At Metro-Mondego, S.A. we are prepared to apply the General Regulation of Data Protection (GDPR).
We summarize here the most relevant information on our performance, in terms of treatment of personal data, in light of the GDPR.
1. WHO IS RESPONSIBLE FOR COLLECTING AND PROCESSING DATA?
The Company Metro-Mondego, S.A. – here in after MM – is the entity responsible for collecting and processing personal data and may, within the scope of its activity, make use of subcontractors for the purposes indicated herein.
2. WHAT DATA DO WE PROCESS?
Personal data (the “data”) consists of information relating to a natural person identified or identifiable.
We only process the data provided by you.
3. ON WHAT LEGAL BASIS DO WE TREAT PERSONAL DATA?
We only process personal data under a legal provision that allows it. In particular, we process your personal data within the premises of article 6 of the GDPR, and based on the your consent, pursuant to Article 7 of the GDPR.
4. FOR WHAT PURPOSES IS PERSONAL DATA PROCESSED?
Personal data are only processed for the purposes permitted by the data protection legislation, in particular:
• Purposes that you have previously approved;
• Treatment within the scope of the execution of a Contract (when applicable);
• Compliance with legal obligations to which we are bound;
• Safeguarding legitimate interests, if your interests do not overlap in the individual case;
• Proposition, processing and contestation of lawsuits;
• Purposes related to general public interest;
• Marketing and advertising, particularly direct marketing.
5. HOW LONG DO WE STORE YOUR DATA?
In accordance with article 17 of the GDPR, we will only store your data for the period of time strictly necessary for the respective processing purposes. In case we treat certain data with various purposes, they will be deleted or stored in a format that does not allow conclusions to be drawn about your identity, as soon as you extinguish the last specific purpose.
As a rule, as a result of regulatory obligations on storage and documentation, we will keep your data for a period of ten years.
If there is a legal obligation to maintain a file, such as records and supporting documents for tax-relevant transactions under the tax law, we will be able to store data for up to twelve years.
6. HOW IS YOUR DATA PROTECTED?
We will process your data in line with the security requirements in the processing of data provided for in article 32 of the GDPR. To this end, we have implemented measures to technical and organizational protection, in accordance with recognized international standards in area of Information Technologies, and subject to continual review. This way, we ensure that your data is always protected against processing misuse or any other prohibited form of treatment.
7. WHO DO WE SHARE YOUR DATA WITH?
We will only communicate your personal data in the following cases:
• To third parties, such as the Tax Authority, Judges and Courts, Regulators and Criminal Investigation Authorities, in compliance with the legislation in force.
• To service providers that act as data processing subcontractors, with full guarantee of compliance with GDPR rules.
8. YOUR RIGHTS AS A DATA OWNER AND IN PARTICULAR YOUR RIGHT TO SUBMIT A COMPLAINT TO THE COMPETENT CONTROL AUTHORITY
8.1 Rights of data subjects
• Right of access (Article 15 GDPR): you may, at any time, request information from us about what data we store about you. This information concerns, among others, the categories of processed data, the purposes of this treatment, the origin of the data in the case that they have not been collected directly, and the recipients to whom they may be transferred, if applicable. You may also request a free copy of said data.
If you want additional copies, these may be charged.
• Right of rectification (Article 16 GDPR): you can request the rectification of your data, adequate measures are taken to ensure the updating, correction and accuracy of the data object of treatment, through the most current information provided to us.
• Right to erasure (Article 17 GDPR): you can request the erasure of your data, provided that the legal requirements are met. For example, it may be the case, according to the Article 17 GDPR:
• If the data is no longer necessary in relation to the purpose for which were collected or treated;
• If you withdraw your consent, on which the data processing was based, and no other legal grounds for the treatment subsist;
• If you object to the processing of your data and there is no other grounds of legitimacy, or if you object to the processing of your data for direct marketing;
• If the data have been processed without legal basis, unless the treatment is necessary for:
• Compliance with legal or regulatory obligations that imply the treatment of that data;
• Compliance with legal document conservation obligations;
• Proposition, management or defense against legal or judicial actions.
• Right to limitation of processing (Article 18 GDPR): you may restrict the processing of your case data:
• Dispute the accuracy of your data, for the period that allows us to verify this accuracy;
• The treatment does not find a legal basis and opposes the erasure of your data, requesting, instead, the limitation of its treatment;
• Their conservation for the purposes for which they were collected or treated no longer necessary, but this is in your interest with a view to the possible proposal, management or defense against legal or judicial claims;
• Oppose your treatment during the legitimacy validation process processing based on legitimate interest.
• Right to data portability (Article 20 GDPR): at your request, we will provide a copy of your data or, as far as it is technically feasible, we will transfer the same to another Controller specified by you (e.g. another bank). This right is, however, limited to data processed on the basis of your consent or that are necessary for the performance of a contract.
• Right of opposition (art.º 21.º RGPD): you can oppose, at any time, the processing of data that finds a basis of legitimacy in your consent or in our or a third party's legitimate interest. In these cases, we will cease this treatment, unless it is possible to demonstrate a legitimate reason for this processing prevails over your interests or if the respective data are necessary for the filing, management or defense against legal or judicial claims.
8.2 Deadline for responding to requests to exercise rights by data subjects
It is our commitment to respond to any requests within a maximum period of 30 days. This one period may be longer for reasons related to the specific right to be exercised or the complexity of the order.
8.3 Restrictions on the provision of information regarding requests for exercise of rights of data subjects
In certain situations, it may not be possible to provide information about all your data as a result of legal obligations. When we are prohibited from complying with the your request, we will inform you of the reasons for doing so.
8.4 Complaint to a supervisory authority
Metro-Mondego, S.A. takes its rights seriously and concerns. However, if you understand that your requests and concerns, you may file a complaint with an enforcement authority control.
9. COOKIES POLICY
Metro-Mondego, S.A. adopts different security mechanisms and procedures and follows the best practices in terms of information security in the systems that support the services it provides and that store and process users' personal data, namely the use of firewalls and intrusion detection systems, existence of restricted access (physical and logical).
The cookies used do not contain personal or user-identifying data.
9.1 What are “cookies”?
"Cookies" are small text files that are stored on devices accessed through the browser (browser), retaining only information related to preferences, not including, as such, personal data. They serve to help determine the usefulness, interest and number of uses of websites, allowing for faster and more efficient navigation, eliminating the need to repeatedly enter the same information.
9.2 How can you manage cookies?
At any time, the user may, through their internet browser, decide to be notified of the receipt of “cookies” and/or block their entry into their system. Refusing to use "cookies" on the site may result in the impossibility of accessing some of the areas or receiving personalized information.
By disabling "cookies", you can prevent some web services from working properly, affecting, in part or in full, the navigation on the website.
Rua de Olivença, n.º 11, 1.º andar, 3000-306, Coimbra