NEW GENERAL DATA PROTECTION REGULATION
What is it?
The General Data Protection Regulation (RGPD) applies from May 25th 2018 and GRUPO SOUSA ensures that your rights are fully respected.
What will change?
Our communications will require your free, informed and explicit consent, thus increasing security in your data processing.
GRUPO SOUSA has always been guided by transparency and respect for its clients’ privacy. The introduction of this new regulation strengthens even more this position, and GRUPO SOUSA has developed the current and necessary tools to better ensure their protection.
More rights
The new GDPR aims primarily to protect data subjects by granting them more control over their personal data.
Lack of Consent
If you choose not to update your contact in GRUPO SOUSA’s database, we will no longer be able to communicate you the campaigns, services and exclusive events we are preparing.
Updating of Personal Data
It is essential, so that we can, through personalised actions or satisfaction studies, offer you even more customised services.
What to do
Express your consent by filling in the form or sending us an email. For security reasons, all clients should fill in their details, even if they have previously provided them when contacting GRUPO SOUSA.
At GRUPO SOUSA we understand that the use of your personal data requires protection in order to ensure your trust. We are subject to the highest privacy standards and will only use your personal data for clearly identified purposes and in accordance with your data protection rights.
Confidentiality and integrity of your personal data is one of our main concerns and is the basis of our action.
This Privacy Policy sets out how GRUPO SOUSA uses the personal data of its clients and potential clients, and is structured by the following sections:
Who is responsible for the processing of your personal data;
How we collect your personal data;
For what purposes and on what basis your personal data may be used;
Extent of each of these legal grounds for processing personal data;
What personal data may be collected;
How we keep your personal data secure;
How long we keep your personal data secure;
With whom we may share your personal data and how we keep it secure;
How you can change or withdraw your consent;
Contact us, your data protection rights and the right to submit a complaint to your supervisory authority.
Who is responsible for your personal data processing?
GRUPO SOUSA is responsible for the processing of the personal data of its clients and/or potential clients, who fill in their details and submit the Consent Form for GRUPO SOUSA’s Marketing Communications, through this document.
How do we gather your personal data?
Your personal data will be gathered and processed in the following situations:
If you fill in your personal details and submit the Consent Form in this document; and/or
If you purchase and/or use a product or service from GRUPO SOUSA.
For what purposes and on what basis may your personal data be used?
Your personal data will be collected and used for Marketing purposes (communication of information and products of GRUPO SOUSA), under the strict terms selected by you in the Consent Form attached to this document.
Under the current European Union data protection legislation (GDPR), the use of personal data must be justified under at least one legal ground for processing personal data.
Extent of each of these legal grounds for processing personal data:
When you have given consent to the processing of your personal data (for these purposes you will be presented with a consent form for the use of your data, which you may later withdraw);
When the processing is necessary for entering into a contract with you or its execution;
When processing is necessary to comply with the legal obligations to which GRUPO SOUSA is subject;
When processing is necessary to achieve a legitimate interest and our reasons for its use outweigh your data protection rights;
When processing is necessary for us to assert, exercise or defend a right in legal proceedings against you, us or a third party.
The legal basis applicable to the collection and use of your personal data for marketing purposes is your consent.
What personal data may be collected:
The following categories of personal data may be collected through the channels and services described in this Privacy Policy:
DATA COLLECTED BY GRUPO SOUSA:
Contact information: Name, address, e-mail;
Personal information: Date of birth, marital status, household; occupation;
Identification data: Customer number and contract number when applicable;
Customer history: Satisfaction ratio, offers received, product purchase details, campaign history and complaint history;
Application data: website and social networks; if the customer has registered or authenticated it is possible to use the following data: average application usage (behaviour within the applications), location information, online entertainment usage, usage of GRUPO SOUSA website, usage of GRUPO SOUSA social networks (e.g. visits and posts in forums).
How do we keep your personal data secure
GRUPO SOUSA uses several security measures authentication tools to help protect and maintain the security, integrity and availability of your personal data.
