DPO Consulting respects your privacy, therefore, the personal data that you, as a data subject, provide to us, is protected in accordance with the applicable data protection legislation, namely the General Data Protection Regulation (Regulation (EU) 2016/679).
a) Our website, accessible at https://www.dpoconsulting.pt, was developed and is operated and maintained by or on behalf of DPO Consulting, a registered trademark of Just Like You, Lda., acting as data controller
b) DPO Consulting is fully committed to protecting your privacy and personal data while also providing you with the best user experience
c) We want our website to be safe, intuitive and functional for all its users at all times
d) We have a legal duty to protect the personal data we collect from users and this duty is a priority in the exercise of our activity. We comply and enforce the terms of the General Data Protection Regulation of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data that repeals Directive 95/46/EC (the GDPR).
a) Only authorized persons use personal data for authorized purposes.
b) Your privacy is very important to us, in everything we do.
c) We understand that the security of your data is a priority which we periodically review according to technological innovation.
d) We understand the personal data don´t belong to us but to its data subjects'.
III. CONCEPTS AND INFORMATION TO THE DATA SUBJECT
1. Who is the Data Controller?
Just Like You, Unipessoal Lda., owner of the brand DPO Consulting, is the entity rresponsible for processing personal data, acting as data controller.
2. What is Personal Data?
For the purposes of this Policy, we follow the definition adopted by the GDPR, that is, any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
3. How do we collect your personal data?
- As part of our activity, we collect and process your personal data over the phone, through our website / website or in writing, for example in the context of a contractual or pre-contractual relationship.
- The data we collect is only that which is strictly necessary for the provision of our services.
- We collect and process your personal data with your consent only when it reflects a free, specific, informed, and explicit expression of will.
- At any time, and at your own discretion, you can withdraw this consent easily, under the terms set out in point 5 (c).
4. What personal data do we collect?
As categorias de dados que recolhemos, para efeito de podermos prestar os nossos serviços, são os seguintes:
* Identification data (e.g. name, date of birth, ID data, nationality)
* Contact details (e.g. address, telephone phone)
* Professional data (e.g. position, role, company, office address)
* Academic data and professional experience (e.g. education, qualifications, certifications, languages, curriculum)
* Billing data (e.g. tax identification number)
* Image and sound records (e.g., photographic and video images).
- The personal data collected is processed by computer and stored indatabases, in strict compliance with current legislation on dataprotection and information security standards.
- We will only treat your personal data in accordance with a specific and legitimate purpose or purposes, determined at the time of collection, and that data will not be further processed in a manner incompatible with those purposes, except if for the purpose of archiving the public interest, scientific research or historical or for statistical purposes, in which case, under the terms of the GDPR, this incompatibility does not occur.
- If we collect and process special categories of personal data (“sensitive data”), this treatment will only be carried out in accordance with the exceptions provided for in article 9, paragraph 2 of the GDPR and,
- As these data are collected from the data subject and the treatment of special categories of data (“sensitive data”) is carried out based on his consent, we will inform him of the right to withdraw the consent, provided for in paragraph 3, point 4, of this chapter, without, however, compromising the lawfulness of the treatment carried out based on the consent previously given.
5. For what purposes do we process personal data?
We will treat your personal data for the following purposes:
- So that we can proceed with your identification as our client;
- To provide the services or information that you have requested;
- For service invoicing and accounting management purposes;
- For communication of changes to the conditions of the contracted services;
- For compliance with legal obligations to which we are subject;
- Where consent of the data subject exists, to send promotional materials or special offers on our behalf or on behalf of our partners;
- For the optimization of our website’s navigability and user experience;
- For managing the contractual relationship and its execution;
- For the purpose of adapting the services we provide to the needs and interests of our clients.
- Depending on the circumstances, the processing of your personal data may be carried out on the following legal basis:
- processing is necessary for the performance of a contract or in order to take steps prior to entering into a contract;
- processing is necessary for compliance with a legal obligation;
- the legitimate interests of DPO Consulting or
- the consent granted by the data subject.
