ITSECTOR – SISTEMAS DE INFORMAÇÃO, S.A., traded corporation, with its head office in Rua José Falcão, no. 151, 1º/2º, 4050-317 Porto, registered in the Conservatory of the Commercial Registry of Porto, under the no. 507291727, with the share capital of 500.000 Euros, intends, by providing and complying with the present Policy Privacy, to correspond to the Regulation guidelines (UE) 2016/679, of the European Parliament and of the Council of the 27TH of April of 2016- General Regulation on the Protection of Personal Data, and also to the assortment of the Portuguese laws which regulates the theme of the protection of personal data.
ITSector ensures that the data which is processed is:
The processing of data by ITSector is legal when at least one of the following situations is complied:
ITSector undertakes to ensure that the processing of Personal Data is only done in the conditions listed above and with respect to the principals mentioned above.
When the processing of Personal Data is done by ITSector, based on the Holder’s consent, he has the right to withdraw his consent at any time. The consent withdrawal, nevertheless, doesn’t comprise the lawfulness of the processing done by ITSector, based on the Holder’s previous consent.
ITSector collects and processes Personal Data with the following aims:
The personal data collected by ITSector isn’t shared with third parties without their consent, except in the situations mentioned below. Although, in case the holder contracts ITSector’s services that are provided by other entities which are responsible for processing personal data (example, nutritional consultation), the data may be consulted or accessed by these entities, as far as it’s necessary to the referred services.
In the applicable legal terms, ITSector can transmit or communicate Personal Data to other entities in case it’s necessary for the contract execution established between the Holder and ITSector, or for pre-contractual diligences requested by the holder, if it’s needed for any legal requirement which ITSector is submitted to or if it’s necessary to pursuit ITSector’s or third party’s legitimate interests (for example, in case of sale or transmission of part or the all of ITSector, or of their assets amongst detained entities by or related to ITSector).
In the scope of concluding work contracts, service provision contracts in which he intervenes as a Supplier or Client, as well as in supplying of goods contracts where he’s a Client, and in his duty performance in general, ITSector may require different entities to make personal data available, in other words, information provided that allows ITSector to identify and/or contact and that can be processed for that purpose. As a rule, Personal Data is requested when submitting applications, or contract handling, of both work, supplying of goods or service provision.
ITSector can collect data directly from the Holder, through partner entities or third parties.
Personal Data gathered may vary according to the reason which originates its collection. In the same way, the processing will also vary depending on the purpose of its destination, as well as the period pf data preservation, which in any case, won’t exceed the maximum limit of 12 (twelve) years. In each case, ITSector will inform the purpose of the data that is collected.
ITSector provides detailed information about the nature of the data collected and its purpose, as well as the processing and the information mentioned in point 7 and the following, when collecting personal data.
These subcontracted entities cannot transmit Personal Data to other entities or contract other entities without ITSector’s prior written authorization.
ITSector assumes the commitment to subcontract only the entities which present sufficient guarantees in executing appropriate technical and organizational measures, to ensure the Holder’s defence of rights.
On the other hand, ITSector uses the service of subcontracted people, in the development of some specific projects. ITSector assumes to regulate and communicate to those people, the object and the length of the process, the nature and purpose of the processing, the type of personal data, the categories of the holders given and the rights and duties of those parts.
When collecting personal data, ITSector provides the Holder with information about the categories of the subcontracted entities that, in the actual case, may process data in ITSector’s name.
To ensure personal data safety and the maximum confidentiality, we process the information that is provided to us in an absolute confidential manner, in accordance to our policies and internal safety and confidentiality procedures, which are periodically updated according to the needs, as well as in accordance to the terms and conditions legally foreseen.
According to the nature, of the scope, the context and its purposes in processing data, as well as the resulting risks for the Holder’s rights and freedom, ITSector undertakes to apply, the necessary and adequate technical and organizational measures to protect personal data and fulfil the legal requirements. It also commits to ensure that, by default, only the data which is necessary is processed for each specific purpose and that this data isn’t available to an undetermined number of people without
Regarding general measures, ITSector takes the following:
In certain types of processing, personal data, collected by ITSector may be made available to third parties, that can involve its transfer out of the European Union. In this case, ITSector undertakes to ensure that the transfer follows the applicable laws, namely in determining the adequacy of the country in relation to the protection of personal data and the applicable requirements of such transfers.
In the applicable legal terms, ITSector has the duty to ensure and promote the personal data holders’ rights which was collected and processed by ITSector. Below are the rights:
Information provided to the Holder by ITSector (when the data is collected directly from the Holder):
In the case the data isn’t collected directly by ITSector regarding the Holder, besides the information mentioned above, the Holder is additionally informed about the categories of personal data under processing and, as well as, in regard to the origin of the data, and eventually, if it’s originated of publicly accessible sources.
In the event of ITSector intending to proceed to further Personal Data processing to a purpose that the data wasn’t collected for, before this process, ITSector will provide the Holder with information about this purpose and any other relevant information, in the terms, mentioned above.
