Privacy, Security and Personal Data Protection Policy

FRAMEWORK

With the implementation of the General Data Protection Regulation (GDPR), established by Regulation (EU) No. 2016/679 on April 27, 2016, the Academia de Formação – Grupo Garantia is tasked with defining its Data Protection Policy. This policy governs the organization of information related to the processing of personal data, both for employees and third parties, including customers, suppliers, security partners, transport partners, and website users.

Additionally, it is essential to outline the internal and external use of Personal Data (PD) in compliance with applicable legal requirements. By adopting this policy, the Academia de Formação – Grupo Garantia commits to adhering to the GDPR, ensuring its operations are guided by the principles of lawfulness, fairness, transparency, and limitation. This is achieved through the implementation of necessary measures to maintain the accuracy, timeliness, integrity, confidentiality, and security of PD.

This Regulation takes effect on May 22, 2018.

RESPONSIBLE FOR PROCESSING PERSONAL DATA

The data controller is the legal entity that determines the purposes and means of processing personal data. In other words, the Controller decides how and for what purposes personal data will be processed.

For the purposes of this Data Protection Policy, the Data Controller is as follows:

Corporate name: Garantia – Sociedade de Fiscalização Preventiva de Generos Alimenticios, Lda
NIPC: 500504105
Registered office: Avenida São João de Deus nº 7 A/D 1000-277 Lisbon
Email address: formacao@academiagarantia.pt
Telephone: (+351) 218 123 555

PRINCIPLES FOR PROCESSING PERSONAL DATA

  • Legality
    The processing of personal data will always be subject to prior justification, ensuring the personality rights and data protection rights of the data subject.
  • Purpose
    Personal data should only be processed for the purposes determined at the time of data collection.
  • Transparency
    The data subject (individual) must be informed about how their data is processed.
    Personal data should be collected directly from the individual.
    The data subject must be informed by the entity processing their personal data of the following:

    • Identification of the department of the Academia de Formação – Grupo Garantia responsible for processing;
    • Purpose of data processing;
    • Third parties to whom the data may be transmitted;
    • Data retention periods;
    • Right to access and rectify data;
    • Right to complain.
  • Erasure
    Personal data that is no longer necessary should be erased after the legally defined retention period. In exceptional cases, if the data has historical or statistical importance, legitimate interest, or by legal determination, it may be retained.
  • Data Accuracy
    Personal data must be stored correctly, completely, and always in its updated version. Necessary measures should be taken to ensure that incorrect, incomplete, or outdated data is, whenever possible, eliminated, corrected, or updated.
  • Confidentiality and Data Security
    Holders of personal data are obliged to maintain confidentiality regarding the data processed. Technical measures must be implemented to protect data against unauthorized access, improper processing or forwarding, as well as against destruction, loss, or alteration.

TYPE OF DATA PROCESSED BY ACADEMIA DE FORMAÇÃO – GRUPO GARANTIA

ADMISSIBILITY, PROCEDURES AND SECURITY MEASURES

The Academia de Formação – Grupo Garantia adheres to legal standards for protecting the personal data of its employees, job applicants, third parties (such as trainees, trainers, employees of service providers, and interns), clients and potential clients, and suppliers (individuals). This includes ‘security data’ for visitors and users of the website, in compliance with national and community legal provisions and decisions by the National Data Protection Commission.

Personal data refers to any information related to an identified or identifiable individual. For the purposes outlined in this privacy policy, the Data Controller collects and processes personal data as specified for each type of processing, depending on the services requested or the existing contractual relationship with the company.

The Academia de Formação – Grupo Garantia commits to handling data with complete confidentiality and implementing appropriate security measures—physical, technical, and organizational—to protect your personal data. The data subject guarantees and is responsible for the truthfulness, accuracy, validity, and authenticity of the personal data provided and agrees to keep it duly updated.

1. Workers’ Personal Data

Introduction

The Academia de Formação – Grupo Garantia, in its capacity as an employer, processes the personal data (PD) of its employees. The PD of former employees is not subject to any processing, except for its retention within legal timeframes, or whenever requested by them, or due to judicial litigation or any request from a public entity.

