I - GENERAL PRINCIPLES
a) Your privacy is very important to us in everything we do;
b) We understand that only authorized persons can access your data and process them for the purposes previously defined;
II - CONCEPTS AND INFORMATION TO THE DATA HOLDER
1 - What is Personal Data?
For the purposes of this Policy, we follow the definition adopted by the General Data Protection Regulation (RGPD), namely, any information relating to an identified or identifiable natural person, and a natural person who can be identified, directly or indirectly, is considered identifiable , namely by reference to an identification number or to one or more specific elements of their physical, physiological, psychological, economic, cultural or social identity.
2 - How do we collect your data?
a) As part of our activity, we collect and process your personal data over the telephone, through our website or in writing.
b) Depending on the circumstances, the processing of your personal data may be carried out on the following legal basis:
Celebration or execution of a contract or for pre-contractual steps at the request of the data subject;
Compliance with legal obligations to which we are subject;
Our legitimate interests;
The consent given by the data subject, when the consent is the legal basis for the purchase;
Defending the data subject's vital interests.
c) When the processing of your data is based on consent, this must constitute a free, specific, informed and explicit expression of will. If you wish to withdraw your consent, you can do so easily by contacting us at the e-mail address: email@example.com
3 - Our legitimate interest
a) Our legitimate interest is:
Lawful - based on the General Regulation on Data Protection and on the pursuit of our business, duly registered and accredited in accordance with current regulations;
Of course - it is based on evidential criteria, it is sufficiently specific and has a very well-defined objective, which involves promoting our business to the recipients that give it the necessary sustainability.
Real and current - this is not merely a speculative interest, that is, it is a concrete and permanent interest, and it is relevant here to emphasize that our legitimate interest is based on a business model that is transversal to competition and that is duly established in terms of constant practice.
b) As part of our legitimate interest, we process personal data with a view to:
Legal complianse - compliance with obligations of transparency and reporting of adverse events;
Direct communication is required from us in case of urgent security notices.
Research and diverse studies in our area of expertise;
4 - What personal data do we collect?
The categories of data that we collect, for the purpose of being able to provide our services, are namely the following:
- Civil identification data (eg name and date of birth)
- Address and contact details (eg address, telephone number and email)
- Bank details (eg account number, IBAN)
- Tax data (e.g.: tax number)
- Location data
- IP addresses, operating system, access device, language and other information collected by cookies.
a) The data we collect, for the purpose of providing ours, are strictly necessary for this purpose.
b) The personal data which we collect are subject to computer processing and stored in databases, strictly complying with the legislation in force regarding data protection and the rules relating to information security.
c) We will only process your data in accordance with the specific and legitimate purpose or purposes determined when collecting your personal data.
5 - For what purposes do we process your personal data?
We use your personal data for the following purposes:
a) Customer identification;
b) Billing and collection of services provided;
c) Communication of changes to the conditions for the provision of contracted services;
d) Carrying out satisfaction surveys;
e) Compliance with legal obligations to which we are subject;
f) With the client's consent, for the commercialization of services, advertising and direct marketing, including by means that allow the reception of messages regardless of the intervention of the recipients;
g) Optimization of the visit and navigability of our website;
h) Management of the contractual relationship;
i) Adequacy of services to the client's needs and interests;
j) Information and marketing actions;
l) Processing of information related to competence certificates.
m) Identification for compliance with requirements in professional associations and with official entities;
6 - Child data
a) In the event that we collect data from children, we will take into account that they deserve special protection, as they may be less aware of their rights related to data processing.
b) Bearing in mind that the child must be accompanied in all aspects of his or her life, including the digital one, it will be up to the holders of parental responsibilities to request the deletion of any data, a request to which we will promptly access after verifying that this collection is in fact occurred.
7 - How long do we keep your personal data?
a) The period of time for which your data is stored and preserved varies according to the purpose for which the information is processed. There are legal requirements that require us to retain data for a minimum period of time.
b) If there is no legal term of conservation, your data will be stored and kept only for the minimum period necessary for the purposes that led to its collection and subsequent processing, after which they will be properly processed.
8 - What are your rights as a data owner?
Pursuant to the provisions of the RGPD, we guarantee you the exercise of your rights to:
a) Access – you have the right to ask us, among other things, for information regarding whether or not your data is being processed, what data we process and for what purposes.
b) Rectification – you are entitled, without undue delay, to rectification of inaccurate personal data concerning you and that incomplete data be completed.
c) Cancellation – you can request that your personal data be deleted from our records, without undue delay.
d) Opposition – you have the right to object to certain types of data processing, such as processing for direct marketing purposes.
e) Portability – you have the right to transfer your personal data that we keep to another organization or to receive them in a structured and commonly used format.
f) Limitation of Processing – when you intend, for example, to contest the accuracy of your personal data for a period of time that allows us to verify their accuracy.
For the purpose of exercising these rights, please send a written request to firstname.lastname@example.org. Within 30 (thirty) days, you will receive a duly substantiated communication from us.
9 - What measures have been implemented to guarantee the security of your personal data?
a) We adopt appropriate technical and organizational measures to ensure a level of security appropriate to the risk, which we periodically review and improve, aimed at ensuring the security and protection of your personal data in terms of its availability, authenticity, integrity and confidentiality, as well as designed to prevent their loss, misuse, alteration, unauthorized processing or access, as well as any other form of unlawful processing.
b) We detail, in our “Information Security and Responsible Use Policy”, our commitment to the security of your personal data, a commitment that involves a set of measures aimed at safeguarding and mitigating the risk of breach of such data.
10 - Is there data communication to third parties?
a) As part of our activity, we may use subcontractors to process your data on our behalf, which implies access by these entities to that data.
b) When this happens, we take the appropriate measures, contractually provided for, in order to ensure that these third parties, subcontractors, partners or in a group relationship, present sufficient and adequate guarantees for the execution of technical and organizational measures and that they will act only in accordance with our instructions.
11 - Are your data transferred?
a) It may happen that we have to communicate your personal data to third parties. In this case, we will try to ensure that this transmission complies with the legal provisions in force.
b) In particular, security issues are taken into account in the transmission of your data, third parties are contractually bound and respect the confidentiality of the data received, not using them under any circumstances for purposes other than those that motivated the transmission or for their own benefit or a third party.
12 - How do we use "cookies"?
To learn more about cookies please see our Cookies Policy.
13 - Who can I contact if I have any questions?
a) If you have any questions or concerns about how we collect and handle your personal data, you may contact your data protection officer or other data protection officer.
Data Protection Officer (DPO) Contacts
Responsible: José Diniz
Address: Rua Dr. Rui Hasse Ferreira Lot 1 rc left 2410-386 Leiria
b) The Data Protection Officer (DPO) is responsible for ensuring that any review or update of this policy is carried out in accordance with the requirements of the RGPD.
14 - Policy Review