I – PRIVACY AND DATA PROTECTION
The privacy and the protection of the personal data of every user of the services provided by ADOC, i.e., clients, suppliers, partners, employees, contractors, homeowners, tenants, etc. (the “Data Subjects”), are key concerns of ADOC operation.
ADOC thus undertakes to guarantee that all their Data Subjects are aware at any given point in time of the rules and principles related to the processing and protection of personal data, employing every possible effort to ensure that such date is secure in accordance to the norms and procedures set forth in the applicable law, namely the General Data Protection Regulation and the Data Protection Law (Law nr. 67/29 of 26 October).
Therefore ADOC has adopted the best technical and organizational practices in order to protect the Data Subjects’ personal data against the loss, involuntary or unlawful deletion and undue modification as well as integrity breaches and unauthorized access and disclosure.
ADOC further recommends that the Data Subjects adopt additional security measures, such as the usage of equipment and programs that have been duly updated and set up, of malware protections and firewalls, and that the Data Subject exercise their judgement in deciding whether any given website presents sufficient guarantees of authenticity.
II – WHAT IS PERSONAL DATA
Personal data is defined as the data of any nature, and regardless of support, including sound and image, relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as an identification number, or any other one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
III – PURPOSES OF THE PROCESSING AND LEGAL GROUNDING
The data processed by ADOC are collected as a result of the pursuit of activities such as recruitment and human resources management, vehicle lending, billing, marketing, provision and supplying of services and goods, namely pertaining to the prospecting and marketing of real estate, client representation, architectural and speciality projects, licensing studies, project management, follow-up, supervision and direction of works and preparation of valuation reports and market studies.
These data may include identification data, such as identity document numbers and expiration dates – or copies of these documents, duly authorised by the corresponding holders – VAT numbers and Social Security numbers, capacity in which the Data Subjects act, signatures, names, e-mail addresses, telephone numbers, addresses, job positions, household composition, marital statuses, academic qualifications, IBANs and information on the contractual goals and interests of our clients.
Within the scope of the business relationships established by ADOC, it may act in ways which necessitate processing of personal data, with the following purposes, among others admissible by law:
- Administrative, commercial, employment, tax, accounting and billing management;
- Management of claims and suggestions;
- Contract execution, namely the sending of relevant data to the counterparty in a business relationship, including data on contract modification, products and services contracted, requests for authorization, payment of services, request for the issuing of documentation before any public and/or private entities;
- Projection of new supplies and services related to those previously contracted;
- Undertaking of studies directed at bettering service provision or supply of goods;
- Sending of information on new products or services similar to those previously contracted, which may be of the clients’ interest, via any media, including online, even after the termination of the business relationship;
- Observance of any legal obligations that ADOC may have to maintain and conserve documents;
- Advertising and invitation to any events, conferences and other occasions related with ADOC business, in which the Data Subjects may be interested on, based on their previously existing business relationship with ADOC.
By freely entering into a business relationship with ADOC the Data Subjects consent on the processing of their data for the purposes described above, without prejudice of their rights.
The processing of this data will always be conducted with the previous consent of the Data Subject, except when ADOC has any legal obligation to process any data.
V – DATA CONTROLLER
ADOC shall be the controller in the processing of the Data Subjects’ personal data, pursuant to section 4(7) of the General Data Protection Regulation, and it shall decide, in the context of the provision of services established between ADOC and the Data Subject, which personal data are to be collected, how they will be processed and the purposes for which they are used.
VI – RESPONSIBILITY FOR DATA DISCLOSED TO THIRD PARTIES
ADOC may, pursuant to its business and in the context of the services provided, subcontract any third parties for the pursuit of the purposes above mentioned and for the development and management of its information systems, which may imply that said third parties shall be granted access to the Data Subjects’ personal data. In such an event, ADOC shall undertake the appropriate measures to ensure that said third parties observe the highest technical, organizational and human guarantees to safeguard the integrity of the Data Subjects’ personal data.
Therefore, any and all Subcontractors contracted by ADOC are under the obligation, pursuant to the applicable law, as well as to an agreement executed with ADOC, to employ technical and organizational measures directed at ensuring the protection of personal data against destruction, accidental or unlawful, disclosure, modification, unauthorized access as well as any kind of unlawful processing. Any and all Subcontractors contracted by ADOC shall be bound to special duties of professional secret and confidentiality.
Aside from these instances, ADOC shall only divulge the Data Subjects’ personal data to Third Parties, when:
- It is obligated to do so by law, and only in the absolute measure of its legal duties; or
- In any instances expressly permitted by law, should the Data Subject expressly and specifically authorize such disclosure and is duly informed, by writing, of all the receivers of their personal data and the purpose of the processing of the disclosed data.
In any event ADOC shall remain liable for the personal data disclosed by the Data Subjects.
The provision of certain services by ADOC may necessitate the disclosure of some data outside of Portugal. In such case ADOC hereby declares that it shall strictly undertake to determine the receiving country as adequate for the purposes of data protection and the legal requisites applicable to such a transfer, in the applicable legal terms.
VII – TERMS OF THE COLLECTION OF PERSONAL DATA
ADOC shall only collect and process the personal data of the Data Subjects with their express consent, in accordance with each specific purpose of the processing at hand, pursuant to the GDPR and the Data Protection Law.
The consent given by the Data Subjects can be withdrawn at any moment, without cost.
Data Subjects are hereby made aware that, in last instance, they may always exercise their rights pertaining to the processing of their personal data by ADOC before the National Data Protection Committee (CNPD).
However, there are personal data that are indispensable to the provision of services by ADOC (mandatory data), and the Data Subjects shall be previously informed of that mandatory nature of the data and the consequences of the non-disclosure of such data.
