- Mon - Fri: 9.00 am - 17.00 pm
A. GENERAL FRAMEWORK
This document is an integral part of TaxTeam CONSULTING's personal data protection policy, taking into account the General Data Protection Regulation (2016/679), hereinafter referred to as GDPR. Whenever this document is updated, a new version will be made available immediately after its approval. Monitoring of compliance with this standard will be ensured by measuring the evaluation indicators for controls and / or audits (internal or external), at regular time intervals or when significant changes occur.
Scope and objective
Personal Data – All information relating to an identified or identifiable natural person; an identifiable individual is a person who can be identified, directly or indirectly, such as a name, an identification number, location data, identifiers by electronic means or one or more specific elements of identity such as physical, physiological, genetic, mental, economic, cultural or social status of that natural person.
Special Categories of Personal Data – Personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or the union membership of a natural person, as well as the processing of genetic data, biometric data to identify a person of unequivocally, health-related data or data on sexual life or sexual orientation.
Processing – It is the operation or a set of operations carried out on personal data or on personal data sets, by automated or non-automated means, such as the collection, registration, organization, structuring, conservation, adaptation or alteration, recovery, consultation, use, dissemination by transmission, diffusion or any other form of availability, comparison or interconnection, limitation, elimination or destruction.
Controller – means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Processor – means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Personal Data Breach – breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
Subcontractor – It is a natural or legal person, the public authority, agency or other body that processes personal data on behalf of the person responsible for processing them.
Third Party – It is a natural or legal person, the public authority, the service or body other than the data subject, the controller, the subcontractor and people who, under the direct authority of the controller or the processor, are authorized to process personal data.
DATA COLLECTION AND PROCESSING
Within the scope of TaxTeam CONSULTING's activity, the collection, registration, organization, conservation, use and consultation of personal data takes place. There may also be other operations or set of operations that, under the terms of the General Data Protection Regulation, are referred to as “personal data processing”.
The personal data collected concerns not only employees, but also suppliers, candidates and clients / users.
TaxTeam CONSULTING collects personal data, namely, the data necessary for recruitment / admission, billing or service provision processes.
When collecting Personal Data, TaxTeam CONSULTING provides data subjects with detailed information about the nature of the data collected and about the purpose and treatment that will be carried out in relation to personal data, as well as the information mentioned in the clause relating to the right of access to personal data.
Within the scope of TaxTeam CONSULTING’s webpage, small software tags designated as "Cookies" are stored on the equipment accessed through your browser, retaining only information related to preferences, not including, as such, personal data.
Cookies are used to help determine the usefulness, interest and number of uses of the websites, allowing for faster and more efficient navigation, eliminating the need to repeatedly enter the same information.
There are two groups of cookies that can be used:
· Permanent cookies - these are cookies that are stored at the browser level on equipment and access devices (PC, mobile and tablet) and that are used whenever you make a new visit to our website.
· Session cookies - temporary cookies that remain in the browser's cookie file until you leave the website. The information obtained by these cookies serves to analyse traffic patterns on the web, allowing you to identify problems and provide a better browsing experience.
· Strictly necessary cookies - Allows browsing the website and using applications, as well as accessing secure areas of the website. Without these cookies, the required services cannot be provided.
· Analytical cookies - They are used anonymously for the purpose of creating and analysing statistics, in order to improve the functioning of the website.
· Functionality cookies - Keep the user's preferences regarding the use of the website, so that it is not necessary to configure the website again each time you visit it (such as the language).
How can I manage Cookies?
All browsers allow the user to accept, refuse or delete cookies, and inform the user whenever a cookie is received, namely by selecting the appropriate settings in the respective browser. The user can configure cookies in the "options" or "preferences" menu of his browser. Note, however, that by disabling cookies, you can prevent some web services from functioning correctly, affecting, partially or totally, the navigation on the website.
These subcontracted entities will not be able to transmit the data subject’s data to other entities without TaxTeam CONSULTING having previously given written authorization to do so, and they are also prevented from contracting other entities without prior authorization from TaxTeam CONSULTING.
TaxTeam CONSULTING is committed to subcontracting only entities that present sufficient guarantees for the execution of the appropriate technical and organizational measures, in order to ensure the defence of the data subjects’ rights. All entities subcontracted by TaxTeam CONSULTING are bound by the latter through a written contract which regulates, in particular, the object and duration of the treatment, the nature and purpose of the treatment, the type of personal data, the categories of the data subjects. data and the rights and obligations of the parties.
When collecting personal data, TaxTeam CONSULTING provides the data subject with information about the categories of subcontracted entities that, in the specific case, can carry out data processing on behalf of TaxTeam CONSULTING.
DATA COLLECTION CHANNELS
TaxTeam CONSULTING can collect data directly (i.e., directly from the data subject) through the following direct collection channels: in person, by phone or by email.
