1. Personal data, data subjects and categories of personal data personal data
a) What is personal data? Personal data is any information, of any nature and regardless of its medium (sound or image), relating to an identified or identifiable natural person. an identified or identifiable natural person. An identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, identifiers identification number, location data, electronic identifiers or to one or more specific elements making it possible to arrive at the identification of that natural person.
b) Who are the personal data subjects? The holders of personal data are the natural persons – employees and clients of the Company and people who access the Company’s Company’s website or who take part or participate in initiatives initiatives organised by the Company and who provide their personal data for this purpose. for this purpose and who may not have any contractual relationship with the Company. c) What category of personal data do we process? Identification and contact details – name, date of birth, gender, affiliation, civil, tax and social security numbers, telephone contact or email address. Data that resulting from physical identification, e.g. photographs, resulting from participation in events organised by the company.
2. The data controller and the data protection officer Data Protection Officer The person responsible for collecting and processing personal data is vView (hereinafter the Company), which decides which personal data is to be collected, the means of processing it and the purposes for which it is to be used. be collected, the means of processing and the purposes for which the data is used. for which the data is used.
3. Basis, purposes and duration of data processing data
a) Grounds for the Company to process personal data
a.1) Consent Consent exists when the data subject expresses their express consent – either in writing or orally or by giving such authorisation by accessing the Company’s website through the validation of an option – and if that consent is free, informed, specific and unequivocal; Examples of the need for consent are: authorisation for the Company to send newsletters with messages about initiatives it promote, to send communications or messages or to be able to transfer your personal data to third parties.
a.2) Compliance with a legal obligation When the processing of personal data is necessary for the fulfilment of a legal obligation on the part of the Company, such as those that arise from the need to comply with notifications made by police, judicial and regulatory bodies or for the fulfilment of fulfilment of obligations to the tax authorities or social security social security, or to ensure emergency services or for the conclusion and access to legally required insurance benefits (e.g. personal accident insurance and/or professional accident insurance);
a.3) Legitimate interest When the processing of personal data fulfils a legitimate interest of the legitimate interest of the Company, such as fraud detection, and when the reasons for using the personal data must the data subject’s data protection rights.
a.4) Consent by minors In the case of processing the personal data of minors, who may be subject to prior be subject to prior consent, such consent is only valid if consent is only valid if it is given by the person who can prove that they hold parental responsibilities.
b) Purposes for processing personal data Personal data is processed for the following purposes purposes:
b.1) Management * Maintaining contacts; * Responding to complaints;
b.2) Accounting, tax and administrative management * Accounting and invoicing; * Tax and social security information, where appropriate.
b.3) Litigation management * Judicial and extrajudicial debt collection; * Intervention in other judicial and extrajudicial disputes.
b.4) Fraud detection and revenue protection * Detection of fraud and illicit practices; * Protection and control of revenue; * Internal auditing and investigation.
b.5) Network and system management * Support and improvement of the networks and applications that support the services provided. services; * Monitoring, improving and supporting the services provided.
b.6) Compliance with legal obligations Response to judicial, regulatory, supervisory, tax and social security bodies social security organisations.
b.7) Information security control * Access management, logs; * Backup management; * Management of security incidents. b.8) Physical security control * Installation of video-surveillance systems in legally authorised locations. permitted.
b.9) For the purposes of publicising initiatives and information * Publicising initiatives promoted by the company or third parties. third parties.
4. Time limits for processing personal data The company keeps your personal data in accordance with the purposes for which it is processed. for which they are processed. Data relating to employees will be kept for the duration of the duration of the contractual relationship established with them. There are cases in which the law obliges employees to that such data is kept for a minimum period of 12 years for the purpose of information to the Tax Authority and for accounting or tax purposes. accounting or tax purposes. As far as video surveillance is concerned, image recordings and personal data will only be kept for a period of 30 days, unless the Company is notified by a competent police or judicial body to keep this data for a longer period. The Company may keep other personal data for periods periods longer than those mentioned above, either on the basis of the consent of the data subjects, or in order to fulfil duties, rights or duties related to the contracts and relationships established with the personal data subjects, or because they have legitimate interests that interests, but always for the time strictly necessary for the fulfilment of their purposes. necessary for the fulfilment of the respective purposes and in accordance with the guidelines and decisions of the CNPD. Examples include contacts for the purposes of informing and promoting initiatives promoted by the Company and legal proceedings for the for as long as they are pending.
