Privacy Policy
- Us and our commitment:
Our “business group” or “group of companies engaged in a joint business activity”, as these concepts result defined and considered by Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, namely in its articles 4, paragraphs 19) and 20), is composed of the companies that make up the Grupo Economico De Prado, which hereafter shall be referred to as GRUPO DE PRADO.
Taking into account the proportionality and adequacy imposed by the ability to allocate the resources and technical means at its disposal, GRUPO DE PRADO is deeply and genuinely committed and committed to providing protection to its regular or occasional customers and employees, as well as users of our various media and platforms, physical or digital, including paper files, digital files and/or websites in use or to be implemented, with regard to their privacy and the processing and circulation of their personal data.
Our personal data collection devices and media in use:
- We hold, edit and manage the following personal data carriers
- IT system composed of a set of software solutions supported by a set of hardware devices and other similar solutions, including email services and other external digital repositories complemented by digital communication solutions;
- Paper files stored in cabinets and shelves in restricted access rooms;
- GRUPO DE PRADO website.
- Personal and material scope of this Privacy Policy:
This Privacy Policy binds the Group of Companies exclusively in relation to the personal data it collects, processes and circulates.
The same policy or similar will be assumed, by contractual agreement with the GRUPO DE PRADO, by the entities that process the same personal data on behalf of the latter.
- The rationale and publicity of this Privacy Policy:
In addition to implementing it in its organisational processes, GRUPO DE PRADO has drawn up this Privacy Policy with the objective of making available, making known and publicising an explanatory instrument of the general rules on privacy and the processing of the personal data collected, always in strict compliance with the relevant Legislation.
To that end, the text of this privacy policy will be available in paper form at our premises and in digital form on the website [ ].
The provisions of this Privacy Policy complement those stipulated in the same matter in formal or informal contracts that the subjects enter into with GRUPO DE PRADO.
We ask you to please read this Privacy Policy carefully, since providing your personal data, either personally or when accessing the Website, implies that you know and accept the conditions contained herein and the processing of such data for lawful and legitimate purposes as provided by law.
GRUPO DE PRADO expressly reserves the right, at any time, to alter the present privacy policy, the result of which shall be duly publicised by the same means.
- Concept of personal data:
Personal data shall mean any information or record, of any nature and regardless of the support or format, namely sound, image, writing, chirography or characteristic, concerning an identified or identifiable natural person.
An identifiable person is one who can be identified, directly or indirectly, by reference to one or more specific personal data, alone or in combination, including his or her physical, physiological, mental, economic, ethnic, cultural, geographical or social identity or location.
- The entity responsible for processing the personal data:
The entity responsible for the collection and processing of personal data is GRUPO DE PRADO, which, in the context of the relationship it maintains with the holder of the personal data, establishes, always on a lawful and legitimate basis, the data collected, the means of processing and the purposes of such collection and processing.
- Types of personal data collected and processed:
Within the scope of its activity, GRUPO DE PRADO collects and processes, in particular:
- Personal data necessary to supply products to its customers, processing data such as name, tax identification number, address, telephone number and e-mail address, among others that are strictly necessary, proportional and lawful.
- Personal data necessary to receive goods or services from its suppliers, processing data such as name, tax identification number, address, telephone number and e-mail address, among others that are strictly necessary, proportional and lawful.
- Personal data necessary for the execution of the employment contract or services provided to its employees, processing data such as name, identification document number and other data, tax identification number, household composition, social
security number, telephone and e-mail address, health, access and location data, among others that are strictly necessary, proportional and lawful.
- Personal data necessary to comply with legal obligations, whether to public or private entities, dealing with data such as name, identification document number and other data, tax identification number, household composition, social security number, address(es), telephone numbers and email address, health data, among others that are strictly necessary, proportional and lawful.
- Data necessary for the management of clients and suppliers, the contracting and management of the contractual relationship with clients and suppliers, the adequacy of the provision of services appropriate to the needs and interests of the client, including sending suggestions, information and marketing actions, publicising campaigns, promotions, advertising and news on services and/or products, carrying out market studies and/or satisfaction surveys, the management of complaints, dealing in this context with the telephone number(s) and email address, among others that are strictly necessary, proportional and lawful.
- All personal data required to exercise the rights of GRUPO DE PRADO within the scope of the relations mentioned in the previous items, and in the pursuit of its activity and legitimate interest, including accounting, tax and administrative management, litigation management, judicial evidence, fraud detection, revenue protection and audit, network and systems management, information security control and physical security, and facilities security.
Notwithstanding compliance with legal regulations, or legitimate orders from the competent authority, regarding the storage and transmission of data, GRUPO DE PRADO only processes personal data necessary for its activity, to the fair and strict extent required by the nature of the contractual relationship or otherwise, established with the owner of such data, or the prior, legitimate, lawful and informed consent of the latter, if any.
- Time and manner of collection of personal data:
GRUPO DE PRADO collects personal data in person, in writing, by telephone or via its website.
As a general rule, personal data is collected when a contractual or other relationship or collaboration necessary for the pursuit of the activity of the GRUPO DE PRADO is initiated between the latter and the data subject.
Some personal data is mandatory and necessary for the initiation and normal and legal development of the relationship or collaboration, so that in the absence or insufficiency of such data, this will not begin or continue, and in this case, the GRUPO DE PRADO will inform the owner of the data of this mandatory and necessary nature.
Apart from those of this nature, those listed in any public list and those that may be used in the legitimate interest of the GRUPO DE PRADO, your data will only be collected and processed if and for the purposes to which you previously consented in a free, informed, specific and unequivocal manner, by means of a written or oral declaration or by validating an option, namely for the subscription of newsletters or marketing communications, in which case the other rules of this privacy policy shall apply.
