In the scope of the Personal Data Protection System, EPOLI tries to guarantee normative conformity and demonstration or evidence of institutional responsibility in matters of data protection, implementing all technical and organisational measures required to comply with the legal data protection regime in force.
«Personal data», information about an individual person identified or identifiable («data holder»); an individual person is deemed identifiable if they may be identified, directly or indirectly, especially by reference to an identifier. Personal identifiers are deemed to be, for example, a name, identification number, location data, digital identifiers or one or more specific elements of physical, physiological, genetic, mental, economic, cultural or social identity of that individual person.
«Treatment of Personal data»
«Treatment», an operation or set of operations carried out on personal data or sets of personal data, by automated or non-automated means, such as collection, record, organisation, structuring, preservation, adaptation or alteration, recovery, consult, use, divulgation by transmission, diffusion or any other form of making available, comparison or interconnection, limitation, deletion or destruction.
Entity Responsible for Treatment
EPOLI, with main office in Alvarelhos, Trofa, registered in the Commercial Registration Office of Vila do Conde, under registration and legal person number 502 689 536, with a share capital of € 400,000.00, hereinafter called EPOLI, is the entity responsible for the www.epoli.pt site and the non-automated or automated treatment operations and computerised applications, hereinafter called channels or applications, through which Users, Receivers of the Service or Clients have direct or remote access to the services and products of EPOLI presented, marketed or provided thereby, at any moment.
Contacts of the Data Treatment Officer
For purposes of contacting the Data Protection Office of EPOLI, please send an e-mail to firstname.lastname@example.org, describing the subject of the request and providing an e-mail address, a telephone contact or a postal address.
Collection and Treatment of Personal Data
EPOLI treats the personal data strictly required to make available the information and operation of its channels, in accordance with the uses made by Users, Receivers of the Service or Clients.
For that much, EPOLI collects said personal data:
*directly from Users or Receivers, who provide them for purposes of recording requests or obtaining information;
*directly from Clients for purposes of signing up to those channels or through the use of services provided by EPOLI, such as accesses, consults, instructions, transactions and other records concerning their use.
Especially, use or activation of certain functionalities of channels may entail treatment of several direct or indirect personal identifiers, such as name, residence address, contacts, addresses of devices or geographic location, whenever there is express consent from the User, Receiver do Service or Client.
The personal data collected by EPOLI are given computerised treatment, in certain cases automated, including processing of files or definition of profiles and in the scope of management of the pre-contractual, contractual or post-contractual relation with Users, Receivers of the Service or Clients, in the terms of the national and European standards in force.
Categories of Personal Data Treated
Categories or types of personal data that are the object of treatment may be, among others that prove necessary and are legitimately collected: full name, tax payer number, civil identification number, marital status, sex, birth date, birth place, address(es), place(s), postcode(s), country, country prefix, telephone contacts, e-mail addresses, name of employer company. If there is treatment of other personal data, the identifiers will be listed in the respective instrument of collection or treatment of those data.
All data treatment operations observe the fundamental Legal Principles in the scope of data protection and privacy, namely as far as circulation, lawfulness, loyalty, transparency, aim, minimisation, preservation, accuracy, integrity and confidentiality, EPOLI remaining available to demonstrate their responsibility to the data holder or any other third-party entity that has a legitimate interest in this matter.
Grounds for Legitimacy
All data treatment operations carried out by EPOLI are based on legitimacy, namely, consent by the holder, need to execute a contract or pre-contractual diligences with the data holder, as well as need to comply fulfil a legal obligation or legitimate interests pursued by EPOLI or by third parties.
Aim of Treatment
All personal data treated in the scope of the EPOLI channels are exclusively meant to make information available to Users, management of personal information on Receivers of the Service deemed necessary for purposes of managing the relation or communication, as well as provision of the services hired by Clients and, in general, managing the pre-contractual, contractual or post-contractual relation with Users or Clients.
The personal data collected may also and eventually be the object of treatment for statistical purposes, divulgation of information or promotional actions and commercial or marketing actions, namely to promote actions of divulgation of new functionalities or new products and services, through direct communication, by mail, e-mail, text messages or phone calls or any other communications service.
