UPDATED ON 06/14/2018
This data protection declaration is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (RGPD). Our data protection statement must be readable and understandable to the general public as well as to our customers and business partners. To ensure this, we would like to start by explaining the terminology used.
In this data protection declaration, we use, inter alia, the following terms:
- Personal data
Personal data means any information related to an identified or identifiable natural person ("data subject"). An identifiable natural person is one that can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more identity-specific factors physical, physiological, genetic, mental, economic, cultural, or social nature.
- Data owner
The data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the treatment.
Treatment is any operation or set of operations that is performed on personal data or on personal data sets (whether or not by automated means), such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, use, disclosure by transmission, disclosure or disclosure, alignment or combination, restriction, deletion, or destruction.
- Restriction treatment
The restriction of processing is the marking of stored personal data for the purpose of limiting its processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects related to a natural person, in particular to analyze or predict aspects relating to that person's performance in work, economic situation, health, personal preferences , interests, reliability, behavior, location, or movements.
Pseudonymisation is the processing of personal data in such a way that personal data can no longer be allocated to a specific data subject without the use of supplementary information, provided that such supplementary information is kept separately and is subject to technical and organizational measures to ensure personal data can not be attributed to an identified or identifiable natural person.
- Data Controller or Controller or Controller responsible for processing
Data Controller or Controller or controller is the natural or legal person, public authority, agency or other body that (alone or jointly with others) determines the purposes and means of processing personal data. Where the purposes and means of such treatment are determined by Union or Member State law, the controller or the specific criteria for their appointment may be indicated by Union or Member State law.
- Data Processor or Processor or Subcontractor
Data Processor or Processor or Subcontractor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
The addressee is a natural or legal person, a public authority, an agency, or other body to which personal data are disclosed, whether or not it is a third party. However, public authorities which may receive personal data in the context of a specific inquiry in accordance with Union or Member State legislation should not be considered as recipients; the processing of such data by such public authorities shall be in accordance with the applicable data protection rules according to the purposes of the processing.
The third party is a natural or legal person, a public authority, an agency, or other body other than the data subject, the controller, the processor, and persons who, under the direct authority of the controller or processor, are authorized to processing of personal data.
The data subject's consent is any freely given, specific, informed, and unambiguous indication of the willingness of the data subject - by means of a statement or by a clear affirmative action - expressing agreement on the processing of personal data relating to him /she.
- Name and Address of Controller
The controller for the purposes of the General Data Protection Regulation (RGPD) and other data protection laws applicable in the Member States of the European Union and other provisions related to data protection is:
Avelana - Fábrica de Malhas SA
Rua da Estrada Nova, 280
4750 - 013 - Abade de Neiva
Telephone: +351 253809850
Email: [email protected]
Web site: www.avelana.pt
The data subject may at any time prevent the configuration of cookies on our website through a corresponding configuration of the used Internet browser and, therefore, permanently deny the setting of cookies. In addition, already configured cookies can be deleted at any time through an Internet browser or other software programs. This is possible in all popular Internet browsers. If the data holder deactivates the cookie configuration in the used Internet browser, not all features of our website can be fully usable.
- Data collection and general information
The AVELANA website collects some general data and information when a data holder or an automated system accesses the website. This data and general information is stored in the server log files. The data collected may consist of (1) browser types and versions used, (2) the operating system used by the system that makes the access, (3) the website through which the system arrives at our website , (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) to the website and (8) any other data and information that may be used in the event of an attack on our information technology systems.
By using this data and general information, AVELANA does not draw conclusions about the holder of the data. Instead, this information is required to (1) deliver the content of our website properly, (2) optimize the content of our website as well as your advertisement, (3) ensure the long-term viability of our technology systems information and technology of the website, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack. Therefore, AVELANA analyzes the data and information collected statistically, with the aim of increasing the protection and security of data of our company, and guarantee an optimum level of protection for the personal data that we treat. Anonymous data from server log files is stored separately from all personal data provided by a data holder.
- Possibility of contact via website
The AVELANA website contains information that allows a quick electronic contact with our company, as well as a direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data holder contacts the controller via email or through a contact form, the personal data transmitted by the data subject is stored automatically. Such personal data transmitted voluntarily by the data subject to the data controller are stored for the purpose of dealing with or contacting the data subject. No there is transfer such personal data to third parties.
- Personal data delete and block routine
The data controller shall process and store the data subject's personal data only for the period necessary to achieve the purpose of storage, or to the extent that this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject. subject.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or other competent legislator expires, personal data are routinely blocked or deleted in accordance with legal requirements.
- Rights of the data subject
Right to be informed
Each data subject has the right - granted by the European legislator - to know how the personal data provided by him will be used by the controller or the processor.
