Privacy Policy

ICOVI-Infraestruturas e Concessões da Covilhã, EM hereinafter referred to as ICOVI , is increasingly committed to the satisfaction of its customers, for this reason bet on the certification of its activity through the adoption of measures aimed at reducing its impact on the environment in which it operates.

Privacy and Cookies *

The ICOVI legal person based in Portugal, is committed to protecting the privacy and personal data of all individuals with whom it relates, namely customers, suppliers and employees.

* Use of “ COOKIES “: “ Cookies ” are small software tags that are stored on the computer through the browser, retaining only information related to preferences, and therefore does not include personal data.

Accordingly and in compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27-04-2016, also known as the General Regulation for the Protection of Personal Data (hereinafter GDPR) and other applicable legislation, the < strong> ICOVI has established this Privacy Policy.

 

1.Definitions

To ensure a better understanding of this Privacy Policy, it is important to know the concepts. For this reason, ICOVI provides a glossary of terms that it considers most important:

Personal data: Any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is a person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, identification number, location data, identifiers electronically or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Treatment: Any operation or set of operations carried out on personal data or on personal data sets, by automated or non-automated means, such as collection, registration, organization, structuring, conservation , adaptation or alteration, recovery, consultation, use, disclosure by transmission, diffusion or any other form of availability, comparison or interconnection, limitation, deletion or destruction.

Special categories of personal data: Personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or union affiliation, as well as genetic data, biometric data that uniquely identifies a person, data relating to a person’s health or sexual life or sexual orientation.

Sensitive categories of personal data: Personal data relating to the economic or financial situation of the data subject, (other) personal data that may lead to stigmatization or exclusion of the data subject, user names, keywords and other registration elements, personal data that can be used for identity fraud.

Responsible for processing: Natural or legal person, public authority, agency or other body that, individually or in conjunction with others, determines the purposes and means of processing personal data.

Subcontractor: Natural or legal person, the public authority, agency or other body that processes personal data on behalf of the person responsible for processing them.

Consent: Expression of will, free, specific, informed and explicit, by which the data subject accepts, by means of an unequivocal positive statement or act, that the personal data concerning him or her be treated.

Violation of personal data: Violation of security that causes, accidentally or unlawfully, the destruction, loss, alteration, disclosure or unauthorized access to personal data transmitted, preserved or subject to any other type of treatment.

Privacy by design : It means taking the risk of privacy into account in the entire process of designing a new product or service, instead of considering privacy issues only later. This means carefully assessing and implementing appropriate technical and organizational measures and procedures from the outset to ensure that the processing complies with the GDPR and protects the rights of the data subjects concerned.

Privacy by default : It means ensuring that mechanisms are put in place within an organization to ensure that, by default, only the necessary amount of personal data will be collected, used and kept for each task. This obligation applies to the extension of its treatment, the conservation period and its accessibility. These measures ensure that personal data are not made available without human intervention to an undetermined number of natural persons.

Pseudonymization: Processing of personal data in such a way that they can no longer be attributed to a specific data subject without resorting to supplementary information, as long as that supplementary information is kept separately and subject to technical and organizational measures to ensure that personal data cannot be assigned to an identified or identifiable natural person.

 

2.Scope

ICOVI establishes commercial relationships with third parties, customers and suppliers, in addition to its own employees and, within the scope of this activity, proceeds with the processing of personal data.

This Privacy Policy applies exclusively to personal data for which ICOVI is responsible for the respective treatment within the scope of its area of activity, whether in the commercial area or in the area of human resources.

The data can be collected through personal, telephone and in writing, by e-mail , by fax or through websites .

websites from ICOVI, may include links to access other websites that are unrelated to ICOVI .

The links to access the ICOVI websites, may be included on websites outside ICOVI . ICOVI cannot be held responsible for the processing of data made through such third party websites .

 

3.Purposes and fundamentals for data processing

The personal data processed by ICOVI have several purposes and fundamentals:

Management of the contractual relationship: The processing of personal identification data and others is necessary for the celebration and for the fulfillment of the service provision contract entered into between ICOVI and its customers. Customers can choose to provide additional information (eg, allergies, dietary restrictions, illnesses and mobility problems), which will only be used to help ICOVI to provide the best possible service. The processing of personal data is also necessary for the fulfillment of contracts for the provision of services and goods between ICOVI and its suppliers.

Legal obligations: ICOVI is subject to compliance with legal obligations that impose data processing.

Quality: ICOVI can analyze its clients’ information, collected through inquiries, complaints and other means, for statistical purposes if it has the respective consent.

Marketing: With the consent of the owners, ICOVI may process personal data to send information about promotions, campaigns, newsletters and other relevant information for your customers.

Profiling: ICOVI can analyze its customers’ commercial information to identify consumption profiles for statistical purposes and / or, if they have their consent, send personalized information to their customers.

Video surveillance: For the safety of customers and employees, ICOVI has or may have video surveillance systems, in accordance with the law.

Hobbies and contests: ICOVI may promote pastimes and contests for which personal data processing is required, according to the applicable regulation.

Recruitment: Candidates can apply for specific vacancies (through internal recruitment or outsourcing ) or submit spontaneous applications, and must therefore provide personal data necessary for recruitment. The information provided by candidates will be treated for recruitment purposes only and will be kept for a maximum of 2 years.

Human resources management: For the execution of the employment contract, employees must give personal data to ICOVI If necessary, specific consent will be requested for the processing of data that so requires (for example for special and sensitive data categories).

 

4.Cookies

Cookies are used on the ICOVI websites to improve the browsing experience and provide the best possible service. Cookies are small files that are stored on the access devices through the browser , retaining only information related to preferences, thus not including personal data. Despite being able to manage cookies directly in the browser, by continuing to browse the site, the user will be consenting to its use; however, by disabling cookies , you can prevent some web services from functioning correctly, affecting, partially or completely, the navigation on the website.

 

5.Holders’ rights

Under the terms of the GDPR, data subjects have, among others, the following rights:

• Right of access;
• Right of rectification;
• Right to be forgotten;
• Right to limitation of treatment;
• Right to data portability;
• Right of opposition;
• Right to revoke consent.

If you intend to exercise any of your rights or clarify any doubts, the holder must contact ICOVI , in writing, to the address of the headquarters, E-mail: rgpd@icovi.pt or by filling out the form available on the website .

 

6.Duties of ICOVI

ICOVI, proposes to:

1. a) collect only data for specified, explicit and legitimate purposes;
2. b) minimize data collection, promoting only the appropriate collection relevant and limited to what is actually necessary for the purposes the appropriate and relevant data;
3. c) do not use the data collected for purposes other than the collection and consent obtained;
4. d) update data whenever necessary;
5. e) keep the data in such a way that its identification is only possible for the period necessary for the purposes for which it was collected;
6. f) protect data against unauthorized or unlawful processing and against accidental loss, destruction or damage;
7. g) implement the principles of privacy by design and by default in the activities / processes of processing personal data;
8. h) adopt a framework of privacy by design ;
9. i) implement encryption or pseudonymisation techniques of the data in use;
10. j) ensure compliance with the GDPR.

 

 

Drafted at its headquarters on: May 2018.

 

This policy will be updated periodically.