Although data transmission, through the internet or website, cannot guarantee total security against intrusions, GRUPO SOUSA, our service providers and business partners shall develop the best efforts to implement and maintain physical, electronic and procedural security measures to protect your personal data in compliance with the applicable data protection requirements.
The following measures in particular have been adopted:
Restricted access to your personal data on a “need to know” basis and only within the extent of the communicated purposes;
Collected data is only transferred in encrypted form;
Protection of information technology systems through firewalls, in order to prevent unauthorised access to your personal data; and
Permanent surveillance of access to information technology systems in order to prevent, detect and prevent the misuse of your personal data.
For how long we keep your personal data:
GRUPO SOUSA only keeps your data for the period of time necessary to fulfill the purpose for which they were collected.
Once the maximum conservation period is reached, your personal data will be irreversibly anonymised (anonymised data may be retained) or will be securely destroyed.
For the purposes described in this Privacy Policy your personal data will be stored as from the collection of your consent or the last contact made (whichever is the latest) and if, within this period, you have not withdrawn your consent.
According to applicable legal regulations, the storage period of your data may be limited.
With whom we may share your personal data and how we keep it secure:
GRUPO SOUSA is a Portuguese company and therefore, your personal data may be accessed by our suppliers or service providers located in EEA (European Economic Area) countries, for the purposes described in this Privacy Policy.
Nevertheless, GRUPO SOUSA guarantees that your personal data exported outside the EEA will be treated with appropriate security measures.
Switzerland and Canada have been recognised by the European Commission as offering an adequate level of data protection and as such, as far as they are concerned, no additional safeguards will be required.
In case of countries that have not been subject to this recognition, such as the USA, the export of your personal data will be governed by standard contractual clauses approved by the European Commission, which directly impose on our suppliers/service providers data protection obligations equivalent to those existing in the EEA.
Please contact us if you would like to request a copy of the specific safeguards that have been applied to the export of your data to suppliers/service providers located outside the EEA.
Your personal data is stored on the secure servers of our suppliers/service providers and is accessed and used only under our policies and standards (or equivalent policies and standards of our suppliers/service providers).
Contact Details of GRUPO SOUSA and the Data Protection Officer:
Phone number: Contact Centre (+ 351) 291 210 300, available from 9h to 12h30 and from 14h to 18h, Monday to Friday
E-mail: rgpd@gruposousa.pt
How can you change or withdraw your consent:
You may, at any time, modify or withdraw your consent, such declaration being effective for the future.
Upon full withdrawal of your statements of consent, you will no longer be contacted and will no longer receive communications for the purposes described in this Privacy Policy.
To withdraw your consent statements submitted to GRUPO SOUSA, simply access this document again, fill in your personal details and submit the Consent Form again, selecting, or not, the check boxes according to your preferences.
The last Consent Form submitted to GRUPO SOUSA will prevail over all previous ones.
Contact GRUPO SOUSA, your data protection rights and the right to submit a complaint to your supervisory authority:
If you have any questions regarding the above-described use of your personal data, you should in the first instance contact our customer service department here. In addition, you may contact rgpd@gruposousa.pt
According to certain requirements, you may have the right to request us to:
provide you with additional information about our use of your personal data
to provide you with a copy of the personal data you have provided to us;
provide the personal data you have provided to another controller at your request;
to update any inaccuracies in the personal data we maintain;
to erase personal data whose use is no longer legitimate
to limit the way in which we use your personal data until your complaint has been investigated.
Your exercise of these rights is subject to certain exceptions designed to safeguard the public interest, such as the prevention or detection of crime.
If you claim any of these rights, we will analyse it and reply within an estimated period not exceeding one (1) month.
If you are not satisfied with our use of your personal data or with our response after executing any of these rights, you have the right to submit a complaint to your supervisory authority (Comissão Nacional de Proteção de Dados – CNPD | Rua de São Bento, n.º 148, 3º, 1200-821 Lisbon | Tel: 351 213928400 | Fax: +351 213976832 | e-mail: geral@cnpd.pt).
May 2018
Form – General Data Protection Regulation – Request for exercise of rights – Processing of personal