This data protection statement explains how all personal data collected by AVELANA can be used. If a data subject has any questions about how his or her personal data will be used, he / she may at any time contact our Data Protection Officer or other controller employee directly.
Right of confirmation
Each data subject has the right - granted by the European legislator - to obtain confirmation from the controller as to whether personal data relating to him / her are being processed. If a data holder wishes to use this right of confirmation, he / she may at any time contact our Data Protection Officer or other controller employee directly.
Right of access
Each data subject has the right - granted by the European legislator - to obtain from the controller, at any time and free of charge, information on his / her stored personal data and a copy of this information. In addition, European directives and regulations grant the data subject access to the following information:
The objectives of the treatment;
The categories of personal data concerned;
The addressees or categories of recipients to whom the personal data have been or will be disclosed, in particular to recipients in third countries or international organizations;
If possible, the expected period for which personal data will be stored or, if this is not possible, the criteria used to determine that period;
The existence of the right to ask the controller to rectify or delete personal data, or to restrict the processing of personal data relating to the data subject, or to oppose such treatment;
The existence of the right to complain to a supervisory authority;
When personal data are not collected from the data subject, any available information about their origin;
The existence of automated decision-making, including profiling, as referred to in Articles 22 (1) and (4) of the RGPD and - at least in those cases - meaningful information about the logic involved, as well as the importance and expected consequences of such treatment to the data subject.
In addition, the data subject has the right to obtain information on whether personal data are transferred to a third country or to an international organization. Where appropriate, the data subject has the right to be informed of the appropriate safeguards relating to the transfer.
If a data holder wishes to use this access right, he / she may, at any time, directly contact our Data Protection Officer or other employee of the controller.
Right of rectification
Each data subject has the right - granted by the European legislator - to obtain from the controller without undue delay the rectification of inaccurate personal data about him / her. Taking into account the purposes of the processing, the data subject has the right to fill in the incomplete personal data , including by means of the presentation of a complementary declaration.
If a data holder wishes to use this right of rectification, he / she may at any time contact our Data Protection Officer or other controller employee directly.
Right of erasure (Right to be forgotten)
Each data subject has the right - granted by the European legislator - to obtain from the controller the deletion of personal data concerning him without undue delay, and the controller is obliged to delete personal data without undue delay when one of the following grounds applies provided that treatment is not required:
Personal data is no longer required in relation to the purpose for which it was collected or otherwise processed.
The data subject withdraws the consent on which the treatment is based, pursuant to Article 6 (1) (a) or Article 9 (2) (a) of the RGPD, and there is no other legal basis for treatment.
The data subject is opposed to treatment under Article 21 (1) of the RGPD and there are no legitimate grounds for processing, or the data subject is opposed to treatment under Article 21 (2) of the RGPD.
The personal data were treated illegally.
Personal data must be deleted for compliance with a legal obligation in the legislation of the Union or of the Member State to which the controller is subject.
Personal data have been collected in relation to the information society services offer referred to in Article 8 (1) of the RGPD.
If one of the aforementioned reasons applies, and the data subject wishes to request the erasure of personal data stored by AVELANA, he / she may at any time contact our Data Protection Officer or another employee of the controller directly. The Data Protection Officer of AVELANA or another employee should ensure promptly that the erasure request is immediately fulfilled.
If AVELANA has made personal data available and is responsible for the exclusion of personal data in accordance with Article 17 (1), NFG - taking into account available technology and implementation costs - must take reasonable steps, including technical measures, to inform other controllers to process the personal data published that the data subject has requested the deletion by those controllers of any links, or copies or replication of such personal data, unless treatment is required. The NFG Data Protection Officer or other official will provide the necessary measures in individual cases.
Right of treatment restriction
Each data subject has the right - granted by the European legislator - to obtain from the controller restraint of treatment if one of the following conditions applies:
The accuracy of the personal data is contested by the data subject for a period that allows the controller to verify the accuracy of the personal data.
The treatment is illegal and the data subject is against the deletion of personal data and requests the restriction of its use.
The controller no longer needs personal data for processing purposes, but is required by the data subject for the establishment, exercise, or defense of legal claims.
The data subject objected to the treatment under Article 21 (1) of the RGPD, and it is still unclear whether the controller's legitimate motives nullify those of the data subject.
If one of the above conditions is met, and the data subject wishes to request the restriction of the processing of personal data stored by NFG, he / she may at any time contact directly our Data Protection Officer or other employee of the controller . The NFG Data Protection Officer or other official will arrange a restriction of treatment.
