Respect for the privacy of our customers and other stakeholders is one of the main pillars of activity for SquareSummary Unipessoal Lda. Customers and other stakeholders should read this policy before submitting or providing any personal data. Personal data refers to all information collected and recorded that identifies a particular person (e.g., name, address, contact details, etc.). Customers should ensure that children under the age of 18 do not send or provide personal data without their authorization.
1. COLLECTION AND PROCESSING OF USER DATA
As part of the provision of information or request for proposals, via email, telephone, or any other channel by its users, including job candidates (hereinafter referred to as “User”) and other entities related to it, SquareSummary Unipessoal Lda, headquartered at Rua dos Faisões 31, 3rd left, 2605-200 Belas, under the corporate entity number 513 921 338, (hereinafter referred to as “Company”) may request the User to provide personal data, i.e., information provided by the User that allows the Company to identify and/or contact them (“Personal Data”).
As a rule, Personal Data is requested when the User requests a proposal for services, a contact, provides or requests information, purchases a service, or establishes a contractual relationship with the Company.
The Personal Data collected and processed consists mainly of information related to the name, gender, date of birth, phone, mobile, email, address, car data, tax identification number (collected only for billing purposes), although other Personal Data may be collected that may be necessary, required by law or convenient for the provision or collection of Services by the Company.
Usability Information and Personal Data are referred to in this Privacy Policy as “User Data.”
2. SUBCONTRACTED ENTITIES
As part of User Data processing, the Company may use third parties, subcontracted by it, to process User Data in the name of the Company according to the instructions provided by it, in accordance with the law and this Privacy Policy.
These subcontracted entities may not transmit User Data to others without the Company’s prior written authorization, and are also prohibited from subcontracting other entities without the Company’s prior authorization.
The Company is committed to subcontracting only entities that offer the maximum security in the implementation of appropriate technical and organizational measures, to ensure the defense of User rights.
3. GENERAL PRINCIPLES APPLICABLE TO USER DATA PROCESSING
In terms of general principles regarding the processing of personal data, the Company commits to ensuring that the User Data processed by it is:
a) Processed in accordance with the law, fairly and transparently in relation to the User; b) Collected for specific, objective, and legitimate purposes, not being further processed in a way incompatible with those purposes; c) Adequate, justified, and limited to what is necessary for the purposes for which they are processed; d) Accurate and updated whenever necessary, with all necessary measures taken to ensure that inaccurate data, considering the purposes for which they are processed, is erased or corrected promptly; e) Stored in a way that permits the identification of the User only for the period necessary for the purposes for which the data is processed; f) Processed in a way that guarantees its security, including protection against unauthorized or illegal processing and against accidental loss, destruction, or damage, with appropriate technical or organizational measures taken.
The data processing carried out by the Company is permitted and legal when at least one of the following situations occurs: a) The User has given their clear consent for the processing of their User Data for one or more specific purposes; b) The processing is necessary for the execution of a proposal or service requested by the User; c) The processing is necessary for compliance with a legal obligation to which the Company is subject; d) The processing is necessary for the protection of the User’s or another individual’s vital interests; e) The processing is necessary for the purposes of the legitimate interests pursued by the Company or by third parties (except where overridden by the User’s interests or fundamental rights and freedoms that require protection of personal data).
The Company commits to ensuring that the processing of User Data is only carried out under the conditions listed above and with respect for the principles mentioned above.
When the processing of User Data is carried out by the Company based on the User’s agreement, the User has the right to withdraw their consent at any time. Withdrawal of consent does not affect the legality of the processing carried out by the Company based on the consent previously given by the User.
The retention period for data varies according to the purpose for which the information is processed.
4. USE AND PURPOSES OF USER DATA PROCESSING
In general terms, the Company uses User Data for the following purposes: a) Preparation of travel service proposals (accommodations, flights, transfers, among others); b) Management of contact with the User; c) Invoicing and collection to the User; d) Informing the User, upon their request, of new products and services available and/or campaigns, for the Company’s marketing purposes, through any communication medium, including electronic support; e) Provision of Services, and other services, such as newsletters, opinion surveys, or other information or products requested or purchased by the User;
User Data collected by the Company is not shared with third parties without the User’s consent, except for the situations referred to in the following paragraph. However, if the User contracts with the Company for services provided by other entities responsible for processing personal data, User Data may be consulted or accessed by those entities to the extent necessary for the provision of those services.
Notwithstanding, SquareSummary Unipessoal Lda, as part of its activities, would like to be able to send you information about the products and services of its commercial partners that may be or become of interest to you. Thus, it may share your data with such commercial partners for direct marketing campaigns, marketing, as well as sending newsletters related to the products and/or services of such partners, requiring your consent for this purpose. As a personal data subject, you can exercise your rights with the data controllers in accordance with the provisions of Articles 13 and 14 of the GDPR.
