PRIVACY POLICY

 

This document establishes the Privacy Policy of RCG - Reabilitar em Casa, Lda, with address in Lagoas Park Oeiras, Edif.7, Piso 1 Sul, 2740-244 Porto Salvo, taxpayer number 508756545, hereinafter identified as “RCG”, As responsible for the processing of personal data.

Legislation

The processing of personal data carried out by RCG is in accordance with the national and Community legislation in force, Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of individuals with regard to respect to the processing of personal data and the free movement of such data and guidelines issued by European and national authorities, by model clauses approved by the European Commission or by supervisory authorities, as well as by any relevant case law, jointly referred to as “Protection Regime Data ”, hereinafter“ GDPR ”.

Scope

This policy applies to the personal data processing activities carried out by RCG. 

RCG may periodically update this Privacy Policy, as well as any other specific data protection and privacy statement. When making changes to this Privacy Policy, a new update date will be added at the end of it.

RCG will inform, by email, of the change in this Privacy Policy to individuals who have subscribed to the communications reception service. 

Processing of personal data

The processing of personal data is carried out in accordance with the general principles set out in the “GDPR”, namely:

  • In the context of the relationship established with the data subject, we ensure that personal data will be treated in a lawful, loyal and transparent manner ("Principle of lawfulness, loyalty and transparency");
  • We collect personal data for specific, explicit and legitimate purposes and do not subsequently process the same data in a manner incompatible with those purposes ("Principle of limiting purposes");
  • We ensure that only appropriate personal data are processed, relevant and limited to what is strictly necessary for the purposes for which they are processed ("Principle of data minimization");
  • We adopt the appropriate measures so that the inaccurate personal data, taking into account the purposes for which they are processed, are erased or rectified without delay ("Principle of accuracy");
  • We keep personal data in such a way as to allow their identification only for the period necessary for the purposes for which they are processed ("Conservation principle");
  • We ensure that personal data are treated in a way that guarantees their security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by adopting the appropriate technical or organizational measures («Principle of integrity and confidentiality ').

What personal data we process

In the context of the activities carried out by RCG, the Data Subject is, without limitation, the customer and / or former customers, potential customers, investors, partners, jobseekers, employees and ex-employees, employees of partners, suppliers and providers of services and their collaborators, claimants and claimants, visitors and individuals and all those individuals who maintain a relationship with RCG and to whom the personal data relate.

RCG does not voluntarily request or collect personal data from minors. If RCG discovers that it has inadvertently collected personal data from a child under 18, it will immediately delete the records containing that child's personal data. We emphasize, however, that RCG may collect personal data relating to minors, when provided by parents or a legal guardian who expressly consents to such collection or when they are collected through CCTV systems.

In the development of its activities, RCG processes the personal data of a significant number of categories of data subjects.

The personal data that RCG collects always depends on the nature of the interaction.

We emphasize that you will not be required to share personal data with RCG. However, if you choose not to share your personal information, in some cases, RCG may not be able to provide the services or supply the products you want, ensure certain specialized features or effectively answer any questions you may have.

 

Categories of personal data processed:

  •       Identification data
  •       Tax data
  •       Address and contact details
  •       Payment data
  •       History of the provision of contracted services
  •       Health data for service provision
  • Food references / special needs according to the contracted services
  •       Communications subscription data
  •       Complaint resolution history
  •       Transaction history 

. Data for verification, recovery and / or allowing your accreditation on the Website 

 

Why we treat your information

The development and realization of the various activities pursued by RCG, mean the existence of a relevant set of specific, explicit and legitimate purposes for the treatment of personal data, such as:

Purpose: Legal basis:
  • Provision of Health Services
  • Pre-contractual execution and due diligence
  • Sending communications 
  • Consent of the data subject
  • Responding to requests
  • Pre-contractual arrangements and contractual execution
  • Degree of satisfaction 
  • Consent of the data subject
  • Administrative, economic and accounting management
  • Continuation of the necessary pre-contractual steps and contractual execution
  • Compliance with legal obligations
  • Recruitment and Jobseekers
  • Consent
  • Pursuing the necessary pre-contractual steps
  • Compliance with legal obligations
  • Management of events organized by RCG
  • Consent of the data subject
  • Compliance with legal obligations
  • Legal obligation
  • Data transfer to third parties
  • Legal obligation
  • Legitimate interest
  • CCTV video surveillance
  • Legitimate interest

What we treat your information for

By reference to the «Principle of Lawfulness» enshrined in the GDPR, in the development and performance of its activities, RCG only processes personal data when there is a lawfulness foundation that legitimizes the treatment, namely:

  • Consent

RCG will only process personal data if it consents to the respective Treatment through a manifestation of will, free, specific, informed and explicit, by which it accepts, by means of a statement (in writing or orally) or an unequivocal positive act (by filling in an option ), that personal data is subject to Processing.

