The Data Controller, referred to as “we” or “the Rumos Group” in the present policy, is synonymous with the company that determines the purposes and means of the data processing in question. The company is the following:
- Rumos Capital, Gestão, Consultoria e Inovação, S.A
- Head Office: Rua Julieta Ferrão - Torre 10, 7º Andar, Entrecampos 1600-131 Lisbon
- Contact: firstname.lastname@example.org
- Legal Person Number: 506937674
The Personal Data we collect
Through the Rumos Group Website, different personal data may be collected directly from the User at different moments, namely:
- To contact with the Rumos Group: name, email, location, and telephone number;
In addition to the data collected through the Website, the Rumos Group also collects data from clients, employees, suppliers, and service providers for the formalization of contracts.
The purposes of collecting Personal Data
The Rumos Group collects personal data from:
- I – Clients / Users
The Clients’/Users’ data is collected for the following purposes:
- Providing information;
- Informing clients about new products and services available, and special offers and promotions from other entities belonging to the Rumos Group;
The collection of data for the aforementioned purposes is necessary in order to provide the information requested by the data subject and, therefore, it is necessary to carry out pre-contractual procedures at the request of the data subject.
- II – Candidates and Employees
The data of Candidates is collected for the purpose of the purposes of recruitment and selection and the data of Employees is collected for the performance of the employment contract entered into with the Rumos Group. The data processed is necessary for the performance of a contract to which the data subject is a party, or for the purposes of pre-contractual procedures at the request of the data subject. The personal data of the Rumos Group’s Employees is also collected and processed for the purpose of complying with the legal obligations to which the Rumos Group is subject.
- III – Service Providers
The Rumos Group carries out processing operations on the Personal Data of its Service Providers in order to ensure compliance with the service provision contract agreed with the Data Subjects or with the joint Data Controllers (in relation to the data and Data Subjects collected by them, such as counterparties, employees and others). The personal data identified herein and subject to processing are necessary for the performance of a contract, for pre-contractual procedures, or for the fulfillment of legal obligations.
General principles applicable to the processing of Personal Data
The Rumos Group is committed to ensuring that the personal data it processes is:
- Processed in a lawful, fair, and transparent manner with respect to the data subjects;
- Collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with the purposes for which it was collected;
- Accurate and updated whenever necessary;
- Kept in a form that allows the identification of data subjects for no longer than is necessary for the purposes for which they are processed;
- Processed in a manner that guarantees their security, including protection against unauthorized or unlawful processing and against loss, destruction, or unforeseen damage, with the adoption of appropriate technical or organizational measures.
Retention period of Personal Data
The personal data collected is processed in strict compliance with the applicable legislation and stored in specific databases created for this purpose. The length of time for which personal data collected by the Rumos Group is stored and retained depends on the purpose for which the information is processed and will only be kept for the time necessary to fulfill the stated purposes. There are legal requirements for data to be kept for a minimum period of time. Therefore, in the absence of a specific legal obligation, data will only be stored and kept for the minimum period necessary for the purposes for which it was collected or processed, and then deleted.
Rights of Personal Data Subjects
In accordance with the terms of the General Data Protection Regulation, the data subject has the following rights related to the processing of his/her personal data:
- RIGHT TO BE INFORMED:
The right to be informed of the conditions under which the personal data is processed at the time when it is obtained. If personal data is not obtained from the data subject, he or she must be provided the information within a reasonable period of time, with some exceptions considered in the General Data Protection Regulation.
- RIGHT OF ACCESS:
The right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data, as well as information about the purposes of the processing, the categories of personal data concerned, the data recipients, the envisaged period for which the personal data will be stored, among others.
- RIGHT TO RECTIFICATION:
The right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning the data subject.
- RIGHT TO ERASURE:
The right to obtain from the controller the erasure of personal data concerning him or her without undue delay under a certain number of circumstances.
- RIGHT TO RESTRICTION OF PROCESSING:
The right to obtain from the controller restriction of processing where one of the foreseen conditions in the General Data Protection Regulation applies.
- RIGHT TO DATA PORTABILITY:
The right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used, and machine-readable format.
- RIGHT TO OBJECT:
The right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her, namely when personal data is processed for direct marketing purposes.
- RIGHT TO NOT BE SUBJECT TO AUTOMATED INDIVIDUAL DECISION-MAKING:
The right not to be subject to a decision based solely on automated personal data processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
- RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY:
The right to lodge a complaint with the competent supervisory authority under Portuguese law (Portuguese Data Protection Authority) if the data subject considers that how the Rumos Group is processing his/her personal data infringes the applicable legislation and this Policy. By law, you are guaranteed the right to withdraw your consent to the processing of data, for which your consent was required to make its treatment legitimate. You have the right to withdraw your consent at any time, although this will not invalidate the processing of data conducted up to that date based on the consent previously given. These rights may be exercised at any time by the User by sending an e-mail to the following address: email@example.com. The Rumos Group will respond to the User's request in writing (including by electronic means) within a maximum period of one month from the date of receipt of the request, except in cases of particular complexity, in which case this period may be extended to two months. If the requests submitted by the User are manifestly unjustified or excessive, particularly due to their repetitive nature, Rumos reserves the right to charge administrative costs or to refuse to comply with the request.
Transfers of Personal Data
Within the scope of User Data processing, the Rumos Group may subcontract third parties to process User Data on its behalf and in accordance with its instructions. The Rumos Group ensures that such subcontractors provide sufficient guarantees for the implementation of appropriate technical and organizational measures so that the processing meets the requirements of applicable law and ensures the security and protection of the rights of data subjects, in accordance with the terms of the subcontracting agreement signed with said subcontractors. The Rumos Group may also transmit clients’ personal data to third parties, not qualified as subcontracting entities when it considers such communication of data as necessary or appropriate (i) under applicable law, (ii) in compliance with legal obligations/judicial orders, or (iii) to respond to requests from public or government authorities. In this respect, the Rumos Group may transmit your personal data to public authorities and regulators. The table below shows the recipients of personal data transfers:
|Categories of recipients
|Purposes of personal data processing
|Consultants and Lawyers
|Provision of consulting and legal services
|Companies from the Rumos Group
|Provision of services to users
|Service providers and IT infrastructure providers
|Payments and provision of services
|Software and systems licensing, maintenance, support, and technical assistance companies
|Management / maintenance / Support of the systems and software necessary for the activity of Rumos Training
- Google Analytics:
There is interactivity with Facebook on the Website through a connection to the servers of this social network. The servers will identify the website that the User is visiting and may store other data, such as the IP address. If the User is logged into Facebook, the data will be associated with the Website. To prevent this, the User must log out of Facebook before visiting the Website. More information about the data processing practices of Facebook can be found at https://www.facebook.com/about/privacy/.
There is interactivity with LinkedIn on the Website through a LinkedIn button that connects to the servers of this social network. The servers will identify the website that the User is visiting and may store other data, such as the IP address. More information about the data processing practices of LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy?_l=pt_BR.
For more information or questions regarding the privacy of your personal data, contact us via the email firstname.lastname@example.org.