PRIVACY AND DATA PROTECTION POLICY
The General Data Protection Regulation (GDPR) is a European regulation, approved by the European Parliament and the European Council, which considers the PROTECTION of natural persons in relation to the processing of their personal data a fundamental right, irrespective of nationality or place of residence, thus contributing to the achievement of an area of freedom, security and justice and to an economic and social union of the citizens of the European area.
With its entry into force, it is necessary to adopt a set of internal procedures aimed at safeguarding the processing of personal data, as well as adapting the processing of personal data to the new rules established.
In turn, on August 8, 2019, Law 58/2019 was published in Portugal, assuring the implementation, in the national legal order, of the GDPR, and also imposing rules on the processing of personal data.
Cânhamor, Lda. considers it essential to PROTECT personal data relating to your employees, suppliers and customers, and all persons who contact you in any way, having established a set of standards and good practices aimed at implementing the obligations contained in the diplomas identified above and, as such, defending the rights of the holders of the personal data it processes.
Also included were transitional rules that include the processing of personal data in an exceptional phase of the COVID 19 pandemic, and that will be in force as long as the respective need lasts.
This has led to the implementation of internal rules and procedures that have been established and approved in this PRIVACY AND DATA PROTECTION POLICY, which are in force as of this date.
Cânhamor Lda. will keep up to date the principles and good practices contained in this PRIVACY AND DATA PROTECTION POLICY, reserving the right to change it whenever necessary.
- What is Personal Data
Personal data is information, of any nature and regardless of its medium, including sound and image, relating to an identified or identifiable natural person. The person who can be identified directly and indirectly, including by reference to an identification number or to one or more specific elements of his physical, physiological, psychological, economic, cultural or social identity, shall be considered identifiable. Personal data collected and processed may be:
Basic data – information about customers that allow their identification, such as name, address, telephone number, e-mail address, subscribed services.
Traffic Data – information on the use of communication services, such as: destination and origin numbers of calls made, date and time of each communication, duration of each communication.
Location Data – information about the geographical reference of the mobile terminal equipment at a given time or during the use of the services.
- Responsible for the Collection and Processing of Personal Data
Cânhamor, Lda. is responsible for the collection and processing of Customers’ personal data, pursuant to paragraph 7 of article 4 of the GDPR, and it is up to the latter to decide in the context of the provision of Services to the Customer, which personal data collected, the means of processing the data and the purposes for which they are used, which are identified in the following paragraph.
- Purpose of Data Collection
The personal data collected by Cânhamor Lda., during the conclusion and execution of the contract are intended for: administrative management of customers, billing and collection of services, marketing of products of the company or group companies and, in contracts involving the subscription of telecommunications services, Traffic/location data retention, order management of Law 32/2008 of 17 July. The use of your personal data for other purposes always requires your prior express consent.
- Responsibility for Data Communicated to Third Parties
Cânhamor Lda. may, in the exercise of its activity and within the scope of the services it provides, subcontract third parties for the pursuit of the purposes described above, which may imply access by these entities to personal data of their Customers. When and if this happens Cânhamor Lda. takes the appropriate measures, organisational and human at this level.
Third Parties subcontracted by Cânhamor Lda. are obliged, under the terms legally provided, as well as under a previously signed agreement (with the Third Parties), to implement technical and organisational measures appropriate to the protection of personal data against destruction, accidental or unlawful, dissemination, modification, disclosure, unauthorised access and against any other form of unlawful treatment, as well as being bound by special duties of professional secrecy and confidentiality.
Outside the scope described above, Cânhamor Lda. will only transmit the personal data of its Customers to Third Parties, when:
- is obliged to do so by law and only to the strict extent of its obligations;
- In cases where the Law expressly allows it, if the Customer expressly and specifically authorises such transmission and is duly informed, in writing, about the recipients of the personal data and the purposes of the data transmitted.
In order to provide some features and provide a high level of service, Cânhamor Lda. may share user data with third parties.
In any case Cânhamor Lda. remains responsible for the personal data provided by the Customers.
The provision of certain services by Cânhamor Lda. may imply the transfer of personal data outside Portugal. In these cases, the company declares that it will strictly and rigorously comply with the determination of the suitability of the country of destination of the information with regard to the protection of personal data and the requirements applicable to such transfers, under the legally provided terms.