  • Pre-contractual arrangements or execution of a contract

RCG may process personal data if it is necessary, without limitation, for the execution of a contract for the provision of services and / or supply of products to which it is a party as an Employee, Client and / or Supplier, or to take steps pre-contractual on request.

  • Compliance with a legal obligation

RCG may process personal data to ensure and guarantee compliance with legal obligations to which it is subject under the legislation of a Member State and / or the European Union.

  • Legitimate Interests

RCG, other Responsible or Third Parties, may process personal data provided that the same Treatment does not prevail over the interests or fundamental rights and freedoms of the Holder.

How long do we keep personal data

During the treatment period of personal data, RCG guarantees that they are treated in accordance with this Privacy Policy. As soon as the data is no longer needed for the purpose to be pursued, RCG will proceed to its safe removal.

Treatment: Storage time:
  • Provision of contractual services
  • 10 years after providing services
  • Sending commercial communications
  • Until revocation of consent or opposition to treatment
  • Responses to requests
  • Until pursuit of the purpose
  • Administrative, economic and accounting management
  • 10 years after administrative obligation or the time required to comply with legal obligations that in each case apply
  • Job application information for unsuccessful candidates
  • 6 months after pursuit of the purpose or until revocation of consent
  • Events organized by RCG
  • Until event evaluation
  • Data transfer to third parties
  • Until pursuit of the purpose or end of the legal obligation
  • CCTV video surveillance images
  • 30 days after image recording date

RCG keeps personal data only for the period of time necessary to carry out the specific purposes for which they were collected. However, the RCG may be required to retain some personal data for a longer period, taking into account factors such as:

  • Legal obligations under current laws to keep Personal Data for a specified period;
  • Limitation periods, under the laws in force;
  • (eventual) Disputes; and,
  • Guidelines issued by the competent data protection authorities.

Sharing personal data with third parties

Personal data may be shared with entities responsible for providing services to RCG.

The companies in charge of providing services are bound to RCG by written contract, only being able to process personal data for the purposes specifically established and are not authorized to process personal data, directly or indirectly, for any other purpose, for their own benefit or for third.

Personal data can be shared internally with other RCG companies that will comply with the data protection rules applicable according to the purposes attached to the Treatment performed.

Upon request and with due consent, personal data may be shared with other entities.

In compliance with legal and / or contractual obligations, personal data may also be transmitted to judicial, administrative, supervisory or regulatory authorities, as well as to entities that lawfully carry out data collection actions, actions to prevent and combat fraud, market or statistical studies.

EEA cross-border transfer

As part of the provision of integrated services to Customers, or to our partners, or to external communication service providers or to external service providers in the area of ​​information systems management, RCG may transfer personal data outside Espaço European Economic Area (EEA), such as Portuguese-speaking countries, whose data protection legislation may not provide protection equivalent to that provided within the EEA.

However, RCG only transfers personal data outside the EEA:

  • when the transfer is made to a location or through a method or in circumstances that the European Commission considers to ensure adequate protection of Personal Data;
  • when it has implemented standard data protection clauses adopted by the European Commission or a competent data protection authority; or,
  • when none of the above apply, but the law still authorizes such a transfer, for example, if it is necessary for the declaration, exercise or defense of a right in a judicial proceeding.

In this sense, RCG follows criteria in the selection of service providers, in order to comply with its personal data protection obligations, committing itself to subscribe to the same Data Processing Agreement, which includes, among others, the following obligations to apply appropriate organizational techniques and measures for the protection of personal data.

What are the Holder’s rights

As Holder of the personal data processed by RCG, you have the right of access, rectification, limitation, portability, deletion and the right to object to the processing of personal data, in certain circumstances, which may be exercised under the terms of this chapter of the Privacy Policy.