If you wish to stop receiving these communications, you may express your opposition at any time.
The data collected shall be processed on paper or digitally, in strict compliance with the legislation governing the protection of personal data, being stored and contained in paper files and/or specific databases, created and managed for this purpose and with restricted and exclusive access to employees of the GRUPO DE PRADO, or subcontractors acting on behalf of the Group, who must necessarily process them in the pursuit of its activity. Under no circumstances shall the data collected be used for any purpose other than that for which consent was given by the holder, where this is necessary, or for the lawful and legitimate purpose on which the collection was based.
- Purposes of collection and processing of personal data:
In general, the personal data collected is aimed at managing clients, suppliers and employees, contracting and managing contractual relations with clients, suppliers and employees, adapting the provision of supplies to the needs and interests of the client, sending suggestions, information and marketing activities, publicising campaigns, promotions, advertising and news about services and/or products, conducting market studies and/or satisfaction surveys, the management of complaints, accounting, tax and administrative management, litigation management, judicial evidence, fraud detection, revenue protection and auditing, network and systems management, information security control and physical security, security of facilities, compliance with legal obligations and for other purposes for which the Law recognises GRUPO DE PRADO legitimate interest.
When collecting the data, or when you request it, you will be informed in more detail about how we will process your data.
- Time limits for the storage of your personal data:
Where there is a specific legal requirement to retain data for a minimum period of time, this will be observed by the GRUPO DE PRADO.
GRUPO DE PRADO will keep your personal data stored for the minimum period of time strictly necessary for the purpose for which the information is collected and processed, after which it will be deleted.
- Right of access, rectification, opposition, erasure, limitation and portability of your personal data:
GRUPO DE PRADO guarantees the holder of personal data the right to access, rectification, opposition, erasure, limitation and portability of their personal data.
The exercise of these rights may be exercised by telephone […. ] or by written communication sent to the postal address GRUPO DE PRADO, […] or e-mail […].
If you consider it relevant, you can lodge a complaint with the Portuguese Data Protection Commission – Av. D. Carlos I, 134 – 1.º 1200-651 Lisboa – Tel: +351 213928400
- Fax: +351 213976832 – e-mail: geral@cnpd.pt
- Measures we adopt with a view to the security of your personal data:
GRUPO DE PRADO observes best practice and, to this end, adopts the technical and organisational measures appropriate to the risk, in the field of security and protection of personal data, and, to this end, has approved and implemented a demanding plan of compliance with the objectives, the Law and the interests of the owners of personal data, capable of ensuring the protection of the data provided to us by all those who in any way relate to us, in order to protect them against their unauthorised disclosure, loss, misuse, alteration, processing or access, as well as any other form of unlawful processing.
Thus, the digital or paper personal data collection form(s), whether completed in the physical premises of the GRUPO DE PRADO or on the website(s), (which require encrypted browser sessions) or with any of the GRUPO DE PRADO staff, are stored securely in our physical repositories and digital systems.
All personal data you provide us with is stored in a GRUPO DE PRADO Data Centre, or a subcontractor, under the cover of all the advanced physical and logistical security measures, which we consider essential for the protection of your personal data.
Whenever, in the legitimate and lawful pursuit of the objectives of the activity of the GRUPO DE PRADO, the latter adopts measures to monitor its employees, particularly with regard to access control, working hours, tasks and productivity, movement and transport, not only shall those concerned have prior knowledge of the respective implementation – being, whenever legally necessary and lawful, requested to give their consent – but the tools used for the purpose shall ensure the same level of security of personal data collected and processed by them.
- Communication of data to other entities, subcontractors or third parties:
GRUPO DE PRADO may use subcontractors to collect and process data for the same purposes as the former, obtaining from these entities, by contract, a guarantee of reputation and the obligation to develop the appropriate technical and organisational measures to protect the data and ensure the defence of the rights of the data subjects. Under certain circumstances determined by law, certain personal data may have to be communicated to public authorities, such as tax authorities, courts and security forces.
Accordingly, any such subcontracted entities shall process our customers’ personal data in the name and on behalf of the GRUPO DE PRADO, under the obligation to adopt the technical and organisational measures appropriate to the risk in order to protect personal data against destruction, accidental or unlawful, accidental loss, alteration, unauthorised disclosure or access and against any other form of unlawful processing.
- Transfer of personal data:
The pursuit of GRUPO DE PRADO’s activity may involve the transfer of your data outside Portugal.
In this event, GRUPO DE PRADO will strictly comply with the applicable legal provisions, particularly with regard to determining the reliability and suitability of the destination country in terms of personal data protection and the requirements applicable to such transfers.
- Cookies:
Cookies are digital files containing small pieces of information (and usually with a unique identifier), which are downloaded and stored on the device of a visitor to a given website. They may be temporary (being automatically deleted when the browser is closed) or persistent (until a defined expiry date) as well as original (defined by the entity that operates the site) or the responsibility of third parties.
Cookies can be categorised according to the purpose they serve.
Some cookies are strictly necessary for the functioning of the website, while others collect statistical information for the purpose of analysing the use of the website and its performance.
There are cookies that are used to ensure the provision of additional functionality to the website or to store the visitor’s preferences regarding website navigation, whenever they use the same device.
Other cookies may also serve to measure the success of applications and the effectiveness of third-party advertising.
The information collected through Cookies shall not be processed by the Group in such a way as to make the holder identified or identifiable.