The holders of personal data treated by Made2web may be customers, employees, candidates, suppliers, service providers or any third person with whom Made2Web relates to in its business activity.
The rules and procedures referred to in this policy may be further elaborated in other internal policies.
These changes must be notified by Made2Web to its employees, data holders and other recipients through the following means of communication:
- Collaborators: communication via e-mail and display in the workplace;
Made2Web is committed to the confidentiality and protection of the personal data of its Customers, Employees, Service Providers and Suppliers, under the legal terms and in compliance with the General Data Protection Regulation (GDPR). Made2Web may, by automated or non-automated means, collect, register, organize, maintain, adapt, change, retrieve, query, use, disseminate by transmission or otherwise dispose of, erase or destroy data. Made2Web will collect and process personal data for specific, explicit and legitimate purposes and can not further process data in an incompatible way for its purposes.
Only the necessary data will be collected in order to fulfill the described purposes and will be kept only as needed and updated.
Personal data must be kept for a predefined or definable period of time, taking into account the purposes of the treatment and must be eliminated or perfectly anonymised after the storage period.
Made2Web will use a system review and systematic updating of the personal data present in its own systems, as well as those of third parties with whom it relates to as responsible for the treatment, co-responsible or subcontractor.
Made2Web is obliged to use internal security systems and procedures and the protection of the personal data of its Customers, Employees, Service Providers and Suppliers that guarantee its integrity and confidentiality.
Made2Web undertakes to maintain a fair and transparent treatment of the personal data in its possession.
Processing of personal data is governed by the Data Protection Act that is internally approved and by the General Data Protection Regulation will 2016/679 (o "GDPR"), or other applicable law.
Made2Web uses the personal data provided by its Clients, Employees, Service Providers and Suppliers of other data holders with whom it relates in the scope of its professional activity, in order to comply with contractual obligations.
The data generally collected from our Clients are, among other possible, the name of the contact person, address, email, telephone contact, tax identification number and IBAN. The data usually collected by our collaborators are, among others, possible:
Other data may be collected from our customers and employees if necessary and will receive treatment in accordance with all legal obligations.
In accordance with legal and regulatory requirements regarding data protection, Made2Web guarantees that the holders of personal data may exercise their rights with respect to the way in which their personal data are processed and preserved. Data holders should contact Made2Web through the contacts below made available for this purpose and these requests will be forwarded in accordance with legal requirements.
Made2Web may, prior to processing the request, verify the identity of the applicant, if it has doubts as to the identity of the person who submitted the request.
Requests for the exercise of rights will be answered without undue delay and within a maximum period of one month from the date of receipt of the request. In view of the high complexity of the request or the number of requests made, the response period may be extended to two months. If the response period is extended, Made2Web will inform the data subject, within a maximum of one month from the date of receipt of the request, of the reasons for the delay in responding to the request. Made2Web seeks to respond to all requests and all will be analyzed in order to verify that your satisfaction is in compliance with the applicable legal and regulatory requirements. Where there is a legal and/or regulatory framework that prevents the data subject from exercising a right that he has invoked, Made2Web reserves the right not to accede to the request. In such situations, Made2Web shall communicate to the data subject, within a maximum period of one month from the date of receipt of the request, the reasons why the application will not be satisfied and the possibility to complain to a supervisory authority and to bring legal proceedings will be provided.
When the applications submitted are manifestly unfounded or excessive, Made2Web still reserves the right to require payment of a reasonable fee taking into account the administrative costs of providing information or communication or taking the requested action. The rights that may be invoked are set forth in the following points as defined in the applicable legal and regulatory rules, dully noting their main features. Made2Web provides preferred means of communication to invoke them. Requests for invocation of Made2Web Employees rights, within the scope of their professional relationship, must be sent via email to firstname.lastname@example.org. For situations that are not contemplated in the following sections, the data subject may invoke his right through one of the channels presented in the Contacts section.
1. The right of access
At any time, you may contact Made2Web to request confirmation of whether or not personal data concerning you is being processed by Made2Web, as well as to be informed of the personal data in question, the reasons justifying the treatment information on the addressees to whom the personal data have been or will be disclosed, on available information on their origin and, if possible, on their storage period. If you request it, you may receive a copy of the personal data being processed.
2. The right to fix and update your data
The data subject may, regardingthe purposes of the treatment, correct their personal data if they are incorrect or incomplete, as well as update them, whenever they are outdated.
