PRIVACY POLICY

Privacy Policy


Version: 202306



I. Data Protection & Privacy Commitment

COINDU is committed to compliance with all applicable EU and national legal regulations in the field of data protection and information security.


The COINDU has implemented a Personal Data Protection System and an Information Security System in order to ensure regulatory compliance and to demonstrate or evidence institutional responsibility for data protection and information security, implementing all necessary technical and organizational measures deemed appropriate, either to comply with the legal regime of the General Data Protection Regulation (EU Regulation 2016/679, of 27 April, hereinafter referred to as RGPD), or to comply with the legal regime of the RGPD Implementation Law (Law no. 58/2019, of 8 August, hereinafter referred to as LERGPD), or other applicable complementary legislation.


For any clarification or additional information, or to exercise your rights in this regard, please contact the COINDU Data Protection Officer at dpo@coindu.com.



II. Definitions

« Personal data »

«Personal data», information relating to an identified or identifiable natural person ('data subject') - an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier. Personal identifiers are, for example, a name, an identification number, location data, electronic identifiers or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.


« Handling of Personal Data »

"Processing" shall mean any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


« Cookies » (Connection Testimonials)

«Cookies», are small text files containing information considered as relevant that the devices used for access (computers, cell phones or portable mobile devices) load, through the internet browser, when an online site is visited by the User.



III. Entity Responsible for Treatment

Coindu - Componentes para a Indústria Automóvel SA, Corporate Taxpayer 501998055, hereinafter referred to as COINDU, is the entity responsible for the forms, online sites, computerized systems or applications, hereinafter referred to as channels or applications, through which the Users, Service Recipients or Users have remote access to the COINDU services that are presented or provided at any time through them, and is the entity considered to be responsible for the processing of personal data.


The use of the channels, systems or applications by any User, Service Recipient or User may involve the processing of personal data, whose protection, privacy and security is ensured by COINDU, as the entity responsible for the respective processing, in accordance with the terms of this Data Protection Policy.



IV. Institutional Contacts of the Data Controller

For contacting the COINDU Data Protection Officer, please send an e-mail to dpo@coindu.com or to each of the specific addresses identified on the forms, online sites, or applications, describing the subject of the request and indicating an e-mail address, a telephone contact address, or a mailing address for reply.


For any other purpose, the following general contact details of the COINDU as Data Controller may be used:

- Postal Address: Transversal à Rua de Rio Pele nº100, 4770-217 Vila de Joane;

- General Mail: hr@coindu.com;

- General phone: + 351 252920010;

- Website: www.coindu.com.



V. Collection and Handling of Personal Data

COINDU processes personal data which is strictly necessary for the provision of information and the operation of its channels, according to the uses made by the Users, Service Recipients or Users, whether those data are provided for the purpose of registering requests or obtaining information, or those provided for the purpose of subscribing to those channels, or those that result from the use of the services provided by COINDU through those channels, such as accesses, consultations, instructions, requests or applications, transactions, and other records related to their use.


In particular, the use or activation of certain functionalities of the channels may involve the processing of various direct or indirect personal identifiers, such as name, home address, personal contacts, device addresses or geographical location, where there is the express consent of the specific User, Service Recipient or User, where this is necessary for the management of the contractual relationship or pursuit of legitimate interests or, finally, for the purpose of compliance with legal obligations.


In all cases, Users, Service Recipients or Users will always be informed of the need to access such data in order to use the functionalities of the channels concerned, as well as of the respective grounds for legitimacy of the processing of such data.


The personal data collected by COINDU are processed manually or, in certain cases, in an automated or computerized manner, including the processing of files or the possible definition of profiles, in the context of the management of the pre-contractual, contractual or post-contractual relationship with the Users, Service Recipients or Users, in accordance with the national and community regulations in force.



VI. Categories of Personal Data Processed and Data Subjects

The categories or types of personal data being processed are generally as follows:

  • Identification data;
  • Contact data;
  • Professional Data;
  • Billing data;
  • Traffic and access control data.


Biometric data, processed through video Survaillance systems or other biometric systems that are installed, may be processed in the different establishments of the Controller.


The categories or types of data subjects to be processed are generally users, Service Recipients or Users and may include, in special processing situations, members of their households or visitors to the Controller's premises.


The detailed listing of personal data categories and data subject categories can be found in the Data Processing Information Sheets for each of the specific processing activities.



VII. Legal Principles

All data processing operations comply with the fundamental legal principles in the field of data protection and privacy, particularly with regard to their circulation, lawfulness, fairness, transparency, purpose, minimization, storage, accuracy, integrity and confidentiality, and COINDU is available to demonstrate its responsibility to the data subject, to the authorities or to any other third party having a legitimate interest in this matter.



VIII. Legitimacy Foundations

All data processing operations carried out by COINDU are based on legitimacy, in particular, either because the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes, or because the processing is considered necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, or because the processing is necessary for compliance with a legal obligation to which the controller is subject, or in the public interest, or because the processing is considered necessary for the purposes of furthering the legitimate interests pursued by COINDU or by a third party - the specific grounds being referenced in the specific data processing activities.



