Unidade Local de Saúde de Matosinhos
Santa Casa de Misericórdia da Bahia
Pró-Saúde
Sabará Hospital Infantil
Pulido Valente
Hospital de Santa Maria
Luz Saúde
Hospital LeForte
Hospital IGESP
Hospital 9 de Julho
A.R.S. Lisboa e Vale do Tejo
Garcia da Orta
AC Camargo
Rede Ímpar
Unidade Local de Saúde de Matosinhos
 

Privacy Policy

SISQUAL® Workforce Management Lda. (“SISQUAL”) provides a platform through a Software as a Service (SaaS), On-Premises Application and Mobile Application models. At SISQUAL®, the privacy and security of our customers, users and visitors are very important. SISQUAL® is fully committed in protecting the data you share with us. This privacy policy explains how SISQUAL® processes information that can be used directly or indirectly to identify an individual (“Personal Data”) collected through use of its website and platform in accordance with the applicable regulation and standards identified in this Privacy Policy (such as GDPR for example).

For the purposes of this policy, SISQUAL® defines the term “Customer” as an entity with which SISQUAL® has an established relationship, the term “User” as any individual who responds to marketing campaigns by SISQUAL® or who is included as a contact in a customer’s account, and the term “Visitor” as an individual that visits our front-end website (for example www.sisqualwfm.com).

Any information stored on SISQUAL®’ platforms is treated as restricted. All information is stored securely and is accessed by authorized personnel only. SISQUAL® implements and maintains appropriate technical, security and organizational measures to protect Personal Data against unauthorized or unlawful processing and use, and against accidental loss, destruction, damage, theft or disclosure.

Information we collect on our corporate website

In general, you may visit SISQUAL®’ website, www.sisqualwfm.com, without providing us with any directly identifiable personal data. However, we may collect indirectly identifiable (pseudonymous) information from you, which includes your IP address used to track unique visits to our site for analytic purposes. In order to grant you access to protected and secure resources we may collect your full name, postal address and email address, to fulfil your requests for information including white papers, or participate in feedback surveys. In other instances, we may ask you to provide us with information such as your product interests so that we can send you only the information that is useful to you, including articles, newsletters, product and service alerts, new product and service announcements and event invitations. When we collect your personal data, we will inform you as to why we are asking for information and how the information will be used. However, please note that providing directly identifiable personal data is optional. When you receive your confirmation email or when you receive any email from SISQUAL®, you will be given instructions on how to remove yourself from the list.

SISQUAL®’ accountability for personal data that it receives under the GDPR and subsequently transfers internally or to a third party outside the European Economic Area is described in further detail below. In particular, SISQUAL® remains responsible and liable under the GDPR if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the GDPR unless SISQUAL® proves that it is not responsible for the event giving rise to the damage.

Cookie Information

SISQUAL uses cookies to help us understand more about our website visitor activity. For example, we can track data about visits to the website, including numbers of visitors and visits, geo-location data, length of time spent on the site, pages clicked on or where visitors have come.

If you do not want us to track this information you can turn off cookies within your browser, follow the instructions here: https://cookies.insites.com/disable-cookies/.

Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your device’s internal memory.

We, our service providers, and/or non-affiliated third parties, may use “cookies” or similar technologies such as “pixel tags” on our digital properties. We and our partners use cookies or similar technologies in order to analyse trends, administer the websites, and track users’ movements around our digital properties. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our website or service.

We use these technologies with our website visitors in a de-identified fashion. We may also use third-party analytics and marketing integration services such as those by Google, to help us track and optimize our website performance and customer-facing marketing. These third parties may also use both cookies and pixels to help us better manage content on our site by informing us what content is effective. These third parties are prohibited from using collected data for any purpose other than as a service provider to us.

