Privacy Notice
Introduction
Privacy Notice aims to make known the general privacy rules and the terms of treatment of the data collected by us, in strict respect and compliance with the applicable legislation in this area, namely Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of individuals regarding the processing of personal data and the free movement of personal data, which entered into force in May 2018.
ORA takes the protection of your privacy very seriously.
1. Responsible for the processing of personal data
Privacy Notice of Oliveira Rego & Associados, SROC, (ORA), a company limited by guarantee incorporated in Portugal under tax number 501 794 662 whose registered office is at Avenida Praia da Vitória, nº 73, 2º Esq., 1050-183 Lisbon, Portugal.
ORA has the registration number at Order of Statutory Auditors: 46 and the registration number at the Portuguese Securities Market Commission: 20161391.
ORA takes the protection of your privacy very seriously. We will only use your personal information to work with our staff and assist them with their requirements as well as send out information to meet our legal responsibilities. We are strongly committed to protecting and guaranteeing the security of information and privacy of all the information received. ORA is the entity responsible for collecting and processing your personal data, for the purposes of this privacy notice. ORA undertakes to process your personal data in accordance with the legal legislation referred to in the introductory note and any other applicable under the GDPR. The email for any matters related to your personal data is info@oliveirarego.pt.
2. Collection and processing of personal data
This Privacy Notice applies to all personal information collected and archived by ORA (by any means, materialized or dematerialized).
Personal data, provided voluntarily and knowingly by its holder, and whose treatment is a contractual and/or legal obligation of ORA, are treated in a completely confidential manner by the Company’s employees or by any subcontractor, who will be duly authorized for that purpose.
Data may be collected directly, by phone or email, when you make a request for information or service or when you visit or use the contact forms available on our website.
The personal data we collect are: name, address, location, postal code, taxpayer number, email address, contact telephone or mobile phone, and other complementary information not classified as personal.
When browsing the website, whenever it is necessary to identify and collect personal data, the user will have to authorize its collection through authorization mechanisms that may vary depending on the case, but which will be clear in their purpose and intuitive as to their use.
3. Collection purposes and data categories
The collection of personal data by ORA aims to manage contractual relationships, the provision of contracted services, information actions in which the data subject is a party and for the fulfillment of the legal and legal obligations to which ORA is subject.
The personal data collected are intended to be used by ORA in accordance with the purposes disclosed above.
4. Communication of personal data
ORA will implement the necessary and appropriate measures to ensure the protection of personal data subject to communication, strictly complying with the legal provisions regarding the requirements applicable to such communications, namely by informing customers.
In cases where ORA communicates personal data to third parties, it will define clear rules for contractualizing the processing of personal data with its subcontractors and will require them to adopt all legal measures to protect their personal data.
The data may be provided to judicial or administrative authorities, provided that in compliance with legal obligations, if required by law or to prevent or punish the practice of crimes, as well as communicated to public and private bodies related to the activity of the ORA.
5. Preservation of the personal Data
The personal data are kept by ORA for as long as the existing relations between this Entity and the respective Holders remain in force, or for the legal period of storage, or until the purpose for which they were collected is maintained, in order to allow the identification of the holders until such relationships or obligations have been definitively ceased. The period during which the data are stored and preserved varies according to the purpose for which the information is used, being destroyed at the end of their legal retention period. There are, however, legal requirements that oblige us to keep data for a certain period, for example, those resulting from the audit evidence, within the scope of the specific legislation of Statutory Auditors. The personal data are kept by ORA for as long as the existing relations between this Entity and the respective Holders remain in force, or for the legal period of storage, or until the purpose for which they were collected is maintained, in order to allow the identification of the holders until such relationships or obligations have been definitively ceased. The period during which the data are stored and preserved varies according to the purpose for which the information is used, being destroyed at the end of their legal retention period. There are, however, legal requirements that oblige us to keep data for a certain period, for example, those resulting from the audit evidence, within the scope of the specific legislation of Statutory Auditors.
6. Security measures
ORA has implemented security measures and organizational policies and techniques to ensure the security of personal data. Among these measures are, namely, the execution of confidentiality agreements with our employees and third parties; policies to restrict and control access to personal data; destruction or anonymization of personal data that are no longer necessary for the purposes for which they were collected.
Since information security depends in part on the security of the computer or electronic device that is used, and on the security, it uses to protect usernames and passwords, ORA has taken appropriate measures to protect this information.
Personal data will be of limited access to persons who need to know them in the exercise of their functions, to the strictest extent necessary for the pursuit of the processing purposes.
Among the cases in which administrative and technical staff have access to data and other special categories of data are the processing of data for the purpose of invoicing and execution of the services that are provided or for the management of requests for information/others.
7. Information storage
The data will be stored electronically on a server maintained and controlled by us, following the security standards for enterprises. Our auditing software works in a cloud environment protected by the privacy policy of the company providing that service.
We have also established a maintenance contract for our computer systems, with a company specialized in information security, which includes a confidentiality agreement regarding the management and monitoring of the servers where your personal data are stored.
Security is always monitored in terms of infrastructure and data access. We use a variety of security measures, including encryption and authentication tools, to help protect and maintain the security, integrity and availability of personal data.
8. Data subject rights
ORA guarantees compliance with the right of access, rectification, erasure, limitation of treatment, data portability and opposition. That is, you have the right, whenever you want and free of charge, to ask us, via email: info@oliveirarego.pt to:
- access your data
- ask for the rectification of your data
- request the erasure of your data
- request the limitation of the processing of your data
- object to the processing of your data
- request the portability of your data to the entity indicated by you.
Note, that if there is a legally imposed rule or obligation that overrides these rights, ORA will deny the impossibility of executing the request, indicating the respective basis.
9. Obligations of entities involved in data processing
Each of the entities involved in the processing of data is obliged to comply with applicable legislation on data protection especially regarding the security and confidentiality of its treatment. Those responsible for the processing of personal data, as well as persons who, in the exercise of their functions, have knowledge of them are bound by professional secrecy, under the terms of the law.
Lisbon, July 4th, 2022