IX. Purpose of Treatment

All personal data processed within the COINDU channels are intended exclusively to provide information to Users, to manage the personal information of Service Recipients considered necessary for the purposes of relationship management or communication, as well as to provide services to Users and, in general, to manage the pre-contractual, contractual or post-contractual relationship with Users, Service Recipients or Users.


The personal data collected may also, eventually, be processed for statistical purposes, for actions to disseminate information or promotional and communication actions, namely to promote actions to disseminate new features or new services, through direct communication, either by mail, email, messages or telephone calls or any other electronic communications service.


As prior information and collection of express consent for the latter purposes is always ensured, Users, Service Recipients or Users may, at any time, exercise their right to withdraw consent or their right to object or limit the use of their personal data for other purposes beyond the management of the relationship with the Controller, namely for purposes of pursuing legitimate interests, for sending informative communications or for inclusion in lists or information services, by sending a written request addressed to the COINDU Data Protection Officer, according to the procedures indicated below.



x. Factsheet on Data Processing on Websites

Pursuant to the principle of loyalty and transparency and to ensure compliance with the duty of information, the COINDU delivers directly or makes publicly available to all holders of personal data, depending on how their personal data is collected, the information sheets on the data processing activities performed, and these sheets are accessible for consultation at any public service unit or by request to the Data Protection Officer.


With regard to Websites and On-line Services, please refer to the Information Sheet on Data Processing on Websites, accessible on https://www.dataprotectionofficer.help/coindu .



XI. Data Retention Periods

Personal data will be kept only for the period necessary for the purposes for which they were collected or subsequently processed, in compliance with all applicable legal regulations regarding storage and with the specific storage period specified in each of the Data Treatment Information Sheets.



XII. Use of Cookies (Connection Testimonials)

On COINDU's use of Cookies or Connection Testimonials, please see the Cookie Policy at https://www.dataprotectionofficer.help/coindu/policies/cookies/.



XIII. Data Communication to Other Entities

The provision of information or services by COINDU to its Users, Service Recipients or Users through the channels may eventually involve the use of the services of subcontracted third parties, Joint Controllers or other autonomous Controllers, including entities based outside the European Union, for the provision of certain services, which may involve access to such personal data by these entities.


In these circumstances and whenever necessary, COINDU will only use entities that provide sufficient guarantees of the execution of adequate technical and organizational measures so that the processing will meet the requirements of the applicable standards.



XIV. Data Recipients

Except for the fulfillment of legal obligations, execution of contracts or pursuit of legitimate interests, in no case will personal data of Users, Service Recipients or Users be communicated to third parties that are not subcontracted entities or legitimate recipients, nor will any other communication be made for purposes other than those mentioned above, without collecting prior express consent of the data subject.



XV. International Data Transfers

Any transfer of personal data to a third country or international organization will only take place in compliance with legal obligations or to ensure compliance with applicable EU and national legal rules.



XVI. Security Measures

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risks, varying in likelihood and severity for Users, Service Recipients or Users, the COINDU and all the entities that are its subcontractors apply the appropriate technical and organizational measures to ensure a level of security appropriate to the risk.


To this end, various security measures are adopted in order to protect personal data against unauthorized disclosure, loss, misuse, alteration, processing or access, as well as any other form of unlawful processing.


It is the exclusive responsibility of the Users, Service Recipients or Users to keep the access codes secret and not share them with third parties. In the particular case of the computer applications used to access the channels, they must also maintain and keep the access devices in safe conditions and follow the security practices recommended by the manufacturers and/or operators, namely as regards the installation and updating of the necessary security applications, including, among others, antivirus applications.


If it is necessary to outsource services to third parties that may have access to the personal data of Users, Service Recipients or Users, COINDU's subcontractors shall be required to adopt the security measures and protocols at the organizational level and the technical measures necessary to protect the confidentiality and security of personal data, as well as to prevent unauthorized access, loss or destruction of personal data.



XVII. Exercise of Rights by Data Subjects

The Users, Service Recipients or Users of COINDU may, as the holders of personal data, at any time exercise their data protection and privacy rights, namely the rights of withdrawal of consent, access, rectification, erasure, portability, limitation or opposition to processing, under the terms and with the limitations set forth in the applicable regulations.


Any request for the exercise of data protection and privacy rights should be addressed in writing by the data subject to the Data Protection Officer in accordance with the procedure and contact details described below.


A Data Subjects' Rights Exercise Form is available at https://www.dataprotectionofficer.help/coindu/forms/ or at any COINDU service point, and can also be requested by email by asking the Data Protection Officer at dpo@coindu.com .



XVIII. Complaints or Suggestions

Users, Service Recipients or Users have the right to lodge a complaint, either by registering it in the Complaints Book or by filing, a complaint with the regulatory authorities - in the latter case, they may petition or complain directly to the National Commission for Data Protection through the contacts available at www.cnpd.pt .


