Legal
GDPR Compliance
Last updated: 2026-05-01
Six Medic processes personal and health data in full compliance with EU Regulation 2016/679 (GDPR) and Portuguese Law 58/2019. This page summarises the concrete safeguards we have in place.
Lawful basis
Health data is processed under Art. 9(2)(h) GDPR (provision of health care by a regulated professional bound by medical secrecy). Contact and billing data is processed to perform the contract you entered into. Optional marketing only with explicit consent.
Data minimisation
We only ask for information clinically required to deliver the consultation and the documentation needed for billing.
Security
Encrypted transport (HTTPS/TLS) for all data, encrypted storage at our cloud providers, access restricted to the treating physician and strictly necessary staff, and audit logs on administrative actions.
Processors
We work only with processors that offer GDPR-grade guarantees and sign data-processing agreements: Stripe (payments), our cloud hosting, transactional email provider and video infrastructure.
Your rights
Access, rectification, erasure, restriction, portability, objection, withdrawal of consent and the right to lodge a complaint with the CNPD (www.cnpd.pt). Requests can be sent to info@sixmedic.com and will be answered within 30 days.
Data Protection Officer
For data-protection questions write to info@sixmedic.com. If the request concerns a clinical record, please include your full name and the email used at booking so we can verify your identity.