JORPAL – COMÉRCIO E INDÚSTRIA TÊXTIL, LDA.
I – General Considerations
Jorpal recognizes the importance of protecting the personal data of its customers and suppliers to the holder of personal data using digital platforms and services, whatever their nature.
For that reason, we have developed a set of security measures aimed at protecting the data of our customers, suppliers and everyone who visits our website.
The protection both applies to automated and manual treatment, as long as the data is organized according to previously established criteria. Our customers are obliged to communicate any change to the data hereby authorized.
II – Who we are
Jorpal is a trading company that manufactures workwear, especially in the hairdressing, beauty and health market, areas that allows to expand the know-how, which assures an advice that is adequate to the reality.
III – Notion of personal data
Personal data is the information relating to an identified or identifiable person. It is considered to be identifiable the person that can be directly or indirectly identified.
Are also considered personal data the collection of distinct information which may lead to the identification of a particular person.
Examples of personal data:
• First and last name;
• E-mail address;
• Number of an identification card;
• Location data (for example, the location data function in a mobile phone or motor vehicle);
• IP address (Internet Protocol);
• The phone's advertising identifier;
• Sound or picture;
• Number of a bank account.
IV – Holder of personal data and responsible for data processing
The holder of personal data is the natural person to whom the data relates and who used Jorpal’s services or has interacted with Jorpal in anyway.
Jorpal is guided by the principle of data minimization, which is why we only collect the data strictly necessary for the purposes for which they are intended.
V – Purposes of data processing and legal bases
Personal data is:
Collected in the costumer/user registry by browsing Jorpal’s website: name, taxpayer number, e-mail address, phone number, tax address;
Collected in person, by going to Jorpal’s address or by a sales representative: name, taxpayer number, e-mail address, phone number, tax address.
In any of these situations there could be acquired other forms of data besides the ones expressed above, with the clear consent of the holder of the information.
Jorpal will handle all personal data, manual or digitally, for the following purposes:
Employees: data processing to execution of a labor contract.
Customers, suppliers and outsourcers/partners: production, management and orders delivery. The acquired data processing is needed to the conclusion and execution of purchase and sale agreement, it’s intended to inform about the condition of the orders and communicate with customers and suppliers, to process information requests and possible complaints.
Supplying the solicited information in the ambit of customer registration is mandatory, since without it it isn’t possible to continue with the purposed mentioned above.
VI – Consent
Your consent has to be clearly express – written, verbally or through the validation of and option – and prior, provided in a free, informed, specific and unambiguous way.
Situations when consent is not necessary:
When the personal data processing is needed to the execution and management of a contract concluded with Jorpal;
When the personal data processing is needed to accomplish a legal obligation to which Jorpal is subjected, namely the communication of identification data to police, judicial, fiscal or regulatory entities; or location data to assure emergency services.
The processing of personal data by Jorpal can be justified by motives of lawful interest related with the execution of tasks connected with its activity while company, such as, the processing of personal data to the improvement of service’s quality, the detection of fraud and protection of income and when Jorpal’s motives, for its use, have to prevail over your rights of data protection.
VII – Which kind of information is collected and when is it collected
The user registration in Jorpal’s website serves to, as holder of personal data, access to subscription services for newsletters, comments and other functionalities available.
There might be acquired data about the user and/or about their use of the website, mobile applications and services (“data of use”). Data of use might include IP address, geographical location of the user, kind and version of browser, operative system, reference source, visit duration, page views and navigation path on the website, besides information about time, frequency and service use pattern. The source of data is our statistical analyses system. That use data might be processed for use analysis on the website, mobile applications and services. The legal bases for this processing lies on our lawful interest, namely, monitoring and improving our website, mobile application and services.
Service data might be processed with the purpose of operating the website and mobile applications, provide services, assure the website’s safety, mobile applications, keep backups on data base and communicate with users. The legal base for this processing results, equally, of legitimate interests, meaning, the proper administration of the website, mobile applications and activity.