GENERAL PRINCIPLES APPLICABLE TO DATA PROCESSING
TaxTeam CONSULTING undertakes to ensure that the processing of personal data follows the following general principles:
· Subject to lawful, fair and transparent treatment in relation to the data subject;
· Collected for specific, explicit and legitimate purposes, not subsequently being treated in a manner incompatible with those purposes;
· Adequate, relevant and limited to what is necessary in relation to the purposes for which they are treated;
· Accurate and updated whenever necessary, taking all appropriate measures so that the inaccurate data, taking into account the purposes for which they are processed, are erased or rectified without delay;
· Kept in a way that allows the identification of the data subject only during the period necessary for the purposes for which the data are processed;
· Treated in a way that guarantees your safety, including protection against its unauthorized or illicit treatment and against its accidental loss, destruction or damage, taking appropriate technical or organizational measures.
Data processing carried out by TaxTeam CONSULTING is lawful when at least one of the following situations occurs:
· The data subject has given his explicit consent to the processing of the data subject's data for one or more specific purposes;
· Processing is necessary for the performance of a contract to which the data subject is a party, or for pre-contractual steps at the request of the data subject;
· Treatment is necessary to fulfill a legal obligation to which TaxTeam CONSULTING is subject;
· Processing is necessary to defend the vital interests of the data subject or another natural person;
· Processing is necessary for the purpose of the legitimate interests pursued by TaxTeam CONSULTING or by third parties (unless the interests or fundamental rights and freedoms of the data subject that require the protection of personal data prevail).
The retention period during which data is stored and preserved varies according to the purpose for which the information is processed.
Effectively, there are legal requirements that oblige us to keep data for a minimum period. Thus, and whenever there is no specific legal requirement, the data will be stored and preserved only for the minimum period necessary for the purposes that motivated its collection or its further treatment, at the end of which they will be eliminated.
USE AND PURPOSES OF THE SUBJECT'S DATA PROCESSING
In general terms, TaxTeam CONSULTING uses the data subject's data for various purposes, namely the execution of a contract celebrated with the data subject, billing and collection to the personal data subject, for the purposes of Marketing and for the management of human resources and recruiting employees.
The data of the collected by TaxTeam CONSULTING are not shared with third parties without the consent of the data subject, with the exception of the situations referred to in the following paragraph. However, if the data subject celebrates a contract with TaxTeam CONSULTING for services that are provided by other entities responsible for the processing of personal data, the ’s data may be consulted or accessed by those entities, to the extent that this is necessary for the provision of said services.
TECHNICAL, ORGANIZATIONAL AND SECURITY MEASURES IMPLEMENTED
In order to guarantee the security of personal data and the maximum confidentiality, TaxTeam CONSULTING treats the information you have provided to us in an absolutely confidential manner, in accordance with its internal security and confidentiality policies and procedures, which are updated periodically according to the needs, as well as in accordance with the legally provided terms and conditions.
Depending on the nature, scope, context and purposes of data processing, as well as the risks arising from the treatment for the rights and freedoms of the data subject, TaxTeam CONSULTING undertakes to apply, both when defining the means of treatment and at the time of the treatment itself, the technical and organizational measures necessary and adequate to protect the personal data and to comply with legal requirements.
TaxTeam CONSULTING also undertakes to ensure that, by default, only the data that is necessary for each specific purpose of treatment are processed and that these data are not made available without human intervention to an undetermined number of people.
In terms of general measures, TaxTeam CONSULTING adopts the following:
· Regular audits with a view to assessing the effectiveness of the technical and organizational measures implemented;
· Awareness and training of the personnel involved in data processing operations;
· Mechanisms capable of ensuring the confidentiality, availability and permanent resilience of IT systems;
· Mechanisms that ensure the restoration of information systems and access to personal data in a timely manner in the event of a physical or technical incident;
TRANSFERAL OF DATA OUTSIDE THE EUROPEAN UNION
The personal data collected and used by TaxTeam CONSULTING are not made available to third parties established outside the European Union. If, in the future, this transfer takes place, TaxTeam CONSULTING undertakes to ensure that the transfer complies with the applicable legal provisions, namely regarding the determination of the suitability of that country with regard to data protection and the requirements applicable to such transfers.
