Privacy Policy

Privacy Policy SUDD

This Policy is intended to inform Customers/Suppliers/Users about the general rules of privacy and personal data processing, which are collected and processed in strict compliance with the legislation on personal data protection in force at all times, namely Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”).

SUDD respects best practices in the field of security and protection of personal data, having taken the necessary technical and organizational measures to comply with the GDPR and ensure that the processing of personal data is lawful, fair, transparent, and limited to authorized purposes. SUDD is committed to protecting and maintaining the confidentiality of personal data, having adopted measures it deems appropriate to ensure the accuracy, integrity, and confidentiality of personal data, as well as all other rights of the respective data subjects.

What does the privacy policy cover?

This Policy applies exclusively to the collection and processing of personal data for which SUDD is responsible for processing, within the scope of the services and products provided to Customers/Suppliers/Users and in all situations where personal data processing occurs.

What are personal data?

Personal data is any information, of any nature and regardless of its support, including sound and image, relating to an identified or identifiable natural person.

An identifiable person is considered to be a natural person who can be identified, directly or indirectly, namely by reference to a name, identification number, location data, electronic identifiers, or one or more specific elements of their physical, physiological, genetic, mental, economic, cultural, or social identity.

What does the processing of personal data consist of?

The processing of personal data consists of an operation or set of operations carried out on personal data or sets of personal data, whether by automated means or not, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, comparison, interconnection, limitation, erasure, or destruction.

Who is responsible for processing data?

The entity responsible for processing personal data is SUDD, which determines the purposes and means of processing. To this end, if the data subject needs to contact the data controller, they can do so through the means and contacts provided below: frijobel@frijobel.pt.

What types of data are processed?

Within the scope of its activities, SUDD processes personal data necessary for the provision of services and/or supply of products, as well as in the context of the commercial relationship with Suppliers, processing data such as name, address, telephone number, and email address, as provided by the data subjects.

Personal data may also be processed for marketing purposes or to disclose offers of SUDD goods or services, if the respective data subject has authorized it. If there is prior consent from the data subject, it can be withdrawn at any time without compromising the lawfulness of the processing carried out based on the previously given consent.

How do we collect your personal data?

SUDD collects your personal data, namely through telephone, written, or through the website, always ensuring, when necessary, the prior consent of the data subject. Some personal data are essential for the execution of the contract, without which SUDD cannot provide the product or service in question. If the data subject is not a Customer/Supplier/User of SUDD, their personal data will only be processed when provided, in which case the rules of this Policy will apply.

The personal data collected may be processed by computerized and automated or non-automated means, guaranteeing strict compliance with the legislation on the protection of personal data in all cases, being stored in specific databases created for this purpose. Under no circumstances will the collected data be used for purposes other than those for which they were collected or consented to by the data subject.

Who are the recipients of personal data?

Without prejudice to the recipients indicated throughout this Policy, SUDD may disclose the personal data of the Customer/Supplier/User, for the purpose of compliance with legal obligations, namely to police, judicial, tax, and regulatory entities.

What are the purposes of personal data processing and their legal basis?

In general, the personal data collected are intended for the management of the contractual and commercial relationship, the provision of contracted services, the adaptation of services to the needs and interests of the Customer/Supplier/User, namely for the purpose of accessing specific service features, information, and marketing actions. Additionally, personal data may also be processed for legal compliance purposes.

For how long do we store your personal data?

The period during which personal data are stored and retained varies according to the purpose for which the information is processed. Indeed, there are legal requirements that require data to be kept for a minimum period of time. Thus, and whenever there is no specific legal requirement, data will be stored and retained only for the minimum period necessary for the pursuit of the purposes that motivated their collection or subsequent processing, as defined by law.

What are your rights as a data subject?

As data subjects, Customers/Suppliers/Users are guaranteed the right of access, rectification, updating, limitation, and deletion of their personal data (except when the data is indispensable for the provision of services by SUDD or for compliance with legal obligations to which the data controller is subject), the right to object to their use for commercial purposes by SUDD and to withdraw consent, without compromising the lawfulness of the processing carried out based on the previously given consent, as well as the right to data portability.

What measures has SUDD taken to ensure the security of your personal data?

SUDD is committed to ensuring the protection of the security of the personal data provided to it, having approved and implemented rigorous rules in this regard.

Compliance with these rules is an obligation of all those who legally access them. Given the concern and commitment that SUDD demonstrates in the defense of personal data, various security measures have been adopted, of a technical and organizational nature, to protect the personal data provided against their dissemination, loss, misuse, alteration, unauthorized processing or access, as well as against any other form of unlawful processing.

Additionally, third parties who, in the context of service provision, process the personal data of the Customer/Supplier/User on behalf and on behalf of SUDD, are required, in writing, to take technical and security measures necessary to protect personal data against accidental or unlawful destruction, accidental loss, alteration, dissemination or unauthorized access, and against any other form of unlawful processing. In any case, SUDD remains responsible for the personal data provided to it.

How can you access, rectify, update, limit, delete, or object to the processing of your personal data, or withdraw consent?

Without prejudice to the provisions of the GDPR, the data subject may do so directly or by written request addressed to the respective data controller, using the contacts provided for this purpose in this document, as well as other contacts provided by SUDD.

How can you object to receiving marketing contacts?

SUDD may promote disclosure actions to its Customers/Suppliers/Users regarding new products or services, namely through telephone, email, SMS, or any other electronic communications service, if the data subject has given their consent.

If the data subject no longer wishes to receive these communications, they may at any time withdraw their consent to the use of their data for marketing purposes.

Under what circumstances is data communicated to other entities (third parties and subcontractors)?

SUDD, in the scope of its activity, may resort to third parties for the provision of certain services. Sometimes, the provision of these services involves these entities’ access to personal data of Customers/Suppliers/Users.

When this happens, SUDD takes appropriate measures to ensure that the entities accessing the data are reputable and offer the highest guarantees in this regard, which is duly enshrined and safeguarded contractually between SUDD and the third-party entity(s).

Thus, any entity subcontracted by Frijobel will process the personal data of our Customers/Suppliers/Users on behalf and on behalf of SUDD, adopting the necessary technical and organizational measures to protect personal data against accidental or unlawful destruction, accidental loss, alteration, dissemination, or unauthorized access, and against any other form of unlawful processing. In any case, SUDD remains responsible for the personal data provided to it.

Under what circumstances are your personal data transferred?

The provision of certain services by SUDD may involve the transfer of your data outside of Portugal, including outside the European Union or to International Organizations. In such cases, SUDD will strictly comply with the applicable legal provisions, namely regarding the determination of the adequacy of the destination country(ies) regarding the protection of personal data and the applicable requirements for such transfers, including, whenever applicable, the conclusion of the appropriate contractual instruments that ensure and respect the legal requirements in force.

How can you become aware of any changes to the personal data protection policy?

SUDD reserves the right to at any time make readjustments or changes to this Personal Data Protection Policy.