Lawfulness of Workers’ Data Processing

Regarding the employees with whom the Academia de Formação – Grupo Garantia has an active employment contract, the data processing arises from:

Contractual relationship – when necessary for the execution of the employment contract;
Legal obligation – when necessary to comply with a legal obligation to which the controller is subject;
Legitimate interests – when the position or need of the Controller in relation to the employment contract justifies the action;
Consent – when there is a free, specific, informed, and explicit expression of will from the data subject, accepting the processing of their data.

Employee Personal Data Privacy Policy

The personal data (PD) of employees will be handled in accordance with this Data Protection Policy, other internal regulations, and official authorizations, particularly concerning geolocation, as well as individual employment contracts and confidentiality agreements.

The processing of employees’ personal data is restricted to those designated by the Data Controller at any given time, with access limited and duly justified under the law, always ensuring confidentiality.

Employees may request access to their protected data at any time and request its alteration or correction in case of error or incompleteness.

In accordance with the law, employees have the rights to information, access, and opposition to the processing of their personal data. To exercise these rights, they must submit a written request to the Academia de Formação – Grupo Garantia as the Data Controller.

Employees may, under legal terms, exercise the right to be forgotten regarding their personal data, except in cases required for the fulfillment of legal obligations.

The processing of employees’ clinical data follows the regime for sensitive data processing and is therefore exclusively accessible to the company’s doctor or certified medical team, with employees having access to it upon direct request to the occupational doctor.

By signing the employment contract and throughout its duration, the employee consents to their personal data being securely stored digitally, processed, and accessed under the previously specified or occasionally specified terms.

Purpose of Workers’ PD Treatment

Employees’ personal data may be collected and processed by the Academia de Formação – Grupo Garantia for the following purposes:
  • Administrative management;
  • Calculation and payment of wages, benefits, allowances, and subsidies;
  • Calculation and withholding of mandatory or optional deductions from remuneration, arising from legal, conventional, or contractual provisions;
  • Execution of judicial decisions or sentences, as well as handling requests made by employees;
  • Handling other matters related to wages, benefits, allowances, or subsidies;
  • Processing of training certificates by the employer and/or external training entities;
  • Issuance of travel tickets, visas, and/or other documents required for employee travel;
  • Attendance and/or access records and control;
  • Compliance with legal obligations in the field of occupational safety and health;
  • Processing within the scope of video surveillance as authorized and in legal compliance;
  • Attendance and/or access control through biometric registration, if applicable.

PD category to be collected

For the aforementioned purposes, the Academia de Formação – Grupo Garantia may collect and process personal data, as well as the original and copies of the respective documents (when legally permissible and applicable), which include the following categories:

  • Identification data;
  • Family situation;
  • Data related to academic qualifications;
  • Data related to professional activity;
  • Data related to remuneration;
  • Other data necessary to comply with the provisions of the previous article.

Workers’ PD retention period

For administrative management of employees and training certificates, data will be retained for a legally specified period. Even after the termination of the employment relationship, data may be kept to meet other accounting and tax obligations.

For employee remuneration, benefits, and allowances, data may be retained for the maximum period allowed by law.

The retention period of the respective data may be extended due to judicial actions, following the transfer of data to judicial institutions or the final judgment of a case.

For pensions, social security, or the payment of subsequent supplementary benefits due after the end of employment, data necessary to prove employment status, length of service, and salary progression may also be retained for the legally required periods corresponding to each purpose.

Recipients of Workers’ Personal Data (PD)

Employees’ personal data (PD) may be transmitted to the following recipients:
  • Entities to whom the data must be communicated by legal provision or at the request of the data subject;
  • Financial institutions managing the employer’s accounts for the payment of employees’ remuneration;
  • Pension Fund or Social Security Scheme managing entities;
  • Insurance companies with which work accident or personal accident insurance contracts are concluded (if applicable);
  • Training entities for the issuance of training certificates and organization of the pedagogical dossier;
  • The accounting and human resources departments for payroll processing or the company’s accounting obligations;
  • Auditing entities (internal and external) within the scope of certification processes and inspections;
  • External consulting entities within the scope of their consulting services;
  • The Occupational Health department, which ensures compliance with occupational health and safety obligations within the company;
  • Entities managing IT systems for the processing of personal data.
  • Data may be transmitted to outsourcing entities coordinating business activities for data investigation and processing.

