General Data Protection Regulation (GDPR)
NEW GENERAL DATA PROTECTION REGULATION
WHAT IS IT?
The General Data Protection Regulation (GDPR) is in force since May 25th 2018 and GRUPO SOUSA assures that GDPR rights are fully respected.
WHAT WILL CHANGE?
GRUPO SOUSA communications will require your free, informed and explicit consent, therefore, increasing the security in the processing of your data.
GRUPO SOUSA has always been regulated by transparency and respect for the privacy of its customers, therefore, the introduction of this new regulation reinforces this position, and GRUPO SOUSA has developed the current and necessary mechanisms to better ensure its protection.
The new GDPR aims primarily to protect the holders of personal data, giving them more control over their personal information.
LACK OF CONSENT
By choosing not to update your contact in GRUPO SOUSA Database, we will no longer be able to communicate the exclusive campaigns, services and events that we are preparing.
PERSONAL DATA UPDATE
It is essential to us, through personalized actions or satisfaction studies, to offer you even more services to your needs.
WHAT TO DO?
Please express your consent by replying to our request or send us an e-mail. For security reasons, all customers must fill in their data, even if they have already provided it in contact with GRUPO SOUSA.
In GRUPO SOUSA, we understand that the use of your personal data requires its protection, in order to assure your confidence. We are subject to the highest privacy standards and will only use your personal data for clearly identified purposes and in accordance with your data protection rights.
The confidentiality and integrity of your personal data is one of our main concerns and is the basis of our action.
- Who is responsible for the processing of your personal data;
- How do we gather your personal data;
- For what purposes and on what grounds can your personal data be used;
- Context of each of these legal grounds for the processing personal data;
- What personal data may be gathered;
- How do we keep your personal data safe;
- How long we keep your personal information;
- With whom we can share your personal information and how we keep you safe;
- How can you change or withdraw your consent;
- Please contact us, your data protection rights and the right to complain to your supervisory authority.
Who is responsible for the processing of your personal data?
GRUPO SOUSA is responsible for processing the personal data of its clients and/or potential customers, who fill in their data and submit the Subject Rights Application for GRUPO SOUSA ’s Marketing Communications, through this document.
How do we gather your personal data?
Your personal data will be gathered and processed in the following situations:
- If you complete your personal data and submit the Subject Rights Application contained in this document; and / or
- If you purchase and/or use a product or service from GRUPO SOUSA
For what purposes and on what grounds can your personal data be used?
Your personal data will be gathered and used for marketing purposes (communications and products of GRUPO SOUSA), in the strict terms that you selected in the Subject Rights Application contained in this document.
Under the EU data protection legislation (GDPR) terms, the use of personal data must be justified under at least one legal basis for the processing of personal data.
Context of each of these legal grounds for the processing personal data:
- When you have given consent to the processing of your personal data (for this purpose you will be presented with a consent form for the use of your data, which may subsequently be withdrawn);
- When the processing is necessary to enter into a contract with you or proceed with its execution;
- When the processing is necessary for compliance with legal obligations to which the GRUPO SOUSA is subject;
- When the processing is necessary to achieve a legitimate interest and our reasons for its use prevail over your data protection rights;
- When the processing is necessary so that we can testify, exercise or defend a right in legal proceedings against you, us or a third party.
The legal basis applicable to the collection and use of your personal data for marketing purposes, is your consent.
What personal data may be gathered:
DATA GATHERED BY GRUPO SOUSA:
- Contact information: Name, address, e-mail;
- Personal information: Date of birth, marital status, household; profession;
- Data’s identification: Customer’s and contract number, when applicable;
- Customer history: Satisfaction ratio, offers received, product purchase details, campaign history and claims history;
- Application data: website and social networks; if the client has registered or authenticated it is possible to use the following data: average usage of the application (behavior within the applications), location’s information, use of GRUPO SOUSA ’s network and website (for example, visits and forum publications)
How do we keep your personal data safe:
GRUPO SOUSA uses several security measures, authentication tools to help protect and maintain the security, integrity and availability of your personal data.
Although the transmission of data, through the Internet or website, cannot guarantee complete security against intrusions, GRUPO SOUSA, our service providers and commercial partners have made the best efforts to implement and maintain physical, electronic and procedural security measures intended to protect your personal data in accordance with the applicable data protection requirements.
Specifically, we undertook the following measures:
- Restricted access to your personal data based on a “need to know” basis, and only within the context of the purposes to be communicated;
- Transfer of data gathered only in encrypted form;
- Protection of information technology systems through firewalls, with a purpose to prevent unauthorized access to your personal data; and
- Continuous monitoring of access to information technology systems in order to prevent, detect and prevent the misuse of your personal data.
How long do we keep your personal information:
GRUPO SOUSA only retains your personal data for as long as necessary in the context of the purpose for which it was gathered.
Once the maximum storage period has been reached, your personal data will be irreversibly anonymized (anonymized data may be retained) or destroyed in a secure manner.
By applicable legal provision, the storage period of your data may be limited.
With whom can we share your personal data and how do we keep them safe:
Thus, GRUPO SOUSA guarantees that your personal data exported outside the EEA, will be treated according to appropriate security measures.
Switzerland and Canada have been recognized by the European Commission as offering an adequate level of data protection and, as such, no additional safeguards will be required.
Regarding countries not subject to this recognition, such as the USA, the export of your personal data will be governed by standard contractual clauses approved by the European Commission, which impose directly on our suppliers / service providers data protection obligations equivalent to those existing in the EEA.
Please contact us if you wish to request a copy of the specific safeguards that have been applied to export your data to suppliers / service providers located outside the EEA.
Your personal data is stored in the protected servers of our suppliers / service providers, being accessed and used exclusively under our policies and standards (or equivalent policies and standards of our suppliers / service providers).
GRUPO SOUSA and Data Protection Officer Contact Details:
Phone line: Contact Center + 351 291 210 300, available from 9h to 12h30 and from 14h to 18h, from Monday to Friday
How can you change or withdraw your consent:
You may, at any time, change or withdraw your consent, generating such declaration, effects for the future.
To withdraw your statements of consent submitted to GRUPO SOUSA, simply access this document again, fill in your personal data and resubmit the Consent Form, selecting or not selecting the check boxes according to your preferences.
The latest Consent Form submitted to GRUPO SOUSA will prevail over all previous ones.
Contact with GRUPO SOUSA: know your data protection rights and the right to complain to your supervisory authority:
If you have any queries relating the above described use of your personal data, you should first contact our customer service here. Additionally, you can contact email@example.com.
Accordingly to certain conditions, you may have the right to request us to:
- provide you with additional information of the use of your personal information;
- provide you with a copy of the personal data you have provided us with;
- deliver the personal data you have provided to another party responsible for processing at your request;
- update any inaccuracies in the personal data that we retain;
- delete personal data whose use is no longer legitimate;
- limit the way we use your personal data until the complaint is investigated.
The exercise of these rights is subject to certain exceptions intended to safeguard the public interest, such as, the prevention or detection of crimes.
If you exercise any of these rights we will analyze them and we will respond, within an estimated period not to exceed 1 (one) month.
If you are unsatisfied with our use of your personal data or with our response, after exercising any of these rights, you have the right to complain to the supervisory authority (National Commission for Data Protection – CNPD) | Rua de São Bento, n.º 148, 3º, 1200-821 Lisboa | Phone: +351 213928400 | Fax: +351 213976832 | E-mail: firstname.lastname@example.org).