The Enlitia, S.A., hereinafter referred to as Enlitia, is aware of the implications and its responsibility to comply with the changes made regarding the protection of personal data, in particular with the execution of the General Data Protection Regulation, adopted by Regulation (EU) No. 2016/679 of 26 April 2016 – applicable as of 25 May 2018 – and Law No. 58/2019 of August 8.
Enlitia, thus, undertakes to ensure the protection of all personal data made available to it, assuming security measures – technical and organizational – adopted in order to protect personal data against any form of unlawful treatment.
Enlitia also makes a commitment to continuously improve the set of procedures and techniques implemented so far for the protection of personal data, counting on with all the suggestions that users of this website may shall make as well. These Privacy Terms and Conditions apply exclusively to the processing of personal data collected by Enlitia through its website or through commercial and promotional activities.
1. Data Collection and Processing
- Personal data is requested when the user requests a contact and/or newsletter submission.
- Personal data is collected exclusively for the following purposes:
- Response to a contact request;
- Commercial management;
- Improvement or customization of our services;
- Sending newsletters and other promotional actions. Customers can unsubscribe from the newsletter service by email by clicking on the newsletter link we send by email.
2. Personal Data Collected
- Depending on how you contact us (online, and/or in person), we collect various types of information about you, as described below:
- Personal contact information: this includes information that you provide to us and allows us to contact you, such as your name, email address, phone and mobile phone numbers.
- Website/communications usage information: When browsing and interacting with our websites or newsletters, we use automatic data collection technologies to collect certain information about your activity. This includes information such as the links you click, the pages or content you view, and for how long, as well as other similar information and statistics about your interactions, such as content response times, download errors, and duration of your visits to certain pages. This information is captured through automated technologies such as cookies (browser cookies, flash cookies), and is also collected through third-party tracking services (such as Double Click, Google Analytics, Adobe Dynamic Tag Management and/or Omniture). If you do not wish, you may oppose the use of such technologies.
3. Subcontracted Entities
- In the context of the processing of user data, Enlitia uses or may use third party entities, by itself subcontracted, to, on behalf of Enlitia and in accordance with the instructions given by Enlitia, process the user's data, in accordance with the law and the terms of this privacy policy.
- These subcontracted entities may not transmit your data to other entities without Enlitia having previously and in written given authorization for this and is prevented from hiring other entities without Enlitia's prior authorization.
- Enlitia is committed to subcontracting only entities that offer maximum security in the execution of appropriate technical and organizational measures in order to ensure the defense of the User's rights.
- All subcontracted entities are linked to Enlitia's privacy policy through a written contract in which the object and duration of the data’s treatment, the nature and purpose of the data’s treatment, the type of personal data, the categories of data subjects and the rights and obligations of the parties, are regulated.
- After the collection of personal data, Enlitia provides the User with information about the categories of subcontracted entities that, in the present case, may carry out data processing on its behalf.
4. General Principles Applicable to the Processing of User Data
- In terms of general principles relating to the processing of personal data, Enlitia undertakes to ensure that the User Data by itself processed are:
- Subject to treatment in accordance with the law, loyal and transparent in relation to the User;
- Collected for certain objectives and legitimate purposes and are not subsequently treated in a contrary way;
- Appropriate, justified and limited to what is necessary and for the purposes for which they are dealt with;
- Accurate and up-to-date when necessary, providing all necessary measures to make sure that inaccurate data, taking into account the purposes for which they are processed, are erased or corrected without delay;
- Retained in a way that allows the identification of the User only during the period necessary for the purposes for which the data is processed;
- Treated in a manner that ensures their safety, including protection against their unauthorized or illegal treatment and against their loss, destruction or unforeseen damage, by adopting appropriate technical or/and organizational measures.
- Data processing carried out by Enlitia is allowed and legal when at least one of the following situations occurs:
- You have given without any doubt your consent for the processing of your data for one or more specific purposes;
- Data processing is necessary for the implementation of a contract in which the User is a party, or for pre-contractual procedures at the request of the User;
- Data processing is necessary for compliance with a legal obligation to which Enlitia is subject;
- Data processing is necessary for the defense of fundamental interests of the User or another individual person;
- The processing is necessary for the purposes of the legal interests pursued by Enlitia or by third parties (unless the interests or fundamental rights and freedoms of the User are prevailing, thus requiring the protection of personal data).
- Enlitia undertakes to ensure that the processing of User Data is only done under the above conditions and with respect to the above principles.
- When the processing of User Data is carried out by Enlitia based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent, however, does not compromise the legality of the treatment carried out by Enlitia, based on the consent previously given by the User.
5. Conservation Period
- The period of time during which the data is stored and conserved varies according to the purpose for which the information is handled.
