General Data Protection Regulation
(Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016)
Responsible for the Treatment
CALHEIROS EMBALAGENS, S.A., with head office at Rua das Macieiras, 220, 4445-502 Ermesinde is a company that is geared towards the production and development of printed packaging in cardboard and micro-corrugated.
As such, it has the need to collect, access and process personal data related to its main activity, which implies that it assumes the position of Data Controller with all the inherent obligations and duties:
CALHEIROS EMBALAGENS, S.A.
Head Office Address: Rua das Macieiras, 220, 4445-502 Ermesinde
Purpose and Grounds for the Treatment
CALHEIROS processes personal data exclusively for:
A) Execution of contracts in which the data subject is a party, or for pre-contractual steps at the request of the data subject;
B) Defense of vital interests of the holder of the data or other natural person;
C) Compliance with legal obligations to which the controller is subject;
D) Effects of legitimate interests pursued by the controller or by a third party, except where the interests or fundamental rights and freedoms of the data subject which require protection of personal data prevail, in particular where the data subject is a child;
E) Where the data subject has given his or her consent to processing for one or more specific purposes.
Personal Data Processing Operations
Personal data is any information relative to an identified or identifiable natural person.
The holders of the personal data are the natural persons to whom the personal data refer, namely, clients, workers, service providers, collaborators, among others, by which CALHEIROS may collect and treat different categories of personal data such as identification and contact data, namely, name, address, tax identification number, payment data, e-mail, telephone contact, among others, collected at the moment of the rendering of the services, work contracts, among others.
Personal data is processed for different purposes:
The personal data collected from our clients, workers, collaborators, partners or any others, have the sole purpose of gathering the necessary information to provide our services to the data holders and the development of our activity, administrative, accounting and fiscal management, including invoicing and accounting; payments; compliance with legal obligations and response to requests from judicial authority or other public authorities, in the legal terms, fulfilling the legal and contractual obligations inherent to our activity.
CALHEIROS processes personal data exclusively for the above-mentioned purposes and only for the period that is necessary or obligatory for the fulfilment of those purposes, being the conservation periods determined for each purpose and appropriate to each processing in conformity with our legal obligations.
After the end of the conservation period, and if we are not obliged, by judicial or administrative legal imposition, to proceed to its conservation, we eliminate the personal data or proceed to its anonymization.
Secrecy and Confidentiality
All our collaborators have the duty of confidentiality and protection of information as prescribed in the General Regulation of Data Protection, being obliged to keep absolute secrecy on any information or knowledge of personal, technical, business, or other nature, acquired necessarily or involuntarily, during the labour relation or because of it, relative to CALHEIROS or any other natural or legal persons with whom it is related, namely other workers, clients, family members, partners and suppliers, unless previously requested. of CALHEIROS or any other persons, natural or legal, connected with it, namely other workers, clients, relatives, partners and suppliers, unless previously authorised in writing.
Any reproduction, copy, modification, public communication, distribution or any other type of cession, whether free of charge or not, of any documents, computer programmes, publications, information contained in databases, or any other intellectual material belonging or relating to CALHEIROS or any third party related to it, unless previously authorised in writing, is also expressly prohibited.
CALHEIROS does not transmit personal data to third parties, except in the cases in which it is necessary for the rendering of the services it has contracted, for the fulfilment of legal obligations or when it has given its consent to that effect.
With a view to the purposes indicated above, we may need to use subcontractors for the processing of personal data and communicate your personal data to subcontractors involved in the contract execution, namely, Tax Authority, Social Security, Accounting, Insurance Companies, and any other entities legally required to provide our services.
Our concern with ensuring secrecy and confidentiality in the processing of personal data extends to our subcontractors or service providers, from whom we require guarantees of data processing in compliance and obedience to the processing rules arising from the GDPR.
Data Processing Guarantees
We guide all our actions, and extend to third parties and subcontractors the same requirement, by the following data processing rules:
B) The data collected is merely instrumental to our activity, being intended to pursue a specific and legitimate purpose, with no further processing incompatible with these purposes;
C) We respect the principle of data minimization, collecting only the data considered adequate, relevant and necessary for the purposes of collection and processing;
D) In compliance with the Accuracy Principle, we shall keep your data accurate and up-to-date whenever necessary, adopting and making available to its holder all measures necessary to ensure its permanent accuracy, namely the right of rectification;
E) We assume the Principle of Concern for the conservation of your data in such a way that it is possible to identify you only for the period necessary for the purposes for which the data is processed;
F) We will treat your data in accordance with the Security Principle, protecting your data from possible illegal and unauthorised processing, preventing possible loss, destruction or unforeseen damage, adopting all appropriate technical and organisational measures for data processing which guarantee the security, integrity and confidentiality of the data.