  • Right to information

You have the right to obtain clear, transparent and easily understandable information about how RCG uses personal data and what your rights are. That is why RCG provides you with all this information in this Privacy Policy.

  • Right of access

You have the right to obtain information about what Personal Data RCG treats (if it is processing it) and certain information (similar to that provided in this Privacy Policy) about how that data is treated. This right allows you to be aware of and confirm that we use your data in accordance with data protection laws.

RCG may refuse to provide the requested information whenever, in order to do so, RCG has to disclose another person's personal data or the information negatively impacts another person's rights.

  • Right of rectification

If your data is incorrect or incomplete (for example, if your name or address is wrong), you can ask RCG to take reasonable steps to correct it.

  • Right to erase data

This right is also known as the “right to be forgotten” and, in a simple way, allows you to request the deletion or deletion of your data, as long as there are no valid grounds for RCG to continue using them or their use be illicit. This is not a general right to erasure, as exceptions are allowed (for example, whenever this data is necessary for the defense of a right in a judicial process).

  • Right to limit treatment

You have the right to “block” or prevent the future use of your data while RCG evaluates a request for rectification or as an alternative to deletion. Whenever the Treatment is limited, RCG will still be able to store your data, but will not be able to use it later. RCG maintains a list of holders who have requested to “block” the future use of their data to ensure that this limitation is respected.

  • Right to data portability

You have the right to obtain and reuse certain personal data for your own purposes in various organizations. This right applies only to the own data that you have provided to RCG and that RCG handles with your consent and those that are processed by automated means.

  • Right to opposition

You have the right to oppose certain types of treatment, for reasons related to your particular situation, at any time during that Treatment, for the purposes of the legitimate interest of RCG or Third Parties. RCG may continue to process such Data if it can provide evidence of “overriding legitimate reasons for the Treatment that override its interests, rights and freedoms” or if such Data are necessary for the establishment, exercise or defense of a right in a judicial process.

  • Right to revoke a consent

When the basis for lawfulness is consent, you have the right to revoke it at any time.

  • Right to complain

You have the right to file a complaint with the competent supervisory authority, the National Data Protection Commission - CNPD, if you consider that the processing carried out on personal data violates your rights and / or applicable data protection laws. You can do so through the website www.cnpd.pt

Security and Confidentiality

Personal data will be processed by RCG, in the context of the purposes identified in this Policy, in accordance with other policies, procedures and internal rules of RCG and using appropriate organizational techniques and measures to promote their availability, confidentiality and integrity, namely in in relation to the unauthorized or unlawful treatment of personal data and the respective loss, destruction or accidental damage.

Without limiting, RCG uses logical and physical security requirements and measures to ensure the protection of personal data by preventing unauthorized access, ensuring that information is stored on secure computers in a closed and certified information center and that data is encrypted whenever possible, implemented audit and control procedures to ensure compliance with security and privacy policies and periodically reviews our security policies and procedures to ensure that RCG systems are safe and secure.

However, since the transmission of information over the Internet is not completely secure, RCG cannot guarantee the security of data when transmitted over an open network.

RCG recognizes that the information you provide to us may be confidential. RCG does not sell, rent, distribute, or commercially or otherwise make personal data available to any third party, except in cases where it needs to share information with Service Providers for the purposes set out in this Privacy Policy. RCG preserves the confidentiality and integrity of the data and protects it in accordance with this Privacy Policy and applicable laws.

Utilization of cookies

RCG automatically collects information whenever someone visits the Websites. 

You can consult our Cookie Policy at https://reabilitar-em-casa.com/politica-de-cookies/.

In case of doubt or to exercise rights

If you have any questions or would like more information about how we treat personal data or our information security practices, please do not hesitate to contact us at our address or address dpo@reabilir-em-casa.com.

You may at any time, in writing, exercise the rights enshrined in the GDPR and other applicable laws through the contacts mentioned above.

For the exercise of rights, if necessary, you must attach a copy of the citizen card or other document that proves the identity of the holder of the personal data. The right you want to exercise must be indicated. The exercise of rights is free, unless it is a manifestly unfounded, excessive or repeated request

Last updated date: 23/11/2020