The protection of privacy and personal data is a fundamental commitment to Constálica SA, based on the following principles for its treatment:
- The treatment of personal data is carried out in a lawful, faithful and transparent manner;
- The respective data collection is performed only for properly specified, explicit and legitimate purposes, in accordance with the applicable legislation;
- The collected data is limited to what is strictly necessary and for the time necessary for the purposes for which it are treated;
- Only the employees, collaborators and partners of Constálica whose duties so require have access to treated personal data;
- Personal data is treated as confidential.
A. Personal Data
According to the General Data Protection Regulation, i.e. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter referred to as “GDPR”) - personal data is any information of any nature and in any medium concerning an identified or identifiable natural person (“data subject”). A natural person is considered identifiable if he/she can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, electronic identifiers or one or more specific elements of physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
B. Responsibility for the Treatment
The company part of Constálica to which the data subjects are related is responsible for the personal data treatment.
C. Conditions for the Treatment
Constálica will only treat personal data if one of the conditions laid down in the abovementioned European regulation is met, namely:
- If the data subject has given his/her consent to the treatment of his/her personal data;
- If the treatment of personal data is necessary for the execution of a contract in which the data subject is a party or for pre-contractual proceedings requested by the data subject;
- If the treatment is necessary for compliance with a legal obligation to which Constálica is subject;
- If the treatment is necessary to guarantee the legitimate interests of Constálica.
When his/her prior and express consent (either in writing, orally or through the validation of an option) is obtained and if such consent is wilful, informed, specific and unambiguous. Examples of this are the consent for Constálica to examine job applications or to validate specific qualification and training certificates;
EXECUTION OF A CONTRACT AND PRE-CONTRACTUAL ARRANGEMENTS
Whenever the treatment of personal data is necessary for the execution, implementation and management of the contract executed with us, e.g. for the preparation of proposals or quotes, for the management of contacts, information and requests, for the management of invoicing, collection and payments;
COMPLIANCE WITH THE LEGAL OBLIGATION
Whenever the treatment of personal data is necessary to fulfil a legal obligation to which Constálica is subject, e.g. the communication of identification data to police, legal, fiscal or regulatory authorities;
Whenever the treatment of personal data is in the legitimate interest of Constálica or third parties and whenever our reasons for its use should prevail over the data protection rights;
D. Storage Period for Personal Data
In compliance with the abovementioned principles, the personal data processed by Constálica shall be stored for as long as strictly necessary for the purposes for which it was collected. The determination of these terms is based on criteria for the retention of information that is defined and appropriate to each treatment and respects the legal and regulatory obligations to which the company is subject.
E. Rights of the Holders of Personal Data
Constálica ensures that the data subject may exercise the rights conferred to him/her by the GDPR on data protection, namely:
- RIGHT OF ACCESS TO PERSONAL DATA (the data subject may obtain confirmation on whether his/her personal data is treated and access information on it);
- RIGHT TO CORRECT (the data subject may request its correction or completion);
- RIGHT TO ERASURE (the data subject may require that his/her personal data be erased) in the following situations:
i. if the personal data is no longer necessary for the purpose for which it was collected or treated;
ii. if the consent on which the data treatment is based is withdrawn and there is no other legal basis for it;
iii. if the data subject objects to the processing and there are no overlapping legitimate interests;
iv. if the personal data has been unlawfully treated;
v. if the personal data has to be erased as a result of a legal obligation;
- RIGHT TO THE LIMITATION OF TREATMENT (the data subject has the right to request the limitation of treatment) when:
i. the data subject disputes its accuracy for a period which allows the verification of its accuracy;
ii. the data subject considers that the treatment is unlawful;
iii. the data is no longer necessary for processing purposes, but such data is necessary for a declaration, exercise or defence of a right in a judicial proceeding;
- RIGHT TO DATA PORTABILITY (when the treatment is based on the consent or the execution of a contract and is carried out by automated means, the data subject may request the delivery in a structured format of current use and which may allow automatic reading of personal data which concerns him/her and which he/she has provided, and may also request that the personal data be transmitted to another person responsible for the treatment, provided that this is technically possible);
- RIGHT OF OPPOSITION (the data subject has the right to object to the processing) at any time when:
i. there is no prevailing legitimate interest by the one responsible for the treatment;
ii. the treatment is carried out for purposes other than those for which the data was collected;
- RIGHT NOT TO BE SUBJECT TO EXCLUSIVELY AUTOMATED INDIVIDUAL DECISIONS (in certain situations, the data subject has the right to request human intervention when decisions are made based on exclusively automated treatment);
- RIGHT TO WITHDRAW HIS/HER CONSENT (the data subject has the right to withdraw the consent he/she has given to the treatment of his/her personal data);
- RIGHT TO COMPLAIN TO THE NATIONAL DATA PROTECTION AUTHORITY (on any matters relating to the treatment of his/her personal data).
