Privacy and Personal Data Protection Policy

Introduction

Business Setting adopts the necessary measures to protect the privacy of the data of its clients,employees and business partners, having prepared this Privacy and Personal Data Protection Policy (“Privacy Policy”) with the purpose of demonstrating its commitment and respect for the rules of protection of personal data, thus complying with the principles of lawfulness, loyalty, transparency, purpose limitation, conservation, accuracy, and integrity confidentiality.

The Privacy Policy was prepared to inform the practical rules of protection of the personal data made available, seeking to clearly explain the requested personal identification information (“Personal Data”), as well as its use, management and disclosure.

We also intend to provide information about the exercise of the rights of access, rectification, cancellation and opposition to the treatment of your personal data, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.

Purpose of the information collected and its use

The provision of personal data by clients, employees, and business partners (hereinafter referred to as “Holders”) implies the knowledge and acceptance of the conditions contained in this Privacy Policy. Thus, by making the personal data available, the holder is authorizing its collection, use and disclosure in accordance with the rules defined in the applicable data collection instruments and in this document.

The collection of personal data is done in writing, and may be in person or by e-mail and will include the name, contact details (address, telephone number, email address), legal data (tax number) and other contained in the independent formal statement subscribed by the holder.

By legislation, Business Setting must provide all information requested by the competent authorities, in accordance with Portuguese laws. In each individual case, Business Setting will inform the holders of the mandatory nature of the provision of the personal data in question.

In certain cases, there is a need to assign personal data to third parties for them to provide services on our behalf. We will only share the information strictly necessary for the service provided with these entities, and they are prohibited from using it for any other purpose. These third parties will be obliged to comply with the rights and duties laid down in Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016.

This information is covered through an agreement signed between Business Setting and these third parties or simply through a statement of responsibility.

Under no circumstances will the data collected be used for any purpose other than that for which the express consent of the holders was given.

Disclosure of Personal Data

Personal data, as described in this Privacy Policy, and authorized by the Holder in an independent formal statement, are disclosed (as applicable):

• To entities and in terms imposed by law;
• To third-party service providers;
• To other entities to which it is necessary to provide the data to fulfill the purpose of the personal data processing.

Retention of Personal Data

In case, for legal reasons, it is necessary to retain the data for a certain period of time, the information should be kept and stored according to the purpose for which the information is processed.

The period of retention of personal data is indicated in an independent formal statement signed by the holder and according to the purpose of the processing.

Responsibility for the Collection and Processing of Personal Data

The entity responsible for the collection and processing of personal data is Business Setting.

Department managers should ensure that data collection processes are in line with the Privacy and Personal Data Protection Policy.

Business Setting employees have an obligation to ensure the confidentiality of personal data as an integral part of their professional duties and ensure compliance with the guidelines set out in the Privacy and Personal Data Protection Policy.

Access, Correction, Deletion of Personal Data

According to applicable law, the holders have the right of access, correction and deletion of their personal data, as well as the right to limitation of processing, the portability of the data, the withdrawal of consent or opposition to the processing thereof, unless there are contractual, legal or regulatory provisions otherwise.

We recommend that you confirm and update your personal data whenever you deem it necessary.

In any of the mentioned situations the holder of personal data may send the request to the following address:

Business Setting
Avenida Eng. Duarte Pacheco, | Amoreiras, Tower 2, Floor 14 – Room L
1070-101 Lisbon | Portugal

email: alm@business-setting.com

The holder of the personal data has the right to file a complaint with the National Data Protection Commission, the supervisory authority in Portugal  (www.cnpd.pt).

Security measures for the protection of personal data

Business Setting is committed to ensuring the protection and security of the personal data it was given access to, having designed for this purpose a technical and organizational Personal Data Protection Management System, in order to protect these same personal data against its loss, misuse, and unauthorized treatment or access, as well as against any other form of unlawful processing.

The software programs used at Business Setting protect personal data in accordance with applicable law.

Changes to the Privacy Policy

Business Setting reserves the right to readjustments or changes to this Privacy Policy at any time, and these changes are duly communicated on the company’s institutional website – www.business-setting.com.