Under applicable legal terms, the Company may transmit or communicate User Data to other entities if such transmission or communication is necessary for the preparation of a proposal or execution of a service requested by the User. Should a transmission of User Data to third parties occur, efforts deemed reasonable will be made to ensure that the recipient uses the transmitted User Data appropriately in accordance with this Privacy Policy.
5. TECHNICAL, ORGANIZATIONAL, AND SECURITY MEASURES IMPLEMENTED
To ensure the security of User Data and maximum confidentiality, the Company processes the information provided to us in an absolutely confidential manner, in accordance with its internal security and confidentiality policies and procedures, which are periodically updated as needed, as well as with the legally stipulated terms and conditions.
Depending on the nature, scope, context, and purposes of data processing, as well as the risks arising from such processing for the rights and freedoms of the User, the Company is committed to applying, both at the time of defining the means of processing and at the time of the processing itself, the necessary and appropriate technical and organizational measures to protect User Data and to comply with legal requirements. The Company also ensures that, by default, only data that is necessary for each specific processing purpose is processed and that such data is not made available without human intervention to an indeterminate number of people.
6. TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION
If personal data collected and used by the Company is provided to third parties established outside the European Union, for the reasons stated above, the Company is committed to ensuring that the transfer complies with applicable legal provisions, particularly regarding the determination of the adequacy of such a country concerning data protection and the applicable transfer requirements.
7. USE OF COOKIES
When visiting our Website, you will be asked for your consent to the creation and storage of a text file (Cookie) on your computer. This file will allow you to access the Website more easily and quickly and to personalize it according to your preferences. Most browsers accept these files (Cookies), but the User can delete them or set them to be automatically blocked. In your browser’s “Help” menu, you will find how to configure these settings. However, if you do not allow the use of cookies, some functionalities of the Website may not be available.
8. RIGHT TO INFORMATION
8.1. Information provided to the User by the Company (when data is collected directly from the User):
a) The identity and contact details of the Company responsible for the processing and, if applicable, its representative; b) The purposes of the processing for which the personal data is intended, as well as, if applicable, the legal reasons for the processing; c) If the processing of data is based on the legitimate interests of the Company or a third party, an indication of such interests; d) If applicable, the recipients or categories of recipients of the personal data; e) If applicable, an indication that personal data will be transferred to a third country or an international organization, and whether or not there is an adequacy decision made by the Commission or reference to appropriate or adequate transfer guarantees; f) Retention period for personal data; g) The right to request from the Company access to personal data, as well as its correction, deletion, or restriction, the right to object to processing, and the right to data portability; h) If the processing of data is based on the User’s consent, the right to withdraw consent at any time, without compromising the legality of the processing based on the consent previously given; i) The right to lodge a complaint with the CNPD or another supervisory authority; j) An indication of whether the provision of personal data constitutes a legal or contractual obligation or a requirement necessary to enter into a contract, as well as whether the data subject is required to provide personal data and the possible consequences of not providing such data;
8.2. Procedures and measures implemented to comply with the right to information.
The information referred to in 8.1 is provided in writing (including electronically) by the Company to the User before the processing of the personal data in question. According to the applicable law, the Company is not obliged to provide the User with the information mentioned in 8.1. when and to the extent that the User is already aware of it.
The information is provided by the Company at no cost.
9. RIGHT OF ACCESS TO PERSONAL DATA
The User has the right to obtain confirmation from the Company as to whether or not personal data concerning them is being processed and, if so, the right to access their personal data and the following information: a) The purposes of data processing; b) The recipients or categories of recipients to whom the personal data has been or will be disclosed, particularly recipients established in third countries or belonging to international organizations; c) The retention period for personal data; d) The right to request from the Company the correction, deletion, or restriction of personal data processing, or the right to object to such processing; e) The right to lodge a complaint with the CNPD or another supervisory authority; f) If the data has not been collected from the User, the information available about the source of such data; g) The right to be informed about the appropriate safeguards related to the transfer of data to third countries or international organizations. h) Upon request, the Company will provide the User, free of charge, with the User Data that is being processed.
10. RIGHT TO RECTIFICATION OF PERSONAL DATA
The User has the right to request, at any time, the rectification of their Personal Data and, likewise, the right to have their incomplete personal data completed, including through an additional statement.
In case of data rectification, the Company will communicate the respective rectification to each recipient to whom the data has been transmitted, unless such communication is considered impossible or involves a disproportionate effort for the Company.
11. RIGHT TO ERASURE OF PERSONAL DATA (“RIGHT TO BE FORGOTTEN”)
The User has the right to obtain from the Company the deletion of their data when one of the following reasons applies: a) The User Data is no longer necessary for the purpose that motivated its collection or processing; b) The User withdraws consent on which the data processing is based, and there is no other legal basis for the processing; c) The User objects to the processing under the right to object, and there are no overriding legitimate grounds for the processing; d) The User Data has been unlawfully processed; e) The User Data must be erased to comply with a legal obligation to which the Company is subject; f) Under applicable law, the Company is not obliged to delete User Data to the extent that the processing is necessary for compliance with a legal obligation to which the Company is subject or for the purposes of declaring, exercising, or defending a legal claim of the Company in a judicial process. g) In case of data deletion, the Company will inform each recipient/entity to whom the data has been transmitted about this erasure, unless such communication is impossible or involves a disproportionate effort for the Company.
