logo
Telefone:+351 226 159 000
Email:catim@catim.pt
|
social-iconsocial-iconsocial-iconsocial-icon
arroba-icon

Privacy Policy and Cookies

INTRODUCTION


The General Data Protection Regulation of the European Union (GDPR) – Regulation (EU) 2016/679 of the European Parliament and the Council of April 27, 2016, establishes rules regarding the protection of personal data of individuals, and it is directly applicable in the legal systems of all Member States, imposing a series of duties, particularly for public legal entities. In Portugal, Law No. 58/2019, of August 8, remains in force, ensuring the implementation of the GDPR.


In light of this Regulation, “personal data” refers to any information related to an identified or identifiable individual.


An identifiable person is one who can be identified, directly or indirectly, particularly by reference to, for example, a name, an identification number, location data, electronic identifiers, or one or more elements of the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual.


This Privacy and Data Protection Policy establishes how CATIM processes the personal data of its employees, clients and/or potential clients, participants and/or potential participants in industry-oriented projects, partners, and other stakeholders in the course of its activities.


PURPOSES AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA


Under the GDPR, the use of personal data must be justified by at least one of the legal grounds defined in the Regulation, Article 6.


The personal data we collect and process is essential for us to properly provide our services. We do not collect unnecessary information for the purposes for which it is intended.


Personal data is collected and used by CATIM for the following purposes:


  • Compliance with legal obligations.
  • Execution of contracts.
  • Management of business relationships.
  • Industry-oriented projects.
  • Evaluation of the interest in potential business relationships.
  • Communication and marketing actions.

PROCESSING OF PERSONAL DATA

The data provided in the relationship established with CATIM is processed in accordance with the applicable regulatory requirements, including:


  • Processed lawfully, fairly, and transparently in relation to the data subject.
  • Used only to fulfill the purposes for which it was collected.
  • Used in an appropriate, relevant, and limited manner to what is necessary for the purposes for which it is processed.
  • Accurate and, where necessary, updated.
  • Retained only for the period necessary and legally permissible for the purposes for which it is processed.
  • Protected against accidental and unlawful loss, destruction, or damage, as well as unauthorized or unlawful processing.

DATA CONTROLLER

CATIM is the Data Controller for the personal data in the scope of its activities.


SECURITY OF PERSONAL DATA


CATIM employs a variety of technical and organizational measures to protect and maintain the security, integrity, and availability of personal data, including:


  • Restricted access to personal data based on the “need to know” criterion, and only within the scope of the purposes arising from contractual or business relationships or expressly consented to.
  • Protection of information technology systems through firewalls to prevent unauthorized access, particularly to personal data.
  • Personal data in transit is protected by encryption mechanisms such as the access to CATIM's website via a secure SSL connection (“Secure Sockets Layer”), with communication between the browser and the web server occurring via the HTTPS protocol.
  • Backup policies to safeguard information.
  • Monitoring and controlling physical and electronic access to information technology systems to prevent, detect, and prevent misuse of personal data.
  • Employees who come into contact with or have access to personal data due to their duties are subject to professional confidentiality and/or confidentiality obligations.

SHARING PERSONAL DATA WITH THIRD PARTIES

CATIM only uses subcontractors who provide adequate security guarantees and meet the required standards as legally prescribed. Subcontractors must comply with documented instructions from CATIM, sign data processing agreements for subcontracting, be subject to appropriate legal confidentiality obligations, and adopt security measures to ensure compliance with the GDPR.


RETENTION AND DELETION OF PERSONAL DATA

CATIM only retains personal data for the period necessary to fulfill the purpose for which it was collected.


Once the legal retention period has expired, personal data will be anonymized or securely destroyed.


RIGHTS OF DATA SUBJECTS


The personal data we collect is owned by the data subject. Therefore, data subjects have the right to access, rectify, limit, delete, object to the processing of their data with CATIM, and/or transfer their data to another data controller, unless there is another legal basis for the processing that prevents such actions.


Any of the rights mentioned above can be exercised by the data subject by contacting CATIM's Personal Data Protection Coordination team at the email address coordenacao.rgpd@catim.pt, and the data subject will receive a response to their request within one (1) month.


For cases where data processing is based on consent, the data subject is entitled to completely withdraw their data when requested, no longer being contacted or receiving any communications related to the purposes described in this Privacy and Data Protection Policy.


The complete withdrawal of consent for data processing means that the data controller must immediately cease all personal data processing, including collecting new data, consulting and analyzing already collected data, or retaining data.


Once consent is withdrawn, CATIM ensures that the data is deleted, unless there is another legal basis for the processing.


The data subject may submit any clarification request or complaint regarding the use of their personal data to the email coordenacao.rgpd@catim.pt.


The data subject also has the right to file a complaint with the National Data Protection Commission (CNPD).


PERSONAL DATA BREACH


In the event of a personal data breach, CATIM will notify the CNPD without undue delay and, where possible, within 72 hours of becoming aware of it, unless the breach does not pose a risk to the rights and freedoms of the data subjects.


In addition to notifying the CNPD, CATIM will also inform the data subject of the personal data breach without undue delay if the breach involves a high risk to their rights and freedoms.


CHANGES TO THE PRIVACY AND DATA PROTECTION POLICY


This Policy may be periodically updated without prior consent from the data subject. Any significant changes will be communicated promptly.


PRIVACY AND COOKIES


CATIM uses cookies on its website to improve the experience of those visiting it. All information related to cookies on our website can be found in our Privacy and Cookies Policy.