Data Protection and Privacy Policy
AIM OF THE POLICY
CONTISYSTEMS has based its activity, from the moment it was founded, on the establishment of trust relationships with all its customers by delivering the products and services in a consistent as well as controlled manner and ensuring that the rights of the data subjects as well as their privacy are safeguarded in the handling of data and information.
CONTISYSTEMS has developed this Data Protection and Privacy Policy to set out its commitment to compliance with the main national as well as European legal provisions regarding this matter.
This Data Protection and Privacy Policy regulates the handling made by CONTISYSTEMS as the entity responsible for handling the personal data of the users collected within the scope of the use of the website and to protect its facilities, both the handling it carries out as subcontractors of personal data of the end customers of CONTISYSTEMS.
This Data Protection and Privacy Policy is also the commitment of CONTISYSTEMS, in the protection of personal data, and the guarantee that establishes a set of technical and organizational measures to ensure confidentiality and integrity in the handling of personal data.
ENTITY RESPONSIBLE FOR THE HANDLING
CONTISYSTEMS is the entity responsible for the handling of the personal data collected in its website and decides within this context which is the data that is gathered, what is the purpose of the handling as well as what are the handling methods. Establishing contact with CONTISYSTEMS can be done through one of the means indicated below:
DATA PROTECTION OFFICER
In order to comply with Regulation (UE) 2016/679 of the European Parliament and of the Council from April 27, 2016, as well as to follow other good practices and applicable legal requirements, CONTISYSTEMS has appointed a Data Protection Officer (DPO).
In short, the Data Protection Officer is responsible for:
- Informing and advising Management and the employees of CONTISYSTEMS regarding their obligations in relation to protection of the personal data they handle;
- Controlling the conformity of the internal practices with the Regulation as well as other applicable legal and regulatory requirements regarding data protection;
- Provide internal advice regarding impact assessments on data protection for new services or infrastructures or changes made to these;
- Cooperating with the control authority – in Portugal this authority is the National Data Protection Commission (NDPC);
- • Being a point of contact with NDPC for questions related to the handling of personal data or to consult NDPC.
The position of Data Protection Officer can be contacted through the following email address: dpo@contisystems.pt
WHAT IS PERSONAL DATA?
The General Data Protection Regulation defines “personal data” in article 4th number 1 as: “information relating to an identified or identifiable natural person (“data subject”); a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, electronic identifiers or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
COLLECTION OF PERSONAL DATA AND PURPOSE
Contisystems applies principles of handling personal data so that the handling is carried out in a lawful and equitable manner. The use of the aforementioned personal data is transparent to the data subjects in the collection, use, consultation or any other type of handling of the data that may be considered.
Contisystems complies with the criteria of transparency, reasonableness, specific interest, minimizing the data obtained in order to ensure that only effectively necessary data is collected, among other criteria. These criteria contribute towards the consolidation of the very lawfulness of the handling done within the context of the Contisystems website.
Data processing is done in a lawful, fair and transparent manner; with specific, explicit and legitimate purposes; by minimizing the data collected in order to ensure that only the appropriate and necessary data is obtained; safeguarding its accuracy, to the extent of the controls available to CONTISYSTEMS for this purpose; and maintaining measures to preserve the integrity, availability and confidentiality of the data.
| Purpose | Collected personal data |
| Subscription to the Newsletter | Name; email |
| Request contact from CONTISYSTEMS | Name; email |
| Wanting to work for CONTISYSTEMS | Name; telephone number; email and CV |
| People and Goods Protection | Images captured by the CCTV system |
COOKIES
For more information regarding cookies and how CONTISYSTEMS uses these in its website, check out our Cookies Policy.
CONTISYSTEMS AS A SUBCONTRACTOR
CONTISYSTEMS assumes the role of subcontractor whenever it handles personal data on behalf of the person or entity responsible for the handling i.e. on behalf of its customers.
The duties of CONTISYSTEMS as a subcontractor towards its customers, who are responsible for the handling of the personal data of their end customers, are specified in an agreement or in another legal act.
As a subcontractor, CONTISYSTEMS handles personal data in the pursuit of the contracted solutions or services. For example, for the Customer Communications Management service:
- The customer sends the data to CONTISYSTEMS in different formats and converts these for efficient use;
- CONTISYSTEMS processes the data and prepares documents, where rules, which can be defined in a dynamic manner by the customer in a web portal, are applied. The data provided by the customer is then handled by making use of a personalizer to apply the rules to the documents;
- The documents are then archived electronically and distributed through software designed by CONTISYSTEMS or are printed and sent by post. Digital archive is made in a fit for purpose data center that complies with strict security practices and the documents are forwarded to the final consumers by the channels defined by the customers.