We use security measures, including authentication tools, to help protect and maintain the security, integrity and availability of your personal data.
We take steps to ensure the secure processing of personal data in particular, precautionary measures to protect personal data from loss or misuse and use security procedures to prevent unauthorised access to such personal data.
All personal data we collect is stored on servers that offer security guarantees and we subject our security systems and policies to periodic reviews to ensure that the data is safe and secure.
We also respect the confidentiality of your information and do not sell, distribute or otherwise make commercially available your information to any third party and are committed to keeping your information confidential in accordance with applicable law.
Rights of the Data Subject
1) Right of Access to Data: You have the right to know whether or not your personal data are processed and to access the information that is processed about you such as, purposes of processing; categories of personal data processed; if the data were not collected from you, the origin of the data if available; entities acting on behalf of and for the account of the controller; third parties to whom the data are communicated; data retention period or criteria used to set the period; whether your data is subject to automated decisions and whether there is profiling; if so, what is the underlying logic as well as the relevance and consequences the data processing may have for you; if your personal data is transferred to countries or international organisations outside the European Economic Area, what guarantees exist so that personal data continues to enjoy an adequate level of protection after the international transfer.
2) Right to Retification of Data: You have the right to obtain the rectification of your personal data where it is inaccurate or out of date.
3) Right of Erasure of Data:
» You have the right to obtain the erasure of your personal data only in the following circumstances:
- The data is no longer necessary to achieve the purpose for which it was collected and there is no legal provision requiring it to be kept for any longer;
- You have withdrawn your consent, on which the legitimacy of the processing was based;
- Personal data is being unlawfully processed, which requires justification by the data subject;
- When you have objected to the processing of data for marketing purposes, including profiling that may be associated with it;
- When you have objected to the data processing, pursuant to Article 21(1) of the GDPR, and there are no overriding legitimate interests of the controller;
- The data has to be erased due to a legal obligation;
- Consent to the processing of the data has been provided by your legal representatives under Article 8 of the GDPR.
» You also have the right to obtain from Internet search engines the disassociation of links from the list of results displayed after a search made by your name (de-listing). Such links must be individually specified in the request.
» There are situations where the right to erasure of data, as indicated, may not apply, where the processing of the data is necessary for the exercise of freedom of expression and information or on grounds of public interest in the area of health or for the exercise of legal claims.
4) Right to Limitation of Processing: This is the right that allows you, for a certain period, to have the processing of data limited in its use, i.e., "frozen", and the data cannot be communicated to third parties, transferred internationally or deleted.
» You have the right to obtain the limitation of data processing in the following situations:
- When you contest the accuracy of the data until the controller has verified the quality of the data;
- When you have opposed the data processing until it is verified which legitimate interests prevail;
- When the data is required by the data subject for the purposes of exercising a right in a legal proceeding, even if no longer needed by the data controller;
- When the data is unlawfully processed and the data subject does not wish to have the data erased, but rather to have its use restricted (until such time as legal action is taken against the controller);
- Where processing is restricted, data may be used only with your consent, for the purposes of exercising a right in legal proceedings or for the defense of the rights of a natural or legal person or for reasons of substantial public interest.
» You have the right to be informed by the controller before the limitation of processing you have requested is lifted.
» When the processing is limited, the data may be used only with your consent, for the purposes of exercising a right in legal proceedings or for defending the rights of a natural or legal person or for overriding reasons of public interest.
5) Right to Data Portability: This is the right to receive from a controller your personal data in a structured, commonly used and machine-readable format, and the right to transmit them to another controller, only if the processing in question is based on consent or on a contract and is carried out by automated means; the right to have your data transmitted directly between controllers, where technically feasible, but covers only the data provided by you.
6) Right to Object: You have the right to object at any time to the processing of your personal data on grounds relating to your particular situation, where:
» a processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority;
» the pursuit of the legitimate interests of the controller or a third party;
» a re-use of the data for a purpose other than that for which they were originally collected, including profiling.
- In these cases, the controller will cease processing, unless he/she demonstrates compelling legitimate grounds overriding the rights and freedoms of the data subject, or for the purposes of exercising a right in legal proceedings.
- You have the right to object, at any time and without justification, to the processing of your data for direct marketing purposes, including associated profiling.
7) Right to withdraw consent: You have the right to withdraw at any time your consent to the processing of your data, unless there is a legal ground requiring such processing.
8) Right not to be subject to a decision based solely on automated processing: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar manner. Automated individual decisions may be adopted if such decisions are necessary for the conclusion or the execution of a contract between the data subject, are authorised by legislation to which CALHEIROS is subject or are based on his explicit consent.
CALHEIROS does not adopt automated individual decisions, that is, with similar legal effects or significant impacts.
