Data Protection, Privacy and Information Security Policy.

Commitment to Data Protection, Privacy and Information Security

CIPADE complies with all applicable Community and national legal rules in the field of data protection, privacy and information security.
Within the scope of the Personal Data Protection and Information Security System, CIPADE seeks to ensure regulatory compliance and the demonstration or demonstration of institutional responsibility in terms of data protection and information security, implementing all the technical and organizational measures necessary to compliance with the legal data protection regime in force.
In this context, CIPADE also undertakes a commitment to the confidentiality and confidentiality of the personal data of which it is responsible for processing, in accordance with this data protection and privacy policy. Thus, it ensures compliance with all applicable rules in matters of confidentiality and secrecy, also requiring it from all its employees or suppliers, as well as the adoption of behaviors and the implementation of the necessary measures to the same degree of compliance, ensuring that persons authorized to process personal data have assumed a confidentiality commitment or are subject to appropriate legal confidentiality obligations.

Definitions

«Personal data»

«Personal data», means information relating to an identified or identifiable natural person ("data subject"); an identifiable person is a person who can be identified, directly or indirectly, in particular by reference to an identifier. Personal identifiers are considered, for example, a name, an identification number, location data, identifiers electronically or one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

«Processing of Personal Data»

«Processing», means an operation or a set of operations carried out on personal data or on personal data sets, by automated or non-automated means, such as the collection, registration, organization, structuring, conservation, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, diffusion or any other form of availability, comparison or interconnection, limitation, erasure or destruction.

«Cookies»

«Cookies» are small text files with information considered to be relevant that the devices used for access (computers, mobile phones or portable mobile devices) load, through the internet browser (browser), when an online site is visited by the Customer or User.

Entity Responsible for Treatment

CIPADE - INDUSTRIA E INVESTIGAÇÃO DE PRODUTOS ADESIVOS, SA, headquartered at Avenida 1º de Maio, 518, in S. João da Madeira, registered at the Commercial Registry Office of S. João da Madeira, under the unique registration number and Legal Person 500217718, with a share capital of 3,000,000 euros, in this document referred to as CIPADE, is the entity responsible for the online sites www.cipade.com and for the computerized applications, hereinafter referred to as channels or applications, through which Users, Service Recipients or Customers have remote access to CIPADE's services and products that are presented, marketed or provided, at any time, through them.

The use of channels or applications by any User, Service Recipient or Customer may involve the performance of operations for the processing of personal data, whose protection, privacy and security by CIPADE, as the entity responsible for the respective treatment, is ensured, in accordance with the terms of this Data Protection and Privacy Policy.

Data Controller Responsible Contacts

For the purpose of contacting the CIPADE Data Protection Officer, please send an email to geral@cipade.com, describing the subject of the request and indicating an email address, a telephone contact address or a mailing address.

Collection and Processing of Personal Data

CIPADE processes personal data that is strictly necessary for the provision of information and the operation of its channels, according to the uses made by Users, Service Recipients or Customers.

For this, CIPADE collects such personal data:
- Directly from Users or Recipients who provide them for the purposes of registering orders or obtaining information;
- Directly from Customers for the purpose of subscribing to those channels or through the use of services provided by CIPADE, such as access, consultations, instructions, transactions and other records related to their use.

In particular, the use or activation of certain features of the channels s may imply the treatment of several direct or indirect personal identifiers, such as name, home address, contacts, device addresses or geographic location, whenever the User, Service Recipient or of the customer.

The personal data collected by CIPADE are processed automatically, in certain cases in an automated way, including the processing of files or the definition of profiles and within the scope of the management of the pre-contractual, contractual or post-contractual relationship with the Users, Recipients of the Service or Clients, in accordance with the national and community rules in force.

Categories of processed personal data

The categories or types of personal data subject to treatment may be, among others that may prove necessary and are legitimately collected, the following: full name, taxpayer number, civil identification number, marital status, sex, date of birth, place of birth , address (es), locality (s), postal code (s), country, country code, telephone contacts, e-mail addresses, name of the company where you work, etc.

In all cases, Users, Service Recipients or Customers will always be informed of the need to collect such data to access the functionalities of the channels in question.

Fundamentals of Legitimacy

All data processing operations carried out by CIPADE are based on legitimacy, namely, the consent of the data subject, the need to execute a contract or pre-contractual steps with the data subject, as well as the need to comply with a legal obligation or legitimate interests pursued by CIPADE or by third parties.

Purpose of Treatment

All personal data processed within the scope of CIPADE channels are intended exclusively for providing information to Users, the management of the personal information of the Service Recipients considered necessary for the purposes of managing the relationship or communication, as well as for the provision of the services contracted by the Customers and, in general, the management of the pre-contractual, contractual or post-contractual relationship with Users or with Customers.