Right to data portability
Each data subject has the right - granted by the European legislator - to receive the personal data relating to him / her, which has been supplied to a controller, in a structured, commonly used and machine readable format.He / she has the right to transmit such data to another controller without impediment of the controller to which the personal data have been provided, provided that the treatment is based on consent pursuant to Article 6 (1) (a) or Article 9 (2). ) (a) of the RGPD, or in a contract in accordance with Article 6 (1) (b) of the RGPD, and the treatment is performed by automated means, provided that the treatment is not necessary for the performance of a task performed in the interest or in the exercise of the official authority conferred on the controller.
In addition, in exercising its right to data portability in accordance with Article 20 (1) of the RGPD, the data subject has the right to have personal data transmitted directly from one controller to another, where technically feasible, and when do not adversely affect the rights and freedoms of others.
To ensure the right to data portability, the data subject may, at any time, directly contact our Data Protection Officer or other employee of the controller.
Right of objection
Each data subject has the right - granted by the European legislator - to oppose, on grounds relating to his particular situation, at any time, the processing of personal data concerning him on the basis of Article 6 (1) (and ) or (f) of the RGPD. This also applies to profiling based on these provisions.
AVELANA shall no longer treat personal data in the event of an objection unless we can demonstrate convincing legitimate reasons for the treatment that nullify the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of claims legal basis.
If AVELANA treats personal data for direct marketing purposes, the data subject will have the right to object at any time to the processing of personal data related to him / her for such marketing. This also applies to profiling insofar as it is related to such direct marketing. If the data subject contacts us to object to the treatment for direct marketing purposes, we will no longer treat personal data for such purposes.
In addition, the data subject has the right, for reasons related to his particular situation, to oppose the processing of personal data concerning him by AVELANA for the purpose of scientific or historical research or for statistical purposes in accordance with Article 89 (1) of the RGPD unless treatment is required for the performance of a task performed on grounds of public interest.
In order to exercise the right of objection, the data subject may, at any time, directly contact our Data Protection Officer or other employee of the controller. In addition, the data subject is free - in the context of the use of information society services and notwithstanding Directive 2002/58 / EC - to use his right of opposition by automated means using the technical specifications.
Automated individual decision making, including profiling
Each data subject has the right - granted by the European legislator - not to be subject to a decision based solely on automated processing, including profiling, having legal effects on him or, similarly, (1) is not necessary for the conclusion or execution of a contract between the data subject and a data controller, (2) is not authorized by the law of the Union or of the Member State to which the controller is subject and which also establishes appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, or (3) is not based on the explicit consent of the data subject.
If a decision (1) is necessary for the conclusion or execution of a contract between the data subject and a data controller, or (2) is based on the explicit consent of the data subject, the controller shall implement reasonable measures to safeguard the rights and freedoms and legitimate interests of the data subject, including at least the right to have human intervention by the controller in order to express his or her point of view and to challenge the decision.
If a data subject wishes to take advantage of his or her individual decision-making rights automatically, he / she may at any time contact our Data Protection Officer or other controller's employee directly.
Right to withdraw consent to data processing
Each data subject has the right - granted by the European legislator - to withdraw his consent to the processing of his personal data at any time.
If the data subject wishes to exercise the right to withdraw consent, he / she may, at any time, directly contact our Data Protection Officer or other employee of the controller.
- Data protection for applications and application procedures
The data controller will collect and process the personal data of the candidates in order to process the application procedure. Treatment can also be performed electronically. This is the case in particular if a candidate submits the corresponding application documents by email or through a form on the website to the controller.
If the data controller completes an employment contract with a candidate, the data sent will be stored for the purpose of processing the employment relationship in accordance with legal requirements.
If no employment contract is entered into with the candidate by the data controller, the application documents will automatically be deleted within two months of notification of the refusal decision, provided that (1) no other legitimate interest of the controller - such as the burden (2) the data subject explicitly expresses his / her wish for the controller to retain personal data. A typical example of this desire of the data holder is when he / she wants the controller to retain a Curriculum Vitae (ie, personal data) for future contact when an appropriate employment opportunity arises.
- Data protection provisions on the application and use of Google Analytics (with the anonymization feature)
On this website, the controller has integrated the Google Analytics component (with the anonymization feature). Google Analytics is a web analytics service. Web analytics is the collection, aggregation, and analysis of data on visitor behavior on websites. A web analytics service collects, inter alia, data about the website from which a person came (the referrer), which pages visited, or how often and how long a page has been viewed. Web analytics are mainly used to optimize a website and to conduct a cost-benefit analysis of Internet advertising.
The Google Analytics component operator is Google Inc., 1600 Anphitheater Parkway, Mountain View, CA 94043-1351, United States of America.
