Policy of privacy and personal data protection
Reflection of its vision and aligned with the goal of operating responsibly in the community in which it is inserted and in the relations with its clients, the protection of privacy and personal data and its transparent and straightforward handling comprise essential values for the entire SUMA Group.
For this reason, all companies integrating the SUMA Group handle personal data based on the following principles:
- Personal data handling is carried out in a legal, loyal and transparent manner;
- The respective collection is made only for duly determined, explicit and legitimate purposes, according with applicable legislation;
- Data collected are limited to the strictly necessary and for the time necessary for the purposes for which they are handled;
- Only workers, employees and Group partners whose jobs require so can access personal data;
- Personal data are handled confidentially.
According with legislation on data protection, personal data are any information concerning a natural person identified or identifiable (data holder). A natural person that can be identified, direct or indirectly, is considered identifiable, especially by reference to an identifier such as name, identification number, location data, electronic identifiers or one or more specific elements of the physical, physiologic, genetic, mental, economic, cultural or social identity of that natural person.
The responsible for handling personal data will be the SUMA Group company with which the data holders relate to.
The companies comprising the SUMA Group will only handle personal data if one of the conditions foreseen in the legislation on data protection occur, namely:
- If the data owner gave is consent for the handling of his/her personal data;
- If handling personal data is required to execute a contract of which the data holder is part of, or because of pre-contract proceedings following a data holder request;
- When its handling is required to comply a legal obligation to which the SUMA Group is subject to;
- If the handling is required to guarantee SUMA Group legitimate interests.
Personal data conservation period
In line with the principles mentioned above, the personal data handled by the SUMA Group are kept for the period of time strictly required for the purposes for which they have been gathered. The determination of these periods is made based on information retention criteria established and adjusted to each handling and respecting the Group’s legal and regulatory obligations.
Rights of personal data holder
The SUMA Group ensures that the data holder can exercise the rights granted to him/her by the legislation on data protection, namely:
- Right to access personal data (the personal data holder can obtain confirmation about if his/her personal data are handled and access information about them);
- Right to rectification (the personal data holder may request its rectification or completion);
- Right to erasure (the data holder may request to erase his/her personal data under certain situations (i) if personal data are no longer required for the purpose which motivated its collection or handling, (ii) if the holder withdraw his/her consent on which the data handling is based and when there is no other legal basis for it, (iii) if the holder opposes to its handling and there are no prevailing legitimate interests, (iv) if the personal data were illegally handled, (v) if the personal data have to be erased under a legal obligation or (vi) if personal data were collected in the context of services offer);
- Right to limit its handling (the holder of personal data is entitled to request the limitation of its handling when (i) its accuracy is contested and during a period of time that enables to verify its accuracy, (ii) consider that the handling is illegal, (iii) if the data are no longer required for handling purposes, but continue being necessary for purposes of declaration, exercise or defense of a right in a legal process or (iv) if the personal data holder opposes to the handling and there is no prevalent legal interest);
- Right to data portability (when the handling is based on consent or execution of a contract and Is carried out by automated means, the personal data holder may request the delivery, in a structured format, of current use and automatic reading, of personal data concerning him/her and that were provided, as well as request the personal data transmission to other officer, as long as technically possible);
- Right to object (at any moment the personal data holder is entitled to oppose to its handling when (i) the handling is based on the legitimate interest of the person responsible for the handling or (ii) the handling is carried out with purposes different of those for which the data have been gathered);
- Right of not being subject to individual decisions exclusively automated (under certain circumstances, the personal data holder is entitled to request the human intervention when decision are made based on solely automated handling);
- Right to withdraw consent (the data holder is entitled to withdraw the consent provided in order to handle personal data);
- Right of complaint before the National Data Protection Commission (on any subjects related with handling their personal data);
If you intend to exercise any of the rights referred or clarify issues related with privacy and personal data protection by the SUMA Group, you can do it by letter or e-mail to the contacts made available in the “contacts” section of this website.
The companies comprising the SUMA Group have at their disposal safety, technical and organization measures that guarantee the protection of personal data against personal data breach (“personal data breach”: security breach that causes, in an accidental or illicit manner, the destruction, loss, change, disclosure or access, not allowed, to personal data transmitted, kept or subject to any other type of handling) and against any other manner of illicit handling.
The commitment undertaken with personal data protection also implies that, whenever personal data are transmitted to other entities, they are obliged to adopt technical and organization measures that guarantee the same level of protection.
Communication of personal data to other entities
While performing their activity, the companies comprising the SUMA Group may have to inform or provide to other entities access to their personal data, always guaranteeing that they present technical and organization measures that properly protect the personal data.
Personal data can only be accessed or shared with the following entities:
- Companies belonging to the SUMA Group;
- Entities providing services to the Group, in terms of computer support, documental management, legal support, human resources;
- Clients of SUMA Group companies.
- Public Authorities (the Tax and Customs Authority for example).
If you wish, you can access detailed information on privacy and personal data handling, through the e-mail address firstname.lastname@example.org.