PERSONAL DATA PRIVACY AND PROTECTION POLICY
According to General Data Protection Regulation
The hereby personal data privacy and protection policy applies to our costumers’, website users and applicants to our job vacancies personal data, who come in contact with us through our website, email or telephone, whether they do so for placing shipping requests, obtaining information, submit complaints and/or suggestions or job opportunities applications.
Answers to any queries can be found below.
- Liability for personal data treatment
CLINIFAR – Produtos Clínicos e Farmacêuticos, S.A., legal person 503281115, headquarters at Av. dos Mourões, 121 – Apartado 2040, 4410-139 VILA NOVA DE GAIA, is responsible for the treatment of its customers, website users and job vacancy applicant’s personal data.
Any related issues can be addressed to the data manager by sending a registered letter to the above address or an email to firstname.lastname@example.org.
2.Personal data treatment
At CLINIFAR, S.A. we perform a very limited personal data collection and its only purpose is to keep a close and tailored contact with our customers in order to communicate our latest news and promotions, our sales catalogues, as well as to keep in touch with applicants to our job vacancies.
CLINIFAR, S.A. collects personal data when a user is registered to our website, when a complaint, a suggestion or a shipping order is registered, when our newsletter is subscribed or when a curriculum vitae is uploaded.
- Purpose, legal grounds and personal data storage period
The personal data we collect is destined for processing shipping orders, establishing communication in response to information requests, complaints or queries, statistical analysis, job applicants’ contacts and also promotional/direct marketing through any communication channel.
In GDPR’s scope, personal data usage is obliged to be justified under, at least, one of the legal grounds predicted by law (*). Depending on the collected personal data, means of gathering and purpose of the data treatment, there can be multiple types of groundings, as per table below.
|Treatment purpose||Collected personal data||Legal ground||Data storage|
|Customers and potential customers management
|We collect your data so that we can execute a purchase and sale contract or pre-contractual diligences to your request (website registration, budgeting, etc.).||Name, job, address, telephone number, email and taxpayer number.||Contractual relationship||Up until 5 years after establishing the last contact or 10 years for invoicing filing, as per fiscal law in practice.|
|We can process your data in order to send you information about our products (direct marketing)||Name, job, address, telephone number, email and taxpayer number.||Legitimate interest||Up until 5 years after establishing the last contact|
|We collect your data so that we can provide after-sales and fidelity services (response to queries/suggestions, sending catalogues etc.)||Name, job, address, telephone number, email and taxpayer number.||Legitimate interest||Up until 5 years after establishing the last contact|
|Assessment of job application and contact for any opportunity suitable for academic and professional profile, for recruitment purposes.||Name, job, address, telephone number, email and taxpayer number.
In case the applicant uploads a curriculum vitae we will have access to the document’s information as well as to any non-compulsory information the applicant voluntarily discloses. For example, age, date of birth, taxpayer number, social security number, marital status, nationality, photo, gender, education info, job history, personal documentation and academic qualifications copies.
|Consent||1 year after the curriculum vitae is upload on our website.|
(*) Law predicts, among others, the following legal grounds for personal data treatment:
- When consent has been given for the treatment of your personal data (for such instances a consent form will be presented in order for you to allow the use of your data; such consent can be withdrawn at any time);
- When data treatment is paramount in order to celebrate or execute a contract;
- When data treatment is paramount in order for CLINIFAR, S.A. to comply with its legal obligations;
- When data treatment is paramount in order to achieve a legitimate interest and our motives for its usage prevail over your right to data protection;
- When data treatment is paramount in order for us to declare, execute or defend a right in legal action against you, us or a third party.
- Personal data owner rights
At any given moment the personal data owner can ask for access to the information we hold about them, data correction in case of it being incorrect or incomplete, data deletion or limitation to data treatment according to legal boundaries. In case data treatment depends on your consent, which is given through automated means, the data owner has the right for the given data to be sent back, in a structured manner, commonly used and in a computer-readable format. According to legal restrains, the data owner can oppose to their personal data treatment.
It may be asked for the data owner to provide proof of their identity.
The data owner must contact CLINIFAR, S.A. in order to execute foregoing rights through the email email@example.com.
- Data owner consent
Whenever personal data treatment depends on its owners’ consent (as per table above), consent must be free given, explicit, unequivocal and informed.
Whenever a new collect of personal data is executed that requires consent as legal ground, CLINIFAR, S.A. will ask for your explicit authorization, providing all the necessary information, namely, its purpose, period of time during which personal data will be stored and rights.
Consent can be, at any given moment, redrawn or changed without prejudice for data management lawfulness based on previously given consent. For such instances a contact should be made to the email firstname.lastname@example.org, for consent redrawn or indicating what must be altered.
- Data treatment manager legitimate interest
CLINIFAR, S.A. manages your personal data for corporate activity tasks. GDPR states that personal data treatment for direct sales purposes constitutes a legitimate company interest. Direct commercialization, in light of the General Data Protection Regulation, is seen as any company action as one destined for communicating advertising or sales material, specifically designed for one particular person. In case you no longer whish to receive our marketing communications you are able to object to data treatment by contacting us through the email email@example.com.
- Personal data storage
CLINIFAR, S.A. stores every personal data as long as commercial relations are still standing between the company and the data owner. Unless consent is redrawn, we will keep personal data up until five years after commercial relations have ceased or after the last contact has been established. We can keep your personal data for longer periods of time per pending legal company obligations (Cfr, table presented above).
- Beneficiaries / data transfer
CLINIFAR, S.A. does not provide or transfer your personal data to third parties, except when legally bound to do so.
- Personal data protection and security
At CLINIFAR, S.A. we deploy several security measures in order to help protect your personal data, keeping it safe, available and intact.
Even though digital data transmissions, via website or email, can not provide full security against interference, CLINIFAR, S.A. has executed its best efforts to implement and maintain physical and electronical safety measures and procedures in order to protect your personal data in compliance with the applicable data protection standards.
The user is able to configurate the browser so that a warning notification can be activated anytime a cookie is received, allowing for a decision of whether or not to keep it. The user can also deactivate cookies, which will affect full use of all of our website features.
- External website links
Our own managed website can contain links for other, external, websites. Whenever you access one of these links which do not belong to CLINIFAR, S.A. keep in mind that these websites have their own privacy policies with no liability or responsibility whatsoever from CLINIFAR, S.A. Please make sure to read those websites privacy polices before use.
- Control Authority – Complaints
In case of breach of your rights, you are able to submit a complaint with the national control authority (Data Protection National Committee, Rua de São Bento, nº 148 – 3º, 1200-821 Lisboa) or proceed legal action.
- Changes to the Personal Data Privacy and Protection Policy
Every future change to our Personal Data Privacy and Protection Policy will be updated to our website. As such, we recommend consultation of this document whenever you visit our website.