What we call rubbish can be a RESOURCE. Rethinking waste is the first step towards a more sustainable future.
HOMEPAGE
PRIVACY NOTICE
Privacy Notice

SUMA and its subsidiaries are committed to ensuring the security of personal data.

As a result, SUMA has drawn up this Privacy Notice, in order to make known the terms by which it collects and processes personal data, in accordance with Regulation (EU) 2016/769 of the European Parliament and of the Council of 27 April 2016 (hereinafter GDPR), Law no. 58/2019 of 08 August, which ensures the implementation, in the national legal order, of Regulation (EU) 2016/679 of 27 April.

The processing of personal data described in this Notice concerns the personal data of citizens who interact with SUMA and the Group's companies (all those who interact with us in any way).

This document describes the conditions under which SUMA processes your personal data, hereinafter referred to as ‘Data Subjects’. SUMA respects the right to privacy of the Data Subjects and declares that it complies with the applicable legal and regulatory provisions on privacy and personal data protection, adopting the appropriate measures to guarantee the privacy and confidentiality of the personal data transmitted by the Data Subjects.

In order to clarify the processing of data, as well as its purpose and the rights of data subjects, it is advisable to periodically read this Privacy Notice.

 

Who is responsible for processing your personal data?

SUMA is the entity responsible for data processing, under the terms of the GDPR, and can be contacted via email at geral@suma.pt or by telephone on +351 217 997 700 (national landline) or by visiting our premises at Rua Mário Dionísio, nº2, 2799-557, Linda-a-Velha.

 

What personal data do we collect?

The personal data we collect depends on the context of your interactions with SUMA, within the scope of its commercial activity and in fulfilment of the duties assigned to it by law.

SUMA collects and processes personal data that is voluntarily provided by the data subject through the various contacts that are established, both in person and via the website, by telephone, by post or by email.

Any information provided by the data subject will only be used for the purpose described and in strict compliance with data protection legislation.

 

What purposes precede the collection of your personal data and what are the grounds for processing it?

SUMA ensures that the processing of your personal data is carried out within the scope of the purpose for which it was collected, or for purposes compatible with the initial purpose for which it was collected. In addition, we process your personal data for legally prescribed purposes.

 

Customer support services

SUMA uses customer Personal Data for customer support purposes, including to respond to customer enquiries. This usually requires the use of certain personal contact information and information about the reason for the customer's enquiry (e.g. requests for information, service requests, complaints about a product or service, general questions, suggestions, compliments, environmental communication programmes, etc.). In these situations the processing of your data is necessary for the performance of the contract to be entered into between you and SUMA, or for carrying out pre-contractual steps at your request. If you do not provide your data, we will not be able to provide you with the services requested or contracted. Your data will be kept for this purpose for the duration of the contract(s), plus 10 years after termination. Potential clients' data will be kept for 2 years. The personal data of clients may be processed by SUMA for the purpose of litigation management. The legal basis is the existence of a legitimate interest on the part of SUMA and the data will be kept for the period necessary to exercise the respective rights.

 

Marketing Communications

SUMA, with the customer's consent (where necessary), uses the customer's Personal Data to provide them with information about new goods, products or services (e.g.: marketing communications or campaigns and promotions). This may be done via e-mail, adverts, SMS, telephone calls and postal correspondence, to the extent permitted by applicable legislation. Some of SUMA's campaigns and promotions are conducted on third-party websites and/or social networks. This use of the customer's Personal Data is voluntary, which means that they can object or withdraw their consent whenever they wish. Your data will be kept for this purpose until you exercise your right to withdraw your consent.

 

Management of Complaints and Contacts Received

In your relationship with SUMA, you may send us suggestions or complaints regarding the services provided by SUMA. In these situations, your data will be collected in order to analyse and resolve the situation underlying your request/complaint, and will be processed on the basis of SUMA's legitimate interests.

 

Events

At events promoted by SUMA, the processing of your personal data is necessary to ensure the management of your enrolment and participation in the event, and images may also be collected on the basis of your consent. This use of your personal data is voluntary, which means that you can object or withdraw your consent whenever you wish. Your data will be kept for this purpose until you exercise your right to withdraw your consent.

 

Supplier Management

The processing of your data is necessary for the performance of the contract to be entered into between you and SUMA, or for carrying out pre-contractual steps at your request. If you do not provide your data, we will not be able to fulfil our contractual obligations. Your data will be kept for this purpose for the duration of the contracts plus 10 years after termination. Potential customers' data will be kept for 2 years. The personal data of suppliers may be processed by SUMA for the purpose of litigation management. The legal basis is the existence of a legitimate interest on the part of SUMA and the data will be kept for the period necessary to exercise the respective rights. The data of SUMA's suppliers, in particular employees, may be communicated to SUMA's clients in order to fulfil legal or contractual obligations.

 

Recruitment

SUMA, following an open recruitment vacancy or a spontaneous application, will process your data for the purposes of selecting and recruiting candidates, as necessary for carrying out pre-contractual procedures. The personal data collected will be kept for a maximum of 2 years in cases where your application has not been considered for any vacancy. On the basis of your consent, we will keep your data for a period of more than 2 years if you wish your data to be considered for a future vacancy suitable to your profile.

 

Video Surveillance System

SUMA has a video surveillance system on its premises to ensure the safety of people and property. It is in SUMA's legitimate interest to collect your image simply by entering our premises - however, no sound is collected. This data may be communicated to the criminal police or judicial authorities on request. The images collected will be kept for a maximum of 30 days from the moment they were taken (unless other legislation applies).

