1. Us and our engagement:
Our “business group” or “group of companies engaged in a joint business activity”, as these concepts result defined and considered by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, namely in its art. 4, points 19) and 20), is composed of the companies that make up the Grupo Economico De Prado, which hereafter shall be referred to as GRUPO DE PRADO.
Taking into account the proportionality and adequacy imposed by the ability to allocate the resources and technical means at its disposal, GRUPO DE PRADO is deeply and genuinely committed and committed to providing protection to its regular or occasional clients and collaborators, as well as to the users of our various supports and platforms, physical or digital, namely paper files, digital files and/or websites in use or to be implemented, with regard to their privacy and the treatment and circulation of their personal data.
Our personal data collection devices and media in use:
– We have, edit and manage the following personal data carriers
– Computer system consisting of a set of software solutions supported by a set of hardware devices and other similar solutions, including email services and other external digital repositories complemented by digital communication solutions;
– Paper files stored in cabinets and shelves in restricted access rooms;
– GRUPO DE PRADO’s website.
The same or similar policy shall also be assumed, through contractual agreements entered into with the PRADO GROUP, by the entities that process the same personal data on behalf of the latter.
4. Concept of personal data:
Personal data shall mean any information or record, of any nature and regardless of its medium or format, namely sound, image, writing, chirograph or characteristic, concerning an identified or identifiable natural person.
An identifiable person is considered to be one who can be directly or indirectly identified by reference to one or more specific personal data, alone or in combination with others, including their physical, physiological, psychic, economic, ethnic, cultural, geographical, social identity or location.
5. The entity responsible for processing the personal data:
The entity responsible for the collection and processing of personal data is GRUPO DE PRADO, which, in the context of the relations it maintains with the holder of the personal data establishes, always on a lawful and legitimate basis, which data are collected, the means of processing and the purposes of such collection and processing.
6. Types of personal data collected and processed:
In the scope of its activity, GRUPO DE PRADO collects and processes, in particular:
1. Personal data necessary to supply products to its customers, processing in this context data such as name, tax identification number, address, telephone number and e-mail address, among others strictly necessary, proportional and lawful.
2. Personal data necessary for the receipt of goods or services from its suppliers, processing data such as name, tax identification number, address, telephone number and e-mail address, among others that are strictly necessary, proportional and lawful.
3. Personal data necessary for the execution of the employment contract or the provision of services to its employees, processing data such as name, identification document number and other data, tax identification number, household composition, social security number, address, telephone number and e-mail address, health data, access, location, among others strictly necessary, proportional and lawful.
4. Personal data necessary for the fulfillment of legal obligations, whether to public or private entities, dealing with data such as name, identification document number and other data, tax identification number, household composition, social security number, address(es) telephone numbers and email address, health data, among others strictly necessary, proportional and lawful.
5. Data necessary for the management of clients and suppliers, the contracting and management of the contractual relationship with clients and suppliers, the adequacy of the provision of services appropriate to the needs and interests of the client, including sending suggestions, information and marketing actions, publicizing campaigns, promotions, advertising and news about the services and/or products, conducting market research and/or satisfaction surveys, complaints management, dealing in this scope, address (es) phone numbers and email address, among others strictly necessary, proportional and lawful.
6. All personal data necessary to the exercise of the rights of GRUPO DE PRADO in the relationships mentioned in the previous items, and in the pursuit of its activity and legitimate interest, including accounting, tax and administrative management, litigation management, judicial evidence, fraud detection, revenue protection and audit, network and systems management, information security control and physical security, and security of facilities.
Notwithstanding compliance with legal regulations, or legitimate orders issued by competent authorities, regarding the storage and transmission of data, GRUPO DE PRADO only processes personal data necessary for its activity, to the fair and strict extent required by the nature of the contractual relationship, or any other relationship established with the owner of such data, or the prior, legitimate, lawful and informed consent of the latter, if any.
7. Moment and mode of collecting personal data:
GRUPO DE PRADO collects personal data in person, in writing, by telephone or through its website.
As a rule, personal data is collected when the relationship or collaboration, contractual or otherwise, necessary for the pursuit of the activity of the GRUPO DE PRADO, is initiated between the latter and the data subject.
Some personal data are compulsory and necessary for the start and normal and legal development of this relationship or collaboration, so that in the absence or insufficiency of these data, this will not begin or continue, and in this case, the GRUPO DE PRADO will inform the data owner of this compulsory and necessary nature.
Should you wish to stop receiving these communications, you may express your opposition at any time.
The data collected shall be processed on paper or digitally, in strict compliance with the legislation governing the protection of personal data, being stored and contained in paper files and / or specific database, created and managed for this purpose and restricted and exclusive access to employees of the GRUPO DE PRADO, or subcontractors acting on behalf of the Group, which necessarily have to treat them in the pursuit of its activity. Under no circumstances shall the data collected be used for any purpose other than that for which consent was given by the holder, if this is necessary, or for the lawful and legitimate purpose on which the collection was based.
