On 27 April 2016, the European Parliament published a new regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data, called the General Data Protection Regulation (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL). This Regulation came into force on 25 May 2018, repealing Directive 95/46/EC for the protection of personal data.
Gres Panaria Portugal, SA, hereinafter referred to as GPP, SA, undertakes to comply with the General Data Protection Regulation and with all applicable national and European Data Protection and Privacy regulations.
GPP, SA is committed to protecting the rights, freedoms and guarantees of those visiting its websites and users of the services offered here (hereinafter referred to as Data Subjects), processing their personal data safely, in accordance with all their legal obligations.
- Personal data. Any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- Data Subject. Is an identified or identifiable natural person whose personal data are processed by a controller;
- Processing of personal data. Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- Controller. The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
- Processor. A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
- Supervisory authority. An independent public authority which is established by a Member State of the European Union pursuant to Article 51; it is the authority responsible for controlling and supervising the processing of personal data, in strict respect for human rights and fundamental freedoms and guarantees enshrined in the Constitution and in the law.
- Cookies. Cookies are small text files that are stored on the Data Subject’s device (computer, mobile phone/smartphone and tablet) through their browser when they visit websites. These cookies help websites recognise the device the next time the Data Subject visits them and in some cases are essential for their operation.
Controller and Data Protection Officer
GPP, SA is the entity responsible for the https://www.grespanaria.pt/en website and for all the services provided here to the Data Subjects.
The use of this website and the services provided by Data Subjects may imply the performance of personal data processing activities. As part of its commitment to Privacy, GPP, SA ensures the Privacy and Protection of the personal data of Data Subjects.
GPP, SA contact details:
GPP, SA S.A.
3830-133 Ílhavo - Portugal.
Tel: +351 234 303 030
Contact details of the Data Protection Officer:
José António Pinto
To exercise any right related to the protection of data or privacy or for any other matter related thereto, namely to report incidents or file complaints, Data Subjects may contact the Controller or the Data Protection Officer at the above contact details, describing the reason for the contact and indicating the possible contact points for the required response (telephone number, email address or other).
Collection and Processing of Personal Data
On the https://www.grespanaria.pt/en website, personal data are collected when Data Subjects use or enable certain services or features. This personal data may be provided by the Data Subjects so that they can use these services or features or will result from their use, namely access, consultations or other transactions.
As part of the above-mentioned services and features, personal data of various categories, such as name, address, email, telephone number or other personal identifiers may be collected and processed. Before or during the collection and processing of personal data, the Data Subject will always be informed of the collection purpose of the personal data, of their retention period, of how they will be processed and of who will be the recipients. The explicit consent of the Data Subject will always be required for the collection and processing of their personal data.
The personal data collected by GPP, SA within the scope of the https://www.grespanaria.pt/en website are manually processed by computer means, and, if applicable, in an automated manner, as a way of managing the relationship with the Data Subjects, always in accordance with the General Data Protection Regulation and other applicable national and EU legislation.
On the https://www.grespanaria.pt/en website, there is a contact form that provides a point of direct communication with GPP, SA. If a Data Subject contacts GPP, SA using the contact form, their personal data will be stored automatically and will only be used by GPP, SA to contact the Data Subject in order to reply to their enquiry. Personal data will only be processed and retained for as long as necessary for the purposes of the contact initiated by the Data Subject. Personal data will not be used for other purposes or transferred to third parties.
Rights of Data Subjects
In the context of the use of the https://www.grespanaria.pt/en website and the services and features offered therein, Data Subjects may at any time exercise their privacy and data protection rights, namely: to access their personal data; to rectify inaccurate or incomplete data; to request the erasure of their personal data, if permitted by law; to withdraw consent for data collection and processing; to request the portability of their data; and to restrict or object to the processing of their personal data, under the terms and conditions of the General Data Protection Regulation and other applicable legislation. All requests for the exercise of privacy and data protection rights by Data Subjects must be written by them and sent to GPP, SA or its Data Protection Officer, using the relevant contact details provided herein.
Data processing principles
In accordance with this Policy and with its Responsibility to protect the data and privacy of Data Subjects, GPP, SA complies with all the basic principles of the processing of personal data, as set out in Article 5 of the General Data Protection Regulation, which are lawfulness, fairness, transparency, purposes limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality and availability.
