A carregar página
Saltar para o conteúdo principal da página

1. CENTAURO's Commitment

The protection of privacy and personal data is a fundamental commitment of CENTAURO INTERNACIONAL - Trocadores de Calor Lda and its affiliated companies BRISA NOVA - Trocadores de Calor Lda and CASTANHEIRA, HENRIQUES & Cª Lda, all held directly or indirectly by the holding company CENTAURO (Portugal) S.G.P.S., S.A., hereinafter jointly referred to as ‘CENTAURO’.

CENTAURO respects the privacy and protects the personal data of its Employees, Customers, Suppliers and business partners, under the terms established in the legislation and regulations applicable to the protection of personal data, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), applicable from 25 May 2018, hereinafter referred to as ‘GDPR’.

This Statement provides an overview of how we process your data, and your rights in this regard, in accordance with the provisions of the GDPR, and other applicable privacy and data protection legislation, including national legislation that supplements the GDPR.

The specific data that will be processed and how it will be used depends to a large extent on the information and services requested and agreed upon.

2. The Data Controller and the Data Protection Team

The entity responsible for processing personal data, hereinafter referred to as the ‘Data Controller’ is the company:

CENTAURO INTERNACIONAL - Trocadores de Calor Lda
VAT NUMBER 502 352 426
Zona Industrial, Lote Q 9
6000-459 Castelo Branco
Telephone: +351 272 339 260
E-mail address: geral@centauro.pt

The Data Controller has a ‘Data Protection Team’, which can be contacted at:

Zona Industrial, Lote Q 9
6000-459 Castelo Branco

Data Protection Team
Telephone: +351 272 339 260
E-mail address: rgpd@centauro.pt

3. Characterisation of what is considered Personal Data, Personal Data Holders and Categories of Personal Data

Personal Data
Personal data means any information of any nature and regardless of its medium, including sound and image, which identifies or enables the identification, even indirectly, of a natural person. Personal data are also those which, in relation to other elements, make it possible to identify someone, for example, entry and exit records associated with a reference that identifies a person.

Personal Data Subject
The natural person to whom the personal data relates, namely CENTAURO employees, customers, suppliers and business partners.

Categories of Personal Data
Among other things, we consider personal data, the processing of which may be necessary and/or relevant, to be those that are required at the beginning of the relationship with the data subject or customer or potential customer, or in the process of granting, contracting, controlling and/or monitoring a specific product/service, including the following:

Identifying and contact data
such as name, address or other contact details (telephone and e-mail), place of birth, nationality;

Professional status and activity
such as type of work, sector, employed/self-employed.

Information on default and credit risk
taking into account data available in common credit information systems or economic information sources;

Commercial data
data derived from the proposal or contracting of products and services, such as movements and transactions, propensity for new contracts and cookies;

Information derived from e-mail
or communications by any means with the Data Controller;

Other data
Other data contained in the documentation delivered to the Data Controller or obtained as a result of the relationship with the Data Controller, such as the Citizen Card number or other relevant identification documents, Passport number, notarial deeds, both in physical and digital form and, in general, any documentation and information from the contacts maintained with the client by different means, including marketing campaigns.

4. Sources of Personal Data, Legal Basis, Purposes of Processing and Personal Data Retention Period

Sources
We process the personal data we receive as part of the commercial relationship with clients or potential clients and in fulfilment of applicable legal obligations. In addition, we process personal data provided by other companies in the group of companies to which the Data Controller belongs or by third parties whenever this is relevant, for example, for the provision of services, sale and supply of products, fulfilment of contracts or obligations imposed on us, or on the basis of consent. On the other hand, we process personal data that, where relevant, we receive from freely accessible public information sources, for example commercial and legal person registers, the press, the media and the Internet, and from public authorities and bodies, where we are legitimised to do so under the terms of the law.

Grounds and purposes
We process the aforementioned personal data in accordance with the provisions of the GDPR and other applicable legislation in this area, with the following grounds and purposes:

Consent (Article 6(1)(a) of the GDPR)
when you have given your consent - in writing or by validating an option - in advance and if that consent is free, informed, specific and unambiguous. Examples of your consent are for the purposes of disclosing data outside the cases provided for in this Policy or in specific documentation, for the processing of spontaneous applications, as well as for the Data Controller to send marketing messages, including the processing of email addresses for sending newsletters. Consent may be revoked at any time;

Performance of a contract and pre-contractual steps (Article 6(1)(b) of the GDPR)
when the processing of personal data is necessary for the conclusion, execution and management of the contract concluded with CENTAURO, for example, for the preparation of a proposal, for the management of contacts, information and requests, for the management of invoicing, collection and payments;

Compliance with a legal obligation (Article 6(1)(c) of the GDPR)
when the processing of personal data is necessary to fulfil a legal obligation to which CENTAURO is subject, such as the communication of identification data to police, judicial, tax or supervisory authorities;

Legitimate interest (Article 6(1)(f) of the GDPR)
when the processing of personal data corresponds to a legitimate interest of CENTAURO or a third party and when our reasons for using it must prevail over your data protection rights. This is the case for responding to contact requests and the use of cookies, as well as for exercising legal rights and defence in the event of legal disputes.

