PRIVACY POLICY

INDEX

PRIVACY POLICY AND PERSONAL DATA PROTECTION
1. What Is Personal Data? 
2. For What Purpose Do We Use Personal Data? 
3. How Long Is Your Personal Data Stored? 
4. Who is Responsible For Processing Personal Data?
5. Do We Share Personal Data With Other Entities? 
6. How Do We Keep Your Personal Data Safe? 
7. What Are The Rights Of Personal Data Subject? 
8. Updates To This Privacy Policy

COOKIES POLICY
1. What is Personal Data? 
2. For What Purpose Do We Use Personal Data? 
3. How Long Is Your Personal Data Stored? 
4. Who Is Responsible For Processing Personal Data?

PRIVACY POLICY AND PERSONAL DATA PROTECTION

TRIA – Serviços, Materiais e Equipamentos S.A. has as a priority the security, protection and privacy of the personal data of its collaborators, job seekers, customers and suppliers in the strict compliance with the rules established by the General Data Protection Regulation (GDPR), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.

For this reason, we process personal data based on the following principles:
– The processing of personal data is carried out in a licit, fair and transparent manner;
– The collection of data is only carried out for duly determined, explicit and legitimate purposes, according to the applicable legislation;
– The data collected are limited to what is strictly necessary and the time required for the purposes for which they are processed;
– Only employees and partners of the Group whose functions require this, can access processed personal data;
– Personal data are treated confidentially

The purpose of this document is to disclose the form and objectives with which such processing is carried out and to inform the data subjects of their rights under that Regulation.

1. What Is Personal Data?

In accordance with data protection legislation, ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to na identifier such as a name, an identification number, location data, an online identifier or to one or more elements specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. For What Purpose Do We Use Personal Data?

We process the personal data required in the context of the activity we carry out and the services we provide and the purposes associated with them so that they are carried out effectively.
The purposes for which your data will be collected and processed are:
Purposes / Examples of purposes (not exhaustive)

Purposes

Examples of purposes (not exhaustive)

Marketing– Promotion of events in social networks
– Marketing and promotion of new services
Customer Management and Services Provision– Management of contacts, information or requests
– Management of complaints or incidents
Recruitment–  Recruitment and Selection of Candidates
Employee Management– Admission, training, monitoring and contractual management
– Attendance control and time recording
Accounting, Tax and Administrative Services– Accounting & Billing
– Tax information, including the information sended to the tax authority
Litigation Management– Judicial and extrajudicial collection
– Management of other conflicts
Fraud Detection, Protection of Legitimate
Interests and Auditing
– Internal audit and investigation
– Fraud Detection and Illegal Practices
Compliance with Legal Obligations– Response to judicial, regulatory and supervisory entities, in particular public entities
Information Security Control– Security incidents Management
– Access management (logs)
– Backup management


We only process personal data if one of the conditions defined in the data protection legislation is verified, namely:
– where the processing of personal data is necessary for the performance of a contract in which the data subject is a party, or for pre-contractual arrangements at the request of the data subject;
–  When the treatment is necessary to fulfil a legal obligation to which TRIA is subject;
–  If the treatment is necessary to ensure our legitimate interests;
– If the data subject has given his consent to the processing of his personal data.

3. How Long Is Your Personal Data Stored?

Personal data will be stored for no longer than necessary for the purpose for which the personal data were processed.
The determination of these deadlines is made based on Information retention criteria defined and appropriate to each treatment and respecting the legal and regulatory obligations that affect the company.

4. Who Is Responsible For Processing Personal Data?

The data controller is:
TRIA- Serviços, Materiais e Equipamentos, S. A.
Parque Industrial Manuel Lourenço Ferreira, Lote 43,
3450-232 Mortágua

5. Do We Share Personal Data With Other Entities?

In the exercise of its activity, TRIA may have to communicate or give access to your personal data to other entities, always ensuring that they present technical and organisational measures that adequately protect personal data.
The personal data will only be accessed or shared for the accomplishment of the purposes foreseen above and with the following entities:
– Companies belonging to the Business Group;
– TRIA Customers;
– Entities providing services to the company, for example, computer support, document management, legal support, human resources;
– Public Authorities

These are required to strictly comply with the applicable legal and regulatory rules regarding protection of personal data, confidentiality, information security and other applicable rules and regulations.