9) Right of Complaint: You also have the right to present a complaint to the Control Authority: Comissão Nacional de Proteção de Dados – CNPD - Av. D. Carlos I, 134 - 1.º 1200-651 Lisboa; Tel: +351 213928400, Fax: +351 213976832 and e-mail email@example.com or www.cnpd.pt.
Exercise of the Rights of the Data Subject
1) As a data subject you may at any time, if you wish, exercise your rights by submitting a request via e-mail to firstname.lastname@example.org.
2) You must identify yourself accurately and be able to prove your identity when exercising your rights, but you do not have to provide more personal data than are processed by the controller.
3) You must keep proof that you have presented a request to exercise your rights.
4) CALHEIROSas responsible for the treatment facilitates the exercise of the rights, namely through the provision of a form specific for the purpose.
5) The answers to the titleholder shall be provided in a concise manner, in a clear and simple language.
6) The data subject must obtain a reply within a period of one month from the date on which his or her request is received.
7) This period may be further extended by two months if necessary. In this case, the responsible person informs the holder of this extension, justifying the delay within the initial period foreseen.
8) Where the holder's request is made by electronic means, the reply shall be submitted, whenever possible, by electronic means.
9) The exercise of their rights must not prejudice the rights and freedoms of third parties.
10) The exercise of rights shall be free of charge except where requests made by a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, where the controller may charge a reasonable fee to cover the administrative costs of providing the information or communication or taking the steps requested or refuse to act on the request.
11) Special situations:
» Children – the exercise of rights in relation to children's personal data is carried out by their legal representatives, without prejudice to the possibility that they themselves may exercise directly, given their age and maturity and the situations in which data processing is already legitimised in the child's consent, as provided for in Article 8 of the GDPR and Article 16 of Law 58/2019, of 8 August.
» Deceased Persons – the exercise of rights in relation to personal data of deceased data subjects, when sensitive data (Article 9(1) of the GDPR) or data concerning privacy, image or communications data are concerned, are exercised by whoever has been designated for this purpose by the data subject or, in his absence, by his heirs. Also according to article 17 of Law 58/2019, of 8 August, the holder may leave it determined that it is impossible for third parties to exercise rights over their personal data after their death.
» Joint Responsability – the exercise of rights in relation to personal data processing where there is more than one controller may be carried out with any of the responsible parties, regardless of what has been agreed between the co-responsible parties.
Definition of Cookies
A cookie is a file that is downloaded to the internet user's equipment as a result of them accessing and browsing certain pages, allowing information to be stored and retrieved. This information is varied, being mainly about the user's browsing habits and the way they use and search the information contained in the page, retaining only information related to their preferences and not including their personal data.
Objectives of using Cookies
The purpose of cookies is to improve internet browsing, to get to know the user better and to be able to offer a personalised experience during their visit to certain pages to meet the user's tastes and preferences and to present proposals or offers of products and services that may be of interest to the user.
If you do not agree, you can disable cookies.
Acceptance, opposition and deletion
If you access our website with the cookie usage information, continue browsing without disabling cookies you are accepting their use.
You can disable or delete them at any time using the functions of your browser intended for this purpose.
How to configure Cookies
How to disable Cookies
All internet browsers allow you to manage cookies on the pages you visit. If you choose to disable cookies, it is possible that some functionalities will no longer work properly in your browser, which may affect navigation on the pages you visit. If the user chooses to disable cookies it may prevent some services from working properly, affecting, partially or totally, your browsing experience.
In Google Chrome, by default, all cookies are allowed, but you can adjust this setting. Follow these steps:
Click on the Chrome menu in the browser toolbar.
1 - Settings;
2 - Show advanced settings;
3 - Under "Privacy", click Content settings;
4 - Select "Block sites from setting data".
To change your cookies settings, follow these steps:
1 - Delete cookies;
2 - Block cookies by default;
3 - Allow cookies by default;
4 - Keep cookies and website data by default until you exit the browser;
5 - Make exceptions for cookies from specific websites or domains.
In Internet Explorer to disable all cookies:
1- Select the "Tools" menu and the "Internet Options" option;
2- Tab "Privacy";
3- Move the bar to the top, where the message "Block all cookies" will appear".
In Mozilla Firefox to disable all cookies:
1- Select the "Tools" menu;
2- Select "Options";
3- "Privacy", that you will find on the top panel;
4- In the cookies section disable the option "Accept cookies from sites".
Click on "OK" to save the changes and close.
In Safari to disable all cookies:
1- Select "Edit";
2- Click on "Preferences";
3- On the top panel, select the "Privacy" icon;
4- In the "Accept Cookies" section, select "Never".
Should you require any clarification, you may also contact us at email@example.com.
The present Cookies Policy is periodically revised by CALHEIROS EMBALAGENS, S.A., and therefore its content may undergo updates that will be duly publicised.