5. How and when personal data is collected. We collect the personal data of anyone who contacts the Company with the intention of being informed about initiatives initiatives promoted by the Company or to sign up for them.
6. Rights of the personal data subject The rights of personal data subjects are as follows:
a) Right of access The right to obtain confirmation of what personal data is being processed and that are being processed and the right to obtain information about those personal data, namely the purposes for which it is being processed and the purposes of the processing and the retention periods.
b) Right to rectification The right to have your personal data rectified if it is inaccurate personal data or request that incomplete personal data be completed, for example be completed, such as address, VAT number, email address, telephone contacts and others.
c) Right to erasure or right to be forgotten The right to have your personal data erased, provided that there is no valid reason for them to be kept, such as for example, the need to fulfil legal obligations of any kind, such as the need to preserve your data. any order, such as the need to preserve the data for fulfilment of the duty to provide information to courts, police public administration.
d) Right to portability The right to receive the data concerning him/her that he/she has provided in a commonly used, machine-readable digital format or to request that such data be direct transmission of such data to another entity that becomes the new controller of your personal data whenever this transmission is technically possible.
e) Right to withdraw consent and right to object The right to object or withdraw your consent, at any time, to the processing at any time, provided that there are no legitimate legitimate interests that prevail over your interests, rights and freedoms, such as the and freedoms, such as intervention in legal or tax proceedings. tax proceedings.
f) Right to restriction The right to request that the processing of your personal data be suspended or that the scope of processing be restricted to certain categories of that the scope of processing is restricted to certain categories of data or processing purposes and that such restriction does not conflict with the need to fulfil legal obligations of any kind. order.
g) Automated decisions and profiling The Company may profile its customers and users provided that processing is necessary to fulfil a legal obligation or the consent of the data subject. If the processing of personal data, including processing for the purpose of profiling, is exclusively automatic, i.e. without human intervention, and is likely to produce effects in the legal sphere or significantly affect the data subject, the data subject has the right data subject shall have the right not to be subject to any decision based on such automatic processing, subject to the exceptions provided for by law, and shall have the right the right to have the Company adopt the necessary and appropriate measures to to safeguard their rights and legitimate interests, including the right to the right to have human intervention in the Company’s decision-making Company and the right to express an opinion and contest any decision taken on the basis of automated processing of personal data. data.
h) Right to complain The holder of personal data has the right to, at any time, submit a complaint to the supervisory authority, CNPD – Comissão National Data Protection Commission, or to the Company.
i) Exercise of rights by the data subject The exercise of rights by the data subject is free of charge, unless it is manifestly unfounded or excessive, in which case the the Company may charge a reasonable fee to cover the costs involved in analysing and involved in analysing and assessing the exercise of such a right. The holders of personal data may exercise the rights inherent in personal data by submitting a written request to be submitted in person or by post, at the Company’s premises, or by of the Company, or via the following e-mail firstname.lastname@example.org
10. Procedural and technical security measures The Company is committed to guaranteeing the security and protection of the personal data it receives, having adopted the appropriate technical and organisational technical and organisational measures, namely:
a) Password protection for access to personal data;
b) Restriction of physical entry to the locations where the servers that personal data are located;
c) Restriction of physical entry to the locations where the documents containing the personal data of employees, suppliers or customers of employees, suppliers or customers;
d) Firewalls. The company announces that the aforementioned security measures are reviewed and updated according to the needs that arise. needs. If, for any reason, there is a breach of security that accidentally or unlawfully causes the destruction, loss, alteration, disclosure or alteration, disclosure or unauthorised access to personal data, the Company will unauthorised destruction, loss, alteration, unauthorised disclosure of or access to personal data and, where possible, within 72 hours of becoming aware of it and in accordance with the applicable legislation, to the competent authorities. authorities. In the same way, the Company will communicate the violation of personal data to the respective owner of the personal data, under the terms of the applicable legislation. applicable law. Notwithstanding the security measures adopted by the Company, we warn users that they should adopt additional security measures, namely ensure the existence of an active firewall, antivirus and anti-spyware.