SISTRADE PERSONAL DATA PROTECTION POLICY
- Introduction
- Scope
- Personal Data
- Collection of Personal Data
- Processing of Personal Data
- Purposes of the Processing of Personal Data and their Legal Basis
- Storage Period of Personal Data
- Recipients of Personal Data
- Data Owners Rights
- Oppose Contact for Marketing Purposes
- Security of your Personal Data
- Communication of Data to Other Entities (Third Parties and Subcontractors)
- Transfer of Personal Data
- Changes to SISTRADE’S Personal Data Protection Policy
1. Introduction
This document presents the terms in which SISTRADE intends to inform its Customers/Users of the general rules for the processing of personal data, which is always collected and processed with strict regard to and in compliance with the provisions of the personal data protection legislation in force, namely Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27th April 2016 ("GDPR").
SISTRADE respects the best practices in the field of security and protection of personal data, having for this purpose taken the necessary technical and organizational measures in order to comply with the legislation on the protection of personal data and ensure that the processing of personal data is lawful, fair, transparent and limited to authorized purposes.
SISTRADE is committed to the protection and confidentiality of personal data, having adopted the measures it deems appropriate to ensure the accuracy, integrity, and confidentiality of personal data, as well as all other rights regarding the respective owners.
The rules provided for in this Personal Data Protection Policy complement the provisions, in terms of protection and processing of personal data, provided for in the contracts that Customers/Users sign with SISTRADE, as well as the rules provided for in the terms and conditions that regulate the provision of the various products and services and which are duly publicized on the respective website.
2. Scope
This Personal Data Protection Policy applies exclusively to the collection and processing of personal data for which SISTRADE is responsible for processing, within the scope of services and products made available and provided to its Customers/Users and in all situations where processing of personal data by SISTRADE occurs i.e. through requests for information and clarification.
3. Personal Data
Personal data is any information, of any nature and regardless of its respective medium, including sound and image, relating to any one identified or identifiable person.
An identifiable person is one who can be identified, directly or indirectly, in particular by reference to a name, an identification number, location data, electronic identifiers or one or more elements specific to their physical, physiological, genetic, mental, economic, cultural or social identity.
4. Collection of Personal Data
SISTRADE collects your personal data, namely by telephone, in writing, through its websites, guaranteeing, whenever necessary, the prior consent of the personal data owner.
If the personal data owner is not a Customer/User of SISTRADE, the respective personal data will only be processed when made available, namely by subscribing to the sending of newsletters, in which case the rules of this Personal Data Protection Policy will apply.
The personal data collected can be processed by computer and in an automated or non-automated way, guaranteeing in all cases strict compliance with the legislation on the protection of personal data, being stored in specific databases, created for this purpose and, under no circumstances, will the data collected be used for a purpose other than that for which it was collected or consent given by the data owner.
5. Processing of Personal Data
The processing of personal data consists of an operation or set of operations carried out on personal data or sets of personal data, using automated or non-automated means, namely collection, registration, organization, structuring, conservation, adaptation, recovery, consultation, use, disclosure, dissemination, comparison, interconnection, limitation, deletion or destruction.
Personal Data which are processed
SISTRADE in the scope of its activities, processes the personal data necessary to provide services and/or supply products, processing data such as name, address, telephone number and e-mail address, according to more detailed information made available by personal data owners.
Personal data will also be processed, if the respective owner has authorized it, for the purpose of disseminating information services and products.
If there is prior consent from the Customer/User, this can be withdrawn at any time, without, the lawfulness of the processing carried out on the basis of the consent previously given being compromised.
Responsible for the processing of Personal Data
The entity responsible for the processing of personal data is SISTRADE which determines the purposes and means of processing.
For this purpose, if the subject of personal data needs to contact the data controller, he/she may send written communication addressed to the controller at the following address:
E-mail: [email protected]
Letter addressed to the data controller, to the following address:
SISTRADE – Software Consulting, S.A
Travessa da Prelada, 511
4250-380 Porto, Portugal
6. Purposes of the Processing of Personal Data and their Legal Basis
In general, the personal data collected is based on and is intended for the management of the contractual relationship, the provision of contracted services, the adaptation of services to the needs and interests of the Customer/User and information and marketing actions.
In addition, personal data may also be processed for the purpose of legal obligations.
7. Storage Period of Personal Data
The period during which personal data is stored and preserved varies according to the purpose for which the information is processed.
