ACRelvas acts in strict compliance with the principles described in this policy, Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR), and applicable data protection legislation in all activities involving the processing of personal data for which it is responsible. ACRelvas processes personal data through various operational and technical means that support its business activities.
This Policy provides important information in the following areas:
- DATA CONTROLLER AND CONTACT
- SCOPE OF APPLICATION
- OUR COMMITMENT
- PERSONAL DATA COLLECTED BY AC RELVAS AND HOW IT IS COLLECTED
- PURPOSES FOR PROCESSING PERSONAL DATA
- LAWFUL BASIS FOR PROCESSING YOUR DATA
- PERIOD OF RETENTION OF PERSONAL DATA
- TRANSFER OF CUSTOMER’S PERSONAL DATA
1. DATA CONTROLLER AND CONTACT
The entity responsible for the processing of your personal data is Américo Coelho Relvas, Sucessores, S.A.
If you have any questions about the processing of your personal data, we will be available to assist you by phone at 22 747 02 80, by email at firstname.lastname@example.org, or by mail.
- To strengthen and consolidate the relationship of trust and closeness between ACRelvas and its customers, suppliers, and other interested parties.
- To demonstrate transparency in the processing of personal data carried out by ACRelvas.
- To inform customers, suppliers, and other interested parties about their rights as data subjects and how they can exercise them.
- To inform customers, suppliers, and other interested parties about the ACRelvas data controllers to whom they can request the exercise of their rights or seek clarification on how their personal data is processed.
3. SCOPE OF APPLICATION
- ACRelvas’ Website: Websites and social networks.
- Email, text messages, and other electronic messages: Electronic communications between customers, suppliers, other interested parties, and ACRelvas.
- Phone calls: Incoming and outgoing calls.
- Registration forms: Printed records and similar forms collected by ACRelvas.
4. OUR COMMITMENT
The protection of your personal data is a priority for ACRelvas. We commit to only process your personal data that is strictly necessary to provide you with the best services, ensuring transparency in the information and application of best practices in the field of security and personal data protection. When your personal data is processed by contracted entities, ACRelvas will require these entities to provide the same level of privacy and security guarantees regarding the protection of personal data. We aim to earn your trust and ensure that your personal data is secure with us, as we are committed to protecting your privacy and take our responsibilities regarding the protection of your personal data very seriously.
5. PERSONAL DATA COLLECTED BY ACRelvas AND HOW IT IS DONE
The General Data Protection Regulation establishes a broader definition of the concept of personal data. Personal data is any information, regardless of its nature and medium, capable of identifying an individual. Examples of categories of personal data processed by ACRelvas include:
Contact personal data: This includes any information that allows ACRelvas to contact you, such as name, postal address, email address, and telephone number.
Information about website usage/communications: When you browse through the websites, we use automated data collection technologies to gather certain information about user actions. This information is captured using automated technologies like cookies.
Image: Closed-circuit television (CCTV) systems are installed to ensure the security of our employees and all visitors.
Payment and financial information: This includes any information necessary to complete an order or for the customer to make a purchase, including taxpayer identification numbers (NIFs).
Job application analysis: This includes name, postal address, email address, telephone number/mobile number, date of birth, taxpayer identification number (NIF), and other data that may be mentioned in the Curriculum Vitae and the ACRelvas Spontaneous Application Registration Form.
Instances where we process your personal data: At ACRelvas, we process your personal data when you request a quote or information about our products/company and after-sales service, when you place an order, when you provide us with data to follow up on your requests, when you submit a spontaneous job application, or when you use our website. This processing can be done orally, in writing, or through our website.
6.PURPOSES OF PERSONAL DATA PROCESSING
ACRelvas ensures that your personal data is processed only for the purposes that have been communicated to you and will not be used for any other purpose. Therefore, we process your personal data to ensure the quality of the products/services we provide you with and to better meet your needs. Some of the purposes for which we may use your personal data include:
- Communication with customers, suppliers, and other stakeholders
- Clarification of doubts
- Processing of information requests
- Direct marketing communications (if you have consented to the processing of your personal data for this purpose)
- Requesting services/products
- Video surveillance
- Recruitment processes, in the case of spontaneous job applications
7. LEGAL BASIS FOR PROCESSING YOUR DATA
These are the circumstances that allow us to process your personal data:
- Your explicit consent, whether in writing or orally, for example, for direct marketing purposes, to receive emails or SMS messages from ACRelvas.
