We are very happy to have shown interest in our company. Data protection is a priority for Serro & Andrade, Lda. (HER). The use of S & A web pages is possible without any indication of personal data; However, if a data subject wishes to use special services via our website, the processing of personal data may be necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we obtain the consent of the person concerned.
The processing of personal data – such as the name, address, e-mail address or telephone number – of a data subject must always comply with the General Data Protection Regulation (GDPR) and in accordance with country-specific regulations applicable to S & A. With this privacy statement, our company wishes to inform the general public about the nature, scope and purpose of the personal data we collect, use and process. In addition, the holders of data are informed by means of this data protection declaration of the rights which assist them.
As controller, S & A has implemented a number of technical and organizational measures to ensure the most complete protection of personal data processed via this website. However, data transmissions over the Internet can, in principle , present security vulnerabilities and, therefore, absolute protection may not be warranted. For this reason, each person concerned is free to transfer personal data to us by other means, for example by telephone. You can find a list of ways to contact us here.
Please note that S & A can not guarantee that all URLs in this document are functional when read. All URLs in this privacy statement are verified to be correct and active at the time of writing; However, S & A can not guarantee that the URLs of external websites will remain functional over time, as these URLs may be modified at the discretion of the external website owner.
This data protection declaration is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy statement must be legible and understandable to the general public as well as to our customers and business partners. For that, we would like to begin by explaining the terminology used.
In this privacy statement, we use, among other things, the following terms:
◾ Personal data
Personal data refers to any information relating to an identified or identifiable natural person (“data subject”). An identifiable individual is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific identity. physical, physiological, genetic, mental, economic, cultural or social nature.
◾Titularity of the data
The data subject is any identified or identifiable natural person whose personal data are processed by the controller.
Processing refers to any transaction or set of transactions carried out on personal data or sets of personal data (automated or otherwise), such as collection, recording, organization, structuring, storage, adaptation or modification, recovery, use, disclosure by transmission, disclosure or disclosure, alignment or combination, restriction, deletion or destruction.
◾Restriction of treatment
Restriction of processing is the marking of stored personal data in order to limit its processing in the future.
Profiling refers to any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects related to a natural person, in particular to analyze or predict aspects relating to his performance at work, his economic situation, his health , personal preferences, interests, reliability, behavior, location or movements.
Pseudonymisation is the processing of personal data in such a way that personal data can no longer be attributed to a data subject without the use of additional information, provided that this additional information is kept separately and made available. subject of technical and organizational measures. personal data can not be attributed to an identified or identifiable natural person.
◾ Data controller or controller or controller responsible for processing
The data controller or controller or controller is the natural or legal person, public authority, agency or any other body which (alone or together with others) determines the purposes and means of processing personal data . Where the purposes and methods of such processing are determined by the law of the Union or the Member State, the controller or the specific criteria for their appointment may be indicated by Union or Community law. the Member State.
◾ Data processor or processor or subcontractor
Data Processor or Processor or Subcontractor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
The recipient is a natural or legal person, public authority, agency or other body to which personal data are disclosed, whether or not it is a third party. However, public authorities likely to receive personal data in a specific investigation in accordance with Union or Member State legislation should not be considered as recipients; the processing of these data by these public authorities must comply with the data protection rules applicable according to the purposes of the processing.
The third party is a natural or legal person, public authority, agency or other body that the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the controller – processing, are authorized to processing personal data.
The consent of the data subject is a freely given, specific, informed and unambiguous indication of the will of the data subject – by means of a statement or a clear affirmative action – expressing an agreement on the processing of personal data on about her.
Name and Address of the Controllers
Serro & Andrade, Contabilidade e Consultoria, Lda.
Rua Eugénio de Castro, 248 2 S237
Téléphone: +351 226001265
E-mail: [email protected]serro-andrade.com
Site Web: www.serro-andrade.com
Name and Address of the Data Protection Officer
António Alexandre Serro
Serro & Andrade, Contabiliade e Consultoria, Lda.
Rua Eugénio de Castro, 248 2 S237
Téléphone: +351 226001265
E-mail: [email protected]
Site Web: www.serro-andrade.com
Anyone concerned may, at any time, contact our Data Protection Officer directly for any questions or suggestions regarding data protection.
