CONFIO is strongly committed to respecting and ensuring the privacy of users of the website and the respective security of your personal data.
In addition to what is referred in the personal data protection policy reproduced below, within the scope of its performance, CONFIO assumes and recognizes as fundamental a commitment to:
• Respect your privacy and the selection of content you consult on this site;
• Identify and limit the processing of any personal data collected to what is strictly necessary to successfully complete the requested action;
• In cases where it is necessary to collect your personal data, the use of this information is described in the terms of the present document and with respect to the applicable legislation on the privacy and protection of personal data;
• Not to use your data for purposes other than those that have been identified and previously communicated;
• Treat your data according to the applicable legislation, taking into account the security and protection measures that appear as necessary and applicable.
2. DATA PROTECTION POLICY
CONFIO is committed to ensuring that the natural persons with whom it interacts in the exercise of its functions have greater control over their personal data, in line with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
Thus, CONFIO discloses, to the data subjects, the general rules for the processing of personal data, ensuring that their data are collected and processed in accordance with the provisions of the mentioned legislation.
In this regard, CONFIO intends to ensure the observance of the best practices in the area of security and protection of personal data by promoting all technical and organizational measures in line with the compliance with the GDPR, ensuring that the processing of personal data is lawful, loyal, transparent and limited to duly authorized purposes.
It is under this framework, and in a logic of clarification of concepts and principles, that CONFIO presents its Data Protection Policy.
2.1. Personal Data
Personal data is any information of any nature and regardless of its support, including sound and image, relating to an identified or identifiable natural person (data subject).
It is considered identifiable any person that can be identified, directly or indirectly, by reference to a name, identification number, location data, identifiers by electronic means or one or more specific elements of its physical, physiological, genetic, mental, economic, cultural or social identity.
2.2. Personal Data Processing
The processing of personal data consists of an operation or a set of operations carried out on personal data or personal data sets, by automated means, or not, namely the collection, registration, organization, structuring, preservation, adaptation, recovery, consultation, use, disclosure, dissemination, comparison, interconnection, limitation, deletion or destruction.
The DNS.PT Association, the ACEPI – Digital Economy Association and DECO – The Portuguese Consumer Protection Association are joint controllers of the personal data to which they have access within the scope of the accreditation process of the CONFIO trustmark, jointly determining the purposes and means of data processing.
The entities above mentioned assume the quality identified in the previous paragraph following a collaboration protocol, through which they agreed to be partner entities in the “CONFIO.PT” initiative.
2.4. Purpose of data processing
CONFIO process personal data for a set of purposes related to the accreditation process of the CONFIO trustmark and other legal obligations.
Currently, the purposes of treatment are as follows:
• Management of the accreditation and attribution process of the CONFIO trustmark;
• Financial management;
• Legal management.
2.5. Lawfulness of the Processing
In this scope, CONFIO process your personal data based on the following grounds of lawfulness:
• In the scope of pre-contractual procedures requested or already within the scope of the contractual relationship arising from the accreditation and attribution process of the CONFIO trustmark, which includes, among others, the contacts, via web platform, email and/or telephone for notifications, clarification of questions or conducting surveys of satisfaction and evaluation of the services provided;
• If we have obtained your consent, as data subject, to process your data based on specific, explicit and legitimate purposes, including to allow registration at our events, trainings and other initiatives;
• When it is necessary for the fulfilment of legal obligations;
• For the pursuit of legitimate interests of the controller, which includes, in particular, the need to develop and maintain the present site with the quality and security intended, contribute to the prevention and detection of fraud, allow notification of situations or associated events to the security of the networks or the information (in particular through the mechanism of contact via email email@example.com).
2.6. Data subjects’ rights
As data subject, you can exert the following rights:
• Right of access to your respective personal data;
• Right to rectification of any personal data that is inaccurate or incomplete;
• Right to erasure of your personal data;
• Right to restrict the processing of your personal data;
• Right to portability of your personal data;
• Right to object to the processing of your personal data;
• Right to complain to the Portuguese supervisory authority, the Comissão Nacional de Proteção de Dados (www.cnpd.pt), should you believe that any of the above rights has been breached.
2.7. Processors and Recipients
Your personal data may be communicated or transferred to the judicial authorities, to entities to which the law assigns competences in terms of criminal investigation, or whose mission is to monitor or prevent compliance with legislation in the scope, namely, of the protection of consumer rights, intellectual property, communications, security, public health and general business practices. Only personal data deemed necessary for this purpose will be communicated and transferred.
Processors which process personal data on behalf of the controller are obliged to submit in writing sufficient guarantees for the execution of technical and organizational measures appropriate to guarantee compliance with the legislation in force and to ensure the protection of the rights of the data subject.
2.8. What Data is Collected?
CONFIO processes the personal data necessary for the accreditation and attribution of the CONFIO trustmark, duly identified in the respective accession process.
Additionally, CONFIO may process personal data resulting from browsing this site, in accordance with the Cookies Policy.
Finally, CONFIO process the personal data you provide voluntarily through your use of this site, such as filling out contact forms or sending electronic mail.
The personal data are collected [in writing, by phone, through forms made available on the website], with their data subject. If personal data are collected from third parties, the data subject will be duly informed of the collection and their rights.
In the scope of its activity, CONFIO collects and processes personal data related to the following categories: identification data, contact data, professional data and bank data. The data collected and processed refer to the personal data of service providers and customers that relate to the CONFIO’s activity.
2.9. Period for which the personal data will be stored
The personal data shall be stored in such a way as to enable the data subjects to be identified only for the period necessary for the purposes for which their data is being processed, without prejudice, inter alia, to the fulfilment of legal obligations imposing a certain period of exercise of the rights and legitimate interests of the controller.
CONFIO will keep the personal data of the data subjects for the period necessary for the purposes that led to its collection, plus the legal deadlines for preservation of information arising from national legislation and the limitation and expiration periods for the exercise of rights that, as the case, may be applicable.
The data that is being processed during the conservation period may be reused by the same holder as soon as a new accreditation process of the CONFIO trustmark begins.
2.10. Measures taken to ensure the security of personal data
To guarantee the protection of personal data, CONFIO implements strict rules, in line with the best international practices, which apply to all those who legally handle personal data.
Security measures, of a technical and organizational nature, are implemented in order to protect the personal data that is made available to CONFIO, such as the encryption of communication channels and stored data.
2.11. Responsibility of users as Data Subjects
Users are responsible for providing reliable information to CONFIO and for using its services with respect to the rules of use and the rights of third parties.
In particular, users are responsible for the use of usernames, passwords, access codes and any other elements used to access the services provided by CONFIO, which are personal and non-transferable, and it is up to the users to ensure their confidentiality and prevent their use by third parties.
Users should also take additional security measures, including ensuring that they use an updated PC and browser in terms of properly configured security patches with active firewall, antivirus, and antispyware.
2.12. Notification and Complaint
You can send direct notification to CONFIO through the contacts indicated below.
You can also complain directly to Comissão Nacional de Proteção de Dados (CNPD), using the contacts made available by this entity for this purpose.
All questions regarding the protection of your personal data should be directed to firstname.lastname@example.org.