- Recruitment and personnel selection processes.
- The performance of a contract you entered into with ACRelvas, such as a contract for the purchase of products from ACRelvas, an employment contract, etc.
- Compliance with a legal obligation.
- ACRelvas’s legitimate interest, for example, arising from the collection of suggestions/complaints for the purpose of improving the quality of the service provided.
- ACRelvas is committed to treating your personal data in a way that ensures its confidentiality, security, and protection against unauthorized or unlawful processing, as well as its loss, destruction, or damage.
8. PERSONAL DATA RETENTION PERIOD
We only retain your personal data for the period strictly necessary to fulfill the above-identified purposes, within the legal limits. After the defined retention period, ACRelvas commits to delete, destroy, or anonymize your personal data.
In general, ACRelvas retains transaction data, as well as the corresponding supporting documents, for a period of 12 years, as defined by law. Spontaneous application data will be retained for a maximum period of 2 years, which extends to 5 years if they have been used in recruitment processes. Regarding video surveillance, we only retain your personal data for a period of 30 days, as required by law. Other data that does not fall within ACRelvas’ activities will be deleted upon confirmation of their misalignment. You can request additional information regarding the retention periods of your personal data by email at email@example.com, by phone at 22 747 02 80, or by mail.
9. TRANSFER OF CUSTOMER’S PERSONAL DATA
Whenever necessary, ACRelvas may transmit your personal data to third parties – ACRelvas’ partner companies, for example, transportation companies – solely for the purpose of executing a service that you have contracted, such as home delivery of a product; the temporary employment agency for issuing the contract and associated activities such as processing and payment of wages. Your personal data may also be disclosed, in compliance with the law, to government entities, such as the Tax Authority.
i) What are your rights regarding the protection of personal data, and how can you exercise them? Right of access to information: You can obtain confirmation of which personal data of yours is processed by ACRelvas, as well as information about the purposes of the processing or the retention periods of that data. Right of rectification: You can request the alteration of your personal data that is incorrect or incomplete. Right to erasure: You can request the erasure of your personal data, provided there are no legal obligations for its retention. Right to data portability: You can receive the personal data you have provided to us in a structured, commonly used, and machine-readable format. Right to object: You can object to or withdraw the consent you previously gave for the processing of your personal data. Right to restriction of processing: You can request the restriction of the processing of your personal data, in the form of: a) Suspension of processing; b) Limitation of the scope of processing to certain categories of data or processing purposes. You can exercise these rights in writing, by email at firstname.lastname@example.org, by phone at 22 747 02 80, or by mail. ACRelvas will carefully analyze the requests, evaluating their legitimacy and relevance, and will commit to providing a timely response. If necessary, the data subject can also submit a complaint to the National Data Protection Commission (CNPD).
Analysis cookies: These are cookies that, when properly treated by us or third parties, allow us to quantify the number of users and perform statistical analysis of how users use the service provided. We examine your navigation on our site with the aim of improving the provision of products or services that we offer you. Advertising cookies: These are cookies that, when properly treated by us or third parties, allow us to manage the offer of advertising spaces that exist on the site more effectively, analyzing your browsing habits and showing you advertising related to your browsing profile.
HOW DO WE PROTECT YOUR PERSONAL DATA?
ACRelvas has implemented a variety of information security measures aligned with the best national and international practices to protect your personal data, including technological controls, administrative, technical, physical measures, and procedures that ensure the protection of your personal data, preventing its misuse, unauthorized access, unauthorized disclosure, loss, unauthorized or inadvertent alteration, or unauthorized destruction. In terms of information security, we are committed to continuous improvement, which is reflected in our daily activities.
Among others, we highlight the following measures:
- Restricted access to your personal data;
- Secure storage and transmission of personal data
- Protection of information systems through devices that prevent unauthorized access to your personal data
- Implementation of mechanisms that ensure the integrity and quality of your personal data
- Regular monitoring of information systems to prevent, detect, and prevent the misuse of your personal data
- Redundancy of storage, processing, and communication equipment for personal data to avoid loss of availability.