- In fact, there are legal requirements that require us to retain the data for a minimum period of time. Thus, and whenever there is no specific legal obligation, the data will be stored and retained only for the minimum period necessary for the purposes that motivated its collection or subsequent treatment and, in its culmination, they will be deleted.
6. Data Security
- Technical, Organizational and Safety Measures Implemented
To ensure the safety of User Data and maximum confidentiality, Enlitia treats the information you have provided to us in an absolutely confidential manner, in accordance with its internal security and confidentiality policies and procedures, which are updated periodically according to the needs, as well as with the terms and conditions legally provided for.
Depending on the nature, scope, context and purposes of data processing, as well as the risks arising from the compliance with the Rights and Freedoms of the User, Enlitia undertakes to apply, both at the time of setting the means of treatment as at the time of treatment itself, the necessary and appropriate technical and organizational measures to the protection of User Data and the compliance with legal impositions.
It also undertakes to ensure that, by default, only the data that are necessary for each specific purpose of the treatment are processed and that such data are not made available without human intervention to an unspecified number of persons.
Communication between your device and Enlitia's website is done through secure channels and communications that use the HTTPS protocol and the SSL security standard.
Nevertheless, in terms of general measures, Enlitia adopts the following:
- Regular audits to identify the competence of the technical and organizational measures implemented;
- Awareness and training of personnel involved in data processing operations;
- Pseudonymization and coding of personal data;
- Mechanisms capable of ensuring the permanent confidentiality, availability and resilience of information systems;
- Mechanisms that ensure a quick restoration of the information systems and access to personal data in the event of a physical or technical incident.
6.2. Sharing Personal Data
In the course of its activity, Enlitia may use third parties to provide certain services.
Sometimes the delivery of these services implies the access by these entities to our Customers' personal data, whereby Enlitia shall be responsible for the personal data it makes available.
When this happens, appropriate measures are taken to ensure that the entities with access to the data are trustable and offer the highest guarantees security wise, which will be duly enshrined and safeguarded in a contract to be signed between the two parts.
Thus, any entity subcontracted shall have the obligation to take the necessary technical and organizational measures in order to protect personal data against accidental or unlawful destruction, accidental loss, alteration, dissemination or unauthorized access and against any other form of unlawful treatment.
7. User Rights (Data Subjects)
- Information provided to the User (when the data is collected directly from the User):
- Enlitia's identity and contacts, as responsible for the treatment;
- The purposes of the processing for which personal data are intended, as well as, when applicable, the legal reasons for processing;
- If data processing is based on Enlitia's legitimate interests;
- If applicable, the recipients or categories of recipients of personal data;
- Period of retention of personal data;
- The right to request Enlitia for permission to personal data, as well as its correction, deletion or limitation, the right to oppose the processing and the right to access the data;
- If the data processing is based on the user's consent, the right to withdraw it at any time, without compromising the legality of the processing carried out on the basis of the consent previously given;
- The right to lodge a complaint with the CNPD (National Commission for Data Protection) or another supervisory authority;
- Indication whether the communication of personal data constitutes a legal or contractual obligation, or a necessary requirement to enter into a contract, as well as whether the data subject is obliged to provide personal data and the consequences of not providing such data;
When applicable, the existence of automatic decisions, including profiling, and information relating to the basic concept, as well as the importance and consequences of such processing for the data subject.
In the event that user data is not collected directly by Enlitia with the User, in addition to the information referred to above, the User is also informed about the categories of personal data subject to processing and, as well, about the origin of the data and, if they are from publicly accessible sources.
7.2. Procedures and Measures implemented in order to comply with the right to information
The information referred to in 7.1. is provided in written (including by electronic means) by Enlitia to the User prior to the processing of personal data concerned. Under applicable law, Enlitia is not obliged to provide the User with the information mentioned in 7.1 when (and to the extent that) you are already aware of it.
Upon request, Enlitia will provide the User, free of charge, with a copy of the User's Data that is in the process. The provision of other copies requested by the User may incur administrative costs.
7.3. Right of Access to Personal Data
Enlitia guarantees the means that allow the User to consult his Personal Data. You have the right to obtain from Enlitia the confirmation that the personal data concerning you is or is not subject to processing and, when appropriate, the right to access your personal data and the following information:
- The purposes of data processing;
- The categories of personal data in question;
- The recipients or recipients’ categories to whom personal data have been or will be disclosed, in particular, recipients established in third countries or belonging to international organizations;
- The retention period of personal data;
- Right to request Enlitia to correct, delete or limit the processing of personal data, or the right to prevent such processing;
- Right to lodge a complaint with the CNPD (National Data Protection Commission) or another supervisory authority;
- If the data has not been collected from you, the information available about the origin of that data;
- The existence of automated decisions, including profiling, and information relating to the underlying logic, as well as the importance and consequences of such processing for the data subject;
- Right to be informed of the appropriate guarantees associated with the transfer of data to third countries or international organizations.
