DATA PROTECTION POLICY
Scope of application
The owners of the personal data processed by COMPUWORKS to which this Policy applies may be from customers, employees, candidates, suppliers, service providers or any third party with whom COMPUWORKS relates within the scope of its commercial activity.
The rules and procedures referred in this policy may be further developed in other internal policies.
These changes must be notified by COMPUWORKS to its employees, data subjects and other recipients through the following means of communication:
- Employees: communication via e-mail and posting in the workplace;
COMPUWORKS is committed to the confidentiality and protection of the personal data of its Clients, Employees, Service Providers and Suppliers, under the legal terms and in compliance with the General Personal Data Regulation (GPDR).
Within the scope of its activity, COMPUWORKS may, by automated or non-automated means, collect, register, organise, structure, maintain, adapt, alter, recover, consult, use, divulge by transmission, dissemination or any other form of availability, deletion or destruction of the personal data of its clients and employees.
COMPUWORKS will collect and process personal data strictly for specific, explicit and legitimate purposes and will not process personal data in a manner incompatible with these purposes.
The data collected will only be the necessary and adequate data to fulfil the described purposes and will be kept only while needed and updated.
Personal data should be kept for a predefined or definable period of time, taking into account the purposes of the treatment, and should be deleted or totally anonymised after the expiry of the storage period.
COMPUWORKS will use a system of systematic revision and updating of the personal data present in its own systems, as well as those of third parties with whom it relates while responsible for the treatment, co-responsible or subcontractor.
COMPUWORKS undertakes to use internal systems and procedures for the security and protection of the personal data of its Clients, Employees, Service Providers and Suppliers that guarantee its integrity and confidentiality.
COMPUWORKS undertakes to maintain a fair and transparent treatment of the personal data in its possession.
The processing of personal data is governed by the Data Protection Law internally approved and by the General Regulation of Data Protection 2016/679 (the “GDPR”), or other applicable legislation.
COMPUWORKS uses the personal data provided by its Customers, Employees, Service Providers and Suppliers of other data subjects with whom it relates within the scope of its professional activity, in order to comply with its contractual obligations.
The data generally collected from our Clients is, among others, the name of the contact person, address, email, telephone contact, tax identification number and IBAN.
The data usually collected from our Employees is, among others:
a. Identification data: name, date of birth, place of birth, affiliation, sex, nationality, address and telephone number, academic qualifications, identity card number, taxpayer number and Social Security beneficiary number;
b. Family status: marital status, spouse’s name, children or dependents and other information that may determine the awarding of additional remuneration;
c. Regarding professional activity: time and place of work, internal identification number, date of admission, seniority, professional category, seniority in the category, level and pay scale, nature of contract;
d. Elements of remuneration: base remuneration, other certain or variable benefits, allowances, holidays, attendance and absenteeism, leave, other elements relating to the granting of additional remuneration, amount or rate in respect of compulsory or optional discounts;
e. Other information: possible degree of disability or member of your household, temporary incapacity resulting from an accident at work or occupational illness, location and way of payments to be made by COMPUWORKS, bank account number and identification of the institution.
Other data may be collected from our clients and employees if necessary and will receive treatment in accordance with all legal obligations.
Rights of data subjects
According to legal and regulatory requirements regarding data protection, COMPUWORKS guarantees that the owners of personal data can exercise their rights regarding the way their personal data is processed and preserved.
In order to exercise their rights, the holders should contact COMPUWORKS through the contacts below available for this purpose and these requests will be forwarded in accordance with the legal requirements.
COMPUWORKS may, prior to processing the application, verify the identity of the applicant, in case of any doubts regarding the identity of the person submitting the application.
Requests for the exercise of rights shall be answered without undue delay and within a maximum period of one month from the date of receipt of the request. In view of the high complexity of the request or the number of requests made, the response period may be extended to two months. If the response period is extended, CompuWorks will inform the data subject, within a maximum of one month from the date of receipt of the request, of the reasons for the delay in responding to the request.
COMPUWORKS seeks to respond to all requests and all requests are subject to review in order to verify your satisfaction is in compliance with applicable legal and regulatory requirements. Whenever there is a legal and / or regulatory framework that prevents the data subject from exercising a right that he/she has invoked, CompuWorks reserves the right not to access the request. In such situations COMPUWORKS will inform the data subject, within a maximum of one month from the date of receipt of the request, of the reasons why the application will not be satisfied and the possibility to complain to a supervisory authority and to bring legal proceedings.
