Privacy Policy

Zeugma – Tecnologia de Sistemas Industriais, S.A. (Industrial’s Systems Technology, S.A.), hereafter identified as Zeugma, is committed in protecting the privacy of every holder of personal data processed in the framework of its activity, hereafter designated as data holders.

In order to ensure its commitment to the data holders’ privacy, Zeugma has adopted the best security and personal data protection practices, in the terms best described below.

In this regard, and in order to guaranty that every personal data is processed and protected according to the new General Data Protection Regulation (GDPR) – Regulation (UE) 2016/679, of the European Parliament and of the Council, of April 27 2016, we ask that you, please, read carefully the following information, correspondent to our new privacy and data protection policy, that intends to clarify the rules followed by Zeugma in concern to the forwarding of communication, as well as the rights granted by the GDPR to the data holders.

Treatment Activities:

  • Costumer and supplier administration
  • Human resources management

 

  1. Personal data

The personal data is correspondent to any information, in relation to an individual or identifiable person, of any nature and regardless of the type of support.

It is considered identifiable an individual that may be identified, direct or indirectly, for instance by reference to an identifier (v.g. an identification number, location data, electronic identifiers or one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of such individual).

Depending on the finality of the data gathering, such as the explicated on this document, there might be gathered the following personal information:

  1. Costumer and supplier administration
  • Contact data
    • Name (First and last names)
    • E-mail address
    • Telephone contact
  1. Human resources management
  • Employees’ recruitment, selection and admission
    • Full name
    • Date and place of birth
    • Nationality
    • Civil identification number (identification card, citizen card, passport)
    • Telephone contact
    • E-mail address
    • Address
    • Professional category
    • Educational background / Professional resume
    • Hobbies
    • Civil status
    • Household data
  • Administrative/Procedural human resources management
    • Full name
    • Date and place of birth
    • Nationality
    • Civil identification number (identification card, citizen card, passport)
    • Taxpayer number
    • Social security number
    • Telephone contact
    • E-mail address
    • Address
    • Professional category
    • Educational background / Professional resume
    • Hobbies
    • Civil status
    • Household data
    • Driver’s license
    • Biometric data
    • IBAN

 

  1. Responsible for Personal Data Processing

Zeugma – Industrial’s Systems Technology, S.A., with its headquarters on Rua do Cemitério, n.º 6, Sobreiro, 2640-578 Mafra, collective person n.º 503 819 670, is the entity responsible for the gathering and processing of person data for the finalities indicated.

For any clarifications regarding the protecting of data, you may come in contact with us, through the following e-mail address: zeugma@zeugma.pt.

 

  1. Personal Data Processing Finalities

The gathering and processing of personal data concerning the previously mentioned activities is intended to:

Costumer and supplier administration:

  • General management of relation with customers and supplier

Human resources management:

  • Employees’ recruitment, selection and admission
    • Curricular analysis and screening
    • Individual Evaluation Report
    • Admission (MRS02-20)
  • Administrative/Procedural human resources management
    • Recruitment and disengagement processes management
    • Compensation processing, including assiduity, vacations, absences and travels control (km’s vehicles and fuels)
    • Communications to the various official entities (SS; ACT, and AT)
    • Insurance companies processes management
    • Medicine, Hygiene and Safety in the workplace process management
    • Single report and other statistical information associated with the Human Resources
    • Human capital training and development management

In view of the above, Zeugma clarifies that doesn’t solicit, nor stimulates, in place or any other way, the remission or delivery of personal data referring to philosophical or political convictions, political or syndical affiliation, religious belief, private life and racial or ethical origin , as well as the processing of data concerning health and sexual life, including genetic data. Therefore, in the event of the transmission to Zeugma of such personal data, the Association may not be, in any case, held responsible for its processing, as is the result of the policy described above.

 

  1. Personal data conservation

The period of time during which the personal data is stored and conserved will vary in conformity with the Finalities previously referred.

The personal data whose finality is to render a service by Zeugma, will be stored for the period of time during which the contract stands, plus 5 years, notwithstanding the possibility of being practiced for longer periods of time, as prescribed in the legal terms and/or when justified by the situation, for instance to ensure, also, Zeugma’s rights.

