1. SCOPE AND PURPOSE
This Policy applies to all customers of PRIO.
This Policy does not form part of any employment contract or any contract for the provision of services.
It is important that you read this Policy, along with any other policies made available by PRIO for specific situations.
2. DATA PROTECTION PRINCIPLE
All personal data that PRIO stores and processes:
Are subject to lawful, fair and transparent processing.
Collected for specified, explicit, and legitimate purposes and not further processed in a way incompatible with those purposes.
Are relevant for the purposes for which they have been communicated and limited to that purpose
Accurate and up to date
Kept only as long as necessary for the purpose communicated.
3. WHAT KIND OF INFORMATION IS STORED ABOUT YOU
Personal data, or personal information, is any information about a natural person that identifies that person. Data where the identity has been anonymized is not considered personal data.
There are more sensitive "special categories" that require a higher level of protection.
PRIO collects, stores, and processes the following categories of personal information:
Personal information such as name, address, cell phone, email, date of birth and gender;
Tax Identification Number (TIN)
Consumption history - Consumption data is used by PRIO only to improve the provision of services and products.
Others, to be designated
4. HOW IS PERSONAL INFORMATION COLLECTED?
PRIO collects personal information from customers through paper delivery, email or computer applications.
Additional personal information related to customer activity will be collected during the term of the contract or the provision of services.
5. HOW IS PERSONAL INFORMATION USED?
PRIO only processes personal information when the processing is permitted by law. Typically, data is used for the following circumstances:
For the fulfillment of the contract for the provision of services.
For the fulfillment of a legal obligation.
When it is necessary for the legitimate interests of PRIO (or third parties) and the customer's fundamental rights and freedoms do not override.
Additionally and in rare circumstances the data may also be used for:
A. Protection of the vital interests of the customer or other natural person.
B. Pursuit of the public interest
6. PURPOSES FOR WHICH YOUR PERSONAL DATA IS USED
There are several situations where PRIO uses personal data, such as: (non-exhaustive list)
- Execution of contracts
Reporting accident data to the insurance company
Registration and use of WebSitee
Registration and use of Mobile Application
Data processing for marketing purposes
Data processing for customer satisfaction purposes
In the event the customer does not provide the required information, PRIO will not be able to perform its obligations to the customer, such as providing a service or granting a certain due benefit. Likewise, the fulfillment of other obligations with a legal source may be compromised.
PRIO will retain the data of its customers or potential customers as long as the purposes for which they were processed remain valid or the right to object is exercised.
7. USE OF THE DATA FOR OTHER PURPOSES
The data will only be used for the purposes for which they were collected. However, in occasional cases, they may be used for other purposes, as long as this purpose is still within the limits of the initial treatment and the necessary security conditions are guaranteed. Whenever such a circumstance occurs, the company will notify the client, explaining all the reasons and legal basis for the new treatment.
8. USE OF SENSITIVE DATA
Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data to unequivocally identify a person, data concerning health or data concerning a person's sex life or sexual orientation are considered sensitive data.
These types of data may only be processed in specific cases provided for by law, including:
If the data subject has given explicit consent to the processing
If the processing is necessary for the purposes of carrying out obligations and exercising specific rights of the controller or the data subject in matters of employment law, social security and social protection,
if processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent;
when the processing relates to personal data which have been manifestly made public by the data subject;
processing is necessary for the establishment, exercise or defence of legal claims or when courts are acting in their judicial role;
In the case of the relationship between PRIO and the client, the processing of sensitive data is not foreseen.
9. YOUR RIGHTS AND DUTIES AS A CLIENT
9.1 Duty to keep the controller informed of changes It is very important that the personal information PRIO retains about customers is correct and up-to-date. Please keep PRIO informed of any changes to your personal information during your contractual or service relationship with PRIO.
9.2 Right of Access
You have the right to access your personal information. This allows you to receive a copy of all personal information that PRIO holds about you and to verify that it is handled lawfully.
9.3 Right of Correction
You have the right to correct the personal information that PRIO holds about you. This allows you to correct any incorrect or incomplete information.
9.4 Right to Erasure
You have the right to the erasure of your personal information. This allows you to ask to delete or remove your personal information if there is no acceptable reason for it to continue to be processed. You also have the right to ask to have your personal information deleted or removed when you have exercised your right to object to the processing.
9.5 Right to object to processing
You have the right to object to the processing of your personal data when it is processed on the grounds of legitimate interest. If there is a specific situation concerning you, you may also object to the processing.
9.6 Right to request restriction of processing
You have the right to request the suspension of the processing of your personal data, for example if you want to have its accuracy or grounds for processing verified.
9.7 Right of transfer
You have the right to request the transfer of your personal information to another party.
9.8 Right to withdraw consent
In situations where you have given your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent at any time. To withdraw your consent, please contact PRIO's Data Protection Officer, whose details can be found below. After PRIO receives notification, it will stop processing your personal information for the originally agreed upon purposes, unless there is another lawful ground for PRIO to do so.
9.9 Right to lodge a complaint with a supervisory authority
All data subjects have the right to lodge a complaint with a supervisory authority if they consider that the processing of personal data concerning them infringes the General Data Protection Regulation. However, the data subject may in the first instance contact PRIO's data protection officer to exercise his or her rights.
10. TRANSFER OF DATA
The transfer of customers' personal data to PRIO's subcontractors will only occur in cases of occasional transfer of data and to the extent that is proportional, necessary and appropriate to the objectives to be achieved.
We will only select subcontractors that provide sufficient guarantees of the implementation of appropriate measures to meet the requirements imposed by the GDPR. Such service providers are not authorized to use PRIO's customer data for their own purposes, they only carry out the processing expressly identified by PRIO and under the terms established by PRIO.
All service provider employees are bound by a duty of confidentiality.
11. PERSONAL DATA SECURITY MEASURES
In order to ensure the appropriate level of security of its clients' personal data, PRIO is in the process of implementing measures that meet the provisions of the GDPR and ISO27001.
Such measures aim to prevent the accidental loss of data, the use of or access to data by unauthorized parties, its alteration or its disclosure.
To this end, access to data is limited to employees and service providers whose duties necessarily involve access to the data. Their processing will be carried out as stipulated by PRIO and they are subject to confidentiality duties.
PRIO will also develop procedures to address any suspected security breach and will notify its clients in the event of any breach as required by the GDPR.
12. FEES FOR EXERCISING YOUR RIGHT
You will not have to pay any fees to access your personal information (or to exercise any other right), however, PRIO may charge a minimal fee if your requests are clearly unfounded or excessive.
Alternatively, PRIO may in such circumstances refuse to comply with the request.
13. WHAT WE MAY REQUIRE FROM YOU
PRIO may require specific information about you in order to confirm your identity and to ensure your right to access personal data. This is a security measure to ensure that your personal information is not disclosed to any person who is not authorized to access it.
15. Data Protection Officer
Data Protection Officer
Phone: +351 234 390 010
Adress: TGL – Terminal de Granéis Líquidos
Porto de Aveiro – Lote B
3834 – 908 Gafanha da Nazaré
The last revision of this document was made on 2020-01-07.