Who we are
Thus, in accordance with and for the purpose of EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Regulation on Data Protection, hereinafter “RGPD”), the company NewAlliance – IT Solutions, Lda ., taxpayer No. 513749489, headquartered at Praça de Londres nº3, 4ºEsq, Lisbon, 1000-191 (hereinafter referred to as “COMPANY”), gives the following information:
Definition of personal data
Personal Data is any information, regardless of its nature and support, relating to an identified or identifiable natural person. A person who can be identified, directly or indirectly, by any element that allows him to be identified is considered identifiable.
Definition of the holder of personal data
The owner of the personal data is a customer/user/supplier/subcontractor, a natural person, to whom the data relates.
In this case, the person who hires/accesses the website/uses the COMPANY's services or products is included as a customer/user.
Supplier includes anyone who directly or indirectly supplies any type of product or service to the COMPANY.
It includes as a subcontractor anyone who handles the personal data provided by the COMPANY, in its name and on behalf of the latter.
The rights of data subjects
Under the terms of the RGPD, the data subject is guaranteed the exercise of all legally permitted rights, provided that there is a processing of personal data by the COMPANY, namely:
- Right of access – consists of the right to obtain confirmation of which personal data are processed and information about them.
- Right to rectification – consists of the right to request the rectification of your personal data that are wrong/outdated or to request that those when incomplete be completed.
- Right to data deletion or “right to be forgotten” – consists of the right to have your personal data deleted, provided that the COMPANY does not provide valid and/or legitimate grounds for its conservation.
- Right to portability – consists of the right to receive the data you have provided in digital format for current use and automatic reading, or to request the direct transmission of your data to another entity that becomes the new person responsible for your personal data.
- Right to withdraw consent or right to object - consists of the right to oppose or withdraw consent, at any time, to a data processing, provided that there are no valid and/or legitimate grounds on the part of the COMPANY for non-acceptance exercise of this right.
- Right of limitation – consists of the right to request the limitation of the processing of your personal data, in the form of suspension of processing or limitation of the scope of processing to certain categories of data or processing purposes.
- Right to complain – this is the right to complain to the relevant supervisory authority if you believe that your rights have been infringed. In Portugal, this authority is the National Data Protection Commission (hereinafter “CNPD”). More information about the CNPD is available at cnpd.pt
Exercise of the rights of holders of personal data
The COMPANY undertakes to respond to the exercise of its rights within a maximum period of 30 days, unless it is a particularly extensive or complex request.
The exercise of rights tends to be free of charge, unless it is a manifestly unfounded or excessive request, in which case a reasonable fee may be charged taking into account the costs.
Note that the exercise of any of the rights must always be provided in writing, in person or electronically.
Optional or mandatory nature of providing personal data
The provision of personal data is generally optional. Only in certain cases, failure to provide data may make it impossible to access specific services and obtain any requested information (for example, contact request, reservation of accommodation and/or complementary services, applications, etc.).
Purpose of obtaining data
The data obtained in the context of the COMPANY's digital and physical presence are intended to ensure the correct provision of our services, and ensure the navigation and availability of content on our websites. Among others, these serve to:
1- Fulfill obligations to our customers;
2- Improvement of the service provided:
- Adaptation of our products and services to better serve our customers' needs;
3- Customer relationship management:
- Management of loyalty programs;
- Segmentation of operations based on customer history;
- Development of internal statistics and reports;
- Sending and managing newsletters, promotions, service offers and satisfaction questionnaires;
4- Recruitment processes associated with the COMPANY and clients to whom it provides recruitment services;
5- Use of third-party services in the analysis and mapping of personal data, in interactions with the website, to determine the customer's profile;
6- Compliance with local legislation (for example, in the storage of official documents of the client).
Types of personal data collected
The COMPANY, through its websites, does not process personal data belonging to special categories within the meaning of article 9 of EU Regulation 2016/679.
Through the websites, messages or in person, the COMPANY can obtain and process the following personal data:
1- Specific data:
- Contact details (first name, last name, phone number and email);
- Personal Information (Date of birth, nationality, city, country);
- Credit card number (for billing/bank transaction purposes);
2- Any information provided by you through the website or via messages, either by filling in forms or sent in free text. This information includes, namely, that which is provided when registering to receive the newsletter, contact request, and other complementary services. The information you provide when you participate in any area that involves your registration or provision of your content or when you interact with the COMPANY, such as when you send an email requesting information to any of the addresses belonging to the domains of which the COMPANY is detainer, can be treated equally.