6. How Do We Keep Your Personal Data Safe?

TRIA is committed to ensuring the confidentiality, protection and security of your personal data. For this purpose, we implemented adequate technical and organisational measures to ensure a level of security appropriate to the risk, namely with regard to security and confidentiality, in order to protect users’ personal data against unauthorised and unlawful processing and against accidental loss, destruction, disclosure, damaged or alteration.
Our commitment in the personal data protection also implies that whenever personal data are transmitted to other entities, they are obliged to adopt technical and organisational measures that guarantee the same level of protection.

7. What Are The Rights Of Personal Data Subject?

TRIA ensures that the data subject can exercise the rights conferred by the data protection legislation (and always complying with the data protection legal framework and other applicable legislation on a case-by-case basis), namely:
Right of access by the data subject: The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data.
Right to rectification: The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
Right to erasure (‘right to be forgotten’): The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

– The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
– The data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing;
– The data subject objects to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing;
– The personal data have been unlawfully processed;
– The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
– The personal data have been collected in relation to the offer of information society services.

Right to restriction of processing: The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

– The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
– The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
– The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
– The data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.

Right to data portability: The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
Right to object: The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Right not to be subject to a Automated individual decision-making, including profiling: The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
Right to withdraw his or her consent at any time: The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Right to lodge a complaint with a supervisory authority (Comissão Nacional de Proteção de Dados): If you wish to exercise any of the aforementioned rights or clarify matters related to the protection of privacy and personal data by TRIA, you may do so by letter or electronic mail to the indicated contacts:

privacidade@testa.pt
Tria – Serviços, Materiais e Equipamentos S.A.
Parque Industrial Manuel Lourenço Ferreira 43 3450-232 Mortágua

8. Updates to This Privacy Policy
TRIA reserves the right to update or change this Policy at any time. We will release the latest Privacy Policy on our webpage for any changes. If major changes are made to the Privacy Policy, we may notify you through different channels, for example, sending you direct notification.

COOKIES & SIMILAR TECHNOLOGIES

1. Cookies

To ensure our website works correctly, we may at times place a small piece of data known as a cookie on your computer or mobile device. A cookie is a text file stored by a web server on a computer or mobile device and the text in a cookie often consists of identifiers, site names, and some numbers and characters.

These text files are stored on the computer devices you use to navigate our web pages, as they will help us to continuously improve your interactions on our web pages. This type of information will not have any influence on the operation of your devices, it will only increase the efficiency of navigation on websites.

2. What Cookies Are Used For On This Website?

Like many other websites or Internet service providers, TRIA uses cookies only to improve user experience as well as guide the user in the next visits by monitoring their preferences. Through Cookies, user profiles are also built based on estimates and usage patterns.
Session cookies are deleted after each visit, while persistent cookies remain in place across multiple visits. Cookies allow websites to remember your settings such as language, font size on your computer or mobile device, or other browser preferences. This means that a user does not need to reset preferences for every visit.

3. Who Uses The Information Storaged in Cookies?
TRIA will not use cookies for any purposes not stated in this Policy.

4. Disabling and Preventing the Use of Cookies?

You can manage or delete cookies based on your own preferences. If you do not want to be monitored by cookies, you can clear all the cookies stored on your computer, and most web browsers provide the option of blocking cookies.
Through the tools of the different browsers you can also eliminate the Cookies already collected and stored previously.

Updates to This Policy
TRIA reserves the right to update or change this Policy at any time. We will release the latest Privacy Policy on our webpage for any changes. If major changes are made to the Privacy Policy, we may notify you through different channels, for example, sending you direct notification.