GPP, SA ensures compliance with all of the above-mentioned principles, highlighting them in the context of the collection and processing of personal data made through the services and features available on the https://www.grespanaria.pt/en website. Any entity that is legally entitled to do so may request GPP, SA to provide evidence of compliance with the personal data processing principles.
Lawfulness of data processing
In the context of the use of the https://www.grespanaria.pt/en website and the services and features offered there, GPP, SA processes personal data based on a legal basis, either due to the fact that the Data Subject has given consent for the collection and processing of their personal data, or because the collection and processing is necessary for the performance of a contract held by the Data Subject or for pre-contractual activities and upon request of the Data Subjects. Where applicable and after informing the Data Subjects, personal data may be processed on a legal basis or in compliance with a legal obligation to which GPP, SA is bound or for the fact that the processing of personal data is necessary for the pursuit of its legitimate interests.
Purpose of data processing
All personal data collected through the services and features offered on the https://www.grespanaria.pt/en website are exclusively intended for the purposes reported to the Data Subject in the context of each data collection activity, namely for sending newsletters to disseminate products and services, collecting data for any job application, registering the Data Owner to access the private area and contact request.
The Data Subject is always informed about the purposes of the collection and processing of their Personal Data and must give their consent for collection and processing activities. The Data Subject may always exercise his/her right to object or restrict the processing of his/her personal data if he/she believes that the processing in progress exceeds the purposes initially reported and explicitly consented. To exercise such rights, the Data Subject must send a written request to GPP, SA and its Data Protection Officer, using the relevant contacts provided herein.
Data retention period
At the time of initial collection, the Data subject is informed of the retention period for the personal data collected by GPP, SA as part of the services and features offered on the https://www.grespanaria.pt/en website. In general, personal data will be kept only for the period of time required for processing purposes that were reported to the Data Subject as a basis for the collection and subsequent processing or until the Data Subject requests their erasure.
When the agreed retention period ends, the personal data will be restricted and erased.
Disclosure of data to third parties
The provision of the services and features on the https://www.grespanaria.pt/en website may imply the use of third party processors subcontracted by GPP, SA. These third party processors may have their head office in or outside the European Union. The service provided to GPP, SA by these third party processors may imply their access to the personal data of the Data Subjects. If this access is required, the Data Subjects will be informed in advance and their consent for this data sharing will be requested.
GPP, SA will only use third party processors providing the necessary and sufficient guarantees for the implementation of the appropriate technical and organisational measures to ensure compliance with the General Data Protection Regulation and applicable legislation concerning the privacy and protection of the personal data of Data Subjects.
As part of the services and features available on the https://www.grespanaria.pt/en website and the collection and processing of the personal data of Data Subjects, GPP, SA does not transfer personal data to third parties that are not processors, unless it is necessary for compliance with a legal obligation. Similarly, no data will be transferred to third parties for purposes other than those that were initially reported to the Data Subjects and for which they gave their consent.
International transfers of data
As part of the services provided on the https://www.grespanaria.pt/en website, whenever cross-border transfers of Personal Data outside the European Union or European Economic Area are necessary and justified, appropriate protection measures shall be taken in advance and ensured. This transfer of personal data will only be carried out if there are guarantees of compliance with the General Data Protection Regulation and national and EU legislation applicable to cross-border transfers of data. GPP, SA’s Data Protection Officer is responsible for validating and authorising the necessary cross-border transfer of data.
Data protection security measures
With the technical support of its processors, GPP, SA applies the necessary and appropriate technical measures on its https://www.grespanaria.pt/en website to ensure the integrity and confidentiality of the personal data of Data Subjects, in order to protect their collected and stored personal data against negligent or fraudulent use. The technical measures implemented protect personal data against loss, destruction, misuse, alteration, unauthorized access or unlawful processing.
Data Subjects are responsible for following good security practices in accessing the services and features provided by the https://www.grespanaria.pt/en , website, mainly by keeping the credentials to access private areas safe, updating and maintaining their operating systems and personal computers according to the manufacturers' instructions, and by installing and using security applications such as antivirus, among others.
Last updated: 15 May 2018