B. RIGHTS OF DATA SUBJECTS
RIGHT TO INFORMATION
Information provided to the data subject by TaxTeam CONSULTING (when data is collected directly from the data subject):
· TaxTeam CONSULTING’s contacts for personal data;
· The purposes of the processing for which the personal data are intended, as well as, if applicable, the legal basis for the processing;
· If the processing of the data is based on the legitimate interests of TaxTeam CONSULTING or a third party, an indication of such interests;
· If applicable, the recipients or categories of recipients of personal data;
· If applicable, an indication that personal data will be transferred to a third country or an international organization, and whether or not there is an adequacy decision taken by the Commission or reference to appropriate or appropriate transfer guarantees;
· Personal data retention period;
· The right to request access to personal data, as well as its rectification, elimination or limitation, the right to object to the treatment and the right to data portability;
· If the processing of the data is based on the consent of the data subject, the right to withdraw the consent at any time, without compromising the lawfulness of the treatment carried out based on the consent previously given;
· The right to file a complaint to the supervisory authority;
· Indication whether the provision of personal data constitutes a legal or contractual obligation, or a necessary requirement to conclude a contract, as well as whether the data subject is obliged to provide personal data and the possible consequences of not providing such data;
· If applicable, the existence of automated decisions, including the definition of profiles, and information related to the underlying logic, as well as the importance and expected consequences of such treatment for the data subject.
· If TaxTeam CONSULTING intends to further process the data of the data subject for a purpose other than that for which the data were collected, before such processing TaxTeam CONSULTING will provide the data subject with that purpose and any other pertinent information, under the terms above.
Procedures and measures implemented to fulfill the right to information:
The aforementioned information is provided in writing (including by electronic means) by TaxTeam CONSULTING to the data subject prior to the processing of the personal data in question. Under applicable law, TaxTeam CONSULTING is under no obligation to provide the data subject with this information when and to the extent that the subject is already aware of it.
Information is provided by TaxTeam CONSULTING free of charge.
RIGHT OF ACCESS TO PERSONAL DATA
The data subject has the right to obtain from TaxTeam CONSULTING confirmation whether the personal data concerning them are subject to treatment and, if applicable, the right to access their personal data and the following information:
· The purposes of data processing;
· The categories of personal data in question;
· The recipients or categories of recipients to whom the personal data have been or will be disclosed, namely recipients established in third countries or belonging to international organizations;
· The period of retention of personal data;
· Right to request TaxTeam CONSULTING to rectify, eliminate or limit the processing of personal data, or the right to object to such treatment;
· Right to file a complaint with CNPD or another supervisory authority;
· If the data has not been collected from the data subject, the information available on the source of that data;
· The existence of automated decisions, including the definition of profiles, and information related to the underlying logic, as well as the importance and expected consequences of such treatment for the data subject;
· Right to be informed about adequate guarantees associated with the transfer of data to third countries or international organizations.
Upon request, TaxTeam CONSULTING will provide the data subject with a copy of their data which are being processed, free of charge. The supply of other copies requested by the data subject may incur administrative costs.
RIGHT TO RECTIFY PERSONAL DATA
The data subject has the right to request, at any time, the rectification of his personal data, as well as the right to have his incomplete personal data completed, including by means of an additional declaration.
In case of data rectification, TaxTeam CONSULTING communicates to each recipient to whom the data has been transmitted the respective rectification, unless such communication proves impossible or implies a disproportionate effort for TaxTeam CONSULTING.
RIGHT TO DELETE PERSONAL DATA (“RIGHT TO BE FORGOTTEN”)
The data subject has the right to obtain, from TaxTeam CONSULTING, the elimination of their data when one of the following reasons applies:
· The data subject’s data is no longer necessary for the purpose that motivated its collection or treatment;
· The data subject withdraws the consent on which the processing of the data is based and there is no other legal basis for said processing;
· The data subject opposes the treatment under the right of opposition and there are no prevailing legitimate interests that justify the treatment;
· If the data subject’s data is processed illegally;
· If the data subject’s data has to be erased in order to comply with a legal obligation to which TaxTeam CONSULTING is subject;
Under applicable legal terms, TaxTeam CONSULTING is under no obligation to delete the data subject’s data to the extent that processing proves necessary to comply with a legal obligation to which TaxTeam CONSULTING is subject or for the purposes of declaring, exercising or defending rights.
In case of data deletion, TaxTeam CONSULTING informs each recipient / entity to whom the data has been transmitted the respective deletion, unless such communication proves impossible or involves a disproportionate effort for TaxTeam CONSULTING.
When TaxTeam CONSULTING has made the data subject’s data public and is obliged to delete them under the right of disposal, TaxTeam CONSULTING undertakes to ensure that the measures are reasonable, including technical, taking into account the available technology and the costs of its application, to inform those responsible for the effective processing of personal data that the data subject has requested that they remove the links to such personal data, as well as copies or reproductions thereof.