The data subject may at any time prevent the setting of cookies on our site via a corresponding configuration of the Internet browser used and, therefore, permanently refuse the configuration of cookies. In addition, cookies already configured can be deleted at any time via an Internet browser or other software. This is possible in all popular Internet browsers. If the data holder disables the cookie configuration in the Internet browser used, all the features of our website may not be fully usable.
Data Collection and General Information
Using this data and general information, S & A does not draw conclusions about the data subject. Instead, this information is necessary to (1) deliver the content of our website properly, (2) optimize the content of our website as well as your advertising, (3) ensure the long-term viability of our technology systems 4) provide law enforcement authorities with the information they need for criminal prosecution in the event of a cyber attack. As a result, S & A statistically analyzes the data and information collected to increase the protection and security of our company’s data and to ensure an optimal level of protection for the personal data we process. Anonymous data from the server log files is stored separately from any personal data provided by a data holder.
Subscribe to our Newsletters
S & A regularly informs its customers and business partners through a newsletter on the company’s offers. The company newsletter can only be received by the owner of the data if (1) he has a valid e-mail address, and (2) he subscribes to the receipt of the newsletter. For legal reasons, a confirmation email will be sent to the email address registered for the first time by the data holder for sending newsletters, in a procedure usually called “double registration”. This confirmation email is used to verify that the owner of the email address – as the data holder – wishes to receive the newsletter.
When subscribing to the newsletter, we also store the IP address of the computer system assigned by the Internet Service Provider (ISP) and used by the owner of the data at the time of registration, as well as the date and time of registration. The collection of such data is necessary to understand the misuse (if any) of an individual’s e-mail address at a later date and thus serves to protect the controller.
The personal data collected as part of a subscription to the newsletter will be used only to send our newsletter. In addition, newsletter subscribers may be notified by e-mail as long as it is necessary for the operation of the newsletter service or a registration in question, as may be the case for newsletter changes or change of technical circumstances There will be no transfer of personal data collected by the newsletter service to third parties. The signature of our newsletter may be terminated by the data owner at any time. The consent for the storage of personal data, that the owner of the data provided to send the newsletter, may be revoked at any time. For the purpose of revoking consent, a corresponding address can be found in each bulletin. The data holder can also unsubscribe from the newsletter by communicating this wish to the controller.
Follow-up of the Newsletter
This personal data collected in the tracking pixels contained in the newsletter is stored and analyzed by the controller to optimize the sending of the newsletter as well as to better adapt the content of future newsletters to the interests of the owner of the data. This personal data will not be passed on to third parties. The data subject has the right at any time to revoke the corresponding consent statement issued through the dual registration procedure. After a revocation, this personal data will be erased by the controller. S & A automatically considers a withdrawal of the newsletter as a revocation.
Possibility of contact via the website
Deletion of Personal Data and Blocking Routine
If the storage objective is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data is systematically blocked or deleted in accordance with legal requirements.
Rights of the Person Concerned
Each person concerned has the right – granted by the European legislator – to know how the personal data they provide will be used by the controller or the processor.
This privacy statement explains how all personal data collected by S & A can be used. If a data subject has questions about the use of his personal data, he may at any time contact our data protection officer or another employee of the data controller directly.
Right of confirmation
Each person concerned has the right – granted by the European legislator – to obtain the confirmation of the data controller regarding the processing of his personal data. If a data holder wishes to use this right of confirmation, he may at any time contact our data protection officer or another employee of the controller directly.
Permission to access
Each data subject has the right – granted by the European legislator – to obtain from the data controller, at any time and free of charge, information about his personal data and a copy of this information. In addition, the European directives and regulations grant the data subject the following information:
Categories of personal data concerned;
The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular to recipients in third countries or international organizations;
If possible, the period provided for the storage of personal data or, if this is not possible, the criteria used to determine this period;
The existence of the right to ask the controller to correct or delete personal data, or to restrict the processing of personal data concerning the data subject, or to oppose such processing;
The existence of the right to lodge a complaint with a supervisory authority;
When personal data are not collected from the data subject, all available information on their origin;
The existence of automated decision making, including profiling, as referred to in Article 22 (1) and (4) of the GDPR and – at least in these cases – significant information on the logic involved, as well as the significance and expected consequences of such treatment to the data subject.
