The Personal Data Protection Policy of KNOK HEALTHCARE, hereinafter referred to as knok, intends to make known to all customers, employees, service providers, or any entity that directly or indirectly relate to this in the context of the development of their activity, the rules and principles of the organisation relating to the protection of personal data. In this way, it is intended to share with stakeholders the data we collect and its purpose, still knowing the measures we take to protect your privacy. knok thus assumes a rigorous Policy for Data Protection, ensuring that all those who entrust to us their personal data, know how data is treated and what their rights in this matter. The information created, processed and stored by knok, regardless of its support or format, and used during the operational and administrative activities of the business, has to be protected. In this way, information security is based on three essential factors: 1) Confidentiality means that the information is protected against access or exposure to unauthorised entities. Basically, it means that a user should be able to rely that confidential personal information is not accessed by anyone who does not have the rights and a concrete purpose to access the same information. Due to the sensitive information in clinical applications and the amount of data shared through the health ecosystem, confidentiality is assumed as one of the crucial pillars. 2) Integrity means that information maintains all the characteristics defined by your guardian, including control of changes throughout your life cycle. Users should be able to rely that the data to which health professionals have access are accurate and complete and that the prescribed treatment is based on these same data. In the provision of health care the integrity gains even more relevant weight in that a failure in data integrity can result in direct damage to the health of the user. 3) Availability means that information is accessible to authorised personnel whenever relevant. It is about giving access to information when it is required and often in a particular context. It is also objective of this document to ensure compliance with the applicable legal provisions to bend data protection, in particular in the European Regulation of Data Protection (Regulation No 2016/679 of April 27, 2016) and Law No. 58/2019 which ensures the implementation in the Portuguese legal order of RGPD.
For the purposes of this policy and the General Data Protection Regulation (GDPR), it is understood by:
«Personal data» means information on a natural person identified or identifiable («data holder»); A natural person is identifiable if it can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, identification number, location data, electronic identifiers or to one or more physical, physiological, genetic, mental, economic, cultural or social identity of this natural person;
«Treatment» is any operation or a set of operations carried out on personal data or on personal data sets, by automated or non-automated means, such as collection, registration, organisation, structuring, conservation, adaptation or amendment, recovery, consultation, use, transmission disclosure, diffusion or any other form of availability, comparison or interconnection, limitation, erasure or destruction.
«Responsible for treatment» means the natural or collective person, the public authority, the agency or other body which, individually or together with others, determines the purposes and means of processing personal data;
«Consent» of the data holder, a free, specific, informed and explicit manifestation, informed and explicit, by which the data holder accepts, by declaration or unambiguous positive act, that the personal data concerning them are subject to treatment; «Health data» means personal data relating to the physical or mental health of a natural person, including the provision of health services, which reveal information on their health status.
«Minimisation of data» Principle that it imposes that the personal data collected should be limited to what is necessary for the purposes for which they are treated. 'Violation of personal data' infringement of security which accidentally or unlawful, destruction, loss, alteration or unauthorised access to personal data transmitted or subject to any other type of treatment.
Responsibility for collecting and treatment. knok is the entity responsible for collecting and processing personal data. knok’s professionals (employees or service providers) are an important element in the life cycle of customer data processing, in so far as, as a rule, they will be those that collect and treat data. The professionals should therefore adopt a set of procedures and caution in the way they manipulate the data in order to ensure the confidentiality of the data and, consequently, avoid safety failures and unauthorised access.
knok collects personal data for precise, explicit and legitimate purposes, and will never deal with such data incompatible with these goals. knok uses personal data for customer identification, scheduling and medical services, billing and collection of services provided, satisfaction assessment, complaints and suggestions as well as for other purposes consented by the holder or due to legal imposition.