Where the applications submitted are manifestly unfounded or excessive, COMPUWORKS also reserves the right to require payment of a reasonable fee taking into account the administrative costs of providing the information or communication or taking the requested measures.
The rights that may be invoked are set forth in the following points as they are defined in the applicable legal and regulatory rules, noting their main particuliarities. COMPUWORKS provides preferred means of communication to invoke them. Applications for invocation of COMPUWORKS Collavorators’ rights, within the scope of their professional relationship, must be sent via email to [email protected]. For situations that are not contemplated in the following sections, the data subject may invoke his right through one of the channels presented in the Contacts section.
1. The right of access
You may contact COMPUWORKS at any time to request confirmation as to whether or not personal data concerning you is being processed by COMPUWORKS, as well as to be informed of the personal data in question, the reasons for the treatment of that information, the addressees to whom the personal data has been or will be disclosed, the available information about its origin and, if possible, its storage period. If you request it, you may receive a copy of the personal data being processed.
2. The right to correct and update your data
The data subject may, having in mind the purposes of the treatment, correct his/her personal data if it is incorrect or incomplete, as well as update it, whenever it is outdated.
3. The right to erasure (‘right to be forgotten’)
Every data subject has the right to request the deletion of personal data whenever it is found that it is no longer necessary for the purpose for which it was collected or processed, or when the data subject withdraws his/her consent, where it is applicable, provided that there is no other legal basis for such treatment, prevailing legitimate interests justifying the treatment or treatment that is necessary for the purpose of declaring or defending a right in a judicial proceeding.
COMPUWORKS will review the request and, if considered valid under applicable legal and regulatory standards, will confirm whether the data has been deleted or the reason why it was not possible.
4. The right to limit the processing of your data
The data subject may request the limitation of the processing of his/her data, in compliance with one of the legal conditions:
- When the data subject disputes the accuracy of his/her personal data, then the treatment should be limited for a period that allows COMPUWORKS to verify its accuracy, or when the data subject has opposed the treatment, until it is confirmed that the reasons of the person responsible for the treatment prevail over those of the data subject;
- When the treatment is unlawful and the data subject only requests the limitation of its use;
- When CompuWorks or the person responsible for the treatment on behalf of COMPUWORKS treats the data no longer requires personal data for treatment purposes, but such data is required by the holder for the purposes of declaration, exercise or defense of a right in a legal proceeding;
With the exception of conservation, when the treatment has been limited, personal data will only be processed by COMPUWORKS with the consent of the holder for the purposes of declaration, exercise or defense of a right in a judicial proceeding to defend the rights of another natural or legal person, or for weighty reasons of public interest..
In case of cancellation of the limitation granted to the processing of personal data, COMPUWORKS will inform in advance the data subject.
5. The right to object to the processing of your data
The holder of personal data has the right to request that COMPUWORKS ceases the processing of their personal data at any time. After receiving your request, COMPUWORKS will analyse the request and, if considered valid according to applicable legal and regulatory rules, COMPUWORKS will terminate the treatment in question. If a decision is not taken on the feasibility of the request within a maximum period of one month, COMPUWORKS will suspend the treatment or treatments in question, within reason, until the final decision is taken.
6. Consent and withdrawal of consent
In general, COMPUWORKS treats the personal data of its holders in the following contexts, in view of the following legal purposes and grounds:
7. The right to data portability
The holder of personal data has the right to request that COMPUWORKS transfers or delivers, in a structured format, in current use and automatic reading, the personal data of the holder whenever this is in the possession of COMPUWORKS, under the applicable legal terms, and whenever the processing of data is carried out by automated means and is based on its consent or whenever necessary for the performance of a contract in which the holder is a party or for pre-contractual procedures at the request of the data subject.
COMPUWORKS will comply with the request, within reason, within one month of receipt of the request.
COMPUWORKS will refuse portability requests insofar as they impair the rights and freedoms of third parties, or if any other limitation is set out in applicable legal or regulatory standards.
8. The right to complain
The data subject may, if he/she considers that his/her data has not been processed in accordance with the legal provisions, lodge a complaint with the supervisory authority.
At present, the authority with control functions for data protection purposes in Portugal is the National Data Protection Commission (“CNPD”), to whom you can forward any queries or submit complaints, in case non-compliance with the protection rules of personal data is verified.