External entities (subcontractors) to whom employees’ personal data is provided under this PD policy are contractually obligated to comply with the legal data protection obligations imposed on the Data Controller.

Photographs, Filming and Recordings

It is prohibited to photograph, film, or make any type of recording, or any other process of copying and/or reproducing personal documents, without the consent of the data subject, except in cases provided by law or duly authorized by a competent entity.

Internal Communications

In the practical application of the Data Protection Policy for employees, the Academia de Formação – Grupo Garantia has adopted the following procedures:
  • Informing employees about the Privacy Policy;
  • Collecting consent for the processing of personal data (PD), when applicable;
  • Binding employees to confidentiality regarding PD they have access to within the scope of their duties.

Security Measures

Employees’ personal data (PD) are stored in computer files (company computers and server) and in dossiers (physical format). Each employee who handles PD in the course of their duties is assigned a computer through which they have access to both local and shared information. Access is granted only through a user registered in the Academia de Formação – Grupo Garantia domain and the use of a personal, non-shared password. Physical PD is located in a reserved and restricted access area.

2. Job Applicant Personal Data

The Academia de Formação – Grupo Garantia ensures the protection of job applicants’ data rights, whether provided voluntarily through spontaneous applications or during recruitment processes conducted by the company or an outsourcing entity, with the data subject’s authorization. All data will be treated confidentially, in accordance with current laws.

The company’s recruitment privacy policy is detailed in a separate document, which specifies the types of personal data processed, the purpose and legitimacy of the processing, and the recipients of the data. This document is an integral part of the overall Data Protection Privacy Policy.

3. Third Party Personal Data (Trainees, Trainers, Candidates, Employees of Service Provider Companies, Service Providers and Interns)

Introduction

The Academia de Formação – Grupo Garantia is committed to complying with the GDPR in its interactions with third parties, whether as trainees/trainers and trainer candidates, or as employees of other entities – service provider companies, or even service providers and interns.

Third Party Data Processing Lawfulness

In its business activities, the Academia de Formação – Grupo Garantia processes data for trainees (internal or external employees, or service providers) based on:
  • Contractual Relationship: Arising from the status of employee/trainee, external trainer, service provider, or employee of service provider companies, as the data subject (in the case of sole proprietors and representatives of legal entities).
  • Legitimate Interests: When the position of the Academia de Formação – Grupo Garantia justifies the action in relation to the third party.
  • Consent: Express and directed authorization, manifesting a free, specific, informed, and explicit will, accepting the processing of their data for the respective purpose.

In its activities as a provider of SST, Training, and HSA services (whether as an employer or not) and regarding Occupational Health and Training data, the processing is based on:

  • Contractual Relationship: Arising from the registration of the trainee/internal or external employee or service provider for training, or from the service contract with the client, for the execution of contracted services in the field of occupational health, SST, or HSA.
  • Legitimate Interest: When the position of the Training Academy – Grupo Garantia justifies the action in relation to the employee of our client or trainee/trainer (internal or external employee or service provider).
  • Consent: Express and directed authorization, manifesting a free, specific, informed, and explicit will, accepting the processing of their data.

In its contractual relationships with service providers and suppliers, and their employees working for our company, the data processing is based on:

  • Contractual Relationship: In which the data subject is an intervening party or constitutes a necessary element for the execution of the contract.

Regarding other third parties, data processing is based on:

  • Contractual Relationship: Arising from the internship and the respective internship contract.
  • Consent: Express and directed authorization, manifesting a free, specific, informed, and explicit will, accepting the processing of their data.

Privacy Policy

The personal data (PD) of third parties will be processed in accordance with the Data Protection Policy adopted by the Academia de Formação – Grupo Garantia.