Jorpal also reserves the right to process information the user publishes on the website and mobile applications or through our services (“publication data”). Publication data might be processed with the purpose of allowing said publication and manage the website, mobile application and services. The legal bases for this processing also result in legitimate interests, meaning, the proper website, mobile applications and activity management.
Information provided by the user to receive notifications via e-mail and/or newsletters (“notification data”) might be processed with the purpose of sending relevant notifications and/or newsletters. The legal bases for this processing is the user’s consent as holder of personal data.
Information contained or related with any communication with the holder of data subjects (“correspondence data”). In that case, correspondence data might include de content of communication and metadata associated with the communication. Correspondence data might be processed with the purpose of communicating with the user and managing registration.
Jorpal also reserves the right to process any personal data of the user, whenever it’s needed, to purposes judicial or extrajudicial.
In addition to the above-mentioned purposes, Jorpal also reserves the right to process the user’s personal data, whenever certain process reveals itself necessary for the fulfillment of a legal obligation, if it ever reveals itself to be necessary.
VIII – Rights of the holder of personal data
The holder of the personal data has rights of information, access and correction or deletion of personal data and the portability right, the right to limit or oppose to the data processing of their data, under the terms of GDPR and other legislation applicable.
The exercise of rights is free, unless it is a manifestly unfounded, excessive or unjustifiably reiterated request. In these circumstances, a reasonable fee may be charged considering the costs of said request and its consequences.
As long as Jorpal has or processed any personal data, all holders can, at any give moment, exercise the following rights:
Access right – right to ask a copy of their information
Correction right – right to correct the data they consider unprecise or incomplete
Forgetting right – right to, in certain occasions, ask to completely erase all data about themselves from all registers
Processing constraint right – when certain conditions apply, have the right so restraint the processing
Portability right – right to have all their data transferred to other organization
Objecting right – right to object certain kinds of processing, such as direct marketing
Right to object to automatized processing, including the profile
Right to legal support – in the case of the company refusing to follow your request according to access rights, the motive will be explained. As user, has the right to complain as described below.
The holder can withdraw, at any given moment, the consent that as given to the processing of their personal data, according to the GPDR.
Without prejudice to the provisions of the previous paragraph, the withdraw of the consent won’t affect the legality of the processing of personal data that had earlier been done, based on the consent previously provided.
The rights above mentioned can be exercised through the e-mail address firstname.lastname@example.org or by a registered letter to: JORPAL – COMÉRCIO E INDÚSTRIA TÊXTIL, LDA., Rua da Constituição nº 2295, 4250-172 Porto (Portugal).
The reply to the request shall be made without undue delay, within one month of the receipt of the request, unless it is a particularly complex request or occurs under exceptional circumstances.
This period may be extended by up to two months when needed, considering the complexity of the request and the number of requests received.
In the context of a request, the data holder may be asked to prove their identity in order to ensure that personal data is shared only with the data holder.
Personal data holders have also the right to complain about the processing of their data to CNPD – control authority: Comissão Nacional de Proteção de Dados (National Commission of Data Protection) – Rua de São Bento nº 148, 3º, 1200-821 Lisboa (Portugal), Tel: 351 913 928 400, Fax: 351 219 376 832, e-mail: email@example.com.
The transmission of personal data by people under 18 years old must have the prior consent of the respective legal representative who can exercise the rights indicated in previous paragraph.
IX – Information updates
In order to have personal data updated, the data holder must ask Jorpal to correct or update it whenever needed.
X – Transmission of personal data
Personal data may be transmitted to subcontractors for name and on behalf of Jorpal. In this case, Jorpal will handle the contractual measures to ensure that subcontractors respect and protect the holder’s personal data.
The data may also be transmitted to third parties – entities other than Jorpal or subcontractors – such as companies in the group, companies with whom Jorpal has partnerships, in case the holder has consented – or entities to whom the data has to be communicated by the force of law, such as the tax authority, criminal police agencies, among others.
XI – Conservation period
Jorpal undertakes to keep the collected personal data only for as long as is necessary for the purpose for which they were collected.
After the respective conservation period, Jorpal will eliminate or anonymize the data provided whenever they are not to be kept for a purpose other than that which may last.
