Associação DNS.PT, as part of the collaboration protocol with DECO – Portuguese Association for Consumer Protection and ACEPI – Association of Electronic Commerce and Interactive Advertising, under the ‘CONFIO.PT’ initiative, is strongly committed to respecting and ensuring the privacy of its website users and the security of their personal data, as well as of all data subjects processed by it as data controller.
In addition to the provisions of the personal data protection policy reproduced below, Associação DNS.PT, hereinafter referred to as .PT, shall, in its activities, acknowledges and recognise as fundamental the commitments to:
- Respect your privacy and the selection of the contents you see on this website;
- Identify and limit the processing of any personal data collected to that which is strictly necessary to successfully complete the action presented and requested;
- Process, when it is necessary to collect your personal data, that information as described hereunder and in compliance with the applicable laws on personal data privacy and protection;
- Not use your personal data for purposes other than those identified and previously communicated;
- Process your personal data in strict compliance with the law, taking care of security and protection measures that appear necessary and applicable.
2. PERSONAL DATA PROTECTION POLICY
.PT is committed to ensuring that natural persons, with whom it interacts within the scope of its duties and competences, have greater control over their personal data, in line with Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and other applicable laws.
Thus, .PT informs the corresponding data holders of the general rules for processing their personal data, ensuring that they are collected and processed in accordance with the above-mentioned law.
Hence, .PT aims to ensure compliance with the best practices in the area of personal data security and protection by adopting, for this purpose, technical and organisational measures in line with compliance with the GDPR and applicable laws on personal data privacy and protection, also ensuring that the processing of such data is lawful, fair, transparent and limited to the duly authorised purposes.
It is under this framework, and following a logic of clarification of concepts and principles, that the Personal Data Protection Policy applies, exclusively, to the collection and processing of personal data for which .PT is the data controller.
2.1. Personal Data
‘Personal data’ means any information of any kind, on whatever medium, including sound and image, relating to an identified or identifiable natural person (‘data subject’).
An identified or identifiable natural person means someone who can be identified, directly or indirectly, namely by reference to a name, identification number, location data, electronic identifiers or one or more specific elements regarding said person’s physical, physiological, genetic, mental, economic, cultural or social identity.
2.2. Processing of Personal Data
The processing of personal data consists of an operation or set of operations carried out on personal data or sets of personal data, by automated means or not, namely collection, registration, organisation, structuring, conservation, adaptation, recovery, consultation, use, dissemination, comparison, interconnection, limitation, erasure or destruction.
2.3. Data Controller
.PT takes on the role of personal data controller to which it has access to as part of the accreditation process and award of the CONFIO trustmark, determining, by itself, its purposes and processing means.
2.4. Purpose of the Processing
.PT processes personal data for purposes related to the accreditation process and award of the CONFIO trustmark, as well as compliance with applicable legal obligations.
Currently, its processing purposes are as follows:
- Management of the accreditation process and award of the CONFIO trustmark;
- Financial management;
- Legal management.
2.5. Grounds of lawfulness
Currently, .PT processes personal data on the following grounds of lawfulness:
- Under the pre-contractual steps requested or already within the contractual relationship resulting from the accreditation process, award of the CONFIO trustmark, and management of that relationship, including, among others, contacts, via the web platform, email and/or telephone for notifications, queries or when carrying out satisfaction surveys and assessing the services provided;
- Should it have obtained the data subject’s consent to process their personal data for specific, unambiguous and legitimate purposes, including to allow registration at events and other initiatives;
- Where necessary for the purpose of complying with legal obligations applicable thereof, including, inter alia, the need to develop and maintain the www.confio.pt website with the required quality and security, to contribute to the prevention and detection of fraud and to allow the notification of situations or events associated with the security of the ‘CONFIO.PT’ initiative (namely through the email email@example.com).
2.6. Rights of Data Subjects
As personal data holder, you may exercise the following rights:
- Right to access information we hold about you;
- Right to rectify personal data which are inaccurate or incomplete;
- Right to erasure of your personal data;
- Right to restriction of processing of your personal data;
- Right to portability of your personal data;
- Right to object to the processing of your personal data;
- Right to complain to the Portuguese Data Protection Authority (cnpd.pt) if you believe any of the above listed rights are being infringed.