The personal data collected may, still and eventually, be treated for statistical purposes, for information dissemination or promotional actions and for commercial or marketing actions, namely to promote actions to disseminate new features or new products and services, through direct communication, whether by correspondence, by email, messages or telephone calls or any other communications service.

With the prior information and collection of express authorization always guaranteed, the Users or Customers can, at any time, exercise their right to oppose the use of their personal data for other purposes that go beyond the management of the contractual relationship, namely for marketing purposes, to send informational communications or to be included in lists or informational services, and, for this purpose, send a written request addressed to the Data Protection Officer of CIPADE, according to the procedures indicated below.

Data Retention Deadlines

Personal data will only be kept for as long as necessary for the purposes for which it was collected or further processed, ensuring compliance with all legal rules applicable to archiving.

Communication of Data to Other Entities

The provision of information or the provision of services by CIPADE to its Users, Service Recipients or Customers through the channels may eventually imply the use of services from third parties, including entities headquartered outside the European Union, for the provision of certain services, which may imply access by these entities to personal data of Users, Recipients of the Service or Customers.

In these circumstances and whenever necessary, CIPADE will resort only to subcontracted entities that present sufficient guarantees for the execution of adequate technical and organizational measures so that the treatment meets the requirements of the applicable rules, and such guarantees are formalized in a contract signed between CIPADE and each of these third parties.

Data Recipients

Except as part of the fulfillment of legal obligations, in no case will there be communication of personal data of Users, Service Recipients or Customers to third parties that are not subcontracted entities or legitimate recipients, and no other communication will be made for other purposes as well. different from those mentioned above.

International Data Transfers

Any transfer of personal data to a third country or an international organization will only be carried out within the framework of the fulfillment of legal obligations or guaranteed compliance with the applicable Community and national legal rules in this matter.

Security measures

Taking into account the most advanced techniques, application costs and the nature, scope, context and purposes of the treatment, as well as the risks, of probability and varying severity, for Users, Service Recipients or Customers, CIPADE and all entities that are its subcontractors apply the appropriate technical and organizational measures to ensure a level of safety appropriate to the risk.

For this purpose, several security measures are adopted in order to protect personal data against its dissemination, loss, misuse, alteration, treatment or unauthorized access, as well as against any other form of illegal treatment.

It is the exclusive responsibility of Users, Service Recipients or Customers to keep access codes secret, not sharing them with third parties, and, in the particular case of the computer applications used to access the channels, to maintain and preserve the access devices in security conditions and follow the security practices recommended by the manufacturers and / or operators, namely regarding the installation and updating of the necessary security applications, such as, among others, antivirus applications.

If there is a need to subcontract services to third parties that may have access to the personal data of Users, Service Recipients or Customers, CIPADE subcontractors will be obliged to adopt the security measures and protocols at the organization level and the measures of a technical nature necessary to protect the confidentiality and security of personal data, as well as to prevent unauthorized access, loss or destruction of personal data.

Exercise of the Rights of Personal Data Holders

Users, Recipients of the Service and CIPADE Customers may, as holders of personal data, at any time, exercise their data protection and privacy rights, namely the rights of access, rectification, deletion, portability, limitation or opposition to treatment, under the terms and with the limitations provided for in the applicable rules.

Any request to exercise data protection and privacy rights must be addressed, in writing, by the respective owner, to the Data Protection Officer, in accordance with the procedure and contact described below.

Complaints or Suggestions and Incident Reporting

Users, Service Recipients and CIPADE Customers have the right to file a complaint, either by registering the complaint in the Complaints Book, or by submitting a complaint to the regulatory authorities, as well as making suggestions via email. sent to the Data Protection Officer.

Incident Reporting
CIPADE has implemented an incident management system within the scope of data protection, privacy and information security.
If any User, Recipients of the Service or Customer intends to report the occurrence of any situation of violation of personal data, which causes, accidentally or unlawfully, the destruction, loss, alteration, disclosure or access, unauthorized, to personal data transmitted, kept or subjected to any other type of treatment, you can contact the Data Protection Officer.

Changing the Privacy Policy

In order to guarantee the respective updating, development and continuous improvement, CIPADE can, at any time, make changes, which are considered appropriate or necessary, to this Data Protection and Privacy Policy, being ensured its publication in the different channels. to ensure the respective transparency and information to Users, Service Recipients and Customers.

Express Consent and Acceptance

The terms of the Data Protection and Privacy Policy are complementary to the terms and provisions, in terms of personal data, provided for in the General Conditions of Use of CIPADE channels.
The free, specific and informed availability of personal data by the respective holder implies knowledge and acceptance of this Policy and constitutes an express authorization for its treatment, according to the defined rules.

Data Protection Officer

For the exercise of any type of data protection, privacy or information security rights or any matter relating to data protection, privacy and information security issues, Users, Service Recipients and CIPADE Customers may contact the Data Protection Officer by email geral@cipade.com, describing the subject of the request and indicating an email address, a telephone contact or a mailing address for reply.

CIPADE CIPADE
Sending