SISQUAL® as Subcontractor

When providing our software and providing SISQUAL® services to our corporate customers, SISQUAL® acts as a Data Processor. We need to collect and use personal data to enter into a contract with a customer or to fulfil our contractual obligations. We may also use such data for our legitimate business interests to administer our platforms, provide access to interfaces and features, and to enforce our acceptable use policies and terms of service.

To the extent our customers need to collect and share and allow us to process personal data of their employees and customers to enable our services, we will rely upon our customers to provide necessary privacy notices and to obtain required consents.

Log Data

We want to inform you that whenever you use our Service, in a case of an error in the app we collect data and information (through third party products) on your phone called Log Data. This Log Data may include information such as your device Internet Protocol (“IP”) address, device name, operating system version, the configuration of the app when utilizing our Service, the time and date of your use of the Service, and other statistics.

Security and Retention

SISQUAL® takes commercially reasonable steps to ensure the ongoing confidentiality, integrity, availability and resilience of our systems and services processing your personal data.

Notably, we implement comprehensive antivirus, anti-spam, and spyware protection for the servers along with a full-fledged intrusion detection system coupled with robust firewalls and alerts system in place.

Access and Your Right to Privacy

If you are our Customer or prospect, you have enhanced rights under the GDPR. You may access, correct or request deletion of your personal data.

SISQUAL® abides by the Data Subject Rights requests referenced within GDPR Articles 13-22 with respect to:

Right to be informed (about processing activities and applicable rights)

Right to access data (or obtain data being processed)

Right to rectify information (when outdated or incorrect)

Right to erasure (and to be publicly forgotten)

Right to object to processing (particularly activities based on consent)

Right to restrict processing (when processing is deemed to be unlawful)

Right to data portability (between proprietary systems in a common format)

Rights related to automated decision making (including decisions based on profiling activities)

SISQUAL® has put into place operational processes to comply with all Data Subject Rights requests within 30 days when received, however we may need to verify certain Personal data fields to ensure we act upon the correct data.

If your business contact information changes, or if you would like to modify or remove your details, or to exercise your other rights, please contact quality@sisqual.com.

Additionally, SISQUAL® is required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

We value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.

International Data Transfers

All processing of Personal Data is performed in accordance with privacy rights and regulations following the GDPR and the local legislation.

You are entitled to know whether we hold information about you and, if we do, to have access to that information and require it to be deleted, limited or corrected if it is inaccurate. You can do this by contacting us via dpo@sisqual.com. We encourage you to contact us should you have any privacy-related complaint.

In compliance with the GDPR, SISQUAL® commits to resolve complaints about our collection or use of your personal information.

Notification of Changes

SISQUAL® reserves the right to update or change this Privacy Policy from time to time.

Changes will be posted on this page. If we make a material change to our privacy practices, we will provide notice on the site or by other means as appropriate.

Contact

If you have any questions, please feel free to contact quality@sisqual.com.

DPO Information

To contact SISQUAL®’s Data Protection Officer, please reach out to dpo@sisqual.com.

PUBLIC INFORMATION – Privacy Policy – updated on 28/05/2020

Cloud Privacy Policy

SISQUAL is truly committed to achieve compliance with applicable data protection legislation and regulation (including GDPR), and with the contractual terms agreed with its cloud service customers.

Our cloud service is provided in a Software as a Service (SaaS) model, where customer just accesses and uses our WFM software in the cloud. This Policy applies to such provision of service as SaaS model only. Exceptions to this model of service and any resulting specific responsibilities shall be detailed in the contract.

We have designated a Data Protection Officer (DPO) that acts as a point of contact for our customers regarding personal data protection, which may be contacted through this e-mail: dpo@sisqual.com

Co-operation regarding data subjects’ rights

Our WFM software (from version 7 on) includes functionalities that allow our customers to fulfil their obligation to facilitate the exercise of data subjects’ rights to access, correct and/or erase personal data pertaining to them. Please refer to the document “GDPR SISQUAL WFM” for more details and also for information about any situations that the customer depends on us to facilitate the exercise of data subjects’ rights.