2.7. Communication and Transfer of Personal Data – Data Processors and Recipients
Your personal data may be communicated or transferred to judicial authorities, to those entities empowered by law to carry out criminal investigations, or whose mission is to monitor or prevent compliance with legislation, namely that on protection of consumer rights, intellectual property, communications, security, public health and commercial practices in general. Only personal data necessary for this purpose shall be communicated and transferred.
.PT may share personal data with DECO – Portuguese Association for Consumer Protection and ACEPI – Association of Electronic Commerce and Interactive Advertising whenever necessary for the implementation of the ‘CONFIO.PT’ initiative.
2.8. Data transfers
For the provision of certain services by .PT, it may be necessary to transfer personal data outside Portugal, including outside the European Union and/or to international organisations.
Under these circumstances, .PT undertakes to strictly comply with the applicable legal provisions concerning the suitability of the country(ies) of destination with regard to the protection of personal data and the requirements imposed on such transfers, including, where required, the conclusion of appropriate contracts which guarantee and comply with the legal requirements in force.
2.9. What data are collected
.PT processes personal data necessary for accreditation and award of the CONFIO trustmark, duly identified in the corresponding application process.
In addition, .PT may process personal data resulting from browsing the www.confio.ptwebsite, in accordance with the Cookies Policy.
Finally, .PT processes personal data voluntarily provided, through the www.confio.pt website, namely by filling contact forms or sending emails.
Personal data are collected [in writing, by telephone, through forms available on the website], from its holders. Should personal data be collected from third parties, the data subject shall be duly informed of their collection and their rights.
Within the scope of its activity, .PT collects and processes personal data relating to the following categories: identification data, contact data, professional data, banking data. The data collected and processed pertains to personal data of service providers and customers that relate to the ‘CONFIO.PT’ initiative.
2.10. Storage period
Personal data are conserved in a way that allows the identification of data subjects only for the period necessary for the purposes for which they are processed, without prejudice, inter alia, of compliance with legal obligations imposing a certain storage period or the exercise of the data controller’s rights and legitimate interests.
.PT shall retain the holders’ personal data for the period necessary for the purposes for which they were collected, plus the legal information storage periods resulting from national laws and the expiration and limitation periods for the exercise of rights as applicable to the case.
Data being processed during the storage period may be reused by the same data subject as soon as a new CONFIO trustmark application procedure starts.
2.11. Measures taken to ensure the security of personal data
To ensure the protection of personal data, .PT implements strict, internationally recognised rules applicable to all those who legally handle personal data.
Technical and organisational security measures are implemented in order to protect personal data made available to .PT, such as encryption of communication channels and stored data.
.PT continuously reviews the information security practices it adopts in order to ensure, on the one hand, its continuous improvement and, on the other hand, that it monitors new cyber threats and implements the necessary countermeasures.
2.12. Responsibility of personal data subjects
Personal data subjects are responsible for providing reliable information to .PT and, when using .PT’s services, for respecting the rules of use and third-party rights.
Personal data subjects are also responsible for the use of user names, passwords, access codes and any other elements used to access the services provided by .PT, which are personal and non-transferable; it is up to the users to ensure their confidentiality and prevent their use by third parties.
Personal data subjects should also take additional security measures, such as ensuring that they use an updated PC and browser with properly set security patches with active firewall, antivirus and anti-spyware software.
2.13. Notification and complaints
Without prejudice to direct notification to .PT, to the contacts provided below, you can file a complaint directly with the Portuguese Data Protection Authority (CNPD), using the contacts made available by this entity for this purpose.
Queries regarding the protection of your personal data: firstname.lastname@example.org.
Queries regarding the ‘CONFIO.PT’ initiative: email@example.com.
Any of the above understandings may be amended in accordance with the law, court decision or recommendation of the competent administrative authority.
Should that be the case, this information shall be updated as soon as possible.