Personal Data Collection
By collecting personal data, knok informs the holder of the purpose for which they are collected. At the time of collection knoks professionals ensure the principle of minimisation, ensuring that only personal data is strictly necessary for the act in question. The provision of information on the terms in which personal data shall be guaranteed, through the following elements:
What data we collect When you use our site, we collect specific data about you and your site use. The data we collect belongs to three different categories: 1. Information you provide to us; 2. Information we collect from you automatically when you use our site, and, 3. Information we collect from our partners and other sources.
1. Information you provide to us:
2. Information collected automatically: Usage data may include IP address, device identifier, browser type, operating system, information about your site use, and data related to network-related hardware (eg computer or mobile device). The methods that can be used on the platform to collect use data include:
3. Information we collect from our partners and other sources:
An authentication device is a unique identifier issued by the operating system of your mobile device. Although we can access a list of authentication devices, the application and authentication devices do not reveal your identity, the identity of the single device or contact information.
Under the General Data Protection Regulation, the data holder is guaranteed, the right of access, updating, rectification, treatment limitation or elimination of their personal data, upon request addressed to knok, through the email [email protected] or a letter to the address: knok Healthcare - Rua Júlio Dinis 728, 7D 4050-012, Porto Portugal.
Health professionals should ensure access reserved for information and platform systems in which health data are recorded. Health professionals should also refrain from duplicating clinic databases by creating, for instance, own files with the database / application information they access.
The registration of clinical information of customers should be carried out directly by the health professional. They should only be collected and consequently recorded the data strictly necessary to ensure the provision of medical care. The health professional should only access the client's clinical information in the clinical or other process in so far as it is necessary for the pursuit of their functions.
Clinical information should not be shared with third parties except to ensure the continuity of health care provision. In this situation, the professional must ensure that sharing is carried out, securely and confidentially, to another professional subject to the obligation of confidentiality and confidentiality and which follows all measures to protect this sharing of information.
Health professionals should abstain from somehow transporting constant clinical information from the clinical or other process, except in the cases authorised by the institution's guidelines and for the purpose of ensuring the continuity of average care provision. Where special security measures should be adopted, in order to ensure that the information is not accessed by third parties undue (in particular, the information should be anonymised and / or encrypted).
The health professional should not use or, in any way, connect personal devices to KNOK’s systems and platforms, except in cases where there is prior approval of the entity responsible. If such happens, and attentive to the nature of the information, the professional must take into account that access to the network through personal mobile devices entails safety and confidentiality risks and should therefore adopt the security measures necessary to protect the data to be, through its device, against destruction, accidental or illicit, accidental loss, amendment, diffusion or unauthorised access, as well as against any other form of illicit treatment of the information. It should also, in any situation, maintain confidential information on secrecy and strict confidentiality, not allowing access to third parties.
The health professional cannot treat data collected under the provision of health care for their own purposes. If you want to use the data for academic or research purposes, you must obtain the approval of KNOK officers and should collect the patient's consent to this purpose by providing you with the necessary information on the terms in which the data will be used. In this situation, the professional will be considered responsible for the treatment of data.
If any failure occurs or incident involving personal data, the health professional should make communication from it, according to the procedures established for that purpose. In so far as they have information on the incident, they should make it available at the time of communication. In particular, they should communicate the nature of the violation of personal data including, if possible, the categories and the approximate number of affected data holders, as well as the categories and the approximate number of personal data records concerned.
knok will only transmit data to third parties when the data holder requests or authorises or when it comes to a legal imposition. Where there is a need to transmit certain personal data to subcontractors, knok will adopt appropriate measures to ensure that the entities with whom the data are shared have implemented safety and data protection measures to preserve their personal data, ensuring they are used according to the previously established purpose. In case of a personal data requirement for auditors or external authorities, their supply will be limited to strictly necessary for these entities to properly implement the tasks and functions that by law or contract are committed to them.
knok ensures that it will put into practice appropriate technical and organisational measures to protect personal data against accidental or illicit destruction, accidental loss, change, dissemination or unauthorised access, as well as the adoption of measures to ensure a level of protection appropriate in relation to the risks inherent to the treatment and nature of the data to be protected.