For web analytics through Google Analytics, the controller uses the "anonymizeIp" feature. Through this feature, the IP address of the data subject's Internet connection is obtained by Google and anonymised by accessing our websites from a Member State of the European Union or of another Contracting State to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze traffic on our website. Google uses the data and information collected, among others, to evaluate the use of our website and provide online reports that show the activities on our websites and to provide us with other services on the use of our website on the Internet.
Google Analytics places a cookie on the data holder's information technology system. The definition of cookies is explained above. With the cookie setup, Google is able to review the use of our website. With each call to one of the individual pages of this Internet site, which is operated by the controller and in which a Google Analytics component has been integrated, the Internet browser in the data holder's information technology system will automatically send data through the Google Analytics for online advertising and commission settlement purposes for Google. In the course of this technical procedure, the company Google gains knowledge of personal information, such as the data subject's IP address, which allows Google, among other things, to understand the origin of visitors and clicks and then set commissions.
The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits to our website by the data subject. With each visit to our website, such personal data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America.Google may transfer personal data collected through this technical procedure to third parties.
The data subject may, as indicated above, prevent the setting of cookies on our website at any time by means of a corresponding adjustment of the used web browser and, therefore, permanently deny the setting of cookies. This adjustment to the browser will also prevent Google Analytics from setting a cookie on the data holder's information technology system. In addition, cookies already used by Google Analytics can be deleted at any time through the web browser or other software programs.
More information and applicable Google data protection provisions can be found at www.google.com/intl/en/policies/privacy is at www.google.com/analytics/terms/us.html . Google Analytics is explained in www.google.com/analytics .
- Legal basis for treatment
Article 6 (1) (a) of the RGPD serves as the legal basis for treatment operations, for which we obtain consent for a specific treatment purpose.
If the processing of personal data is necessary for the performance of a contract of which the data subject is a party - as is the case, for example, when processing operations are necessary for the supply of goods or for providing any other service - the treatment is carried out on the basis of Article 6 (1) (b) of the RGPD. The same applies to the processing operations necessary to carry out pre-contractual measures, for example in the case of consultations on our products or services.
If our company is subject to a legal obligation for which the processing of personal data is required - such as compliance with tax obligations - the treatment is based on Article 6 (1) (c) of the RGPD.
Em casos raros, o tratamento de dados pessoais pode ser necessário para proteger os interesses vitais do titular de dados ou de outra pessoa singular. Este seria o caso, por exemplo, se um visitante fosse ferido na nossa empresa e o seu nome, idade, dados do seguro de saúde, ou outra informação vital teriam que ser transmitida a um médico, hospital, ou outro terceiro. Nesse caso, o tratamento seria baseado no Artigo 6(1)(d) do RGPD.
Finalmente, as operações de tratamento podem basear-se no Artigo 6(1)(f) do RGPD. Esta base jurídica é utilizada para operações de tratamento que não são abrangidas por nenhum dos fundamentos legais acima mencionados, se o tratamento for necessário para os interesses legítimos exercidos pela nossa empresa ou por um terceiro, excepto quando esses interesses são anulados pelos interesses ou direitos e liberdades fundamentais do titular dos dados que exigem protecção de dados pessoais. Tais operações de tratamento são particularmente permitidas porque foram especificamente mencionadas pelo legislador europeu, que considerou que um interesse legítimo poderia ser assumido se o titular dos dados for um cliente do controlador (Recital 47 Frase 2 do RGPD).
- Legitimate interests exercised by the controller or by a third party
Whenever our processing of personal data is based on Article 6 (1) (f) of the RGPD, our legitimate interest is to conduct our business for the welfare of all our employees and shareholders .
- Period during which personal data will be stored
The criteria used to determine the period of storage of personal data are the respective legal retention period. After the expiration of this period, the corresponding data is routinely deleted, as long as it is no longer necessary for the performance of the contract or the commencement of a contract.
- Provision of personal data as a legal or contractual requirement; Necessary requirement for conclusion of contract; Obligation of the data subject to provide personal data; Possible consequences of failure to provide such data
We clarify that the provision of personal data is partly required by law (eg tax regulations) or may also result from contractual arrangements (for example, contractual partner information).
Sometimes, to close a contract, it may be necessary for the data subject to provide us with personal data, which must be dealt with later by us. The data subject is, for example, obliged to provide personal data when our company signs a contract with him / her. Non-provision of personal data would have the consequence that the contract with the data subject could not be concluded .
Before the personal data is provided by the data subject, the data subject must contact our Data Protection Officer. Our Data Protection Officer clarifies the data subject as to whether the provision of personal data is required by law or contract or whether it is required for the conclusion of the contract, whether there is an obligation to provide the personal data, and the consequences of the lack supply of personal data.
- Automated decision making
As a responsible company, we abstain from taking decisions or profiling automatically.