DPO Consulting respects your privacy, and the personal data you provide to us as a data subject are protected in accordance with data protection legislation, namely the General Data Protection Regulation (Regulation (EU) 2016/679) and Law No. 58/2019 of 8 August.
I. INTRODUCTION
a) Our website, accessible at https://www.dpoconsulting.pt, was developed, operated, and maintained by or on behalf of DPO Consulting, a registered brand of Just Like You, Lda.;
b) DPO Consulting is fully committed to protecting your privacy and personal data and to providing you with the best user experience;
c) We aim for our website to be secure, intuitive, and functional for all users at all times;
d) We have a legal duty to protect the personal data we collect from users, and this duty is a priority in our operations. We comply with and enforce the provisions of the General Data Protection Regulation (GDPR) of 27 April 2016, concerning the protection of natural persons regarding the processing of personal data and the free movement of such data, repealing Directive 95/46/EC, as well as other applicable regulations;
e) If you have any questions or comments regarding our privacy policy or the website and its functionality, please contact us using the details provided at the end of this policy.
II. GENERAL PRINCIPLES OF OUR PRIVACY POLICY
Our Privacy Policy is based on the following principles:
a) Only authorized personnel use authorized data for authorized purposes;
b) Your privacy is extremely important to us in everything we do;
c) We recognize that the security of your data is a priority and periodically review it in line with technological innovation;
d) We consider that data belongs to its owners, not to us.
Accessing our website and providing personal data implies knowledge and acceptance of our Privacy Policy. We recommend that you read it carefully, along with our Terms of Use and Cookies Policy, available at the same address.
Whenever our website provides links to external websites outside of DPO Consulting, we do not assume any responsibility for such websites, their content, or functionality. Our Privacy Policy applies only to our website or other platforms we provide
III. CONCEPTS AND INFORMATION FOR DATA SUBJECTS
1. Who is the Data Controller?
Just Like You, Unipessoal Lda., owner of the DPO Consulting brand, is the entity responsible for processing personal data.
2. What is Personal Data?
For the purposes of this Policy, we follow the GDPR definition: any information relating to an identified or identifiable natural person, where an identifiable person is one who can be identified, directly or indirectly, by reference to an identification number or one or more specific elements of their physical, physiological, mental, economic, cultural, or social identity.
3. How do we collect your personal data?
In the course of our activities, we collect and process your personal data by telephone, through our website, or in writing, for example within the context of a contractual or pre-contractual relationship.
We only collect the data that is strictly necessary for the provision of our services.
We collect and process your personal data with your consent only when such consent represents a freely given, specific, informed, and explicit expression of will.
At any time, and at your sole discretion, you may withdraw this consent easily, in accordance with the provisions of point 5(c).
4. Personal data do we collect??
The categories of data we collect for the provision of our services include:
*Identification data (e.g., name, date of birth, ID card details, nationality);
*Contact data (e.g., address, phone number, email)
*Professional data (e.g., position, role, company, office address, business activities);
*Academic and professional experience data (e.g., education, qualifications, certifications, languages, CV);
*Billing and expense data (e.g., fees, expenses, tax identification number);
*Image and sound records (e.g., photos and video recordings).
The personal data we collect are subject to electronic processing and stored in databases, with strict compliance with the applicable data protection legislation and information security standards.
We will only process your personal data for specific and legitimate purposes determined at the time of collection, and such data will not be processed later in a manner incompatible with those purposes, except for purposes of archiving in the public interest, scientific or historical research, or statistical purposes, in which cases, under the GDPR, such incompatibility does not apply.
If we collect and process special categories of personal data (“sensitive data”), such processing will only be carried out in accordance with the exceptions provided for in Article 9(2) of the GDPR.
If this data is collected directly from the data subject and the processing of special categories of data (“sensitive data”) is based on your consent, we will inform you of your right to withdraw consent, as provided in point 4(3) of this chapter, without affecting the lawfulness of the processing carried out based on the consent previously given.
5. For what purposes do we process personal data?
We will process your personal data for the following purposes:
To enable us to identify you as our client;
To provide the services or information you have requested;
For the purposes of invoicing the services provided and accounting management;
To communicate any changes to the terms of the contracted services;
To comply with legal obligations to which we are subject;
With the client’s consent, to send promotional materials or special offers on our behalf or on behalf of our group companies and marketing partners;
To optimize your visit and navigation on our website;
To manage the contractual relationship and its execution;
To tailor the services we provide to the needs and interests of our clients.