In addition, the data subject has the right to obtain information on the transfer of personal data to a third country or to an international organization. Where appropriate, the data subject has the right to be informed of the appropriate guarantees relating to the transfer.
If a data holder wishes to use this right of access, he may at any time directly contact our data protection officer or another employee of the controller.
Right of rectification
Each person concerned has the right – granted by the European legislator – to obtain from the data controller, without undue delay, the rectification of inaccurate personal data concerning him / her. Taking into account the purposes of the processing, the data subject has the right to fill in the incomplete personal data, including through the submission of a supplementary declaration.
If a data subject wishes to use this right of rectification, he or she may at any time directly contact our data protection officer or another employee of the controller.
Right of cancellation (Right to be forgotten)
Each data subject has the right – granted by the European legislator – to obtain from the data controller the deletion of personal data concerning him / her without undue delay and the data controller shall delete the personal data as soon as possible. deadlines. provided that treatment is not required:
Personal data are no longer necessary in relation to the purpose for which they were collected or processed.
The data subject withdraws the consent on which the processing is based, in accordance with Article 6 (1) (a) or Article 9 (2) (a) of the GDPR and no other legal basis for the treatment.
The data subject objects to the treatment under Article 21 (1) of the GDPR and there is no legitimate reason for the treatment, or the data subject objects to the treatment under Article 21, paragraph 2 of the GDPR.
Personal data has been processed illegally.
Personal data must be deleted in order to fulfill a legal obligation in the Union or Member State legislation to which the controller is subject.
Personal data has been collected in relation to the information society service offer referred to in Article 8 (1) of the GDPR.
If one of the above reasons applies, and the data subject wishes to request the deletion of personal data stored by S & A, it may at any time directly contact our Data Protection Officer or another employee. the controller. The S & A Data Protection Officer or other employee must promptly ensure that the request for deletion is immediately satisfied.
If S & A has provided personal data and is responsible for the exclusion of personal data in accordance with Article 17 (1), S & A – taking into account the available technologies and the costs of implementation – must take reasonable measures, including technical measures. inform the other controllers of the processing of published personal data that the data subject has requested the deletion by these controllers of any link, copy or replication of this personal data, unless a processing is required. The S & A Data Protection Officer or another employee will take the necessary action in individual cases.
Right of treatment restriction
Each data subject has the right – granted by the European legislator – to obtain from the controller the processing modality if one of the following conditions applies:
The accuracy of the personal data is disputed by the data subject during a period allowing the data controller to verify the accuracy of the personal data.
The treatment is illegal and the data subject is against the deletion of personal data and requests the restriction of its use.
The controller no longer needs personal data for processing purposes, but is required by the data subject for the establishment, exercise or defense of legal claims.
The data subject objected to the treatment provided for in Article 21 (1) of the GDPR, and it remains unclear whether the legitimate motives of the controller cancel those of the data subject.
If one of the above conditions is fulfilled and the data subject wishes to request the restriction of the processing of the personal data stored by S & A, it may at any time directly contact our data protection officer or another employee of the data protection department. responsible for the treatment. . The S & A Data Protection Officer or another employee will arrange a processing restriction.
Right to data portability
Each data subject has the right – granted by the European legislator – to receive his / her personal data, which has been provided to a controller, in a structured, commonly used and machine readable format. It has the right to transmit this data to another controller without hindrance of the controller to whom the personal data have been provided, provided that the processing is based on consent in accordance with Article 6 (1) (a) ) or Article 9, paragraph 2.) a) of the GDPR, or in a contract in accordance with Article 6 (1) (b) of the GDPR, and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task in the interest or exercise of the official authority conferred on the controller.
In addition, by exercising its right to portability of data in accordance with Article 20 (1) of the GDPR, the data subject has the right to directly transmit personal data from one controller to another, where this is technically possible. does not infringe the rights and freedoms of others.
To guarantee the right to portability of the data, the data subject may at any time directly contact our data protection officer or another employee of the controller.
Right of opposition
Each data subject has the right – granted by the European legislator – to object, at any time for reasons relating to his particular situation, to the processing of his personal data on the basis of Article 6 (1) (and) or (f) of the RGPD. This also applies to profiling based on these provisions.
S & A will no longer process personal data in the event of an objection, unless we can demonstrate legitimate and convincing grounds for treatment that would nullify the interests, rights and freedoms of the person concerned.