Purpose of Third Party Data Processing

Occupational Health Data
The personal data (PD) of employees of the clients of the Academia de Formação – Grupo Garantia can only be processed to fulfill legal obligations and services provided by the Academia de Formação – Grupo Garantia, as well as for contact purposes, such as informing about schedules made by the Academia de Formação – Grupo Garantia.

SST Data
The PD of employees of the clients of the Academia de Formação – Grupo Garantia can only be processed to fulfill legal obligations and services provided by the Academia de Formação – Grupo Garantia, as well as for contact purposes, such as questioning employees about work accidents they have suffered.

Training Data
The PD of trainees/trainers of the Academia de Formação – Grupo Garantia can only be processed to fulfill legal obligations and services provided by the Academia de Formação – Grupo Garantia, as well as for contact purposes, website registration, advertising, and disclosures. These communications aim to inform about the training activities of the Academia de Formação – Grupo Garantia and third parties, from which they may benefit, and for contact, dissemination of activities, issuance of training certificates, and conclusion of training contracts.

HSA Data
The PD of employees of the clients of the Academia de Formação – Grupo Garantia can only be processed to fulfill legal obligations and services provided by the Academia de Formação – Grupo Garantia.

Data of External Workers from Service Providers and Suppliers (Individuals)
The processing of PD of service providers and suppliers and their employees working for us can be carried out by the Academia de Formação – Grupo Garantia to support the execution of contracts, covering all acts related to the intended purpose, ensuring the Data Protection Policy for all.

Intern Data
The processing of PD of interns at the Academia de Formação – Grupo Garantia is based on the execution of the respective internship and internship contract (whether in the form of a curricular internship, protocolled with an educational institution or the State, a public entity, or a free internship), covering all acts related to the intended purpose, ensuring the Data Protection Policy in all situations.

Data for Informational Purposes (Visitors and Website Users)
The processing of PD for information dissemination is only permitted for this purpose. The data subject must be informed about the use of their data for the specific purpose intended and give their respective consent.

Communications

In implementing the Data Protection Policy for third parties, the Academia de Formação – Grupo Garantia has adopted the following procedures:

  • Internally disseminating and posting the Data Protection Policy at the Academia de Formação – Grupo Garantia’s premises and on the website.
  • Informing new trainers and service providers about the Data Protection Policy.
  • Informing current trainers and service providers about the Data Protection Policy through a circular.
  • Informing trainees/trainers about confidentiality in data processing at the Academia de Formação – Grupo Garantia.
  • Obtaining consent declarations for the processing of personal data (PD) from trainers and employees of service providers.
  • Informing new subscribers of the quarterly updates on the Data Protection Policy.
  • Requesting authorization to maintain data for the dissemination of information by the Academia de Formação – Grupo Garantia.
  • Adapting and integrating all service contracts to comply with the GDPR, particularly regarding Articles 26 and 28, when applicable

Security Measures

The personal data (PD) of third parties must be protected against unauthorized access, improper disclosure, and loss, falsification, or destruction, regardless of whether the processing is carried out electronically or on paper.

4. Processing of Personal Data of “Customers and Suppliers”

What type of personal data do we process from Customers?

  • Identifying Data: Company name, Tax Identification Number (NIF), address, phone number, email address, number of employees, company activity (CAE), number of establishments;
  • Name and phone contact of the client’s representative(s);
  • Identifying data of the client’s employees: full name, date of birth, Tax Identification Number (NIF), role, professional category, date of admission to the company, workplace, job position, establishment;
  • Establishment data: establishment name, geographical location, size in m²;
  • Transaction data: products and services provided.

What type of personal data do we process from Suppliers?

  • Identifying Data: Company name, Tax Identification Number (NIF), phone number, email address, address;
  • Financial data: bank account;
  • Transaction data: products and services provided;
  • Name and phone contact of the supplier’s representative.

For what purpose do we process your personal data?