Users, Service Recipients or Users may also make suggestions by emailing the Data Protection Officer at dpo@coindu.com.



XIX. Reporting Personal Data Breach Incidents

The COINDU has implemented an incident management system for data protection and information security.


If any User, Service Recipient, or User wishes to report the occurrence of any personal data breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored, or otherwise processed, he/she may contact the COINDU Data Protection Officer or use COINDU's general contacts.


A Personal Data Breach Incident Reporting Form is available at https://www.dataprotectionofficer.help/coindu/forms/ or at any COINDU service point, and may also be requested by email by asking the Data Protection Officer at dpo@coindu.com .



XX. Permanent Security Point of Contact

COINDU has implemented a Permanent Contact Point for information security and cyberspace security incident management.


Should any User, Service Recipient or User wish to report the occurrence of an information security incident or a cyberspace security incident, he or she may contact the COINDU Permanent Point of Contact through the following communication channels:

  • Telephone: 252 181 501;
  • Email: incident.report@coindu.com.


An Information Security or Cyberspace Security Incident Reporting Form is accessible at https://www.dataprotectionofficer.help/coindu/forms/ or at any COINDU service point, and may be requested by email by request to the Permanent Point of Contact.



XXI. Whistleblower Protection

COINDU has implemented a Whistleblower Channel, in compliance with the legal regulations in force, ensuring the protection of the data subjects' personal data, pursuant to the Whistleblower Protection Policy accessible at http://www.whistleblowingofficer.com/coindu/regulatory-norms/whistleblower-protection-policy/.


The Whistleblower Officer at COINDU can be reached via e-mail at compliance@coindu.com.


COINDU's Whistleblower Platform is accessible at https://coindu.protecaodedenunciantes.com/#/.


A Whistleblower Reporting Form is accessible at https://www.dataprotectionofficer.help/coindu/forms/ or at any COINDU service point, and may also be requested by email by asking the Whistleblower Officer.



XXII. Corruption Prevention

COINDU has implemented a Regulatory Compliance Program within the scope of Corruption Prevention, in compliance with the legal regulations in force, ensuring the protection of the holders' personal data, under the terms of the Corruption Prevention Policy accessible at www.coindu.com.


For the purpose of filing a complaint under the corruption prevention regime, any interested party can use

  • COINDU's Whistleblower Platform, accessible at https://coindu.protecaodedenunciantes.com/#/ or
  • The Whistleblower Reporting Form, accessible at https://www.dataprotectionofficer.help/coindu/forms/ or at any COINDU service point.



XXIII. Data Protection Policies and Special Information Sheets

With a commitment to transparency and information and to ensure that, the Data Protection Policy is appropriate to the different data processing operations carried out and, above all, to the different categories of data subjects, the COINDU may develop Data Protection Policies of a special nature, such as, for example:

  • The Data Protection Policy in the Employment Context;
  • The Data Protection Policy in the Management of Applications;
  • The Supplier's Employee Data Protection Policy; or
  • The Policy "Cookies" or Connection Testimonials.

These special policies are available directly to the respective categories of data subjects or in the context of the related processing activities and are available for consultation upon request to the Data Protection Officer by emailing dpo@coindu.com.


The Data Protection Policies are also complemented by Data Processing Information Sheets, reinforcing transparency and information on specific data processing activities at COINDU. These sheets are available now to data collection, at any service point or through contact with the Data Protection Officer.



XXiV. Patient Relations Data Processing Information Sheet

The Information Sheet on Data Processing in Relation to Users, Service Recipients, or Recipients of Services is accessible at https://www.dataprotectionofficer.help/coindu/information/.



XXV. DATA PROTECTION OFFICER

For any information, complaint, incident report, or for exercising any kind of data protection and privacy rights or for any matter relating to data protection and information security issues, the Users, Service Recipients, and Users who interact with COINDU may

  • Contact the Data Protection Officer directly at dpo@coindu.com , describing the subject of the request and providing an e-mail address, a telephone contact address or a mailing address for a reply, or if you prefer,
  • Contact any COINDU unit or service point, requesting communication with the Data Protection Officer.



XXVI. Explicit Consent and Acceptance

The terms of the Data Protection Policy are complementary to the terms and provisions, with regard to personal data, set forth in the Specific Conditions of Use of each of COINDU's communication channels.


The free, specific and informed provision of personal data by the respective holder implies knowledge and acceptance of the conditions contained in this Policy, it being considered that, by using the channels or by providing their personal data, the Users, Service Recipients and Users are expressly authorizing their processing, in accordance with the rules defined in each of the applicable collection channels or instruments.



XXVII. Data Protection Policy Change

In order to ensure its updating, development, and continuous improvement, COINDU may at any time make changes to this Data Protection Policy that are deemed appropriate or necessary, and its publication in the different channels is guaranteed to ensure transparency and information to Users, Service Recipients, and Users.



XXVIII. Data Protection Policy Versions

Policy Version: 20230619.

Date: 202306.

To view previous versions of the Data Protection Policy, please send your request by e-mail to dpo@coindu.com.