Data Protection and Application Procedures
If the data controller completes a work contract with a candidate, the data sent will be stored for the purpose of processing the employment relationship in accordance with legal requirements.
If no contract of employment is concluded with the applicant by the controller, the application documents will be automatically deleted within two months of notification of the refusal decision, provided that: 1) no other legitimate interest of the 2) The data subject explicitly expresses his / her wish that the data controller retain the personal data. A typical example of this desire of the data holder is when he / she wants the controller to retain a Curriculum Vitae (ie, Personal Data) for future contact when an appropriate employment opportunity arises.
Data Protection and Use of Google Analytics
The Google Analytics Component Operator is Google Inc., 1600 Anphitheater Parkway, Mountain View, CA 94043-1351, United States of America.
For web analytics via Google Analytics, the controller uses the “anonymizeIp” function. With this feature, the IP address of the person’s Internet connection is obtained by Google and anonymised by accessing our websites from a Member State of the European Union or from another Contracting State to the agreement. on the European Economic Area.
The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the data and information collected, among other things, to evaluate the use of our website and provide online reports that show the activities on our websites and provide us with other services on the use of our website on Internet.
Google Analytics places a cookie on the data holder’s information technology system. The definition of cookies is explained above. With the configuration of cookies, Google is able to review the use of our website. At each call to one of the individual pages of this website, managed by the controller and in which a Google Analytics component has been integrated, the data holder’s information technology system Internet browser will automatically send data via Google Analytics for online advertising and commission settlement for Google. During this technical process, Google acquires knowledge of personal information, such as the IP address of the individual, which allows Google to understand the origin of visitors and clicks, and to define .
The cookie is used to store personal information, such as the time of access, the place from which access was made, and the frequency of visits to our website by the individual. At each visit to our site, this personal data, including the IP address of the Internet access used by the person concerned, will be transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may transfer personal data collected through this technical process to third parties.
The data subject may, as stated above, prevent at any time the setting up of cookies on our website by means of a corresponding adjustment of the internet browser used and, therefore, permanently refuse the establishment of cookies. Cookies. This browser adjustment will also prevent Google Analytics from setting a cookie on the data holder’s information technology system. In addition, cookies already used by Google Analytics may be deleted at any time via the web browser or other software.
More information and Google’s data protection provisions can be found at www.google.com/intl/en/policies/privacy and www.google.com/analytics/terms/us.html. Google Analytics is explained on www.google.com/analytics.
Regulatory Basis for Treatment
If the processing of personal data is necessary for the performance of a contract of which the data subject is a party – as is the case, for example, where processing operations are necessary for the supply of goods or for providing another service – the processing is carried out on the basis of Article 6 (1) (b) of the GDPR. The same applies to the processing necessary for the performance of pre-contractual measures, for example in the case of consultations on our products or services.
If our company is subject to a legal obligation for which the processing of personal data is required – such as compliance with tax obligations – the processing is based on Article 6 (1) (c) of the GDPR.
In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor was injured in our business and his or her name, age, health insurance data or other vital information would be passed on to a doctor, hospital or third party. . In this case, the treatment would be based on Article 6 (1) (d) of the GDPR.
Finally, processing operations may be based on Article 6 (1) (f) of the GDPR. This legal basis is used for transactions that are not covered by any of the above-mentioned legal grounds if the treatment is necessary for the legitimate interests exercised by our company or a third party, unless such interests are nullified by the interests or rights and freedoms data subjects who require the protection of personal data. Such treatments are particularly allowed because they have been specifically mentioned by the European legislator, who considered that a legitimate interest could be presumed if the person concerned was a client of the controller (recital 47 sentence 2 of the RGPD).
Legitimate Interests Exercised by the Controller or a Third Party
Period During Which Personal Data Will Be Stored
Provision of Personal Data as Legal Requirement
Sometimes, to conclude a contract, it may be necessary for the data subject to provide us with personal data, which must be processed by us later. The data subject is, for example, required to provide personal data when our company signs a contract with it. The non-communication of personal data would mean that the contract with the person concerned could not be concluded.
Before the personal data are provided by the data subject, the data subject must contact our Data Protection Officer. Our data protection officer clarifies whether the provision of personal data is required by law or contract or if it is necessary for the conclusion of the contract, if there is an obligation to provide personal data and consequences of lack. provision of personal data.