If you intend to exercise any of the rights referred to above or to clarify any issues relating the protection of privacy and your personal data by Constálica, the contact may be made by letter addressed to the company headquarters, to the Permanent Committee on the GDPR or by e-mail sent to firstname.lastname@example.org.
F. Safety Measures
Constálica have at their disposal safety, technical and organisational measures that ensure the protection of personal data against security breaches ('violation of personal data': violation of the safety that causes, accidentally or unlawfully, non-unauthorised destruction, loss, alteration, disclosure or access to personal data transmitted, stored or subject to any other type of treatment), and against any other accidental or unlawful treatment.
The commitment which was undertaken by Constálica on the protection of personal data also implies that, whenever personal data is transmitted to other entities, these are obliged to adopt technical and organisational measures to ensure the same level of protection.
Constálica will carry out an impact assessment whenever data processing is likely to jeopardise the fundamental rights and freedoms of natural persons. Whenever we do this, we commit to comply with the European community and national guidelines on this issue, such as GDPR (EU) 2016/679 and the National Data Protection Commission guidelines.
G. Communication of Personal Data To Third Parties
In the exercise of their activities, the companies part of Constálica may have to communicate or give access to treated personal data under their responsibility to other entities, always ensuring that they present technical and organisational measures that adequately protect personal data.
Personal data will only be accessed or shared with the following entities:
- Companies part of Constálica;
- Subcontracting entities that render services to the company in matters such as IT support, document management, legal support, human resources;
- Clients of companies part of Constálica or representatives designated by them;
- Public authorities (e.g. the Tax and Customs Authority).
Constálica may have to transfer personal data to another country outside the European Union which is not part of the list of countries that the EU has already considered to have adequate levels of personal data protection. In such cases, Constálica will ensure that data transfers are carried out in strict compliance with the applicable legal regulations.
H. Additional Information
The data subject may request information or clarification on the treatment carried out by any company part of Constálica to his/her personal data sending it to the e-mail address email@example.com.
This document can be changed at any time. In this case, the changes will be duly announced and disclosed by the institutional communication media routinely used by Constálica.
Cookies are designed to collect information through the browser, retaining information related to the visitant preferences.
What kind of cookies exist?
Cookies help to manage the utility, interest and the number of utilization of websites, allowing for a quicker and faster navigation, and eliminating the need of giving again the same information.
How do me manage cookies?
There are two groups of cookies that can be used:
- Permanent cookies: these are cookies that are stored at the browser level on access devices and are used whenever you visit the site again;
- Session cookies: these are temporary cookies that remain in the browser’s cookie file until you leave the website: the information obtained by these cookies serves to analyze traffic patterns on the web, allowing the identification of problems in order to provide, at the moment, a better browsing experience;
- Strictly necessary cookies:
Allow browsing the website and using application, as well as accessing secure areas of the website. If you do not accept these cookies we will not be able to provide the service in question.
- Statistical cookies:
They are used anonymously for the purposes of creating and analyzing statistics, in order to improve the functioning of the website.
- Functionality cookies:
They keep the user's preferences regarding the use of the website so that it is not necessary to use the website again each time it is set up.
Measure the success of applications and the effectiveness of third-party advertising
All browsers allow the user to accept, refuse or delete cookies, and also inform the user whenever a cookie is received.
The user can configure cookies in the "options" or "preferences". Note, however, that disabling cookies may prevent some web services.
Last updated: 25/08/2021