12. RIGHT TO RESTRICTION OF PERSONAL DATA PROCESSING
The User has the right to obtain from the Company the restriction of User Data processing if one of the following situations applies (restriction consists of inserting a mark on stored personal data with the aim of limiting its future processing): a) If the accuracy of the personal data is contested, during a period that allows the Company to verify its accuracy; b) If the processing is unlawful, and the User opposes the deletion of the data, requesting instead the restriction of its use; c) If the Company no longer needs the User Data for processing purposes, but such data is required by the User for the purposes of declaring, exercising, or defending a legal claim in a judicial process; d) If the User has objected to the processing, until it is verified that the legitimate grounds of the Company override those of the User. e) When User Data is subject to restriction, it may only be processed, with the exception of storage, with the User’s consent or for the purposes of declaring, exercising, or defending a legal claim in a judicial process, of defending the rights of another individual or legal entity, or for reasons of public interest as stipulated by law. f) The User who has obtained the restriction of processing of their data in the cases mentioned above will be informed by the Company before the restriction on processing is lifted.
In case of restriction of data processing, the Company will inform each recipient to whom the data has been transmitted about this restriction, unless such communication is impossible or involves a disproportionate effort for the Company.
13. RIGHT TO DATA PORTABILITY
The User has the right to receive the personal data concerning them and which they have provided to the Company, as well as the right to transmit such data to another data controller if the processing is based on consent or a contract to which the User is a party, and the processing is carried out by automated means.
The User has the right to have their personal data transmitted directly between data controllers whenever technically possible.
14. RIGHT TO OBJECT TO PROCESSING
The User has the right to object at any time, for reasons related to their particular situation, to the processing of personal data concerning them which is based on the exercise of legitimate interests pursued by the Company or when the processing is carried out for purposes other than those for which the personal data was collected. The Company will terminate the processing of User Data unless it presents compelling and legitimate reasons for that processing which override User interests, rights, and freedoms, or for purposes of declaring, exercising, or defending a legal claim of the Company in a judicial process.
When User Data is processed for direct marketing purposes, the User has the right to object at any time to the processing of data concerning them for such marketing purposes. If the User objects to the processing for direct marketing purposes, the Company will cease processing the data for that purpose.
The User also has the right not to be subject to any decision made exclusively based on automated processing that produces legal effects on them or significantly affects them in a similar way, unless the decision: Is necessary for the execution or performance of a contract between the User and the Company; Is authorized by legislation to which the Company is subject; Is based on the explicit consent of the User.
15. PROCEDURES FOR EXERCISING USER RIGHTS
The right of access, the right to rectification, the right to deletion, the right to restriction, the right to data portability, and the right to object can be exercised by the User by contacting the Company through the email inbox@squaresummary.pt.
The Company will respond in writing (including electronic means) to the User’s request within a maximum of one month from the receipt of the request, except in cases of special complexity, where that period may be extended to two months.
If requests submitted by the User are manifestly unfounded or excessive, particularly due to their repetitive nature, the Company reserves the right to charge administrative costs or refuse to act on the request.
16. PERSONAL DATA BREACHES
In the event of a data breach and to the extent that such breach is likely to result in a high risk to the rights and freedoms of the User, the Company is committed to communicating the personal data breach to the affected User within 72 hours of becoming aware of the incident.
According to the law, communication to the User is not required in the following cases: a) If the Company has applied appropriate protective measures, both technical and organizational, and those measures have been applied to personal data affected by the personal data breach, especially measures that make the personal data incomprehensible to any person not authorized to access those data, such as encryption; b) If the Company has taken subsequent measures to ensure that the high risk to the User’s rights and freedoms is no longer likely to materialize; or c) If communication to the User would involve a disproportionate effort for the Company. In such cases, the Company will make a public communication or take a similar measure by which the User will be informed.
17. CHANGES TO THE PRIVACY POLICY
The Company reserves the right to change this Privacy Policy at any time. In case of modification of the Privacy Policy, the date of the last change, available at the end of this page, is also updated.
18. APPLICABLE LAW AND JURISDICTION
The Privacy Policy, as well as the collection, processing, or transmission of User Data, are governed by the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and by the applicable laws and regulations in Portugal. Any disputes arising from the validity, interpretation, or execution of the Privacy Policy, or related to the collection, processing, or transmission of User Data, must be exclusively submitted to the jurisdiction of the judicial courts of the district of Lisbon, without prejudice to the applicable mandatory legal rules.
Updated on 21/02/2023
info@supercarscircle.com
info@supercarcircle.com