The CNPD may, to date, be contacted at:
Information Request Form:
Complaint / Complaint Form:
Rua de São Bento n.º 148-3º 1200-821 Lisboa
Phone: +351 213928400 / Fax: +351 213976832
Processing of personal data by COMPUWORKS
In general, COMPUWORKS treats the personal data of the holders in the following contexts, in view of the following legal purposes and grounds:
In the context of recruitment processes for Employees, COMPUWORKS will only ask the candidates for the strictly necessary data for the purposes of the recruitment process, furthermore, any information legally owed to the candidate will be communicated.
– Execution of the employment contract and fulfilment of obligations as an employer
COMPUWORKS processes data from its Employees in order to execute the employment contract or fulfil its legal obligations as an employer, namely to carry out salary processing, to fulfil obligations related to health, safety and hygiene at work, medicine at work , etc. This information will be collected in person or via e-mail, provided by the employee and stored in CompuWorks’ computer system and paper files.
The identification and contact data of employees may be sent to entities subcontracted by COMPUWORKS always with the guarantee of compliance with applicable legal and regulatory standards.
Any special category data will be treated in strict compliance with the applicable legal and regulatory standards and will not be the object of purpose for purposes other than those for which they were collected or used by a person who should not have access to them. Furthermore technical and organisational measures are implemented to ensure segregation of data access.
By legal obligation, COMPUWORKS will retain the data of its Employees even after the termination of the contractual link, until the prescription of legal rights or obligations.
When signing an employment contract, all employees must sign a confidentiality agreement, agreeing not to disclose any information they have access to during their duties, in particular personal data of other holders, and to comply with this policy, in accordance with the applicable terms at all times as a result of any change made to it.
During the course of the training given to its Employees, COMPUWORKS may collect, in addition to the identity of the trainees, the information regarding the training received by them.
Within the scope of the training sessions, the names of the Employees may be transmitted to entities that provide training services contracted by COMPUWORKS.
Employees will be informed in advance about the transmission of personal data, the addressees and the purposes for which such transmission is intended, as well as, other information that must be transmitted under the legal and regulatory terms in force.
– Occupational medicine and hygiene and safety
In accordance with the applicable legal and regulatory rules, employees must be given the guarantees foreseen in occupational health and safety and hygiene (HST). In this context, Employees’ identification and health data is collected, and the collection and processing of the data must be carried out in accordance with the law.
The data collected is recorded on a medical fitness sheet and may be requested by a supervisory authority under HST.
This information may be collected and processed by providers of occupational health and safety and hygiene services contracted by COMPUWORKS, always in strict compliance with the applicable standards.
COMPUWORKS will ensure that it fully understands and complies with all requirements concerning the processing of personal data for the purposes of occupational health and safety at work.
In the context of the execution of some legally obligatory insurance contracts or that COMPUWORKS, as a policy holder, offers its employees, personal data of a special nature may be communicated to the employees as secure persons and their beneficiaries. Such communications will be made directly from the employees to the insurance company executing the insurance contract.
In the context of the conclusion and execution of insurance contracts which do not require the transmission of special category data, COMPUWORKS may, if necessary, intervene in the processing of the data, always in accordance with the principle of minimisation of treatment.
– Use of telephone and computer equipment
COMPUWORKS may make available to its employees the use of computer and telephone equipment whenever this is justified and necessary for the usual performance of their duties. The use of these equipments owned by COMPUWORKS will be limited to professional purposes.
If the equipment provided is or may be subject to monitoring by the operator or the supplier company, such treatment will be communicated to the employee at the time of delivery of the equipment.
Such monitoring will be preceded by due legal and regulatory analysis, as well as, prior impact analysis.
– Other communications to Employees
COMPUWORKS may collect identification and contact information for purposes unrelated to the provision of work or services in question where this is justified by valid purposes and grounds of lawfulness.
The gathering and processing of identification and contact data to congratulate or support employees in personal situations, such as the celebration of birthdays, weddings, support in the event of the death of an employee’s family member, may be made on the basis of prior valid consent of such employee for the purposes of personal communications.
– Access controls
COMPUWORKS may collect and process identification data or record video surveillance images in its own premises, for the purpose of access control or criminal prevention, based on COMPUWORKS’ legitimate interests.