3. The right to delete data ("right to be forgotten")
Every data subject has the right to request the deletion of personal data whenever it is found, for example, that they are no longer necessary for the purpose for which they were collected or processed, or when the data subject withdraws his consent, where it is applicable, provided that there is no other legal basis for such treatment, prevailing legitimate interests justifying treatment or processing necessary for the purpose of declaring or defending a right in legal proceedings.
Made2Web will review the request and, being considered valid under applicable legal and regulatory standards, will confirm whether the data has been deleted or the reason why it was not possible.
4. The right to limit the processing of your data
The data subject may request the limitation of the processing of their data, in compliance with one of the following legal conditions:
With the exception of conservation, where treatment has been limited, personal data will only be processed by Made2Web with the consent of the holder for the purposes of declaring, exercising or defending a right in a judicial process to defend the rights of another person singular or collective, or for weighty reasons of public interest. In case of cancellation of the limitation granted to the processing of personal data, Made2Web will inform the data subject in advance.
5. The right to object to the processing of your data
The holder of the personal data has the right to request at any time that Made2Web ceases the processing of their personal data. After receiving your request, Made2Web will review the request and, being considered valid in the light of the applicable legal and regulatory rules, Made2Web will terminate the treatment in question. If no decision is taken as to the feasibility of the request within a maximum of one month, Made2Web will suspend the treatment or treatments concerned as far as possible until the final decision is taken.
6. Consent and denial of consent
Em geral, a Made2Web trata os dados pessoais dos titulares nos seguintes contextos, tendo em vista as seguintes finalidades e fundamento legais:
7. The right to data portability
The holder of the personal data has the right to request that Made2Web transfers or delivers in a structured format, in current use and automatic reading, the personal data of the holder whenever they are in the possession of Made2Web, under the applicable legal terms, and whenever the processing of data is done by automated means and is based on your consent or is necessary for the performance of a contract in which the holder is a party or for pre-contractual procedures at the request of the data subject. in which case it is feasible to do so within one month of receiving it.
Made2Web shall refuse requests for portability whenever they impair the rights and freedoms of third parties, or if there is another limitation established in applicable legal or regulatory standards.
8. The right to make a complaint
The data holder may, if he considers that his data has not been processed in accordance with the legal provisions, lodge a complaint with the supervisory authority.
At present, the supervisory authority for data protection purposes in the Portuguese territory is the National Data Protection Commission ("CNPD"), to whom any doubts or complaints may be presented, should you verify the non-compliance with norms regarding the protection of personal data.
CNPD may be contacted in the following ways:
Information Request Form:
Formulário de apresentação de queixas/reclamações:
Rua de São Bento n.º 148-3º 1200-821 Lisboa
Tel: +351 213928400 / Fax: +351 213976832
Em geral, a Made2Web trata os dados pessoais dos titulares nos seguintes contextos, tendo em vista as seguintes finalidades e fundamento legais:
In the course of recruitment processes for Employees, Made2Web will only ask the candidates for the data strictly necessary for the purposes of the recruitment process, ensuring that the information legally owed to the candidate is communicated.
- Execution of the employment contract and fulfillment of obligations as an employer
Made2Web treats its Employees' data in order to perform the employment contract or the fulfillment of their legal obligations as an employer, namely to carry out the salary processing, to fulfill obligations related to health, safety and hygiene at work, medicine at work, etc.
This information will be collected in person or via e-mail, provided by the employee and stored in Made2Web's computer system and paper files. The identification and contact details of employees can be sent to entities subcontracted by Made2Web, always with the guarantee of compliance with the applicable legal and regulatory rules.
Any data of special category will be treated in strict compliance with the applicable legal and regulatory norms, and should not be, in particular, collected or used by a person that does not have access to the data. Technical and organizational measures are in place to ensure the segregation of data access.
By legal obligation, Made2Web shall retain the data of its Employees even after the termination of the contract until the legal rights and obligations have prescribed.
At the signing of the employment contract all employees must sign a confidentiality agreement, undertaking not to disclose any information they have access to during their duties, especially personal data of others, and to comply with this policy, in accordance with the applicable terms at any time as a result of any change made to it.
In the course of the training provided to its Employees, Made2Web may collect, in addition to the identity of the trainees, information regarding the training received by them.
In the context of the training actions, the names of the Employees may be transmitted to providers of the training services contracted by Made2Web.
- Work medicine and hygiene and safety
In accordance with the applicable legal and regulatory rules, employees must be assured of the guarantees provided in occupational health and safety and hygiene (HST). In this context, identification and health data is collected on Employees, and data collection and processing must be carried out in accordance with the law.