In fact, there are legal requirements that require data to be kept for a minimum period. Thus, and whenever there is no specific legal requirement, the data will be stored and preserved only for the minimum period necessary for the pursuit of the purposes that motivated its collection or its further processing, under the terms defined by law.
8. Recipients of Personal Data
Without adversely affecting the recipients indicated throughout this Personal Data Protection Policy, SISTRADE may communicate the personal data of the Customer/User, for the purpose of complying with legal obligations, namely to police, judicial, fiscal and regulatory entities.
9. Data Owners Rights
As holders of personal data, Customers/Users are guaranteed, at any time, the right to access, rectify, update, limit and delete their personal data (except for the data that is essential for the provision of services by SISTRADE, duly identified in the form filled in as being of mandatory supply or compliance with legal obligations to which the controller is subject), the right to oppose the use of them for commercial purposes by SISTRADE and to withdrawal consent, without this compromising the lawfulness of the processing under that consent, as well as the right to data portability.
Data holders may access, rectify, update or request their deletion, directly or upon written request, addressed to SISTRADE, through the contacts provided for this purpose in this Document Policy.
Without adversely affecting their right to submit complaints directly to SISTRADE, through the contacts made available for this purpose, the Customer/User can complain directly to the Controlling Authority, which is the National Data Protection Commission (CNPD). For more information, please access to link: https://www.cnpd.pt/.
10. Oppose Contact for Marketing Purposes
SISTRADE may promote dissemination actions to its Customers/Users, about new products or services, namely by telephone, e-mail or any other electronic communications service, if the owner of the personal data has given the respective consent. If the personal data owner no longer wishes to continue receiving these communications, they may, at any time, withdraw their consent to the use of their data for marketing purposes.
11. Security of your Personal Data
SISTRADE is committed to ensuring the protection of the security of the personal data made available to it, having approved, and implemented strict rules regarding this matter. Compliance with these rules constitutes an obligation for all those who legally access them.
Bearing in mind the concern and commitment shown by SISTRADE in the defence of personal data, several security measures, of a technical and organizational nature, have been adopted in order to protect the personal data made available to it against its dissemination, loss, misuse, unauthorized processing or access, as well as against any other form of illicit treatment.
In addition, third parties that, within the scope of provision of services, process the personal data of the Customer/User on behalf of SISTRADE, are obliged, in writing, to carry out appropriate technical and security measures that, at any moment, meet the requirements foreseen in the legislation in force and ensure the defence of the rights of the data owner (in particular the protection of privacy and personal data of Customers/Users).
Therefore, on SISTRADE website, personal data collection forms require encrypted browser sessions and all personal data supplied is securely stored in SISTRADE's systems, which in turn, are located in a data center belonging to SISTRADE, covered by all the physical and logical security measures that SISTRADE considers indispensable for the protection of personal data.
12. Communication of Data to Other Entities (Third Parties and Subcontractors)
SISTRADE, within the scope of its activity, may use third parties to provide certain services. Sometimes, the provision of these services implies access, by these entities, to personal data of Customers/Users. When this happens, SISTRADE takes the appropriate measures, in order to ensure that the entities that have access to the data are reputable and offer the highest guarantees at this level, which is duly established and contractually safeguarded between SISTRADE and the third party/parties.
Thus, any entity subcontracted by SISTRADE will process the personal data of our Customers/Users, on behalf of SISTRADE and adopting the necessary technical and organizational measures in order to protect personal data against accidental or illicit destruction, accidental loss, alteration, dissemination or unauthorized access and against any other form of unlawful processing.
13. Transfer of Personal Data
The provision of certain services by SISTRADE may involve the transfer of your data outside Portugal, including outside the European Union or to International Organizations. In such situations, SISTRADE will strictly comply with the applicable legal provisions, namely regarding the determination of the suitability of the destination country(ies) with regard to the protection of personal data and the requirements applicable to such transfers, including, whenever applicable, the signing of appropriate contractual instruments that guarantee and respect the legal requirements in force.
14. Changes to SISTRADE’S Personal Data Protection Policy
SISTRADE reserves the right, at any time, to make readjustments or changes to this Personal Data Protection Policy, these changes being duly publicized via the different communication channels of SISTRADE. For that reason, you should periodically review this Privacy Policy to stay informed about how to help protect the personal data we collect. Use of the service constitutes acceptance of the terms of this Privacy Policy and any updates.
Updated: September 30th, 2022