We handle the personal data you provide for managing the company’s customer and supplier information, maintaining commercial relationships, and overseeing accounting, administrative, and billing processes, as well as fulfilling tax and legal obligations. Advertising and marketing purposes are also included, with the legal representative of the entity providing express consent in the service contract.
The personal data will be retained as long as the commercial relationship exists. Data related to the safety and health of the client’s workers must be kept for forty (40) years after the end of the relationship, in compliance with Occupational Safety and Health legislation.
If you choose to cancel your personal data, it may be retained in our databases for legally required periods to meet tax and accounting obligations, and will be deleted once these legal periods or any applicable deadlines expire.

What is the legitimacy for the processing of your personal data?

The legal grounds for processing your data are based on the execution of a contract, the commercial relationship, and the legitimate interest and pursuit of the activity of the Data Controller, as well as the fulfillment of a legal obligation of our clients (Data Controllers). The communication of new services and information to clients is carried out with their consent, as stipulated in a clause of the service provision contract.

To which recipients will your data be transmitted?

Your data may be transmitted to the ACT (Authority for Working Conditions), the DGS (Directorate-General for Health), ASAE (Authority for Food and Economic Safety), Public Security Entities, and Social Security in case of inspections by these bodies; as well as in court, if requested. Some of the client’s workers’ data may be transmitted to third parties, namely laboratories, for the purpose of conducting analysis services.

5. Processing of Personal Data of “Contacts and Potential Customers”

What type of personal data do we process?

Identifying Data: Company name, Tax Identification Number (NIF), address, phone number, email address, number of employees, company activity (CAE), size of the facilities.

For what purpose do we process your personal data?

We process the personal data you provide in the contact form to create a proposal. The personal data provided will be kept as long as the commercial relationship is maintained. If you decide to cancel your personal data, you can request its deletion in writing, and it will be removed from our contact database.

What is the legitimacy for the processing of your data?

The legal basis for processing your data lies in the express consent requested from you.
The data is not transmitted to any other entity.

6. Processing of Personal Data of “Transport Management Activity”

What type of personal data do we process?

  • Identifying Data: Company name, Tax Identification Number (NIF), address, phone number, email address;
  • Academic and Professional Data: Qualifications, profession, position;
  • Data Related to Vehicle Geolocation: Company vehicle geolocation, routes taken, as well as tachograph data.

For what purpose do we process your personal data?

We handle the personal data you provide to manage the company’s transporter data, logistics, and transportation. This allows us to track equipment locations, plan routes, and oversee the company’s fleet across various activities. The personal data will be retained as long as the commercial relationship continues.
If you wish to cancel your personal data, you must request its deletion in writing. It may be kept in our databases for legally required periods to meet tax and accounting obligations and will be deleted once these periods or any applicable deadlines expire.

What is the legitimacy for the processing of your data?

The legal grounds for processing your data lie in the execution of a contract. It may also be constituted by the consent of the interested party.

To which recipients will your data be transmitted?

Data may be transmitted to the subcontractor responsible for location data. Your personal data will not be shared with any other entity, except those required by public bodies due to legal obligations.

USE OF THE WEBSITE ACADEMIA DE FORMAÇÃO – GRUPO GARANTIA

If you use our website through the client area (Client Portal), where you register with a ‘Username – Password’, your data will be stored in a specific user control database. However, you can request its deletion at any time by writing to our official address listed on our website or to your usual manager.
Deleting your data means you will no longer be able to use the client portal in registered mode unless you create a new user account. If you use our website without registering and contact us through contact forms, the data requested in those forms may be stored. You can also request its deletion and continue to use our website normally.

Conditions for access and use of the website

Access to the website is the sole responsibility of the user, implying acceptance and understanding of the associated legal warnings, conditions, and terms of use. The user guarantees the authenticity and accuracy of all data provided, whether in registration forms or at any other time, and is responsible for updating the information to reflect their current situation. The user will be held accountable for any inaccuracies or false information provided.

The USER agrees to use the content and services provided by our company through its portal appropriately and, by way of example but not limited to, not to use them to:

  • Engage in illegal activities or activities contrary to good faith and public order;
  • Disseminate content or propaganda of a racist, xenophobic, illegal pornographic nature, incitement to terrorism, or that violates human rights;
  • Cause damage to the physical and logical systems of Academia de Formação – Grupo Garantia, its suppliers, or third parties, introduce or spread computer viruses or any other physical or logical systems likely to cause such damage;
  • Attempt to access and, if applicable, use the email accounts of other users, as well as modify or manipulate their messages.