In order to ensure the full enjoyment of the right to information, ITSector has implemented the mechanisms (technological and procedural) to provide information before collecting personal data.
ITSector guarantees the means that allow access, by the Holder, to his Personal Data.
The Holder has the right to obtain from ITSector the confirmation that the personal data which concerns him are or not object to processing and , in this case e, the right to access his personal data and the following information:
Upon request, ITSector provides the Holder, without charge, a copy of his Personal Data which is in the processing stage. The provision of other requested copies may entail administrative costs.
The Holder has the right to request, at any time, the correction of his Personal Data, as well as the right to add data which is incomplete, included by an additional statement.
In case of correcting any data, ITSector informs each recipient whose data was transmitted and the related corrections, unless the communication is impossible or implies ITSector with a disproportionate effort. If the Holder asks, ITSector provides information about the referred recipients;
The Holder has the right to obtain from ITSector, the deletion of his personal data when one of the following reasons is implied:
In the event of deleting data, ITSector informs each recipient/entity to whom is concerned the respective deletion, unless such communication is impossible or implies a disproportionate effort in behalf of ITSector. If the Holder asks, ITSector provides information about the recipients referred.
When ITSector has made the Personal Data public and is obliged to delete it under the right of deletion, ITSector ensures to take the necessary measures, including in technical nature, considering the technology available and the costs implicated, to inform the people responsible for the processing of Personal Data which the Holder asked to delete, as well as copies or reproductions.
The Holder has the right to obtain from ITSector, the limitation of Personal Data, if one of the situations is applied (the limitation consists on marking the personal data that is preserved with the goal of limiting its processing in the future):
The Holder has the right to receive personal data which concerns him and that he has provided ITSector, in a structured way, of current use and automatic Reading, and the right to transmit this data to another person responsible for its processing, if:
The Holder has the right to oppose at any time, in particular related reasons, the processing of personal data which concerns him that is based on the legitimate interests maintained by ITSector or when the processing is intended for purposes which the data collected wasn’t for, including profile settings, or when the data is processed for statistical purposes.
ITSector will cease Personal Data processing, unless legitimate and compelling reasons are presented prevail over the Holder’s interests, rights or freedom, or for the purpose of declaring, exercising or in defence of ITSector’s rights in a judicial process.
When the personal data is processed for direct commercialization (marketing), the Holder has the right to oppose at any time, the processing of personal data which concerns him for all intents and purposes of the referred marketing that covers profile settings which is related to direct commercialization. In the event of the Holder opposing to the processing of his data for marketing reasons, ITSector ends the processing of that purpose.
The Holder also has the right to not be submitted to any decision made, exclusively based on automatic processing, including profile settings, that produce effects in his judicial sphere or that significantly affect him in any similar way, unless the decision:
The Holder has the right, at anytime, to withdraw the consent of processing his Personal Data.
However, note that any consent withdrawal doesn’t damage the lawfulness of the processing conducted, based on the previous given consent.
The Personal Data Holder has the right to be informed of any violation to his rights, without delay.
Such violations may consist, namely, in improper accessing of Personal Data, Personal Data processing for different purposes to which was given consent or that is legally admissible, safety breaches in the systems where the data is saved, or Personal Data deletion.
Note that, in legal terms, this communication isn’t required in the following points:
The Personal Data Holder has the right to make a complaint to a National Supervisory Authority, or, eventually, to a Judicial Authority, if he considers there was violation of his rights as a Personal Data Holder.
The right of access, rectification, deletion, limitation, portability and the right to oppose may be exercised by the Holder by contacting ITSector, or through the email firstname.lastname@example.org
ITSector will reply in writing (including electronic means) to the Holder’s request in the maximum of a month upon receiving the request, except in especial or complex cases, which the period can be extended until two months.
If the Holder’s requests are unfounded or excessive, particularly due to its repetitiveness, ITSector reserves the right to charge administrative costs or to refuse to follow-up the request.
Each time the Holder participates in an event promoted by ITSector, namely parties, sport activities or any other, and without prejudice to the right of honour, intimacy and own image, as well as the applicable law that ITSector is obliged, it’s considered that the processing and collection of the Holder’s image is legal, as they correspond to a legitimate interest of commercial disclosure sustained by ITSector (the Holder’s image may be collected, according to normal use, in the scope of marketing activities, promotion and team building, including photos, images and sound), if the Holder has given his consent.
Also within the legitimate interest of commercial disclosure, ITSector may use this data in photos or videos that are shown in its own means of communication, namely on Internet pages, Facebook pages or other social media, projectors and LCD’s installed in ITSector’s facilities, etc. The Holder has the right to oppose using his image in the legal terms applied and to ask ITSector to remove his images from its communication means.
In case he doesn’t consent ITSector using his image, the Holder cannot participate in any events referred above, since ITSector cannot ensure that the Holder’s image isn’t collected.