 

Recording of telephone calls

As a result of your telephone contact and within the scope of SUMA's activity, we may record your calls, subject to the provision of prior information and based on your consent, for the management of the pre-contractual and contractual relationship, as well as for the improvement of our services provided and also for the control of their quality, based on SUMA's Legitimate Interest. These call recordings will be kept for the period indicated in the CNPD resolutions that regulate this processing activity, namely Resolution no. 1039/2017.

 

 

 

 

How long do we keep your personal data?

The personal data collected and processed is stored, taking into account its purpose, in compliance with the applicable legal deadlines.

In cases where no legal time limit applies to the retention and storage of personal data, such data will only be stored and retained for the appropriate period and to the extent necessary, taking into account the purposes for which they were collected, unless at any time the holder of the personal data, within the legal limits, exercises their rights of opposition or erasure, or withdraws their consent.

Once the maximum retention period has been reached, the personal data will be irreversibly anonymised (the anonymised data may be retained) or securely destroyed.

For marketing and contact purposes, your personal data will be kept from the moment your consent is obtained and if you have not withdrawn your consent within this period.

 

What are the rights of personal data subjects?

Under the terms of the applicable legislation, you may exercise the following rights:

  • Right of Access: to obtain confirmation as to whether or not your personal data is being processed and, if so, to access it. In this case, SUMA reserves the right to demand payment of a reasonable fee, taking into account administrative costs;
  • Right to Rectification: obtain the rectification of inaccurate personal data concerning you and request that incomplete personal data be completed;
  • Right to Erasure: obtain the erasure of your personal data, except in cases where there are grounds that validate its retention;
  • Right to Restriction of Processing: obtain restriction of the processing of your personal data when it relates to certain categories of data or processing purposes;
  • Right of Portability: to receive the personal data you have provided us with in a structured, commonly used and machine-readable format, as well as to request the transmission of your personal data to another data controller;
  • Right to Object: to object, at any time, to certain processing of your personal data, for example, in the case of processing personal data for direct marketing purposes;
  • Right not to be Subject to Automated Individual Decisions, including Profiling: not to be subject to any decision taken solely on the basis of automated processing, including profiling, which produces effects in your legal sphere or significantly affects you in a similar way.

In order to exercise your rights, you should contact us using the contact details mentioned in the chapter below, ‘Contact details of the Data Controller’.

You are also guaranteed the right to withdraw your consent whenever you have given it, through the means indicated above. Withdrawal of consent does not, however, invalidate the processing carried out up to the date of withdrawal.

The holder of the personal data also has the right to lodge a complaint with the CNPD, or other competent supervisory authority, as well as to resort to any other judicial remedy, if they consider that their personal data is not being lawfully processed by SUMA, under the terms of current legislation and this notice.

 

 

Contacts for the Data Controller

SUMA is not obliged to appoint a Data Protection Officer (DPO) in view of the legislation in force, however, and in order to maintain a form of contact with the data subjects, you can use the following contacts to clarify any questions you may consider pertinent related to the processing of your personal data and the exercise of your rights: privacy@suma.pt

 

What security measures are in place?

SUMA and the other companies that make up the SUMA GROUP are committed to implementing the appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, accidental loss, alteration, dissemination or unauthorised access. An adequate level of security is considered to be applied in relation to the risks presented by the processing, given the nature of the data to be protected.

To this end, SUMA carries out all its activities using systems that aim to ensure the security of your personal data, by creating procedures that prevent unauthorised access, accidental loss and/or destruction of your personal data, committing itself to respecting and complying with the legislation on the protection of personal data.

 

Why do we share your personal data?

SUMA may share your personal data with third parties who will have access to it. Such third parties include public authorities, partners, service providers, among others. Within the scope of its activity, SUMA may use subcontractors, who will access and process your personal data in accordance with our instructions.

To this end, we ensure that such subcontractors offer sufficient guarantees for the execution of appropriate technical and organisational measures, so that the processing meets the requirements of the GDPR and other applicable legislation, as well as ensuring the defence of the rights of the holders of personal data.

SUMA may also share your personal data when such sharing is necessary or appropriate in the light of applicable legislation, for the fulfilment of legal obligations to which it is bound, to respond to requests from public authorities, in the event that the vital interests of the holder of the personal data or a third party are at stake, for the protection of SUMA's rights and property, or when you have given us your prior consent.

 

Under what circumstances do we transfer your personal data to third countries?

The activities carried out by SUMA may involve the transfer of your personal data to third countries - located outside the European Union or which do not belong to the European Economic Area - even if this occurs occasionally and always in connection with other services used by SUMA.

In such situations, all necessary and appropriate measures will be adopted to ensure the protection of your personal data.

One of these situations occurs in the context of SUMA's presence on social networks, with limited influence over the data processing carried out by the operators of these networks (e.g. membership management and general information management). In situations where we have no influence, we try to ensure, as far as possible, that the operators of the social networks act in accordance with the privacy and data protection requirements demanded by the GDPR. However, in many cases, we have no influence over this data processing carried out by the operators and have no clear knowledge of what data is being processed on certain occasions.

The operators of the social networks manage the entire IT infrastructure of the service, applying their own privacy and data protection rules and, in addition, maintaining their own relationships with the users (insofar as they are registered users of the social network). In addition, operators are fully responsible for all matters relating to user profile data to which SUMA does not have access.

For more information on the data processing carried out by the operator of the social networks, please consult their respective Privacy Policies:

 

How do we use cookies?

For more information about cookies and how SUMA uses them on its website, please refer to our Cookie Notice.

 

Changes to the Privacy Notice

All updates to the ‘Privacy Notice’ will be communicated by means of a notice on the website's homepage: https://www.suma.pt/pt/, so that such changes can be immediately understood. By continuing to use this website following a modification to the ‘Privacy Notice’ that has been communicated by this means, it will be assumed that the user has become aware of and accepts its terms.