Personal Data Protection Policy
The Data Protection Officer (DPO) ensures compliance with the regulation and is involved in all matters related to the protection of personal data. Their identification and method of contact are indicated at the end of this document.
What is Personal Data?
Personal data is any information, of any nature and regardless of its respective medium, including sound and image, relating to any one identified or identifiable person.
An identifiable person is a person who can be identified, directly or indirectly, namely by reference to a name, identification number, location data, by means of electronic identifiers or to one or more elements specific to their physical, physiological, genetic, mental, economic, cultural or social identity.
What is the processing of Personal Data?
The processing of personal data consists of an operation or set of operations carried out on personal data or sets of personal data, using automated or non-automated means, namely collection, registration, organization, structuring, conservation, adaptation, recovery, consultation, use, disclosure, dissemination, comparison, interconnection, limitation, deletion or destruction.
Our data protection policy ensures that the data is: Subject to lawful, fair and transparent treatment in relation to the data subject («lawfulness, loyalty and transparency»); Collected for specific, explicit and legitimate purposes and cannot be further processed in a way incompatible with those purposes; Adequate, relevant and limited to what is necessary in relation to the purposes for which they are treated; Accurate and updated whenever necessary; all appropriate measures are taken so that inaccurate data, taking into account the purposes for which they are processed, are erased or rectified without delay; Kept in a way that allows data subjects to be identified only for the period necessary for the purposes for which they are processed; Treated in a way that guarantees your safety, including protection against its unauthorized or illicit treatment and against its accidental loss, destruction or damage, adopting the appropriate technical or organizational measures;
Purposes of Processing of Personal Data
Ensuring, whenever necessary, the prior consent of the holder of personal data, we will collect, among others, the following information: Name and Surname, Civil Identification Number; Tax Identification Number; Date of Birth, Email and Telephone. In general, the personal data collected is based on and is intended for the management of the contractual relationship, the provision of contracted services, the adaptation of services to the needs and interests of the Client/User, namely for the purpose of accessing specific features of the services, suggestions for content, information services in the vicinity as well as information and marketing actions. In addition, personal data may also be processed for the purpose of complying with legal obligations and for the purpose of investigating, detecting and prosecuting serious crimes.
Personal Data Retention Period
The period during which personal data is stored and preserved varies according to the purpose for which the information is processed. In fact, there are legal requirements that require data to be kept for a minimum period. Thus, and whenever there is no specific legal requirement, the data will be stored and preserved only for the minimum period necessary for the pursuit of the purposes that motivated its collection or its further processing, under the terms defined by law.
Age of Majority
Use of Personal Data
Reimatec will contact you to present the products and/or services it sells. The processing of such data is based on the consent given by the data subject. The access to personal data is strictly limited to the personnel responsible for processing personal data and subcontractors. Sharing personal data, Reimatec guarantees that it does not intend to transfer data to third countries to the General Data Protection Regulation and if it does, it will ask for your consent. Reimatec has entered into an Agreement with its subcontractors, under which they are obliged not to transfer data to third countries. In certain situations, both Reimatec and its Subcontractors may be notified to disclose personal information in response to requests by supervisory authorities to fulfill GDPR requirements.
Reimatec is committed to ensuring the protection of the security of the personal data made available to it, having approved and implemented strict rules in this matter. Compliance with these rules constitutes an obligation for all those who legally access them. Bearing in mind the concern and commitment shown by Reimatec in the defense of personal data, several security measures, of a technical and organizational nature, were adopted in order to protect the personal data made available to it against their dissemination, loss, misuse, unauthorized alteration, treatment or access, as well as against any other form of unlawful treatment. In addition, third parties that, within the scope of the provision of services, process the personal data of the Client/User in the name and on behalf of Reimatec, are obliged, in writing, to carry out appropriate technical and security measures that, in each meet the requirements of the legislation in force and ensure the protection of the rights of the data subject (namely, the protection of the privacy and personal data of Customers/Users).
Access and Rectification or Deletion of Personal Data
As the data owner, the Customer/User has the right to request access to data concerning him, to request to rectify and delete them. You can also limit the treatment given to data, as well as oppose it and still require data portability. You can do this, directly or upon written request, addressed to the respective Data Controller, through the contacts provided for this purpose in this document. You can also ask for clarification from the Data Protection Officer or file a complaint with the CNPD whenever you believe that your rights are being violated.
Right of Access
The holder of personal data has the right to obtain from Reimatec confirmation that the data concerning him is or is not subject to treatment and, if applicable, to access his personal data and access the information provided for by law.
Right of Rectification
The holder of personal data has the right to obtain from the Reimatec company without undue delay, the rectification of inaccurate or incomplete data concerning him.
Right to Erase Data (“Right to be Forgotten”)
The holder of personal data has the right to have Reimatec erase his data without undue delay, and Reimatec has the obligation to erase personal data without undue delay, when one of the following reasons applies, namely: a) Personal data are no longer necessary for the purpose that motivated their collection or treatment; b) The holder has withdrawn his consent for the processing of data (in cases where the processing is based on consent) and there is no other reason for said processing; c) The holder is opposed to the treatment and there are no prevailing legitimate interests that justify the treatment;
Right to Limitation of Treatment
The data subject has the right to obtain the limitation of processing from Reimatec, if, in particular, one of the following situations applies: a) To challenge the accuracy of personal data, for a period that allows Reiamtec to verify its accuracy; b) Data processing is lawful and the data subject opposes the deletion of personal data and requests, in return, to limit its use; c) When Reimatec no longer needs personal data for processing purposes, but these data are required by the holder for the purposes of declaring, exercising or defending a right in a judicial process; d) If you have opposed the processing, until it is verified that the legitimate reasons of the controller prevail over those of the data subject.
Right to Data Portability
If the processing depends on the consent of the data subject and that consent has been provided by automated means, the data subject has the right to receive the personal data concerning him and which he has provided to Reimatec in a structured format, in current use and automatic reading.
Right of Opposition
In cases where data processing is carried out for 1) the purpose of the legitimate interests pursued by Reimatec; or 2) data processing is carried out for direct marketing purposes; or 3) definition of profiles, you can also, at any time, oppose the treatment of your personal data.
Data controllers are permitted, after explicit consent, to send marketing emails to users of the site.
At any time the user can cancel the consent through the link, existing for that purpose, in each email sent.
Changes to this Policy
This policy may be updated from time to time, for example due to changes in the relevant legislation. If any material changes are made, customers will be notified by email or by notification on the website.