Data protection policy
POLICY OBJECTIVE
Since it was founded, CONTISYSTEMS has guided its activity by establishing relationships of trust with all its stakeholders, delivering products and services in a consistent and controlled manner, ensuring that whenever personal data is processed, its security is guaranteed and the rights of the respective data subjects are safeguarded.
CONTISYSTEMS has developed this Data Protection Policy to make known its commitment to complying with the main national and European legal provisions in this area.
This Policy regulates the processing of personal data carried out by Contisystems, as controller, in connection with the use of its websites and the protection of its facilities. And as a processor, in the processing of personal data that it carries out on behalf of other controllers such as its clients.
Contisystems has implemented the appropriate technical and organizational measures that ensure a level of security appropriate to the risk, guaranteeing the confidentiality, integrity and availability of the personal data processed in the aforementioned operations.
CONTISYSTEMS AS DATA CONTROLLER
CONTISYSTEMS is responsible for processing the personal data collected on the websites it manages, namely its own (www.conti.systems), the Unicks website (www.unicks.com), the Merece website(www.merece.pt and loja.merece.pt) and the CyberAdvisor website(www.cyberadvisor.pt); all these brands are wholly owned and managed by Contisystems. In this context, Contisystems decides which data is collected, the purposes for which it is processed and the ways in which it is processed. Contacts with CONTISYSTEMS can be made by any of the following means:
Headquarters Address
National Road 249-4km 7.2, Abóboda, 2785-754 São Domingos de Rana
Phone
+351 214 481 600
Email address
geral@contisystems.pt
Fax
+351 214 481 658
DATA PROTECTION OFFICER
CONTISYSTEMS has appointed a Data Protection Officer (DPO) who, in short, is responsible for:
- Informing and advising CONTISYSTEMS management and employees of their obligations regarding the protection of the personal data they process;
- Monitoring the compliance of internal practices with the Regulation and other applicable legal and regulatory requirements in the field of data protection;
- Providing internal advice regarding data protection impact assessments for new services or infrastructures or changes to them;
- Cooperate with the supervisory authority - in Portugal this authority is entrusted to the National Data Protection Commission (CNPD);
- To be a point of contact with the CNPD for questions related to the processing of personal data or to consult it.
The Data Protection Officer can be contacted at the following email address: dpo@contisystems.pt.
WHAT IS PERSONAL DATA
Article 4(1) of the General Data Protection Regulation defines "personal data" as: "information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person."
COLLECTION OF PERSONAL DATA AND PURPOSES
CONTISYSTEMS applies principles to the processing of personal data so that it is carried out lawfully and fairly. Its use is transparent for data subjects, whether in its collection, use, consultation or any other type of processing that may be considered.
CONTISYSTEMS complies with criteria of transparency, reasonableness, specific interest, minimization of the data obtained to ensure that only that which is effectively necessary is collected, among other criteria. These contribute to consolidating the lawfulness of the processing carried out in the context of the aforementioned websites managed by CONTISYSTEMS.
Data is processed in a lawful, fair and transparent manner; for specific, explicit and legitimate purposes; minimizing the data collected to ensure that only adequate and necessary data is obtained; safeguarding its accuracy, to the extent of the controls available to CONTISYSTEMS for this purpose; and maintaining measures to preserve the integrity, availability and confidentiality of the data.
CONTISYSTEMS, as data controller, collects the following personal data for the following purposes:
| Purposes | Personal data collected |
| Subscribe to news | Name; e-mail |
| Request contact | Name; e-mail; contact telephone number; company |
| Membership application Deserves | Name; e-mail; company |
| Register or Buy in the Merece store | Name; e-mail; address; telephone number; tax number |
| Want to work at CONTISYSTEMS | Name; telephone number; e-mail address and CV |
| Protecting people and property | Images captured by the CCTV system |
COOKIES
We use cookies to improve your browsing experience and ensure the proper functioning of our website.
You can manage your preferences at any time by clicking on the button located in the bottom left-hand corner of the screen, where you will have access to our consent panel. In this panel you will find detailed information about each category of cookies, allowing you to make informed choices.
Cookies classified as "Necessary" are essential for the website to function and are automatically stored in your browser.
In addition, we use third-party cookies that help us to:
- Analyze the use of the site
- Save your preferences
- Present relevant content and advertisements
These cookies will only be activated with your prior consent.
Please note that disabling certain categories of cookies may impact your experience on the site.
CONTISYSTEMS AS A SUBCONTRACTOR
CONTISYSTEMS assumes the role of processor whenever it processes personal data on behalf of the controller, i.e. on behalf of its clients.
CONTISYSTEMS' duties as a subcontractor towards its clients, who are responsible for processing the personal data of their end clients, are specified in a contract or other legal act.
As a subcontractor, CONTISYSTEMS processes personal data in order to provide contracted solutions or services. For example, for the Customer Communication Management service:
- The customer sends data to CONTISYSTEMS in different formats, converting it for efficient use;
- CONTISYSTEMS processes the data and builds the documents, where rules are applied that can be defined dynamically by the customer on a web portal. The data provided by the client is then processed using a personalizer to apply it to the documents;
- The documents are then archived electronically and distributed using software designed by CONTISYSTEMS, or they are printed and sent by post. Digital archiving is carried out in our own data center, which complies with good information security practices.