Retention periods
Your personal data will only be processed for the period necessary to fulfil the defined purpose or, depending on what is applicable, until you exercise your right to object, right to be forgotten or withdraw consent, although the exercise of these rights may be restricted by the application of legal, regulatory or contractual rules. Once the respective retention period has elapsed, CENTAURO will delete or anonymise the data whenever it should not be kept for a different purpose that may still exist.

Therefore, in accordance with the GDPR, we process and store your personal data to the extent necessary to fulfil the applicable contractual and legal provisions. In this regard, it should be borne in mind that our contractual or commercial relationship is often a long-term, ongoing obligation. In addition, we are subject to various documentation storage obligations resulting from various legal regulations.

To this extent, the personal data processed will be kept for the period necessary to provide the contracted services, sell and supply products, as well as to fulfil the tax and legal obligations applicable to CENTAURO.

5. Communication of Personal Data to other Entities, Subcontractors and Third Parties

Within CENTAURO, employees who need your data to fulfil CENTAURO's contractual/pre-contractual and legal obligations have access to it.

Your personal data may be made available to CENTAURO Group companies and business partners.

They may also be made available to our suppliers, financial agents and other subcontractors who, under the terms of the GDPR, may access the data for these specific purposes, albeit subject to data protection safeguards and always acting in the name of and on behalf of CENTAURO. In this case, CENTAURO will take the necessary contractual measures to ensure that subcontractors respect and protect the data subject's personal data. These entities may be based inside or outside the European Union.

The transmission of data to countries outside the European Union only occurs if this is necessary for the execution of orders or requests from the data subject, for example related to payment orders or investments, by legal requirement or if you have granted us express authorisation to do so.

In the event that it is necessary to use service providers from third countries, they will be obliged to comply with the written instructions in this regard, by signing an agreement with the contractual clauses in force in the European Union, in order to comply with the level of data protection applicable in the European Union. You will receive detailed information from us, separately, whenever defined by law.

Other agents with access to the data may be those to whom you have granted a data transmission authorisation or the entities to whom the data must be communicated by law, such as the tax authority.

6. Rights of the Data Subject

CENTAURO guarantees all your rights in relation to the processing of your data, in accordance with the GDPR:

Access
The right to obtain confirmation of what personal data is being processed and information about it, such as the purposes for which it is being processed, the retention periods, etc.

Rectification
The right to request the rectification of inaccurate personal data or to request that incomplete personal data be completed, such as address, VAT number, email address, telephone contact details, etc.

Erasure of data or ‘right to be forgotten’
The right to have your personal data erased if there are no valid grounds for retaining it, such as when CENTAURO has to retain the data to fulfil a legal obligation to preserve it for the investigation, detection and prosecution of crimes or because legal proceedings are underway.

Portability
The right to receive the data you have provided us with in a commonly used, machine-readable digital format or to request the direct transmission of your data to another entity that becomes the new controller of your personal data, such as receiving your invoices or transmitting your contact details to the new controller, but in this case only if technically possible.

Withdrawal of Consent or Right to Object
The right to object or withdraw your consent where the processing is based solely on that consent, for example for marketing purposes / direct commercial action. The same applies to consents given prior to the direct application of the GDPR, i.e. before 25 May 2018. Please note that revocation and objection are not retroactive, so processing carried out prior to revocation or objection will not be affected.

Restriction
The right to request the limitation of the processing of your personal data, in the form of: suspension of processing or limitation of the scope of processing to certain categories of data or processing purposes.

Complaint
the right to lodge a complaint with our company, which is responsible for processing your personal data, or with the Data Protection Team, or even with the supervisory authority, the National Data Protection Commission, if your complaint is not upheld by our company or the Data Protection Team.

The exercise of rights is free of charge, except in the case of a manifestly unfounded or excessive request, in which case a reasonable price may be charged taking into account the costs. Information must be provided in writing. Requests must be answered within a maximum of 30 days, unless the request is particularly complex.

To exercise your rights you should contact our Data Protection Team at rgpd@centauro.pt.

7. How we protect personal data

CENTAURO makes every effort to protect your personal data against destruction, loss, accidental or unlawful alteration and unauthorised disclosure or access.

To this end, CENTAURO has implemented appropriate, necessary and sufficient logical, physical, organisational and security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, access or any other form of processing.

8. Changes to the Privacy Policy

CENTAURO may amend this privacy policy at any time and without prior notice. Changes will be duly published at www.centauro.pt.

 

Castelo Branco, 25 May 2018

The Board of Directors
José Ribeiro Henriques