Privacy and Protection of Personal Data Policy
In this Policy, it is intended to inform the employees, suppliers and other partners of Irmãos Rodrigues Confecções SA, (“IR”), the general rules for the processing of personal data, which are collected and processed in strict compliance with legislation in force at all times, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”).
IR respects best practices in the area of security and protection of personal data by taking the necessary technical and organizational measures to comply with the GDPR and ensuring that the processing of personal data is lawful, fair, transparent and limited to the authorized purposes.
IR is committed to the protection and confidentiality of personal data, and has adopted the measures it deems appropriate to ensure the accuracy, integrity and confidentiality of personal data, as well as all other rights that the respective data subjects enjoy.
In the context of its activity and contractual relations, IR collects personal data from its employees, representatives of clients, suppliers, candidates for recruitment processes, partners and other natural persons.
In addition, interaction with users of the site also requires, in some cases, the collection of personal information through its contact form.
Through this Privacy and Protection of Personal Data Policy, we seek to help our individual contacts (employees and others) understand what personal information we collect, how and why we use it, to whom we disclose it and how we protect your privacy, including through compliance with the legislation applicable in this field – in particular the GDPR. The completion of our form (website), our contractual documents, the circulation in our facilities and the provision of data, directly or indirectly, by its owners imply the knowledge and acceptance of the conditions of this Policy, as well as any other documents specifically concerning the processing of personal data associated with the provision of our services.
Controller
The entity responsible for the processing of personal data is Irmãos Rodrigues Confecções, SA, with headquarters at Rua do Barreiro 233, 4755-230 GILMONDE and with legal person identification number 501852433, which determines the purposes and means of processing the same.
For this purpose, if the data subject of the personal data needs to contact the controller, he may do so through the means and contacts indicated below:
c.jardim@irmaosrodrigues.pt (email), or
253830070 (telephone)
We collect and process your personal data for the provision of our services, compliance with our legal obligations (including tax and regulatory obligations) and management of our contractual relationship with our customers, suppliers and partners.
The personal data of the representatives, contacts and employees of our customers and suppliers (companies) are generally dealt with in the scope of supply of products and the rendering and management of contracted services, in order to allow IR to fulfil its contractual obligations and, if applicable, the instructions of our customers. In such cases, data subjects should address any issue and/or exercise their legal rights to their respective employer and/or reporting entity (other than customer/vendor workers), without prejudice to the provisions of this Privacy Policy.
The personal data of the suppliers (natural persons), that is natural persons who represent or collaborate with the suppliers and service providers to the IR, to which the IR has access in the scope of the provision or rendering of services, are processed for the purpose of managing the contractual relationship. This processing is legitimized by the execution of the contract established between IR and the supplier, and, in certain situations, to fulfil legal obligations imposed on IR. In the context of relations with partners, that is natural persons and their collaborators with whom the IR establishes partnerships, and in relation to the data necessary for the management of the partnership, the processing is legitimized by the execution of the contract established with the partner, and in certain situations, to fulfil our legal obligations.
In this regard, we use the following personal data from data subjects for the following purposes:
- Personal data of customer representatives (Name, functions within the company, email address, telephone, professional address): the data are processed to supply our products and provide our services. We use this information to supply our products and provide our services and for the purposes of managing our contacts with companies that are our clients, within the scope of the contractual relationship established with the client and for the purposes of complying with legal obligations applicable to IR;
- Personal data of individual suppliers and representatives of suppliers (companies) (Name, functions within the company, email address, telephone, professional address): the data are processed for supply of the products and provision of the services contracted, within the scope of the execution of contractual relationship established with the person/entity in question and for the purpose of complying with legal obligations applicable to IR;
- Personal data of partners (natural persons) and their collaborators: performance of the contract and management of the partnership relationship.
The collection of images made in events organized by the IR and published in personal social networks are the responsibility of who publishes them.
In the event of the capture of images for marketing purposes/website/brochures/videos of IR, the collaborators will be informed in advance of the collection of the image and of the purpose for which it is intended, requesting their consent.
Sending of communications
Our communications regarding the sending of invitations to events will be carried out strictly in order to inform our customers, suppliers, partners and other entities (through the individual contacts made available) of the relevant activities and diligences in the context of IR activity. These communications will not be based on initiatives of automated profiling, being framed exclusively in the management of the relationship between the IR and the entities with which IR operates.
Any recipient who does not wish to receive further communications from us may send an email to c.jardim@irmaosrodrigues.pt.
In addition to the above mentioned purposes of processing, IR processes personal data to fulfil our legal obligations. To this extent, IR may have to report personal data processed to courts, tax authorities, other competent authorities.