- Upon request, Enlitia will provide the User, free of charge, with a copy of the User's Data that is in the process. The provision of other copies requested by the User may incur administrative costs.
7.4. Right of Rectification of Personal Data
You have the right to request, at any time, a rectification of your Personal Data and, as well, the right to have your incomplete personal data completed, including by means of an additional statement.
In the event of rectification of the data, Enlitia shall communicate to each recipient to whom the data has been transmitted its rectification, unless such communication is deemed impossible or involves a disproportionate effort for Enlitia.
7.5. Right of Destruction of Personal Data (“Right to Be Forgotten”)
You have the right to obtain, by Enlitia, the deletion of your data when one of the following reasons is applied:
- User Data are no longer necessary for the purpose that motivated its collection or treatment;
- The User withdraws consent on which the processing of the data is based and there is no other legal basis for such processing;
- The User opposes treatment under the right of opposition and there are no prevailing legitimate interests justifying the treatment;
- If your Data is treated illegally;
- If your Data must be deleted to comply with a legal obligation to which Enlitia is subject;
- Under applicable legal terms, Enlitia is not obliged to delete User Data to the extent that the processing proves necessary to comply with a legal obligation to which Enlitia is subject or for the purpose of the declaration, exercise or defense of Enlitia's right in court proceedings.
- In the event of the destruction of the data, Enlitia shall communicate to each recipient/entity to whom the data has been transmitted, unless such communication proves impossible or involves a disproportionate effort for Enlitia.
- If Enlitia has made public user data and is obliged to delete it under the right of such deletion, Enlitia undertakes to ensure reasonable, including technical, measures, taking into account the technology available and the costs of its application, to inform those responsible for the effective processing of personal data that the User requested them to erase the links to such personal data, as well as copies or reproductions thereof.
7.6. Right of Limitation of the Processing of Personal Data
The User has the right to obtain, by Enlitia, the limitation of the processing of user data, if one of the following situations is applied (the limitation is to insert a mark into the personal data stored in order to limit its processing in the future):
- If you dispute the accuracy of personal data for a period allowing Enlitia to verify its accuracy;
- If the processing is unlawful and the User opposes the deletion of the data, requesting, on the other hand, the limitation of its use;
- If Enlitia no longer needs User Data for processing purposes, but such data is required by the User for the purpose of declaring, exercising or defending a right in a judicial process;
- If the User has opposed the treatment, until it is found that Enlitia's legitimate reasons prevail over those of the User.
- When User’s Data is restricted, they may only, with the exception of conservation, be treated with the user's consent or for the purpose of declaring, exercising or defending a right in a judicial process, defending the rights of another natural or legal person, or for reasons of legally provided public interest.
- The User who has obtained the limitation of the processing of his/her data in the above cases will be informed by Enlitia before the limitation to treatment is voided.
- In the event of limitation of data processing, Enlitia shall communicate each recipient to whom the data has been transmitted to its limitation, unless this communication proves impossible or involves a disproportionate effort for Enlitia.
7.7. Right of Portability of Personal Data
You have the right to receive the personal data concerning you and who has provided Enlitia in a structured, current and automatic reading format, and the right to transmit such data to another data processer if:
- Treatment is based on consent or a contract to which the User is a party;
- Treatment is carried out by automated means.
- The right of portability does not include inferred data or data derived, i.e., personal data that is generated by Enlitia as a consequence or result of the analysis of the data subject to processing.
- You have the right to have your personal data transmitted directly among those responsible for the processing, when technically possible.
7.8. Right of Objection of Processing
You have the right to object at any time, for reasons relating to your particular situation, to the processing of personal data concerning you founded on the exercise of legitimate interests pursued by Enlitia or when the processing is carried out for purposes other than those for which personal data has been collected, including profiling, or when personal data is processed for statistical purposes.
Enlitia will terminate the processing of user data, unless it presents urgent and legitimate reasons for such processing that prevail over the interests, rights and freedoms of the User, or for the purpose of the declaration, exercise or defense of a Enlitia's right in court proceedings.
When Your Data is processed for the purposes of direct marketing, you have the right to oppose at any time the processing of the data concerning you for the purposes of such marketing, which covers profiling, to the extent that it is related to direct marketing. If you object to the processing of your data for the purposes of direct marketing, Enlitia terminates the processing of the data for that purpose.