Our company reserves the right to remove any comments and contributions that violate human dignity, are discriminatory, xenophobic, racist, pornographic, that threaten youth or childhood, public order or safety, or that, in its opinion, are not suitable for publication.

Intellectual property rights

The user must respect the company’s intellectual property rights. Accessing or using this website does not grant any rights over the trademarks, trade names, or other distinctive signs used here. The term ‘website’ includes, but is not limited to, data, texts, graphics, images, animations, musical creations, videos, sounds, designs, photographs, and other content, whether tangible or intangible, and regardless of their susceptibility to intellectual property, as defined by the revised Intellectual Property Law.
Commercial downloads from this website are prohibited, meaning the user cannot exploit, reproduce, distribute, modify, publicly transmit, assign, transform, or use the website’s contents for commercial purposes. Additionally, under this Legal Notice, reproducing any part of the website’s content without the author’s express permission is prohibited, and such permission does not transfer ownership of the content to the user.

Disclaimer and Limitation of Liability

Our company is not liable for any damages or losses in the following situations, without limitation:
  • If there are difficulties or impossibilities in connecting to the communication network through which this website is accessible, regardless of the type of connection used by the user.
  • If there is an interruption, suspension, or cancellation of access to the website, as well as any issues with the availability and continuity of the website’s operation or its services and/or contents, due to (i) service interruptions for technical network maintenance or (ii) causes beyond our company’s control, whether direct or indirect.
  • If there is a lack of quality and speed in accessing the website and the technical conditions that the user must ensure to access the website and its services and/or contents.

Change of terms and conditions of use

These general conditions, along with any specific conditions that may be established, will remain in effect indefinitely as long as the portal is active. The company reserves the right to unilaterally modify the access conditions and content of the portal at any time.

By accessing the website, the user agrees to comply with the following terms of use: The user must use the services and information provided on the website as presented, without altering the content, and solely for their own use. They cannot transfer or notify anyone else of this information and must use it in their own interest according to the nature of the content. The user is responsible for the exclusive use, conservation, confidentiality, and correct use of their access credentials (username and password).

Our company reserves the right to change these general terms of use at any time without prior notice, so users must review these General Conditions each time they access the website. Our company is not responsible for any damage caused by the use of the user’s password by others, whether with or without the user’s knowledge. The use of the website’s services and content is the sole responsibility of the users.

Users acknowledge and accept that the use of the website, its services, and content is entirely at their own risk. Specifically, our company does not guarantee the continuity, availability, or usefulness of the website, its services, or content. Therefore, it is not liable for any potential damages of any kind that may occur to users.

Additionally, our company does not guarantee the absence of viruses or other elements that may cause alterations to users’ computer systems or electronic documents or files stored therein. Consequently, it is not responsible for any potential damages of any kind that may occur to users.

HOLDER AND DATA RIGHTS

In line with applicable data protection regulations, the rights of personal data holders are guaranteed under national and community data processing laws. The Academia de Formação – Grupo Garantia ensures that data subjects can exercise these rights as outlined in this data protection policy, generally free of charge, except in cases where requests are manifestly unfounded or excessive, particularly if repetitive.

The rights of data subjects include:

  • Right to information: You have the right to be informed in a concise, transparent, understandable, and easily accessible manner, using clear and simple language, about the use and processing of your personal data.
  • Right of access: You have the right to request, at any time, confirmation of whether we are processing your personal data, and to be given access to them and information about their processing, as well as to obtain a copy of the data. Copies of documents containing your personal data will generally be free of charge, although requests for additional copies may be subject to a reasonable fee based on administrative costs. The Academia de Formação – Grupo Garantia may ask you to confirm your identity or provide additional information necessary to manage your data access request.
  • Right to rectification: You have the right to request the correction of inaccurate, outdated, or incomplete personal data. You may also request that incomplete personal data be completed, including through an additional statement.
    Right to erasure: You have the right to request the deletion of your personal data if, among other reasons, the data are no longer necessary for the purposes for which they were collected. However, this is not an absolute right, and the Academia de Formação – Grupo Garantia reserves the right to continue to retain them, duly blocked, under the legal terms and conditions provided by applicable regulations.
  • Right to data portability: You have the right to have your data transferred to another processor in a structured, commonly used, and machine-readable format. This right applies when the processing of your personal data is based on consent or the execution of a contract, but only if the processing is carried out by automated means.
  • Right to object: You can object to the processing of your personal data, including profiling, unless we have legitimate grounds for processing or for the establishment, exercise, or defense of legal claims.
  • Right not to be subject to automated decisions, including profiling: You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly affect you, unless necessary for the performance or execution of a contract, authorized by law, or based on consent.
  • Right to withdraw consent: If you have given consent for the processing of your personal data for specific activities (e.g., sending commercial or institutional communications), you can withdraw this consent at any time. This will stop the specific activity for which your consent was previously obtained, unless there is another legal reason or basis justifying the continued processing of your data for these purposes, in which case you will be informed.
  • Right to lodge a complaint with a supervisory authority: You have the right to file a complaint with the National Data Protection Commission.

OBLIGATIONS OF THE RESPONSIBLE FOR PROCESSING PERSONAL DATA

The Academia de Formação – Grupo Garantia, as a company or organization that individually or jointly with another (Subcontractor) determines the purposes and means of data processing, is the ‘Data Controller’ and must ensure the following:
  • Personal data is collected for specific, explicit, and legitimate purposes and is not processed in a manner incompatible with those purposes.
  • Only adequate, relevant, and non-excessive personal data is collected in relation to the purposes for which it is collected.
  • The collected personal data is accurate and up-to-date.
  • Personal data is only retained for the necessary period to achieve the purposes for which it was collected/processed, ensuring compliance with applicable CNPD Deliberations and specific legislation.
  • All information related to the processing is made available to the data subject, granting them the right to access, rectify, and delete their data, as well as to object to its processing, as stipulated by law and outlined above.
  • Data subjects can, through a specific form (Reg. PD0002), request from the Data Controller (Academia de Formação – Grupo Garantia) the exercise of their rights listed in this Data Protection document.
  • The data subject’s consent is obtained for data processing, where required.
  • Data processing is duly notified to the CNPD (if applicable) and, when legally required, prior authorization is obtained, or it is duly regulated under legal terms.
  • Authorized employees accessing personal data are bound by confidentiality obligations.
  • Written contracts safeguarding confidentiality and privacy are established with subcontractors handling our data subjects’ personal data.
  • The transmission of personal data to a third-party recipient must be accompanied by a guarantee of data protection and a commitment to use the data only for specified purposes. Such guarantees should be included in contractual clauses, and the Academia de Formação – Grupo Garantia must verify the existence of such clauses in current contracts, aiming to establish amendments if necessary.
  • Appropriate technical and organizational measures are implemented to protect personal data against accidental or unlawful destruction, alteration, unauthorized access, and disclosure, and against any form of unlawful processing.
  • The registration of personal data processing activities is carried out in accordance with legal terms

INCIDENTS

In the event of a data protection breach, the Academia de Formação – Grupo Garantia will notify the National Data Protection Commission and the data subject, in accordance with the terms and deadlines provided in Articles 33 and 34 of the GDPR.

LIABILITIES AND SANCTIONS

Having defined which personal data it holds, the purpose of their processing, and who has access to them, the Academia de Formação – Grupo Garantia states that any abusive processing of personal data or other violations of the adopted data protection policy will be legally punished, particularly in terms of labor and civil law.

COMPLEMENTARY DOCUMENTATION (It is an integral part of this Privacy, Security and Personal Data Protection Policy)

Form: Reg. PD 0002 Data Protection (for exercising the rights of data subjects);
Privacy and site usage policy
Recruitment privacy policy
Form: Record of personal data processing activities