In any case, the treatment of such data for the purposes indicated should be preceded by legal analysis and prior impact analysis, and all measures should be taken to comply with the legal and regulatory rules in force.
During its activity, COMPUWORKS also treats personal data of clients necessary for contractual execution and / or compliance with legal obligations, in order to manage the contractual relationship, including, but not limited to, registration as a new Client, sending communications for the purposes of execution and contractual management and / or marketing campaigns, when this is consented by the Client, the response to any communications sent by mail, telephone, email or any other means, as well as, the management and collection of payments, fees and / or charges.
The use of the data provided by these owners is generally done in the context of the contractual relationship and for the execution of the contract, or for the fulfilment of a legal obligation to which COMPUWORKS is subject to, unless there is the consent of the owner regarding explicit purposes or in cases where another legal or regulatory provision is applicable.
In some cases, by legal obligation, COMPUWORKS will retain the data of these holders after termination of the contractual link, in which case the holder will be informed at the time of collection of the applicable storage periods or the criteria according to which they may be identified.
When signing the agreement, the Employees, Suppliers or Service Providers will sign a confidentiality agreement, agreeing not to disclose any information they have access to during the contractual relationship with COMPUWORKS, in particular personal data of other owners, and also to comply with this Policy, in accordance with the applicable terms at any time as a result of any change made to it.
In some cases COMPUWORKS will retain, by legal obligation, the data of these holders after termination of the contractual link, in which case the holder will be informed at the time of collection of the applicable storage periods or the criteria according to which they may be identified.
Regarding the subscription to its Newsletter, COMPUWORKS uses the data provided by users to send e-mail communications with news of Compuworks products and services, news related to our company, communication of events and training activities, informative and opinion articles about our areas of activity, or other communications about the market where we operate.
Your data can be processed manually or automated for these purposes and you can cancel your subscription at any time through the links made available in all the newsletters we send.
The newsletters contain a tracking code of the activity of the users, in order to obtain statistics such as: opening rate and clicks on the links sent, users’ interest in the contents and campaigns of the newsletters and users’ interaction with our website and networks derived from newsletters.
Third parties with whom we share your information
COMPUWORKS may need to share your personal information with third parties who act on your behalf or provide you with services. Your personal information will be kept secure at all times and will only be shared with such third parties when strictly necessary. Your personal data may, in particular, be disclosed to the following entities:
- Professional consultants (including, but not limited to, legal advisers and financial advisers), insurance companies, banks, auditors, financial organisations and administrators;
- Providers of certain services, including, but not limited to, IT and system administration services, hosting and cloud storage services and other software used to meet the needs and data management in the context of the business activity;
- The Portuguese government, or any other public authorities or national regulatory authorities, when COMPUWORKS is obliged to do so by any applicable laws.
For contractual reasons, COMPUWORKS holds some of your personal data, namely for the management of the contractual relationship. This means that we are responsible to you for the treatment we give them.
COMPUWORKS will treat all personal data of which it is responsible with the utmost confidentiality, fulfilling and enforcing, within its capabilities and responsibility, its illicit use.
Personal data is kept strictly in compliance with legal provisions or for the period necessary to satisfy the purpose that motivated their collection and treatment, in the course of the activity carried out by COMPUWORKS.
COMPUWORKS complies with all legal obligations, also with respect to the conservation and updating of personal data. The storage and destruction of the data is carried out safely. The data gathered is strictly necessary and protected from loss, misuse, unauthorised access or exposure.
COMPUWORKS ensures the security of your data and the fulfillment of all legal obligations in case of security breach.
In order to ensure the security of personal data, COMPUWORKS has implemented a set of measures and technical and technological procedures.
COMPUWORKS will use a range of data security controls, defined according to business needs and security policies and will actively monitor such controls to detect failures or violations, including the review of authorisations for access to personal data, on behalf of own or third parties, by the holders of the personal data and the employees of COMPUWORKS.
Other data processing
If it is necessary to process your data for a new purpose, not covered by this document, COMPUWORKS will send you a notification explaining the reason and conditions of treatment.
International data transfer
COMPUWORKS will not transfer personal data outside the European Union or to an international organisation without adequate safeguards to ensure that personal data is kept secure, such as Data Protection Type-of-Data or Commission Decisions on Adequacy European Union.
Please contact COMPUWORKS regarding this Privacy Notice or your personal data:
COMPUWORKS – Soluções Empresariais de Informatica e telecomunicações, LDA