The purpose of this document is to establish and make known the rules and mechanisms for ensuring the privacy of all personal data received and kept by the company, within the scope of commercial and labor activity, namely informing you about which categories of personal data we collect the form and legal basis for processing the data, with whom we share the data, the period for which the data is kept, the rights that assist you and how you can exercise them and the obligations in case of data breach.
Cabeça de Porca
Sendim – Ap. 242
Tlf: +351 255 310 150
What personal data is and what personal data we collect and use
Personal Data is any information that can identify a natural person.
We collect and use personal data in the context of the commercial activities that the company, as well as in the industrial relations (in the case of our employees) that is processed. There are several types of personal data they use, namely:
- Identification data (for example: name, identification numbers, nationality, date and place of birth);
- Contact details (for example: address, telephone, e-mail address);
- Family situation (for example: number of descendants, tax status);
- Education (level of education);
- Bank and financial data (IBAN, NIB, credit limits);
- We do not collect sensitive data – biometric data, genetic data, health data, of racial or ethical origin, data relating to sexual life or orientation, political opinions, religious or philosophical beliefs, with the exception of union membership (applicable only to employees due to compliance with legal obligations).
Indirect collection of other data
We may have indirect access to personal data from:
- Legal or mandatory representatives;
- Partners of the society;
- Employees of our customers, suppliers, service providers and partners.All of these data protected with the same security and privacy.
What is the foundation and how Purposes
Based on the prior consent of the holder of the personal data, which must be free, bankable and unambiguous;
- Legitimate interest
When the processing of data corresponds to a legitimate interest on the part of the company with a view to developing our activity and providing our services, as well as, its industrial relations;
- Compliance with all legal, regulatory and judicial obligations
When the processing of personal data is necessary to comply with all legal, regulatory and judicial obligations to which the company is determined.
- Pre-contractual arrangements, execution and management of contracts
- Request your consent for specific treatment for this scope
The use of personal data is necessary in particular for:
- Management and monitoring of customers / suppliers;
- Marketing activities, such as: presentation of products / services, sending newsletters, promotional campaigns and actions, satisfaction surveys, market research, profile analysis.
- Compliance with all legal, regulatory or judicial obligations to which the company is bound in the commercial and labor scope;
- Administrative, accounting and financial management;
- Training management;
- Collection and litigation management;
- Complaints management;
- Access control to the facilities;
- Recruitment processes
With whom we share personal data
As part of fulfilling the purposes described above, it may be necessary to share your data with:
- Official, Regulatory, Judicial and Police Entities
To comply with all legal obligations, as well as participation in programs and support.
- Service providers and subcontractors
It may be necessary to share personal data with third parties within the scope of the activity and according to each objective, such as, for example, insurance companies, health and safety at work companies, travel agencies, training companies, technical assistance companies, support for e-commerce activities, hosting of our sites, among others.
- Business partners
In these cases, we can share your data with these partners to optimize our products and services.
- Customers and Suppliers
Some personal data of employees, within the scope of the functions that each employee performs, may have to be shared with customers and suppliers.
What are the retention periods for personal data
Personal data will be kept for an indefinite period of time, that is, until the data subject requests its total or partial deletion or withdraws his consent, provided that this request does not conflict with the fulfillment of contractual or legal obligations and regulations to which the company is bound.
What are the rights of the holders of personal data
The holder of personal data, in accordance with the applicable rules, has the right to information, access, rectification, elimination, limitation, objection and portability of the data, as well as to contest automatic decisions and to withdraw his consent.
- Right to information, access, and rectification
The data subject can, at any time, access the data provided, request its rectification, as well as obtain information regarding its treatment, and we are committed to follow up within a maximum period of 30 days.
- Right to disposal
The right to delete is also recognized, with personal data being deleted within the aforementioned period, counting from the date of the request, provided that there are no valid legal grounds for its conservation.
- Right to limitation and objection
You can request the limitation, as well as, oppose the treatment of personal data, namely, when the data are processed for direct marketing purposes.
- Portability of personal data
The holder has the right to request the company, when legally admissible, to send his personal data to another organization, unless this transfer by its extension implies high means and costs.
- Automatic decisions
When applicable, the data subject has the right to challenge automatic decisions such as the definition of profiles, requesting human intervention by the Data Officer.
- Withdraw your consent
The data subject may withdraw his consent, to the extent legally permissible. This situation does not compromise the legality of the treatment carried out until that date.
If the holder intends to exercise his or her written rights, he / she can do so by registered letter or by e-mail to the contacts below, and proof of identity of the holder is essential to ensure security and confidentiality in the process.
Cabeça de Porca
Sendim – Ap. 242
Tlf: +351 255 310 150
It should be noted that if there are norms or legal imperatives that overlap with these rights, the company will answer about the impossibility and the reason for not being able to comply with the request, within a maximum period of 30 days.
The data subject may complain to the National Data Protection Commission – CNPD (www.cnpd.pt).
The company, valuing the trust that the data subject deposits in granting his consent, adopted the technical, physical and organizational measures appropriate to the GDPR, ensuring that personal data are properly protected against unauthorized or illegal use, alteration, access or unauthorized disclosure, accidental or willful destruction and loss.
Felgueiras, Maio, 2021