This document aims to reflect Saiotes’ concern about protecting the privacy and personal data of all its customers and visitors, guaranteeing that they are processed with clarity and integrity. Summarising Saiotes’ action with regard to this topic in five items:
- The processing of personal data is carried out in a legal, fair and transparent manner;
- Personal data collection is conducted solely for duly determined, explicit and legitimate purposes, in accordance with the applicable legislation;
- The data collected are limited to what is strictly necessary and for the time necessary for the purposes for which they are processed;
- Only employees, workers and partners whose functions and specificity of their jobs so require have access to processed personal data;
- Personal data are processed confidentially.
According to the provisions of data protection legislation, personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The controller of the personal data will always be Saiotes.
Saiotes shall process personal data only if one of the conditions laid down in data protection legislation is met, namely:
- If the data subject has given consent to the processing of his or her personal data;
- If the processing of personal data is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- When processing is necessary for compliance with a legal obligation to which Saiotes is subject;
- If processing is necessary for the purposes of the legitimate interests pursued by Saiotes.
Retention period for personal data
In line with the above-mentioned principles, the personal data processed by Saiotes are retained for the time strictly necessary for the purposes for which they were collected. These time limits shall be determined on the basis of defined information retention criteria appropriate to each processing operation and in compliance with the legal and regulatory obligations Saiotes is subject to.
Rights of data subjects
Saiotes ensures that the data subject can exercise the rights conferred on him or her by data protection legislation, in particular:
- Right of access to personal data (the data subject can obtain confirmation as to whether or not personal data concerning him or her are being processed, and can access information on such personal data);
- Right to rectification (the data subject can request rectification of personal data or that incomplete personal data be completed);
- Right to erasure (the data subject can ask for his or her personal data to be deleted in certain situations: (i) if the personal data are no longer necessary in relation to the purposes for which they were collected or processed, (ii) if the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing, (iii) if the data subject objects to the processing and there are no overriding legitimate grounds for the processing, (iv) if the personal data have been unlawfully processed, (v) if the personal data have to be erased for compliance with a legal obligation, or (vi) if the personal data have been collected in relation to the offer of information society services);
- Right to restriction of processing (the data subject shall have the right to obtain restriction of processing when (i) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data, (ii) the processing is considered unlawful by the data subject, (iii) the personal data are no longer needed for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims, or (iv) the data subject has objected to processing and there are no overriding legitimate grounds for the processing);
- Right to data portability (when the processing is based on consent or on a contract and is carried out by automated means, the data subject can receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format, and can also ask for the personal data to be transmitted to another controller, where technically feasible);
- Right to object (the data subject shall have the right to object at any time to processing of personal data concerning him or her when (i) the processing is based on the legitimate interest of the controller, or (ii) the processing is conducted for purposes other than those for which data were collected);
- Right not to be subject to exclusively automated individual decision-making (in certain situations, the data subject has the right to obtain human intervention when decisions are made based solely on automated processing);
- Right to withdraw consent (the data subject shall have the right to withdraw the consent given for the processing of his or her personal data);
- Right to submit a complaint to Comissão Nacional de Proteção de Dados, the Portuguese Data Protection Authority (on any issue related to the processing of the data subject’s personal data).
If you want to exercise any of the above-mentioned rights or need to clarify any issues regarding the protection of privacy and personal data by Saiotes, you can do so by letter or email addressed to the contact details available in the “Contacts” section of this website.
Saiotes has security, technical, and organisational measures in place to ensure the protection of personal data against personal data breaches (“personal data breach”: security breach leading to the accidental or unlawful destruction, loss, change, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed) and against all other unlawful forms of processing.
The commitment to the protection of personal data also implies that, whenever personal data are transmitted to other entities, these entities are obliged to adopt technical and organisational measures that guarantee the same level of protection.
Communication of personal data to other entities
In the performance of its activity, Saiotes may have to communicate or give access to your personal data to other entities, ensuring at all times that they put in place technical and organisational measures that adequately protect the personal data.
Personal data will only be accessed by or shared with the following entities:
- Partner entities or service providers that are indispensable for the continuation and performance of the contract and that the situation so requires;
- Entities providing services to Saiotes, in matters such as IT support, document management, legal support, and human resources;
- Saiotes’ customers;
- Public authorities (for example, the Portuguese Tax and Customs Authority).
If you wish, you can access detailed information on privacy and personal data processing by sending an email to the following email address firstname.lastname@example.org.