Depending on the circumstances, the processing of your personal data may be based on the following legal grounds:
The necessity of processing for pre-contractual steps or contractual performance;
Compliance with legal obligations;
The legitimate interests of DPO Consulting; or
The consent granted by the data subject.
If consent is the legal basis for the processing of personal data, the data subject has the right to withdraw it at any time and easily, without affecting the lawfulness of processing carried out on the basis of consent previously given, nor the subsequent processing of the same data based on another legal ground.
If you wish to withdraw your consent, you can contact us via email at: dpo@dpoconsulting.pt
After withdrawal, your data will no longer be used.
6. Children’s Data
We do not collect, nor do we intend to collect, data from children, given the nature of the services we provide.
Considering that a child should be supervised in all aspects of their life, including the digital realm, it is the responsibility of the parents or legal guardians to request the deletion of any data. We will promptly comply with such requests after verifying that the data collection indeed took place, even if it was not intentional.
7. How long do we keep your personal data?
The period during which the data is retained depends on the purpose for which the data is processed. There are legal requirements that obligate us to retain the data for a minimum period.
If no legal retention period exists, the data will be kept only for as long as necessary for the purposes that justified its processing, after which it will be appropriately handled, either deleted or anonymized.
If the processing is based on the data subject’s consent, the data will be retained until the data subject withdraws their consent.
8. What are your Rights as a Data Subject?
Under the provisions of the GDPR, we guarantee you the exercise of your rights as a data subject, namely:
Right of Access – you have the right to request information from us regarding whether or not your data is being processed, which data we process, and for what purposes. You may request a copy of your personal data being processed, although the provision of additional copies may be subject to a reasonable fee considering administrative costs. If the request is made electronically, and unless otherwise indicated by you, the information will be provided in a commonly used electronic format.
Right to Rectification – you have the right to request, without undue delay, that we correct any inaccurate personal data concerning you and complete any incomplete data.
Right to Erasure – also known as the right to be forgotten – you may, under certain circumstances, request that your personal data be deleted from our records without undue delay, whenever any of the grounds provided in the GDPR apply.
Right to Object – you have the right to object, for reasons related to your particular situation, to certain types of data processing provided for under the GDPR, such as processing for direct marketing purposes, in which case we will cease such processing.
Right to Data Portability – you have the right to transfer the personal data we hold to another organization or to receive it in a structured, commonly used, and machine-readable format.
Right to Restriction of Processing – you have the right to obtain restriction of processing of your personal data, for example, when you wish to contest the accuracy of your personal data during a period that allows us to verify its accuracy, when the processing is unlawful, or when you have exercised your right to object.
To exercise these rights, please send your request to dpo@dpoconsulting.pt. You will then be sent the “Data Subject Rights Exercise Form,” which, once completed and returned, will allow us to proceed with your request.
The Data Protection Officer is responsible for responding to data subject rights requests.
9. What measures are implemented to ensure the security of personal data?
We adopt appropriate technical and organizational measures to ensure a level of security proportional to the risk, which we periodically review and improve. These measures are intended to guarantee the security and protection of your personal data in terms of availability, authenticity, integrity, and confidentiality, as well as to prevent loss, misuse, alteration, processing, or unauthorized access, and any other form of unlawful processing.
10. Is personal data shared with third parties?
In the course of our activities, we may engage processors who handle your data on our behalf, which implies that these entities may have access to such data. Whenever this occurs, we implement appropriate, contractually established measures to ensure that these third parties, whether processors, partners, or group entities, provide sufficient and adequate guarantees of implementing technical and organisational measures and that they will act solely in accordance with our instructions.
11. Are international transfers of your personal data carried out?
It may occur that we need to transfer personal data to third countries or international organisations outside the European Economic Area. In such cases, we strictly comply with the applicable legal provisions and do not carry out international transfers of personal data to entities that do not offer guarantees of maintaining the level of protection required by the GDPR.
12. How do we use cookies?
For information on cookies and their use on our website, please see our Cookies Policy.
13. Contact
For questions regarding this policy, please contact us.
14. Policy Review
We reserve the right to amend the content of this Privacy Policy without prior notice; however, any such changes will be prominently communicated on our website whenever they occur.
It is the responsibility of the Data Protection Officer to ensure that any review or update of this policy is carried out in accordance with the requirements of the GDPR.
By continuing to browse our website, the user agrees to be bound by the new terms.