Contisystems is committed to collaborating with its customers, in full compliance with article 28th of the General Data Protection Regulation, and ensures the adoption of all appropriate technical and organizational measures to protect the personal data handled within the scope of the contracted services:
- To handle personal data only after being given documented instructions by the person responsible for the handling of the data, the customer;
- To ensure that the people authorized to handle personal data have assumed a confidentiality commitment or are subject to adequate legal confidentiality obligations;
- To adopt the measures required under the terms of article 32nd – Security in the handling of data;
- To comply with the conditions mentioned in nos. 2 and 4 of article 28th to hire another subcontractor;
- To take into account the nature of the handling of data and, where possible, provide assistance to the person responsible for the handling of the data, the customer, with adequate technical and organizational measures in order to ensure that the aforementioned person complies with the obligation to respond to requests of data subjects, bearing in mind their rights;
- To provide assistance to the person responsible for the handling of the data, the customer, in order to ensure compliance with the obligations defined in the General Data Protection Regulation;
- To provide all the information necessary to comply with this Regulation to the person responsible for the handling of the data, the customer.
GROUNDS FOR THE HANDLING, SHARING AND RETENTION OF PERSONAL DATA
Handling of the data is made:
- In a lawful, loyal and transparent manner;
- For specific, explicit and legitimate purposes and by proceeding with the minimization of data obtained to ensure only the adequate as well as necessary data is obtained;
- By safeguarding the accuracy of the data to the extent of the controls available to CONTISYSTEMS for this purpose;
- By maintaining the measures to preserve the integrity, availability and confidentiality of the data.
CONTISYSTEMS handles and stores personal data in accordance with the purposes, for which the data is intended. For the data handled on the basis of consent, this data will be handled and stored until the user withdraws consent. The personal data, which is subject to retention periods defined by the Portuguese legal system, is retained in accordance with what is determined by law.
| PURPOSE | LEGAL BASIS | SHARING | RETENTION |
|---|---|---|---|
| Subscription to the Newsletter | Handling of the data is made based on consent by the data subjects for one or more of the specific purposes: handling of the data within the scope of “Subscription to the Newsletter” and of “Requesting contact from CONTISYSTEMS” is made based on consent by the data subjects and handling of the data will be carried out under the strictly consented terms. | There is no sharing. | Until consent is withdrawn from the user. |
| Request contact from CONTISYSTEMS | For as long as the contact lasts | ||
| Wanting to work for CONTISYSTEMS | Handling of data is necessary for the execution of an agreement, in which the data subject is a party, or for pre-contractual proceedings at the request of the data subject: In the case of personal data received and handled within the scope of managing the admissions to CONTISYSTEMS, handling of data is necessary for the execution of an agreement, or for pre-contractual proceedings, in which the data subject is an interested party, and also on the basis of the legitimate interests of CONTISYSTEMS in hiring the data subject. | After recruiting, 5 years in accordance with the law;
Without recruiting, 1 year; |
|
| People and Goods Protection | Handling of data is necessary for the purpose of legitimate interests pursued by CONTISYSTEMS to ensure the security of the facilities, materials and people (as well as the security of personal data) that are dependent on CONTISYSTEMS. | Security company;
Official bodies throughout the course of an investigation.. |
30 days |
| Printed Documents sent by post | Handling of the data is carried out under the agreements established between CONTISYSTEMS and its customers, who determine the handling to be done to the data of their customers.
. |
CTT | Determined by the customer. |
| Documentos arquivados eletronicamente | There is no sharing. | ||
| To safeguard the legal responsibilities attributed to CONTISYSTEMS in the procurement of equipment maintenance services | Handling of data is necessary so that CONTISYSTEMS can comply with its legal obligations during the execution of a service or of an agreement between the supplier of maintenance services and CONTISYSTEMS. | There is no sharing. | Until the proposal or the contract are finalized. |
CONTISYSTEMS is the recipient of the personal data and its employees may have access to the data that is strictly necessary to comply with the proceedings, for which the data is intended.
SECURITY IN THE HANDLING
Personal data protection controls are planned and implemented in order to safeguard the confidentiality, integrity and availability of the data. These controls, some of which are technical and others organizational, together aid in the prevention and monitoring of as well as response to eventual security incidents or personal data breaches.
CONTISYSTEMS has implemented an Information Security Management System under the international standard ISO /IEC 27001.
UPDATE OF THE DATA PROTECTION AND PRIVACY POLICY
CONTISYSTEMS periodically reviews this Data Protection and Privacy Policy so that it remains adequate for the purposes as well as data protection and privacy practices and therefore may promote changes to its content. The changes will be duly published on the website of the Institution.
This version of the Data Protection and Privacy Policy was approved on November 6, 2018.