Purpose of treatment

We don’t treat any personal data stored by the customer or its end users in the WFM database for any purpose not included in the cloud service contract, unless the customer gives us instructions to do so. We also don’t use that personal data for the purposes of marketing and advertising.

Disclosure notification

We will notify the service customer, in accordance with any procedure and time periods agreed in the contract, of any legally binding request for disclosure of personal data by a law enforcement authority, unless such notification is otherwise prohibited (e.g. to preserve the confidentiality of a law enforcement investigation).

We will consult the service customer where legally permissible before making any personal data disclosure and accept any contractually agreed requests for personal data disclosures that are authorized by the service customer.

We will record all disclosures of personal data to third parties such as those arising from lawful investigations or external audits, including what data has been disclosed, to whom, at what time, and the source of the authority to make the disclosure.

Notification of data breaches

We will promptly notify the customer in the event of any unauthorized access to personal data or unauthorized access to processing equipment or facilities resulting in loss, disclosure or alteration of personal data, and we will provide the information necessary for customer to fulfil his obligation to notify relevant authorities. This notification obligation does not extend to a data breach caused by the customer or by a data subject or within system components for which they are responsible.

In the event that a data breach involving personal has occurred, we will maintain a detailed record of the incident including a description of the data compromised, if known, and of any notifications performed according to applicable laws and regulations.

Return, transfer and disposal

In case of termination of the contract, after receiving and satisfying a request to return the personal data to the customer, transfer it to another cloud provider or to another personal data controller (e.g. as a result of a merger), we will assure the secure deletion of all data  (by us and any of our authorized sub-contractors) from wherever they are stored, including for the purposes of backup and business continuity, as soon as they are no longer necessary for the specific purposes of the customer.

Information about sub-contractors

Our use of sub-contractors participating in personal data treatments is stated in the contract with the customer. We will inform the customer in a timely fashion of any intended changes in this regard so that the customer has the ability to object to such changes or to terminate the contract. We will inform the customer about the names of our relevant sub-contractors, the countries in which they may process data and the means by which those sub-contractors are obliged to meet or exceed our own obligations.

We will also inform our customers about the countries where personal data might possibly be stored, arising from the use of sub-contractors. Any intended changes in this regard will be informed to the customer in a timely fashion so that the customer has the ability to object to such changes or to terminate the contract.

Technical and organizational measures

SISQUAL has implemented and continually improves technical and organizational measures aligned with the guidance and requirements of ISO/IEC 27001, 27002 and 27018 international standards, to ensure that the contracted security arrangements are in place and that personal data is not processed for any purpose independent of the instructions of the customer, and also to guarantee compliance with relevant information security and personal data protection obligations imposed by applicable laws and regulations like GDPR. We are finalizing the certification process according to ISO/IEC 27001 and 27018, but also according to ISO/IEC 20000-1 and ISO 9001.

Awareness, education and training

All our staff is made aware of the possible negative consequences on data subject’s, on our customers, on SISQUAL and on the staff member her/himself, of breaching privacy or security rules and procedures, especially those addressing the handling of personal data and related assets.

User access management

Our WFM cloud software is provided in a Software as a Service (SaaS) model, so the customer is responsible for all aspects of access management for the users under its control, by providing administrative rights to manage or terminate access.

We recommend all our customers to implement procedures for user registration and de-registration to avoid situations where user access control is compromised, such as the corruption or compromise of passwords or other user registration data (e.g. as a result of inadvertent disclosure), aligned with the guidance and requirements of ISO/IEC 27001 and 27002 international standards.

Use of cryptography

To enhance the protection of personal data we use HTTPS encryption.

Backups

We assure backup and restore of all data residing in the cloud provider.

Audits

We undertake independent internal audits and we are audited by an accredited certification body every year. These audits verify that information security and privacy is implemented and operated in accordance with our policies and procedures.

PUBLIC INFORMATION – Cloud Privacy Policy – updated on 20/04/2020