XII – Subcontracted service providers
The processing of personal data may be carried out by a service provider, hired by Jorpal, in particular for accounting purposes or technical assistance.
Said servicer provider will exclusively treat the data for purposes established by Jorpal and in compliance with the instructions issued by them, ensuring that it strictly complies with the legal rules on personal data protection, information security and other applicable standards.
XIII – International data transfers
Jorpal will process the user data within the European Economic Area (EEA) territory and therefore does not provide for any international transfer of data.
Should Jorpal occasionally transfer its personal data to a country outside the EU and that isn’t a part of the list of countries the EU has already gathered certain levels of adequate personal data protection, Jorpal will ensure that data transfers are carried out in strict compliance with the applicable legal standards.
XIV – Jorpal’s website
All website users who wish to register, must declare and guarantee by completing the respective fields that:
b) They expressly acknowledge that any electronic site is vulnerable to intrusive and unauthorized third parties; that the information circulating on the internet is not protected against any viruses and that any person is likely to create a link with access to the website and/or elements contained therein, accepting to run the inherent risks;
c) They accept the risks inherent to their activity as internet users, in particular the risk of possible transfer of open data.
The registration has a space reserved for the express manifestation of the will of the users not to receive advertising information. Failure to complete such space will be considered as consent to the sending, by Jorpal, advertising or promotional communications by electronic mail or other equivalent means of communication, in accordance with the provisions of Law no. 14/2004 of August 18, currently in with the wording give to it by Law no. 46/2012 of August 29.
The data in the customer record that is marked with an asterisk (“*”), shall be required to fulfill the established purpose.
Jorpal assures all users of its website technical and organizational appropriate and needed techniques to protect their personal data and avoid its loss, its improper use or modification.
The data that is sent through the browser to Jorpal’s server or the other way around, are protected with encryption technology.
XV – Personal data protection measures
Jorpal applies different technical and organizational proper measures to protect users’ personal data, including the use of safe servers, firewalls and encryption of application data and communications.
Jorpal will make every effort to assure and maintain all technical means at its disposal to prevent loss, misuse, alteration, unauthorized access and misappropriation of personal data provided by users, without prejudice to the fallibility of internet security measures.
Jorpal cannot be held accountable for damages suffered by users and caused by or not by third parties, through illegitimate access to data transmitted by those users through the website.
Jorpal cannot be held accountable for any complaints, losses or damage, including, with no limitation, direct, indirect, special, punitive, incidental or consequential damages, related to digital fraud, liabilities or any other infraction or circumstance on which the information is accessed or shared without express consent.
For the users’ privacy, it isn’t recommended to not include personal information, namely the sensitive kind, and/or confidential on e-mails, unless it is expressly asked by Jorpal.
XVI – Cookies use (website option)
Without prejudice to the information and data collected through the website, Jorpal might also collect anonymous information, such as type of internet browser used, operative systems and date and time of access to the website, using control technologies (cookies) to gather that information.
If the user wishes to, it is possible to deactivate the cookies through the browser’s settings.
RESPONSIBLE FOR PERSONAL DATA PROCESSING
1 – Identification elements of the responsible for personal data processing:
Name: JORPAL – COMÉRCIO E INDÚSTRIA TÊXTIL, LDA.
Telephone: 00351 226 000 382
E-mail address: firstname.lastname@example.org
2 – How is processed personal data:
Jorpal will process personal data, manually and/or automatized, for the following purposes:
- Employees: execution of labor contract
- Customers, suppliers and outsourcers/partners: order management
The collected data is needed to make and execute buying and selling contracts, they are meant for processing information of requests, communication with customers, processing of requests of information and possible complaints.
3 – Share / access:
For the personal data processing, has authorized access:
Personal data of employees (salary processing, legal communications to Social Security and Tribute Authority, and also the execution of insurance for labor accidents, medical treatments and safety in the work place): Responsible for the Human Resources department
Personal data of customers, suppliers and outsourcers (legal communications to Tribute Authority): Responsible for the Commercial department Responsible for the Human Resources department.