- If consent is the legal basis for the processing of personal data, the data subject has the right to withdraw it at any time and in an easy way, without this right compromising the lawfulness of the treatment carried out based on the consent previously given or the further processing of the same data, based on another legal basis.
- If you wish to withdraw your consent you can contact us through the following e-mail address: email@example.com
- If you ask us to withdraw your consent, you will no longer receive our communications and we will stop processing your data for this purpose.
6. Children's data
- We do not collect or intend to collect data from children, mindful of the recipients of the services we provide;
- Bearing in mind that the child must be accompanied in all aspects of his life, including digital, it will be up to the holders of parental responsibilities to request the elimination of any data, a request which we will promptly access after verifying that this collection has in fact occurred, although not intentionally.
7. For how long do we keep your personal data?
- The length of time for which the data is kept depends on the purpose for which the data is processed.There are legal requirements that oblige us to retain data for a minimum period of time.
- If there is no legal conservation period, the data will be kept only for the time necessary for the purposes that motivated its treatment, after which they will have the proper treatment, being deleted or anonymized.
- If the processing is based on the consent of the data subject, until the data subject expresses its opposition.
8. What are your rights as data subject?
- Under the terms of the GDPR we guarantee the exercise of your rights as a data subject, namely:
- Right of Access - you have the right to ask us, among others, for information about whether or not your data is being processed, what data we process and for what purposes.If you wish, you can ask us for a copy of the personal data being processed, and the supply of other copies may be subject to the payment of a reasonable fee, taking into account administrative costs.If the request is requested in electronic format, and unless you indicate otherwise, the information will be provided by us in an electronic format in current use.
- Right to Rectification - you have the right, without undue delay, to rectify inaccurate personal data that concerns you and that incomplete data is completed.
- Right to cancel - also known as right to be forgotten / you can request, in certain circumstances, that your personal data be deleted from our records, without undue delay, whenever there is any reason provided for in the GDPR.
- Right of Opposition - you have the right to object, for reasons related to your particular situation, to certain types of data processing provided for in the GDPR, such as processing for the purposes of direct marketing, in which case we will cease processing for that purpose.
- Right to Portability - you have the right to transfer your personal data that we keep to another organization or to receive it in a structured and commonly used and automatic reading format.
- Right to Limitation of Treatment - the right to obtain a limitation on the treatment of your personal data, when you want, for example, to challenge the accuracy of your personal data for a period of time that allows us to verify its accuracy, when the treatment is illegal or if you have deducted your right to object.For the purpose of exercising these rights, please send your request to firstname.lastname@example.org.Then, the Data Subject's Exercise Form will be sent to you and, after completing and sending it, we will continue to exercise your rights.
For the purpose of exercising these rights, please send your request email@example.com. Afterwards, the “Data Subject Rights Form” will be send to you and, after duly filled and sent back to us, we will proceed with the compliance of your rights.
It is the Head of Data Protection ́s responsibility to provide the necessary answers to data subjects requests.
9. What measures have been implemented to ensure the security of personal data?
We adopt appropriate technical and organizational measures to ensure a level of security appropriate to the risk, which we review and improve periodically, in order to ensure the security and protection of your personal data in terms of its availability, authenticity, integrity and confidentiality, as well as those intended to prevent its loss, misuse, alteration, unauthorized access, as well as any other form of unlawful processing.
10. Is personal data transmitted to third parties?
a) In the context of our activity, we may have to engage data processors who process your data on our behalf, which implies access by these entities to such data. b) When this happens, we take the appropriate measures, which are contractually stipulated, in order to ensure that these third parties provide sufficient and adequate guarantees for the execution of technical and organizational measures and that they will act only according to our instructions.
11. Do we carry out international data transfers?
We may have to transfer personal data to third countries or international organizations outside the European Economic Area. In this case, we will strictly comply with the applicable legal provisions and will not transfer personal data internationally to entities that do not offer guarantees of maintaining the level of protection required by the GDPR.
The Head of Data Protection is responsible for ensuring that any revision or updating of this policy is carried out in accordance with the requirements of the GDPR.
The user is bound by the new terms when browsing our website.