dateitypen: pdf, jpeg, Max. Dateigröße: 5 MB.
Laden Sie Ihre Policen, Quittungen, Ihren Lebenslauf usw. hoch.
Zustimmung zur Datenschutzrichtlinie*
Zustimmung zum Newsletter

Wenn Sie bereits MEDAL Insurance Kunde, greifen Sie bitte auf Ihre Kundenbereich und rufen Sie die Kontaktdaten Ihres Maklers für persönlichen Support auf.

Greifen Sie auf Ihren Kundenbereich zu