The data collected is recorded on a medical record and can be requested by a health authority of the HST.
This information may be collected and processed by providers of occupational health and safety services contracted by Made2Web, always in strict compliance with the applicable standards.
Made2Web ensures the full compliance with all requirements for the processing of personal data for health and safety at work.
In the context of the execution of some insurance contracts legally obligatory or that Made2Web, as policyholder, offers to its employees, personal data of a special character of the employees may be communicated as secure persons and their beneficiaries. Such communications shall be made directly from the employees to the insurance undertaking with which the insurance contract is entered into.
In the execution of insurance contracts which do not require the transmission of special category data, Made2Web may, where appropriate, intervene in the processing of data, always in accordance with the principle of minimization of treatment.
- Use of telephone and computer equipment
Made2Web may make available to its employees the use of computer and telephone equipment, whenever this is justified and necessary for the normal performance of their duties. The use of these equipments, owned by Made2Web, will be limited to professional purposes.
If the equipment provided is or may be subject to monitoring by the operator or supplier company, such treatment must be communicated to the employee on the delivery of the equipment.
Such monitoring will be preceded by due legal and regulatory analysis, as well as prior impact analysis.
- Other Employees Communications
Made2Web may collect identification and contact information for purposes unrelated to the provision of work or services in question. This is justified by valid purposes and grounds of lawfulness. The collection and processing of identification and contact data to congratulate or support employees in personal situations, such as the celebration of birthdays or marriages or for support in the event of death of the employee's relative may be made based on the prior consent of such employee for the purpose of making communications of personal scope.
- Access Controls
Made2Web may collect and process identification data or record video surveillance images in its own premises, for the purpose of access control or criminal prevention, based on Made2Web's legitimate interests.
In any case, the treatment of such data for the purposes indicated should be preceded by legal analysis and prior impact analysis, and all measures should be taken to comply with the legal and regulatory rules in force.
In the development of its business, Made2Web also processes personal customer data necessary for contractual performance and/or compliance with legal obligations, in order to manage the contractual relationship, including, but not limited to, registration as a new Customer, the sending of communications for the purposes of execution and contractual management and/or marketing campaigns, when this is consented by the Customer, the response to any communications sent by mail, telephone, email or other means, as well as the management and collection.
The use of the data provided by these owners is generally done in the context of the contractual relationship and for the performance of the contract or for the fulfillment of a legal obligation that Made2Web is subject to.
At the signing of the contract, the Employees, Suppliers or Service Providers will sign a confidentiality agreement, agreeing not only to disclose any information they have access to during the contractual relationship with Made2Web, in particular personal data of other holders, but also to comply with this Policy, in accordance with the applicable terms at any time as a result of any change that is made.
In some cases, the data of these holders will be kept after the termination of the contractual link, in which case the holder will be informed, at the time of collection, of the periods or the criteria under which they may be identified.
Made2Web may need to share your personal information with third parties who act on your behalf or provide you with services. Your personal information will be kept secure at all times and will only be shared with such third parties when strictly necessary. Your personal data may, in particular, be disclosed to the following entities:
For contractual reasons, Made2Web holds some of your personal data, namely for the management of the contractual relationship. This means that we are responsible for the treatment we give them.
Personal data is kept in strict compliance with the legal provisions or for the indispensable period for the satisfaction of the purpose that motivated their collection and treatment, in the course of the activity carried out by Made2Web.
Made2Web complies with all legal obligations, also with respect to the conservation and updating of personal data. The storage and destruction of data is carried out safely. The data collected is only used when strictly necessary and is protected from loss, misuse, unauthorized access or exposure.
Made2Web ensures the security of your data and the fulfillment of all legal obligations in case of a security breach.
To guarantee the security of personal data, Made2Web has implemented a set of measures and technical and technological procedures.
Made2Web will use a range of data security controls, defined according to your business needs and security policies, and will actively monitor these controls to detect failures or violations, including review of authorizations for access to personal data, owned or third partied, by the owners of the personal data and the employees of Made2Web.
If we need to process your data for a new purpose, not covered by this document, Made2Web will send you a notification explaining the reason and conditions of treatment.
Made2Web will not transfer personal data outside the European Union or to any international organization without adequate safeguards being in place to ensure that personal data is kept secure, such as Data Protection Clauses or Adequacy Decisions from the European Union Commission.
Telephone: +351 214106747
Telephone: +351 214106747