CONTISYSTEMS collaborates with its clients and guarantees the adoption of technical and organizational measures appropriate to the risk in order to protect the personal data processed within the scope of the contracted services with regard to:
- process personal data only on the documented instructions of the data controller, the client;
- ensure that the persons authorized to process personal data have given an undertaking of confidentiality or are subject to appropriate legal obligations of confidentiality;
- adopt all the measures required under Article 32 - Security of processing;
- comply with the conditions referred to in Article 28(2) and (4) in order to engage another processor;
- take into account the nature of the processing, and as far as possible, assist the controller, the client, by means of appropriate technical and organizational measures, to enable it to fulfil its obligation to respond to requests from data subjects with a view to exercising their rights;
- assist the data controller, the client, in ensuring compliance with the obligations laid down in the General Data Protection Regulation;
- provide the data controller, the client, with all the information necessary to demonstrate compliance with this Regulation.
GROUNDS FOR PROCESSING, SHARING AND RETAINING PERSONAL DATA
The data is processed by:
- Legitimate, fair and transparent;
- For specific, explicit and legitimate purposes, minimizing the data collected to ensure that only appropriate and necessary data is obtained;
- Safeguarding its accuracy, to the extent of the controls available to CONTISYSTEMS for this purpose;
- Maintaining measures to preserve data integrity, availability and confidentiality.
CONTISYSTEMS processes and stores personal data in accordance with the purposes for which they are intended. Data processed on the basis of consent will be processed and retained for as long as the user does not withdraw consent. Personal data that is subject to retention periods defined by the Portuguese legal system is retained in accordance with what is determined by law.
| Purposes | Legal basis | Share | Retention |
|---|---|---|---|
| Subscribe to news | Processing is carried out on the basis of the consent of the data subjects for one or more specific purposes: the processing of personal data in the context of "Subscribing to news" and "Requesting contact" is carried out on the basis of the consent of the data subjects and the processing will be carried out strictly in accordance with their consent. | There is no sharing. | Until the user's consent is withdrawn |
| Request contact | For the duration of the contact | ||
| Want to work at CONTISYSTEMS | The processing is necessary for the performance of a contract to which the data subject is a party, or for pre-contractual procedures at the request of the data subject: In the case of personal data received and processed as part of the management of admissions to CONTISYSTEMS, processing is necessary for the performance of a contract, or for pre-contractual steps, in which the data subject is an interested party and also on the basis of CONTISYSTEMS' legitimate interests in contracting the data subject. | After recruitment, 5 years according to the law; Without recruitment, 1 year; |
|
| Membership application Deserves | Processing is carried out on the basis of consent by the data subjects for one or more specific purposes: the processing of personal data within the scope of the "Member Deserves Application" is carried out on the basis of consent by the data subjects and the processing will be carried out under the terms strictly consented to. | There is no sharing, the treatment is internal | For the duration of the contact |
| Register at Merece Store | Processing is carried out on the basis of consent by the data subjects for one or more specific purposes: the processing of personal data within the scope of the "Merece store registration" is carried out on the basis of consent by the data subjects and the processing will be carried out under the terms strictly consented to. | There is no sharing, the treatment is internal | Until consent is withdrawn |
| Buy at Merece | Processing is necessary for the performance of a contract to which the data subject is a party, or for pre-contractual steps at the request of the data subject: In the case of personal data received and processed in connection with purchases in the Merece Shop, processing is necessary for the execution of the purchase to which the data subject is a party. | Transport company DPD; partner store Merece: United 2 Remake | At the very least, data retention will be safeguarded for the legal warranty periods of the products purchased. If this requirement is met, the data will be deleted when the account is deleted. |
| Protecting people and property | The processing is necessary for the purposes of the legitimate interests pursued by CONTISYSTEMS, to guarantee the security of the facilities, materials and people (as well as the personal data) under the responsibility of CONTISYSTEMS. | Security company; Official bodies in the course of an investigation |
30 days |
| Printed and mailed documents | The processing carried out under contracts established between CONTISYSTEMS and its clients, which determine the processing to be carried out on their clients' data. | CTT | Determined by the client. |
| Documents filed electronically | There is no sharing. | ||
| To safeguard the legal responsibilities attributed to CONTISYSTEMS when awarding equipment maintenance services | The processing is necessary for CONTISYSTEMS to comply with its legal obligations during the performance of a service or a contract between the maintenance service provider and CONTISYSTEMS. | There is no sharing. | Until the tender or contract is finalized. |
CONTISYSTEMS is the recipient of the personal data, and its employees may have access to the data strictly necessary to carry out the tasks for which they are intended.
TREATMENT SAFETY
Controls are planned and implemented to protect personal data in order to safeguard its confidentiality, integrity and availability. Within these controls, there are some of a technical nature and others of an organizational nature which, together, help to prevent, monitor and respond to any security incidents or breaches of personal data.
CONTISYSTEMS has implemented an Information Security Management System under the international standard ISO/IEC 27001.
UPDATE OF THE DATA PROTECTION AND PRIVACY POLICY
CONTISYSTEMS periodically reviews this Data Protection and Privacy Policy to keep it appropriate to the purposes and practices of personal data protection and privacy, and may therefore make changes to its content. Changes will be duly publicized on the Institution's website.
This version of the Data Protection and Privacy Policy was approved on March 25, 2025.