8. Purposes for which personal data is collected and processed:
In general, the personal data collected is aimed at the management of customers, suppliers and employees, the contracting and management of the contractual relationship with customers, suppliers and employees, the adequacy of the provision of supplies to the needs and interests of the customer, the sending of suggestions, information and marketing actions, publicising campaigns, promotions, advertising and news about the services and/or products, the carrying out of market studies and/or satisfaction surveys the management of complaints, accounting, tax and administrative management, litigation management, legal evidence, fraud detection, revenue protection and audit, network and systems management, information security control and physical security, security of facilities, compliance with legal obligations and for other purposes for which the Law recognizes the GRUPO DE PRADO legitimate interest.
When collecting data, or when you request it, you will be informed in greater detail of how we will process your data.
9. Time limits for the conservation of your personal data:
Where there is a specific legal requirement that requires data to be kept for a minimum period of time, this will be observed by GRUPO DE PRADO.
GRUPO DE PRADO shall maintain your personal data stored for the minimum time period strictly necessary for the purpose for which the information is collected and processed, after which it shall be eliminated.
10. Right of access, rectification, opposition, erasure, limitation and portability of your personal data:
It is by GRUPO DE PRADO guaranteed to the holder of personal data, the right to access, rectification, opposition, erasure, limitation and portability of their personal data.
The exercise of these rights can be exercised by telephone [….] or by written communication sent to the postal address GRUPO DE PRADO, […] or electronic […].
If you consider pertinent, you may lodge a complaint with the National Data Protection Commission – Av. D. Carlos I, 134 – 1.º 1200-651 Lisboa – Tel: +351 213928400 – Fax: +351 213976832 – e-mail: firstname.lastname@example.org
11. Measures we adopt with a view to the security of your personal data:
GRUPO DE PRADO observes best practice, for which purpose it adopts the technical and organisational measures appropriate to the risk, in the field of security and protection of personal data, and to this end has approved and implemented a demanding plan of compliance with the objectives, the Law and the interests of the holders of personal data, capable of safeguarding the protection of the data made available to us by all those who in some way relate to us, in order to protect them against their disclosure, loss, misuse, alteration, unauthorised processing or access, as well as against any other form of unlawful processing.
Thus, the digital or paper personal data collection form(s), whether completed in the physical premises of the GRUPO DE PRADO, or on the website(s), (which require encrypted browser sessions) or with any of the GRUPO DE PRADO staff, are stored securely in our physical repositories and digital systems.
All personal data that you provide us with is stored in a GRUPO DE PRADO Data Centre, or a subcontractor, under the cover of all the advanced physical and logistical security measures that we consider essential for the protection of your personal data.
Whenever, in the legitimate and lawful pursuit of the GRUPO DE PRADO’s business aims, it adopts measures to monitor its employees, particularly with regard to access control, working hours, tasks and productivity, movement and transport, not only shall those concerned have prior knowledge of the respective implementation – and, whenever legally necessary and lawful, their consent shall be requested – but the tools used for the purpose shall ensure the same level of security of the personal data collected and processed by them.
12. Communication of data to other entities, subcontractors or third parties:
GRUPO DE PRADO may resort to subcontractors for the purpose of collecting and processing data, for the same purposes as the one it pursues, obtaining from these entities by contractual means, reputational guarantee and obligation to develop the appropriate technical and organisational measures to protect the data and ensure the defence of the rights of the data subjects. Under certain circumstances determined by Law, certain personal data may have to be communicated to public authorities, such as tax authorities, courts and security forces.
Accordingly, any such subcontracted entities shall process our customers’ personal data on behalf of the GRUPO DE PRADO, under the obligation to adopt the technical and organisational measures appropriate to the risk in order to protect personal data against destruction, accidental or unlawful, accidental loss, alteration, unauthorised disclosure or access, and against any other form of unlawful processing.
13. Transfer of personal data:
The pursuit of GRUPO DE PRADO’s activity may involve the transfer of your data outside Portugal.
In this event, GRUPO DE PRADO shall strictly comply with the applicable legal provisions, particularly with regard to determining the reliability and suitability of the destination country in terms of personal data protection, and the requirements applicable to such transfers.
Cookies are digital files containing small pieces of information (and usually with a unique identifier), which are downloaded and stored on the device of a visitor to a given website. They may be temporary (being automatically deleted when the browser is closed) or persistent (until a defined expiry date) as well as original (defined by the entity that operates the site) or responsibility of third parties.
Cookies can be categorised according to the purpose they serve.
Some cookies are strictly necessary for the website to function, while others collect statistical information for the purpose of analysing the use of the website and its performance.
There are cookies that are used to ensure the provision of additional features to the website or to store the visitor’s preferences regarding website navigation, every time they use the same device.
Other cookies may also be used to measure the success of applications and the effectiveness of third party advertising.
The information collected through Cookies shall not be processed by the Group in such a manner as to make the holder identified or identifiable, whenever this may not be the case, the user shall always be asked for consent to the processing of the data, under the terms of the law.