Personal data and privacy protection are a SayU Consulting commitment
With the application of the new General Data Protection Regulation (GDPR), from May 25th, 2018. SayU Consulting states that it stands fully committed and engaged in the data and privacy protection of the corresponding holder that it uses in its website and proceeds, in this aspect, to updating its data privacy, accordingly with all the principals and standards that support the GDPR.
In this document we aim to explain the personal data we retrieve, to which purposes we may use them, how we treat them, who do we share them with and for how long we keep them.
General Data Protection Regulation
The new GDPR establishes the rules regarding the treatment, by a person, company, or organization, of personal data related with people in the European Union (UE).
The GDPR protects the personal data regardless of the technology used for that data treatment, the protection is neutral in terms of technology and it is applied to both the automatic as to the manual treatment, as long as the data are organized according to predefined criteria (alphabetically, for example). It is also irrelevant how the data is stored, in an informatic system, trough video surveillance, or in paper; in all these cases, the personal data is bounded to the protection requirements envisaged in the GDPR.
What kind of information does SayU Consulting retrieve?
SayU Consulting retrieves two kinds of information: personal information and anonymous information. The anonymous information happens when the personal data owner visits the website and has the goal of improving the website, including the management and prioritisation of content. The personal information is provided voluntarily by the personal data holder at the time of the optional registry. All the retrieved data are processed automatically, being that the personal data owner retrieved information is encrypted and managed with advanced security.
The registry allows for the personal data owner to access the SayU Consulting subscription newsletter and for the SayU Consulting team to fill up the message application form.
SayU Consulting may have to open the personal and anonymous data to third parties. However, this will only happen, in these specific circumstances:
- a) with the explicit consent of the personal data holder
- b) when, in good faith, we believe it is required by law
- c) when, in good faith, we believe is due by the contract stipulation
- d) when, in good faith, we believe it is necessary to protect our rights or property
- e) when there is a transmission to a successor or buyer in a merger, acquisition, liquidation, dissolution, or asset sale
The personal data holder consent will not be required to disclosure in the situations mentioned in the points b) and e). In any case, we will seek to notify it as far as it is allowed by law.
What is personal data?
Personal data is the information about an identified or identifiable person. It is considered identifiable a person that may be directly or indirectly identified. It is also personal data the set of different information that may lead to the identification of a certain person.
Personal data examples:
- Name and surname
- Electronic mail address
- Location data (for instance, the data location function in a mobile telephone)
- Image or Sound
Who is the personal data owner?
The personal data owner is the single person to whom the data concerns and that used the SayU Consulting website.
For how long does SayU Consulting treats and keeps your personal data?
SayU Consulting keeps and treats the personal data accordingly to the ends that those are treated and only for the length of time required for the fulfilment of the goals that reasoned its retrieve and conservation, and always accordingly to the law, the Comissão Nacional de Proteção de Dados (CNPD) guidelines and decisions, or, as the case may, until the opposition right, oblivion right or consent withdraw is wield.
After the respective conservation period has elapsed, SayU Consulting will delete or anonymize the data whenever these should not be kept to the distinctive purpose it may subsist.
Personal data holder rights
The personal data owner has personal data information, access, rectification or deleting rights and the right to the data portability, the right to limit or oppose the data treatment, within the scope and GDPR terms and other applicable legislation.
The holder may retreat, at any given moment, the consent that may have been given to the personal data treatment, within the GDPR frame. The consent revocation will not affect the lawfulness of the data treatment that has been carried out based upon the consent that has been previously provided.
This request may be made to the email address firstname.lastname@example.org.
It also has the right to present a complaint regarding the data treatment to the CNPD.
The answer to the requests should be given, without unjustified delay, within a month counting from the request reception, except if the request is especially complex or occurs in exceptional circumstances. The period may be extended for two months, whenever necessary, in consideration of the request complexity and the number of existing requests.
Within the scope of the request it may be asked to provide an identity proof to ensure that the personal data is shared only with the given holder.
Personal data transmission
The personal data may be transmitted to subcontractors so that they may treat them on behalf of SayU Consulting. In this case, SayU Consulting will take the necessary contractual measures to seek the assurance that the subcontractors respect and protect the holder personal data.
The data may also be transmitted to third parties – entities other than SayU Consulting or the subcontractors or entities to whom the data may have to be communicated by law, such as the Autoridade Tributária, judicial authorities, criminal police bodies, among others.
SayU Consulting website and third parties’ responsibility
Which security procedures assure the data protection?
SayU Consulting takes every necessary and legally demanded protection to assure the protection of the personal data treated or transmitted through its digital platform privacy. These protections assure the online and offline security of that information.
Last updated: June 8th, 2020
Regarding the General Data Protection Regulation (GDPR): Regulation (EU) 2016/679 of the European Parliament and the European Council concerning the protection of single people about the personal data treatment and free circulation of this data and that revokes the Directive 95/46/CE (General Data Protection Regulation) (JO L 119 de 4.5.2016).