Privacy Policy

This Privacy Policy will help you better understand how we collect, use and share your personal information. Any additional questions? We are just a message away.

Privacy and its protection are important to us.

Privacy and its protection are important to us. Privacy and protection of personal data represent a firm commitment for Bússola Diligente, which acts in compliance with its legal obligations, in particular those resulting from the application of the new General Data Protection Regulation (GDPR), Regulation 2016/679 of 27th April 2016. ("GDPR").
The protection of citizens regarding the processing of Personal Data is a basic right, therefore, your privacy is important to us. For this reason, we clarify what Personal Data we collect, for what purposes we use it, what principles guide this use and what rights the data holders possess.
Bússola Diligente offers a wide range of products, hence, references to products in this statement include services, websites, applications, software, servers, and devices.

  1. Entity Responsible for Data Processing

The entity responsible for processing your data is Bússola Diligente - Consultoria, Lda, with its registered office at Rua do Feirapark, Nº 50, 4520-632 São João de Ver, municipality of Santa Maria da Feira, Portugal with the single registration number at the Companies Register and corporate taxpayer number 515 763 314 ("Bússola Diligente"), and can be contacted through the following e-mail address: info@affereo.com.

 

 

  1. Subcontractor

As a subcontractor, Bússola Diligente pledges to comply with the privacy and personal data processing agreements contracted with the entities responsible for data processing.

 

 

  1. Personal Data

Personal Data comprise any information, of any nature and in any format, concerning an identified or identifiable individual (referred to as the "data holder"). An identifiable individual is one who can be identified, directly or indirectly, in particular by a name, an identification number, a location data, an electronic identifier or other specific elements of that individual’s physical, physiological, genetic, mental, economic, cultural or social identity.

 

As part of its activity, Bússola Diligente will process data from customers/users, individuals, to whom the data pertain and who have used the services or products of Bússola Diligente.

 

 

  1. Categories of Processed Personal Data

Bússola Diligente processes personal data of different nature and sensitivity, as well as the purpose associated with the processing of such data, such as personal identification data, including: name, e-mail address, telephone number, civil identification number and/or passport and taxpayer number, payment data.

 

 

  1. Fundamentals of Data Processing

Bússola Diligente only processes personal data where at least one of the following situations applies:

 

    1. Consent

      When you have provided your explicit - in writing, orally, or through validation of an option - and prior consent, moreover, if that consent is free, informed, specific, and unambiguous. Examples include consent to analyse service usage and consumer profile in order to recommend media content, target advertising, or send communications about Bússola Diligente’s products and services;

      or

       

    2. For contract execution and pre-contractual diligence

      When the processing of personal data is necessary for the conclusion, execution and management of the contract signed with Bússola Diligente, such as data for the preparation of a service or information bid, contact data, information and requests, invoice data, billing and payment data;

      or

       

    3. For fulfilment of legal obligation

      When the processing of personal data is necessary to comply with a legal obligation to which Bússola Diligente is subject, for example, the communication of identification data or the use of communications services to police, judicial, tax or regulatory entities, or of location data to ensure emergency services, or of images from video surveillance systems;

      or

       

    4. Where there is legitimate interest

      When the processing of personal data corresponds to a legitimate interest of Bússola Diligente or a third party, such as the processing of data for improving service quality, ensuring network and service security, fraud detection, and when our reasons for their use should prevail over your data protection rights;

       

Consent regarding minors

It is safeguarded that when processing the personal data of minors, which may be subject to prior consent, Bússola Diligente will require that consent be given by the holders of parental responsibilities.

 

 

  1. Data Holders' Rights

Bússola Diligente ensures data holders the exercising of their rights, under the terms of the applicable legislation in the field of personal data protection, namely:

 

    1. Right of access: the holder has the right to obtain confirmation as to whether or not personal data concerning them are being processed and, in which case, the right to access their personal data.

       

    2. Right to rectify: the holder has the right to request at any time the rectification of their personal data as well as the right to have incomplete personal data completed, including by means of an additional statement.