 

  1. Personal data access, rectification, processing limitation and portability right

The data holder is ensured, at any moment, the right to access its personal data, as well as the respective rectification, portability, limitation and/or opposition to processing. In this regard, it can exercise these rights addressing, in writing, to Zeugma, through the headquarters address or through the following e-mail address: zeugma@zeugma.pt.

Moreover, the data holder may report the complaints it considers fitted with the competent authority for this purpose.

 

  1. Security in personal data processing

The personal data will be processed and filled by computer and by paper.

Zeugma compromises in guarantying the security and protecting of personal data that is made available, having taken the appropriate measures, such as:

  • Physical security measures:
    • The physical access to processing operations is only allowed to Zeugma’s authorized employees;
  • Computer security measures:
    • There is an existent code of conduct regarding the use of computer resources and services
    • The access to the system demands a password authentication
    • The password is nominative
    • There is a secure data copy (secure servers)
    • The system is protected against unauthorized personal data accesses
    • The system has the capacity to register activities performed and those responsible for said activities (tracking)
    • The system has protection against virus and malware
    • The operating systems are not obsolete and are systematically updated, in order to avoid known/published vulnerabilities
    • Firewall usage
    • Secure data transmission protocols by third parties (https)
    • Information encryption in mobile devices
    • Secure equipment elimination
    • Profiles according to functional typologies
    • Usage of VPN for remote accesses to the internal infrastructure
    • Periodically backups
  • Organizational measures:
    • The holder’s data is not transferable to outside the European area;
    • Physical access limitation;
    • Do not store of personal data in the computer’s memory;
    • Contracts with employees with long-term confidentiality duties;
    • Every employee is informed of the politics and regulations;
    • The processing of personal data is exclusively made in the context of the pre-established finalities;
    • Ensure the provision of information duties to the holders and acquisition of consent;
    • Policy-aligned personal data protection actions and procedures by the data processing responsible;
    • The processed data must always be the strictly necessary for the purpose in question;
    • Periodical evaluation of the requirements fulfilment level (audit).

In the case of, for any reason, a security violation that causes, accidentally or illicitly, the destruction, loss, alteration, divulgation or access, unauthorized to personal data, is verified, Zeugma commits, in the terms of the applicable legislation, to report such occurrence to the competent authorities, without undue delay and, whenever possible, within 72 hours of being aware of such occurrence.

In addition, and in the terms mentioned in the previous paragraph, Zeugma commits to report the personal data violation to the respective data holder, in accordance with the applicable legislation.

 

  1. Personal data communication to third parties

In regard to its activity, Zeugma may resort to third parties for the provision of certain services (located inside or outside the European Union), which might implicate, in certain situations, the access, by said entities, to the holder’s personal data.

In such scenario, Zeugma commits to taking the necessary and adequate measurements, in order to ensure that the entities that have access to such personal data, are reputed and offer high guaranties in this level, which will be duly consecrated and safeguarded in a contract concluded between Zeugma and said third parties.

Consequently, any entity subcontracted by Zeugma will process the holder’s personal data, on its behalf, committed in taking the technical and organizational measures necessary to protect the personal data against destruction, accidental or illicit, the accidental loss, the alteration, the diffusion or the access unauthorized and against any other way of illicit processing.

In any of the cases, Zeugma remains responsible for the processing of personal data.

When necessary and regarding the recruitment of third parties by AICCOPN, the personal data will be transferred to outside de European Union, in the terms and conditions allowed by the applicable legislation.

 

  1. Right to be forgotten

The personal data holder has the right to know, from the responsible for its processing, the elimination of its personal data that will, in turn, have the obligation of eliminating them, any time one of the following motives is applicable: (i) the data is no longer necessary to the finality that motivated its gathering and processing; (ii) the holder withdraws the consent, when this is the legal basis that legitimizes the respective processing, or (iii) the holder opposes the processing and there are no prevailing legitimate interests justifying its maintenance.

 

  1. Modifications

Zeugma reserves the right to, at any point, make readjustments or modifications to the current policy, being certain that any modifications will be dully communicated to the data holders.

 

This version hereby communicated is the currently in force.

25th October 2018