Should the Data Subjects opt not to disclose mandatory personal data, or such data, if disclosed, is deemed insufficient, incorrect or out of date, ADOC may not be in a position to adequately provide the service(s) contracted, and the Data Subjects shall be wholly responsible for the insufficiency or inaccuracy of those data.
VIII – DATA RETENTION PERIOD
ADOC shall only retain the Data Subjects’ personal data for the period of time that is strictly necessary to allow for:
- The provision of services;
- The observance of ADOC legal obligations;
- The pursuit of the purposes of the collection and/or the processing;
- The exercise of the Data Subjects’ right and the observance of the legal obligations inherent to such exercise of rights.
Should the National Data Protection Committee (CNPD) authorize the retention of the Data Subjects’ personal data for longer than the term of the services provision agreement, pursuant to the specific purpose of the processing, the Data Subject shall always be duly informed of the purpose of the processing and the retention period in a timely fashion.
After the term of the retention period the Data Subjects’ personal data shall be eliminated by ADOC.
IX – RIGHTS OF THE DATA SUBJECTS PERTAINING THEIR PERSONAL DATA
Pursuant to the GDPR and the Data Protection Law, the Data Subject has, as the owner of the personal data, the rights of access, rectification, updating, and erasure of their personal data, without any cost.
In any of the cases above the Data Subject may exercise their legal rights by sending a written notice to ADOC for the e-mail address ADOC@ADOC.PT.
X – UNSOLICITED ELECTRONIC COMMUNICATIONS FOR THE PURPOSES OF DIRECT MARKETING
The Data Subjects’ contact details may be used by ADOC, should the former expressly Consent to it, for the purposes of direct marketing and promotion of the services made available by ADOC, under the applicable law.
Should the Data Subject be a legal person ADOC may send unsolicited electronic communications for the purposes of direct marketing pertaining goods and services provided by ADOC or by any company in its group, except if the Data Subject expressly declines such contacts in the future and sign up on a national list of legal persons who expressly oppose receiving unsolicited communications for the purpose of direct marketing, which is kept updated by the Consumer’s Bureau (Direcção Geral do Consumidor – DGC).
In any of the above cases the Data Subject shall have the right to expressly and without cost oppose to the reception of direct marketing communications via e-mail by ADOC, via written communication sent to the e-mail address ADOC@ADOC.PT.
XI – COOKIES
WHAT ARE COOKIES?
Cookies are small text files stored in the Data Subject’s computer via their internet browser, which store only information related to the user’s preferences (generic information), and as such do not include personal data.
The cookies used by ADOC observe the principles of anonymity and confidentiality and have as its sole purpose to recognize the user, and are not used in any instance for collecting information to identify the user or for direct marketing purposes. These cookies help ADOC website recognize the user’s device on their next visits.
WHAT IS THE PURPOSE OF COOKIES?
Cookies serve to aid with determining the utility, interest and number of uses of ADOC website, thus allowing for a faster and more efficient browsing, eliminating the need to repeatedly input the same information.
WHAT KINDS OF COOKIES ARE USED BY ADOC?
The cookies used by ADOC have different functions and are defined as thus:
- Strictly necessary cookies (essential): allow for website browsing and use of its applications, as well as to access the secure areas of the website. Without these cookies the Services subscribed to by the Data Subjects cannot be provided. Some cookies are essential to access specific areas of the ADOC website.
- Analytical cookies: performance cookies with the purpose of ascertaining which pages are the most popular, what links are the most effective, as well as to determine why some pages may be getting error messages. These cookies are used solely for the purposes of statistical creation and analysis, and never collect personal data.
- Functionality cookies: store the user’s preferences pertaining to their use of the website, so as to it not being necessary to setup the website with every visit.
Cookies may be:
Permanent: stored for a variable amount of time on the device’s internet browser and are used every time the user visits the website again. Usually, cookies are used to direct the browsing in accordance to the interests of the user, thus allowing ADOC to provide a more personalized service.
HOW TO MANAGE COOKIES?
Every internet browser allow the user to accept, decline or delete cookies, namely via selecting the appropriate settings on the internet browser used.
XII – PROCEDURAL AND TECHNICAL SECURITY MEASURES
ADOC employs the necessary technical and organizational measures to ensure that, by default, the only personal data from the Data Subjects that will be processed are those that are necessary for each specific processing purpose, and these measures are reviewed and updated by the competent department.
ADOC has also implemented technical, physical, organizational and security measures, following the best practices on data security, on the systems which support the services provided and where the Data Subjects’ personal data are stored, namely the usage of firewalls and intruder detection systems, the existence of restricted accesses – physical and logical – operation logging and corresponding survey and auditing, collecting and transmitting personal data via secure channels.
All personal data collected by ADOC are stored securely in its systems, which are located on a data center belonging to ADOC itself, which is secured with every physical and logical security measures indispensible to the protection of personal data.
Every time that is necessary to relay Data Subjects’ personal data to Third Parties, ADOC shall be responsible for those personal data and ensures that:
The sharing of personal data observes the applicable legal dispositions;
The transfer of personal data is executed securely, namely via the using of encryption protocols; and
All Third Parties are contractually obligated to observe confidentiality and secret duties and to ensure the security of any personal data that are communicated to them for that effect, and may not use those personal data for any other purposes, in their own benefit or that of others, or cross them with other data in their possession.
XIII – CONTACTS
For more information on how ADOC processes the personal data of their Data Subjects, or to obtain any further clarifications, file claims or leave comments on any topics pertaining to Privacy and Data Protection, all requests and communications must be sent to: ADOC@ADOC.PT.