       

    3. Right of removal: the holder has the right to have their data removed when one of the following applies: (i) the holder's data are no longer necessary for the purpose for which they were collected or processed; (ii) the holder withdraws the consent on which the data processing is based and there is no other legal ground for the processing; (iii) the holder opposes the processing under the right to object and there are no overriding legitimate interests justifying the processing; (iv) if the holder's data are unlawfully processed; (v) if the holder's data must be deleted in order to comply with a legal obligation to which Bússola Diligente or a subcontractor is subject. Under the applicable legal terms, Bússola Diligente is not obliged to erase the data of the holder to the extent the processing is necessary for compliance with a legal obligation to which it is subject or for the purposes of declaration, practice or defence of a right in a legal proceeding.

       

    4. Right to limitation: the holder has the right to obtain the limitation of the processing of their data if one of the following applies: (i) if they contest the accuracy of the personal data, for a period that allows its accuracy to be verified; (ii) if the processing is unlawful and the holder opposes the removal of the data and instead requests limitation of their use; (iii) if the data for processing purposes are no longer needed, but that data are required by the holder for statement purposes, practice or defence of a right in a legal proceeding.

       

    5. Right of portability: the holder has the right to receive personal data concerning them in a structured, commonly used and in an automatic reading format, and the right to transfer such data to another processing person if: (i) the processing is based on consent or on a contract to which the holder is a member, and (ii) the processing is performed by automated means.

       

    6. Right to object: the holder has the right to object at any time, for reasons related to their particular situation, to the processing of personal data concerning them which is based on the exercise of legitimate interests pursued or where the processing is carried out for purposes other than those for which the personal data were collected.

 

 

  1. Submission of complaint to CNPD

The holder may complain directly to the Autoridade Nacional de Controlo de Dados Pessoais, which in Portugal is the Comissão Nacional de Proteção de Dados (CNPD), using the contacts provided by this entity for this purpose (at www.cnpd.pt).

 

 

  1. Personal Data Conservation Period

Personal data are only kept for the period of time necessary to carry out the purposes for which they were processed.

Bússola Diligente will comply with the maximum conservation periods legally established without damage, the data may be kept for longer periods, to fulfill distinct purposes that may subsist, applying the appropriate technical and organisational measures.

 

 

  1. Data Transfer to Third Parties

Your data may be conveyed to subcontractors so that they process them in the name and on behalf of Bússola Diligente. In this case, Bússola Diligente will take the necessary contractual measures to ensure that the subcontractors respect and protect the holder's personal data.

The data can also be conveyed to third parties (entities other than Bússola Diligente or the subcontractors), such as companies in Bússola Diligente’s Group, companies with which Bússola Diligente develops partnerships, or even entities to whom the data must be communicated by law, such as the Autoridade Tributária, police authorities, regulatory authorities, courts, governmental bodies or other public authorities, including emergency services.

 

 

  1. Privacy Disclaimer

Holders have the right to lodge a complaint with the Comissão Nacional de Proteção de Dados (CNPD) in case of violation of the applicable rules regarding the protection of their Personal Data.

In case of personal data breach, Bússola Diligente notifies the CNPD, whenever possible within 72 hours after becoming aware of it, unless the personal data breach is not likely to result in a risk to the rights and freedoms of individuals.

Any subcontractor of Bússola Diligente is obliged to notify the processing responsible without undue delay after becoming aware of a personal data breach.

 

 

  1. Security measures

Taking into account the principle of proportionality and appropriateness, security, implementation costs and the nature, scope, context and purposes of the processing, as well as the probability risks, Bússola Diligente applies appropriate technical and organisational security measures to ensure a level of security of personal data that is appropriate to the risk, such as:

 

    • The limited, differentiated and traceable access to personal data;
  •  
    • Platform authentication mechanisms that enforce:
      1. authentication with a personalised password by the holder himself;
      2. secure communications, encrypted conveyed information;

 

    • Use of firewall and intrusion detection systems in your information systems;
  •  
    • Application of access control procedures, using differentiated access profiles and based on the need-to-know principle;
  •  
    • Record of actions performed on information systems containing personal data (login);
  •  
    • Backup plan;
  •  
    • Installation, maintenance and management of antivirus and firewall systems;
  •  
    • Pseudonymisation of personal data;
  •  
    • Access control to physical facilities;
  •  
    • Automatic fire and intrusion detection system;
  •  
    • Implementation of training and/or awareness-raising activities on information security and data protection.

 

 

  1. Update

We recommend that you periodically check our Privacy Policy to stay informed about how Bússola Diligente protects your Personal Data and stay up to date on information and rights that you are entitled to.

 

 

Last updated: September 2023