You also have the right to not to be subject to any decision taken solely on the basis of automated processing, including profiling, which takes effect on your legal sphere or which affects you significantly in a similar manner, unless if the decision:
- It is necessary for the conclusion or execution of a contract between you and Enlitia;
- It is authorized by legislation to which Enlitia is subject or
- It is based on your explicit consent.
- Please note that you have the right to lodge any complaint with the supervisory authority – National Data Protection Commission (CNPD) through the following contacts: Tel. +351213928400, Fax. +351213976832; email: geral@cnpd.pt.
8. Link to Partner’s Sites
Enlitia can contain links to third-party/partner sites. The sites referred to are not under Enlitia's control and are, therefore, not responsible for the content of any of these sites. Users of Enlitia's website are recommended to consult pages that, within these sites, refer to their privacy policies.
9. Cookies
When you visit our website, a small text file (Cookie) is created and recorded in your computer's disk, and as a result, when browsing the website, you are accepting the installation of this text file on your device. This file will allow you greater ease and speed in accessing the Site, as well as your customization according to your preferences.
If you want to delete them or automatically block them, in your browser's "Help" menu you'll find how to make these settings. However, if you do not allow the use of cookies there may be some features of the Site that you will not be able to use.
By browsing our Site, you are allowing the collection and storage of small text files called cookies, which contain information and that are downloaded to the Users' computer or other devices through a server. These text files will permit a more personalized and efficient browsing experience. On each visit to the Site, your internet browser sends these cookies back to the Site, allowing recognition and memorization of users' identity, as well as their usage preferences.
9.1. What are Cookies?
"Cookies" are small software files that are stored on your device through the browser, retaining your browsing status information, and recording your browsing activity as well. They may also be used to recall information relating to the User that was previously entered on the website.
9.2. What type of Cookies are used?
9.2.1. Cookies necessary to:
- Allow navigation on the website;
- Take advantage of its features, namely access safe areas and exclusive access content for registered Users.
9.2.2. Functional Cookies to:
- Record information about our Users' options;
- Make it possible to customize our Site to their needs, in particular, to memorize the language of origin.
9.2.3. Performance Cookies to:
- Monitor how Users individually access our Site and how regularly.
- We also, directly or indirectly, use analytical services to measure the effectiveness of our content and user preferences, which allow us to contribute to the optimization of the operation of this Site.
9.2.4. Browser Controls:
The vast majority of browsers allow Users to view cookies hosted as well as delete or block them.
Whenever cookies are deleted, some purposes of the Site may be affected.
If you want to learn more about how Cookies operate, you can consult the AboutCookies.org or Cookiecentral.com.
9.2.5. Cookies Safety:
Since Cookies can be intercepted or changed, the following security actions are taken:
- The sensitive information such as passwords or personal data such as the customer's address or phone number is not stored;
- No unsafe requests (HTTP) are sent when cookies are sent to the browser in plain text and may be intercepted.
10. Personal Data Violations
In the event of a data breach and to the extent that such breach is likely to entail a high risk to the rights and freedoms of the User, Enlitia undertakes to report the breach of personal data to the User concerned within 72 hours after the incident.
In legal terms, communication to the User is not required in the following cases:
- If Enlitia has applied appropriate protective measures, both technical and organizational, and such measures have been applied to the personal data affected by the personal data breach, especially measures that make personal data incomprehensible to any person not authorized to access such data, such as encryption;
- If Enlitia has taken subsequent measures to ensure that the high risk to the rights and freedoms of the User is no longer likely to materialize; or if communication to the User involves a disproportionate effort for Enlitia. In this case, Enlitia will make a public communication or take a similar measure through which the User will be informed.
11. Final Notes
11.1. Changes in the Privacy Policy
Enlitia reserves the right to change this Privacy Policy at all times. In case of modification of the Privacy Policy, the date of the last change, available at the top of this page, is also updated. If the change is substantial, a warning will be placed on the Site.
11.2. Applicable Law
The Privacy Policy, as well as the collection, processing or transmission of User Data, is governed by Regulation No. (EU) 2016/679, the European Parliament and the Council of 27 April 2016 and Law No. 58/2019 of 8 August, as well as by other applicable legislation and regulations in Portugal.
Any disputes arising from the validity, interpretation or enforcement of the Privacy Policy, or relating to the collection, processing or transmission of User Data, must be submitted exclusively to the jurisdiction of the Porto district courts, without prejudice to the applicable mandatory legal rules.
11.3. Changes in the Terms and Conditions Policy
Enlitia reserves the right to change this Privacy Policy at all times. In case of modification of the Privacy Policy, the date of the last change, available at the top of this page, is also updated. If the change is substantial, a warning will be placed on the Site.