3- Information relating to your visits to the website, including, namely, IP addresses, time spent on the page, and type of browser (browser), for system administration and to facilitate navigation and return to the website at a later date. In principle, this data will only be processed for statistical purposes on the actions and browsing patterns of website users and does not allow the identification of any individual. However, when the user provides other information, this data may allow his identification and will be treated in accordance with the RGPD.
It is also informed that the personal data collected by the COMPANY are limited to what is strictly necessary to pursue the purposes for which they were requested.
When personal data are provided, the COMPANY provides all legally required information for the processing of such data and requires the consent of its holders when this is required by law and when there is no legitimate interest on the part of the COMPANY or third parties, such as the processing data for, improving quality of service, fraud detection and revenue protection, and when our reasons for using it should prevail over your data protection rights.
Data retention deadlines
The period of time during which the data will be stored and preserved corresponds only to the period necessary to achieve the defined purpose or, as applicable, until it exercises its right to object, right to be forgotten or withdraw consent, varying according to the purpose for which the information is used.
Billing and payment data are kept for 10 years, in accordance with the Value Added Tax (CIVA) Code.
Data relating to claims will be kept for a period of 3 years, pursuant to Decree-Law No. 156/2005 of 15 September.
In newsletters, the period for preserving and processing the personal data you provide us begins when the applicant submits the subscription form and ends when the subscription is canceled. You can unsubscribe at any time through a link available for this purpose in all our newsletters. Upon removing the subscription, the data subject in question will receive an email notification and, subject to the terms of applicable law, their data will be removed from our newsletter mailing list.
All other services that are not detailed above will store your information only for the maximum period in force in force and, in the event that this is indefinite, until you exercise your right of opposition, right to be forgotten or withdraw your consent.
Responsible for processing personal data
The entity responsible for the collection and processing of personal data is the COMPANY, which provides the service or provides the product and, in this context, decides which data is collected, means of treatment, format and purposes for which the data is used, providing all the information necessary for the holders of personal data:
NEWALLIANCE - IT SOLUTIONS, LDA
London Square No. 3, 4th Left
Telephone: +351 308 813 334
Email: [email protected]
Place of processing of personal data
The data processing takes place in the aforementioned facilities of the COMPANY and is handled only by technical employees of the main entity responsible for its processing, however there may be transfers of personal data to the US and EU:
In the case of data transfers to the USA, the COMPANY works together with their teams, at the headquarters of the companies themselves, self-certified in accordance with the provisions of paragraph 6 of chapter III of the Implementing Decision (EU) 2016/1250 of the Commission of 12 July 2016 on the level of protection provided by the EU-US Privacy Protection Shield, applied under article 45 of the RGPD.
For all the other subcontractors mentioned above, the data processing place is located in the EU, so the COMPANY works together with their teams, at the headquarters of the companies themselves, self-certified in accordance with the provisions of the law of Union and national law, and guaranteed by articles 17, 18, 19 and 20 of Framework Decision 2008/977/JHA, applied under article 13 of the RGPD.
The COMPANY cannot be held responsible for the lawfulness of the processing of personal data provided by persons who commit fraud as to their identity.
The subscription of any service by the data subject to the COMPANY is considered a direct service offer of the information society, being directed to people over 16 years of age. In this regard, the COMPANY does not intend, in any way, to process information from minors under the age of 16, so their subscription should only be made by people over 16 years of age.
The COMPANY encourages all holders of parental responsibilities (clients or not) to take an active role in controlling the use of the Internet by the minors they care for and informing them of the potential dangers of providing their information on the Internet.
Protection of personal data of holders
In accordance with current legislation and taking into account the technology available, the COMPANY provides an adequate level of protection for your personal data, namely through the implementation of the technical and organizational measures necessary to protect your personal data against its destruction, accidental loss or modification, as well as against unauthorized access and other processes, namely:
- Logical security requirements and measures, such as the use of firewall, Virtual LAN and intrusion detection systems on your systems.
- Physical security measures, including strict access control to the COMPANY's physical facilities.
- Means of data protection using technical means such as encryption, pseudonymization and anonymization of personal data.
- Scrutiny, audit and control mechanisms to ensure compliance with security and privacy policies.
- An information and training program for the COMPANY's employees and partners.
- Access rules for customers/users to certain products or services, such as a second level of opt-in for subscription to services on the platform and the introduction of a password whenever an employee accesses, directly or indirectly, any base COMPANY data, in order to strengthen the control and security mechanisms.
However, the COMPANY informs that no security system can guarantee absolute protection.
We remain at your disposal for any question or observation regarding the confidentiality and security of your personal data.
Lisbon, May 25, 2018