josocks

The new General Regulation for the Protection of Personal Data (GDPR) – Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, effective from the next 25 May 2018, with direct application to all collective or natural entities, public or private that process personal data of natural persons in all EU countries, repeals the current Data Protection Law, and defines new rules guaranteeing and reinforcing protection, treatment and free circulation of personal data, in order to avoid serious situations of breach of such data.

Jo’Socks, a brand of Great Sucess Unipessoal Lda., Complying with the provisions of the new General Regulation for the Protection of Personal Data (GDPR) and defending its security, adopted new principles and common rules that are part of the Company’s Privacy Policy document , which we transcribe below:

COMPANY PRIVACY POLICY

The purpose of this document is to establish and make known the rules and mechanisms for ensuring the privacy of all personal data received and kept by the company, within the scope of its commercial and work activity, namely informing you about which categories of personal data we collect, the purpose and the legal basis of the processing of the data, with whom we share the data, the period of maintenance of the data, the rights that assist you and how you can exercise them and the obligations in case of data breach.

The company’s Privacy Policy is shared through all available communication media and applies to all information collected through the company’s website, Social Media (Facebook, Instagram), as well as to information it shares or has. shared with us in person, in meetings, interviews, by phone, SMS, email, letter or other correspondence. The processing of personal data will be carried out by the company.

If you would like to obtain additional information or clarify any doubts about our Privacy Policy and Treatment of Personal Data, you can address your questions by letter or email:

Great Sucess Unipessoal Lda.
 Rua Passos de Cima, nº 128 – Serzedelo
4765-519 Guimarães
Portugal
VAT No. 509407927

What personal data is and what personal data we collect and use

Personal Data is any information that can identify a natural person.

We collect and use personal data in the context of commercial activities that the company, as well as in the industrial relations (in the case of our employees) that is established. There are several types of personal data we use, namely:

  • Identification data (for example: name, identification numbers, nationality, date and place of birth);
  • Contact details (for example: address, telephone, e-mail address);
  • Family situation (for example: number of descendants, tax status);
  • Education (level of education);
  • Bank and financial data (IBAN, NIB, credit limits);
  • We do not collect sensitive data – biometric data, genetic data, health data, of racial or ethical origin, data relating to sexual life or orientation, political opinions, religious or philosophical beliefs, with the exception of union membership (applicable only to employees due to compliance with legal obligations).

Indirect collection of other data

We may indirectly have access to personal data from:

  • Relatives;
  • Legal or mandatory representatives;
  • Partners of the society;
  • Employees of our customers, suppliers, service providers and partners

All these data will be treated with the same security and privacy.

What is the foundation and the Purposes

Foundation

  • Consent

Based on the prior consent of the holder of the personal data, which must be free, informed and unambiguous;

  • Legitimate interest

When the processing of data corresponds to a legitimate interest on the part of the company with a view to developing our activity and providing our services, as well as its industrial relations;

  • Compliance with all legal, regulatory and judicial obligations

When the processing of personal data is necessary to comply with all legal, regulatory and judicial obligations to which the company is subject.

  • Pre-contractual arrangements, execution and management of contracts
  • Request your consent for specific treatment outside this scope

Purposes

The use of personal data is necessary in particular for:

  • Management and monitoring of customers / suppliers;
  • Marketing activities, such as: presentation of products / services, sending newsletters, promotional campaigns and actions, satisfaction surveys, market research, profile analysis.
  • Compliance with all legal, regulatory or judicial obligations to which the company is bound in the commercial and labor scope;
  • Administrative, accounting and financial management;
  • Training management;
  • Collection and litigation management;
  • Complaints management;
  • Access control to facilities;
  • Recruitment processes;
  • Internship processes;

With whom we share personal data

As part of fulfilling the purposes described above, it may be necessary to share your data with:

  • Official, Regulatory, Judicial and Police Entities

To comply with all legal obligations, as well as participation in programs and support.

  • Service providers and subcontractors

It may be necessary to share personal data with third parties within the scope of the activity and according to each objective, such as, for example, insurance companies, health and safety at work companies, travel agencies, training companies, technical assistance companies, support for e-commerce activities, hosting of our sites, among others.

  • Business partners

In these cases, we can share your data with these partners to optimize our products and services.

  • Customers and Suppliers

Some personal data of employees, within the scope of the functions that each employee performs, may have to be shared with customers and suppliers.

These entities, if they belong to the EU, will have the responsibility to comply with the provisions of the GDPR, but the company will take all possible measures within its power to ensure that all entities with which it shares personal data respect our Privacy Policy and, therefore, protect data. personal data entrusted to them.

What are the retention periods for personal data

Personal data will be kept for an indefinite period of time, that is, until the data subject requests its total or partial deletion or withdraws his consent, provided that this request does not conflict with the fulfillment of contractual or legal obligations and regulations to which the company is bound.

What are the rights of the holders of personal data

The holder of personal data, according to the applicable rules, has the right to information, access, rectification, elimination, limitation, objection and portability of the data, as well as to challenge automatic decisions and to withdraw his consent.

  • Right to information, access, and rectification

The data subject can, at any time, access the data provided, request its rectification, as well as obtain information regarding its treatment, and we undertake to follow up within a maximum period of 30 days.

  • Right to disposal

The right to delete is also recognized, with personal data being deleted, within the aforementioned period, counting from the date of the request, provided that there are no valid legal grounds for its conservation.

  • Right to limitation and objection

You can request the limitation, as well as, oppose the treatment of personal data, namely, when the data are processed for direct marketing purposes.

  • Portability of personal data

The holder has the right to request the company, when legally admissible, to send his personal data to another organization, unless this transfer by its extension implies high means and costs.

  • Automatic decisions

When applicable, the data subject has the right to challenge automatic decisions such as the definition of profiles, requesting human intervention by the Data Officer.

  • Withdraw your consent

The data subject may withdraw his consent, to the extent legally permissible. This situation does not compromise the legality of the treatment carried out until that date.

If the holder intends to exercise his or her written rights above, he / she can do so by registered letter or by e-mail to the contacts below, and proof of identity of the holder is essential to ensure security and confidentiality in the process.

Great Sucess Unipessoal Lda.
Rua Passos de Cima, nº 128 – Serzedelo
4765-519 Guimarães
Portugal
VAT No. 509407927

It should be noted that if there are norms or legal imperatives that override these rights, the company will answer about the impossibility and the reason for not being able to comply with the request, within a maximum period of 30 days.

The data subject may complain to the  Comissão Nacional de Protecção de Dados – a CNPD (www.cnpd.pt).

The company, valuing the trust that the data subject deposits in granting his consent, adopted the technical, physical and organizational measures appropriate to the GDPR, ensuring that personal data are properly protected against unauthorized or illegal use, alteration, access unauthorized disclosure or disclosure, accidental or willful destruction and loss.

 

The company’s Privacy Policy applies to its employees, to individual entrepreneurs and will also be extended to legal persons whenever the treatment of personal data of managers, legal representatives and / or their employees is involved.

The company reserves the right to change its Privacy Policy in the face of legislative changes or due to its activity.

Guimarães, 15 June, 2020

 

Menu
Este site utiliza cookies para permitir uma melhor experiência por parte do utilizador. Ao navegar no site estará a consentir a sua utilização.
Ok