- Processing of Personal Data for Specific Purposes
Cânhamor Lda. only processes the traffic and location data of the Customer strictly necessary for billing and collection of the Services provided, proceeding to the storage and conservation of the same for the time necessary to fulfil such purpose. The aforementioned personal data will not be communicated to Third Parties by Cânhamor Lda., except as expressly provided for in Law 32/2008, 17 July 2008, which regulates the retention and transmission of traffic and location data relating to natural persons and legal persons, and related data necessary to identify the subscriber or registered user for the purpose of investigation, detection and prosecution of serious crimes by the competent authorities.
- Conditions for Collection of Personal Data
Cânhamor Lda. only collects and processes the personal data of Customers with the express consent of those, in accordance with each of the specific purposes of the processing in question, under the terms provided for in the Personal Data Protection Law. The consent given by the Customers may be withdrawn by them at any time, free of charge. There are, however, personal data that are indispensable to the provision of the Services by Cânhamor Lda. (mandatory data) Customers are duly and in advance informed of this same need and the consequences of not providing such data. If the personal data, considered indispensable, are not provided by the Customers or prove insufficient, incorrect or outdated, Cânhamor Lda. May not provide the Service(s) subscribed (s), assuming the Customers in this case full and exclusive responsibility for the insufficiency or inaccuracy of the data transmitted.
- Period of Retention of Personal Data
Cânhamor Lda. will only keep the Clients’ personal data for the period of time strictly necessary to allow:
- the provision of the service(s) (s);
- compliance with the legal obligations to which Cânhamor Lda. is attached;
- the pursuit of the purposes of collection and/or processing;
- The exercise of the rights of Customers and the fulfilment of the corresponding obligations. In cases where the National Commission for the Protection of Personal Data (CNPD) authorises the retention of Customers’ personal data for periods longer than the term of the service contract, taking into account the specific purpose of the processing concerned, the Customer shall be duly informed of this purpose and the storage period in question. After the period of storage/ storage, in the terms set out above, the personal data of the Customers will be permanently deleted by Cânhamor Lda.
- Customers’ rights regarding their personal data
In accordance with the provisions of the Law on the Protection of Personal Data, the Customer is guaranteed the right to access, correct, update and delete his personal data free of charge. In any of the cases provided above, the Customer may exercise his legitimate rights by sending written communication to the email contact indicated below.
- Unsolicited electronic communications for direct marketing purposes
The contact details of the Customer, who is a natural person, may be used by Cânhamor Lda. if this expressly authorises it in the Service Order Form (Subscription Form) in direct marketing actions and promotion of services provided by itself, pursuant to article 13 of Law 41/2004, August 18, in the version conferred by Law 46/2012, August 29. If the Client is a legal person, Cânhamor Lda. may send unsolicited communications for direct marketing purposes regarding goods and services provided by itself or by a company of the same Group, unless the Customer expressly refuses to receive such communications in the future and subscribes to the national list of legal entities that expressly oppose-if the receipt of unsolicited communications for direct marketing purposes that is the responsibility of the General Directorate of Consumer (DGC) keep updated. In any of the aforementioned cases, the Customer shall have the right to expressly and free of charge, via e-mail, to be sent by Cânhamor Lda. electronic communications for direct marketing purposes, sending written communication of this content to the email contact indicated below.
- Data from Cookies
- Strictly necessary (essential) cookies: allow you to navigate the website and use its applications, as well as access to secure areas of the website. Without these cookies, the Service(s) subscribed(s) (s) by the Customer cannot be provided. Some cookies are essential to access specific areas of the Cânhamor Lda..
- Analytical cookies: performance cookies to find out which pages are most popular, which link between pages is most effective or why some pages are receiving error messages. These cookies are used only for the purpose of creation and statistical analysis, without ever collecting personal information.
- Functionality cookies: store the user’s preferences regarding the use of the website, so that it is not necessary to re-configure the website each time you visit it.
- Third Party Cookies: measure the success of applications and the effectiveness of third party advertising.
Cookies can be either:
Permanent: they are stored, for variable time, at the level of the internet browser (browser) on their access devices and are used whenever the user makes a new visit to the website. Usually, they are used to direct navigation according to the interests of the user, allowing us to provide a more personalised service.
- Security Measures for the Protection of Personal Data
In its organisational structure, Cânhamor Lda. has a Data Protection Officer – “Data Protection Officer” – which assumes responsibility for the implementation and compliance with applicable legal and regulatory rules on the processing of personal data and which is responsible in particular for the maintenance and development of the Security Policy, Confidentiality, Confidentiality and Protection of personal data.