RIGHT TO LIMIT THE PROCESSING OF PERSONAL DATA
The data subject has the right to obtain, from TaxTeam CONSULTING, the limitation of the processing of the data subject’s data, if one of the following situations applies (the limitation consists of inserting a mark in the personal data kept with the objective of limiting treatment in the future):
· If you challenge the accuracy of personal data, for a period that allows TaxTeam CONSULTING to verify its accuracy;
· If the processing is illegal and the data subject opposes the elimination of the data, requesting, on the other hand, the limitation of its use;
· If TaxTeam CONSULTING no longer needs the data subject's data for processing purposes, but that data is required by the data subject for the purposes of declaring, exercising or defending a right in a judicial process;
· If the data subject has opposed the treatment, until it is verified that the legitimate reasons of TaxTeam CONSULTING prevail over those of the data subject.
When the data subject’s data is subject to limitation, they may, with the exception of conservation, only be processed with the consent of the data subject or for the purpose of declaring, exercising or defending a right in a judicial proceeding, defending the rights of another natural person or collective bargaining, or for reasons of public interest provided for by law.
The data subject who has obtained the limitation in the treatment of his data in the cases referred to above will be informed by TaxTeam CONSULTING before the limitation to treatment is lifted.
In case of limitation in the processing of data, TaxTeam CONSULTING will communicate to each recipient to whom the data has been transmitted the respective limitation, unless such communication proves impossible or implies a disproportionate effort for TaxTeam CONSULTING.
RIGHT TO PORTABILITY OF PERSONAL DATA
The data subject has the right to receive the personal data concerning him/her and which he/she has provided to TaxTeam CONSULTING, in a structured format, in common use and automatic reading, and the right to transmit that data to another controller, if :
· Treatment is based on consent or a contract to which the data subject is a party; and
· The treatment is carried out by automated means.
The portability right does not include inferred data or derived data, i.e., personal data that is consequently generated by TaxTeam CONSULTING or as a result of the analysis of the data being processed. The data subject has the right to have personal data transmitted directly between controllers, whenever technically possible.
RIGHT TO OBJECT
The data subject has the right to object at any time, for reasons related to his particular situation, to the processing of personal data concerning him/her based on the exercise of legitimate interests pursued by TaxTeam CONSULTING or when the treatment is carried out for purposes that are not those for which personal data were collected, including the definition of profiles, or when personal data are processed for statistical purposes.
TaxTeam CONSULTING will cease processing the data subject’s data, unless it presents compelling and legitimate reasons for such treatment that prevail over the interests, rights and freedoms of the data subject, or for the purposes of declaring, exercising or defending a right of TaxTeam CONSULTING in a judicial process.
When the data subject’s data are processed for the purposes of direct marketing (marketing), the data subject has the right to object at any time to the processing of data concerning him/her for the purposes of said marketing, which covers the definition of profiles to the extent that it is related to direct marketing. If the data subject opposes the processing of his/her data for the purpose of direct marketing, TaxTeam CONSULTING stops processing the data for that purpose.
The data subject also has the right not to be subject to any decision taken exclusively on the basis of automated processing, including the definition of profiles, which has an effect on its legal sphere or which significantly affects it in a similar way, unless the decision:
· It is necessary for the conclusion or execution of a contract between the data subject and TaxTeam CONSULTING;
· It is authorized by legislation to which TaxTeam CONSULTING is subject; or
· It is based on the explicit consent of the data subject.
PROCEDURES FOR THE EXERCISE OF DATA SUBJECTS’ RIGHTS
The right of access, the right of rectification, the right of elimination, the right to limitation, the right to portability and the right to opposition can be exercised by the data subject by contacting TaxTeam CONSULTING and filling out the respective form.
TaxTeam CONSULTING will respond in writing (including by electronic means) to the data subject's request within a maximum period of one month from receipt of the request, except in cases of special complexity, in which this period may be extended up to two months.
If the requests submitted by the data subject are manifestly unfounded or excessive, namely due to their repetitive nature, TaxTeam CONSULTING reserves the right to charge administrative costs or to refuse to proceed with the request.
PERSONAL DATA BREACHES
In the event of a data breach, and insofar as such breach is likely to imply a high risk to the data subject's rights and freedoms, TaxTeam CONSULTING undertakes to report the breach of personal data within 72 hours to the Supervisory Authority – CNPD.
Under legal terms, communication to the data subject is not required in the following cases:
· If TaxTeam CONSULTING has applied adequate protection measures, both technical and organizational, and these measures have been applied to the personal data affected by the personal data breach, especially measures that make the personal data incomprehensible to any unauthorized person to access those data, such as encryption;
· If TaxTeam CONSULTING has taken subsequent measures to ensure that the high risk to the data subject's rights and freedoms is no longer likely to materialize;
· If the communication to the data subject implies a disproportionate effort for TaxTeam CONSULTING. In that case, TaxTeam CONSULTING will make a public communication or take a similar measure through which the data subject will be informed.
C. FINAL NOTES
APPLICABLE LAW AND JURISDICTION