Storage period of the personal data
Personal data collected will be stored by IR for the period in which your relationship with the customer, supplier or partner in whose equipment the data subject is integrated will be kept and may be kept for a longer period, as established in the law for the defence of law/interest of judicial proceedings or for the pursuit of the purposes referred to.
Rights of the data subjects
In accordance with the law, the data subject may at any time access his or her rights regarding personal data concerning him or her (in some cases and depending on the terms of the agreement in force, these rights may be exercised through the client, provider or partner where the data subject is integrated):
- Rectification – The data subject has the right to obtain the rectification of inaccurate personal data concerning him or her, as well as the right to have incomplete or incorrect personal data that are completed and corrected;
- Erasure of personal data – the data subject has the right to request the erasure of his or her data in certain cases, including, but not limited to, personal data no longer necessary for the purpose for which they were collected or processed, where the data subject withdraws consent on which the data processing is based, among others;
- Portability of data – in certain cases the data subject may request the personal data concerning him or her and which he or she has provided to IR in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller;
- Limitation of the treatment – the data subject has the right to request the restriction of the processing of his or her data in certain cases, namely, in return if the treatment is unlawful and opposes the erasure of his or her data, the IR no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defence of a right in judicial proceedings, among others;
- Objection – the data subject may object to the processing of his or her data, on grounds relating to his or her particular situation, and in cases where the data are processed (i) for the legitimate interests pursued by IR or third parties, or are processed for purposes other than those for which the data have been collected and is not carried out with the consent of the data subject or on the basis of provisions of European Union law or of the Member States, or (ii) personal data are for direct marketing purposes, or (iii) the personal data are processed for the purpose of scientific or historical research or for statistical purposes.
The data subject may exercise said rights by writing to IR at c.jardim@irmaosrodrigues.pt. In accordance with the law, the data subject also has the right to withdraw his or her consent for the processing of the data, whose consent constitutes the basis for the legitimacy of the respective treatment. For this purpose, the data subject has the right to withdraw his or her consent at any time, which does not, however, invalidate the processing made up to that date based on the consent previously given.
Without prejudice to any other administrative or judicial remedy, the data subject shall have the right to lodge a complaint with the CNPD (Comissão Nacional de Proteção de Dados – National Data Protection Commission) or other competent supervisory authority in accordance with the law if he or she considers that his or her data are not being processed lawfully by the IR, under the terms of the applicable legislation and this Policy.
Safety Measures Adopted by IR
IR makes its best efforts to protect the personal data of customers, suppliers, partners and other entities against unauthorized access through the network. To this end, it maintains all technical means at its disposal to prevent loss, misuse, alteration, unauthorized access, disclosure, loss or destruction and misappropriation of the personal data provided or transmitted, and undertakes to comply with the legislation on the protection of the personal data of data subjects and to process such data only for the purpose for which it was collected and to ensure that it is treated with adequate levels of security and confidentiality.
Communication of Data to Other Entities (includes AUDITS)
IR uses other entities to provide certain services. Eventually this service rendering may imply access by these entities to the personal data of its employees, customers, suppliers and partners.
Thus, any subcontracting entity of IR will process the personal data of the data subjects, in the name and on behalf of the IR in the strict obligation to follow our instructions. IR ensures that such subcontracting entities provide sufficient guarantees for the implementation of appropriate technical and organizational measures so that the processing meets the requirements of applicable law and ensures the security and protection of the rights of data subjects under the terms of the subcontracting agreement concluded with the said subcontracting entities.
In certain situations, personal data of data subjects may also be transmitted to third parties, when such data communications are necessary or appropriate (i) in light of applicable law, (ii) in compliance with legal obligations/court orders, (iii) by determination of the National Data Protection Commission or other competent supervisory authority, or (iv) to respond to requests from public or governmental authorities.
In any of the above situations, IR undertakes to take all reasonable steps to ensure the effective protection of the personal data it processes.
International Data Transfers
The provision of services by IR may involve the transfer of the personal data of the data subjects to third countries (other than those belonging to the European Union or the European Economic Area). In such cases IR will implement the necessary and appropriate measures in the light of the applicable law to ensure the protection of the personal data subject to such transfer, complying strictly with the legal provisions regarding the requirements applicable to such transfers, namely informing the data subjects in this regard.
Contacts
For any questions related to the exercise of your legal rights, the data subject may contact IR through the following email address:c.jardim@irmaosrodrigues.pt
Amendment to the Privacy and Protection of Personal Data Policy
The IR reserves the right to, at any time, make adjustments or changes to this Privacy and Protection of Personal Data Policy.
Last update: 12 de outubro de 2018