- Procedural and Technical Security Measures
Cânhamor Lda. applies the necessary technical and organisational measures to ensure that, by default, only personal data of Customers will be processed for each specific purpose of processing, which are reviewed and updated periodically by the responsible department. Cânhamor Lda. has also implemented sufficient, necessary and appropriate technical, physical, organisational and security measures to protect personal data against accidental or unlawful destruction, accidental loss, alteration, disclosure, unauthorised access and against any other form of unlawful treatment. This way, Cânhamor Lda. adopted different security mechanisms and procedures, following the best practices in terms of information security in the systems that support the services it provides and that store the procedural data of the Clients, including the use of firewalls and intrusion detection systems, the existence of restricted access – physical and logical – the registration of operations (logging) and its monitoring and audit, the collection and transmission of personal data through secure means. The personal data collected by Cânhamor Lda. are securely stored in the company’s own datacenter or under its management, covered by all physical and logical security measures essential to the protection of personal data. Whenever it is necessary to communicate personal data of its Customers to Third Parties, Cânhamor Lda. shall be responsible for the personal data concerned and ensure that:
- the sharing of personal information complies with the legal rules in force;
- the transmission is carried out securely, in particular through the use of encryption protocols and;
- Third parties are contractually obliged to comply with confidentiality and confidentiality obligations and to ensure the security of personal data communicated to them for this purpose, and cannot use such data for any other purposes, for their own benefit or third parties, or correlate them with other data that is available.
- Personal Data collected by the Customer and recorded on its platforms
If Cânhamor Lda. within the scope of the contracted services, carry out any of the operations that integrate the legal concept of “Processing of Personal Data” (as defined in the Data Protection Legislation) on behalf of and for the Customer, the parties hereby determine that their intention is that the Customer be the Controller and Cânhamor Lda. the mere Processor and that, in any case, each party must comply with its respective obligations under the Data Protection Legislation in relation to any Personal Data that comes into the recipient’s possession. Without prejudice to the preceding subparagraph:
- Cânhamor Lda. process Customer Data that compose personal data (“Customer Personal Data”) only in accordance with the terms of the Contract and any legal instructions reasonably given by the Customer;
- each party shall take appropriate technical and organisational measures against the unauthorised or unlawful processing of the Customer’s Personal Data or its loss, destruction or accidental damage;
- taking into account the nature of the Services, Cânhamor Lda. support the Customer through appropriate technical and organisational measures, to the extent possible, to enable him to fulfil his obligations relating to the exercise of rights enshrined in the Act to the holders of Personal Data which the Customer is responsible for controlling;
- Cânhamor Lda. will not transfer Customer Personal Data outside the European Economic Area without Customer’s prior written approval;
- the Customer must ensure that it is the holder of the right to transfer its Personal Data to Cânhamor Lda. so that it can legally process them in accordance with the contract between the two parties;
- Cânhamor Lda. will keep a record of any processing of the Customer’s Personal Data carried out in the course of the Services, together with records of compliance with its legal obligations with respect to the Protection of Personal Data.
In cases where the contract results for Cânhamor Lda. the obligations described above will provide the Customer with appropriate cooperation and assistance in relation to the Customer’s obligations in accordance with the Data Protection Legislation in relation to the Customer’s Personal Data, considering the nature of the Services and the information made available to Cânhamor Lda. including:
- any request made by a data subject to have access to the Customer’s Personal Data relating to that person;
- the Customer’s obligations to report a security breach to regulators and data subjects and in the Customer’s dealings with Regulators;
- provide Customer and regulators with all information and assistance necessary to demonstrate that the Services comply with Data Protection Legislation.
The cost of the cooperation and assistance referred to above is the responsibility of the Customer, unless such cooperation and assistance relate directly to the violation of Cânhamor Lda. of its obligations in the Contract, in which case such cooperation and assistance will be in charge of Cânhamor Lda.
If Cânhamor Lda. takes notice of any unauthorised or unlawful processing of any Customer Personal Data or that such data is lost or destroyed or is damaged, corrupted or unusable, Cânhamor Lda. shall within a reasonable period of becoming aware of such facts notify the Customer.
Ownership of Customer Data and all related Intellectual Property Rights are the property of the Customer.
For more information on how Cânhamor Lda. processes your Customers’ personal data or to clarify any doubts, file a complaint or leave comments on matters relating to Privacy and Personal Data Protection, you should send your communications to:
Address: Cerca do Carepetal, Estrada Nacional 1, S/N, Colos
Or by e-mail: email@example.com