Prior information and collection of express authorisation for these latter aims being always ensured, Users or Clients may, at any moment, exert their right of objection to the use of their personal data for others aims beyond management of the contractual relation, namely for purposes of marketing, to send informative communications or for inclusion in informative lists or services; for that they must send a written request addressed to the Data Protection Officer of EPOLI, in accordance with the procedures listed below.
Data Preservation Times
The personal data will be the object of preservation only for the period required for the aims that led to their collection or later treatment, observance of all legal standards applicable in matters of archiving being ensured.
Communication of Data to Other Entities
EPOLI making available information or providing services to their Users, Receivers of services or Clients through channels may eventually entail using services of subcontracted third-party entities, including entities established outside the European Union, to provide certain services, which may entail access, by said entities, to personal data of Users or Clients.
In these circumstances and whenever needed, EPOLI shall use only subcontracted entities that provide sufficient guarantees of executing the technical and organisational measures adequate for treatment to meet the requisites of the applicable standards, said guarantees being formalised in a contract signed between EPOLI and each of those third-party entities.
Receivers of Data
Except for the fulfilment of legal obligations, in no case will there be communication of personal data of Users, Receivers of the Service or Clients to third-party entities other than subcontracted entities or legitimate receivers; no any other communication will be made for other purposes than those mentioned above.
International Data Transfers
Any transfer of personal data to a third country or international organisation will be done only in the context of fulfilment of legal obligations or guaranteeing conformity with the European and national legal standards applicable in that matter.
Taking into account the most advanced techniques, costs of application and nature, scope, context and purposes of treatment, as well as the risks, probability and variable seriousness, for Users, Receivers of the Service or Clients, EPOLI and all entities subcontracted thereby apply the technical and organisational measures adequate to ensure a level of safety adequate to the risk.
For that purpose, several safety measures are taken, in order to protect personal data against diffusion, loss, undue use, alteration, treatment or unauthorised access, as well as against any other form of unlawful treatment.
It is the exclusive responsibility of Users, Receivers of the Service or Clients to keep in secret the access codes, not sharing them with third parties; they must also, in the particular case of IT applications used to access the channels, keep and preserve access devices in safety conditions and follow the safety practices advised by manufacturers and/or operators, namely as far as installation and update of necessary safety applications, such as, among others, antivirus applications.
In case of need to subcontract services to third-party entities that may have access to the personal data of Users, Receivers of the Service or Clients, the subcontractors of EPOLI will be bound to follow the safety measures and protocols regarding organisation and the technical measures required to protect the confidentiality and safety of personal data, and to prevent unauthorised accesses, loss or destruction of personal data.
Exertion of Rights of Holders of Personal Data
Users, Receivers of the Service and Clients of EPOLI may, as holders of personal data, at any moment, exert their rights to data protection and privacy, namely rights of access, rectification, deletion, portability, limitation or objection to treatment, in the terms and with the limitations provided in the applicable standards.
Any request to exert data protection and privacy rights must be addressed in writing by the respective holder to the Data Protection Officer, in accordance with the procedure and contact described below.
Claims or Suggestions and Communication of Incidents
Users, Receivers of the Service and Clients of EPOLI are entitled to submit claims to the regulatory authorities and to make suggestions by e-mail sent to the Data Protection Officer.
Communication of Incidents
EPOLI has implemented an incident management system in the scope of data protection, privacy and safety of information.
If any User, Receiver of the service or Client wishes to communicate the occurrence of any situation of violation of personal data that accidentally or unlawfully causes destruction, loss, alteration, divulgation or unauthorised access to personal data transmitted, stored or subject to any other type of treatment, they may contact the Data Protection Officer.
Express Consent and Acceptance
Free, specific and informed provision of personal data by the respective holder entails knowledge and acceptance of this Policy and amounts to express authorisation to treatment thereof, in accordance with the rules defined.
Data Protection Officer
To exert any type of data protection, privacy or safety of information rights or any matter regarding the terms of data protection, privacy and safety of information, Users, Receivers of the Service and Clients of EPOLI may contact the data protection officer by e-mail at email@example.com, describing the subject of the request and providing an e-mail address, telephone contact or postal address to reply.