PRIVACY POLICY

​

INFORMATION REGARDING PERSONAL DATA

The Gabinete Rosa Barreto – Contabilidade e Gestão Lda., Hereinafter referred to as GRB, in the scope of its commercial activity, may need to collect some personal data of users, however, respects the right to privacy and does not collect any personal information without prior consent or knowledge of the person.

This privacy policy applies to all data collected through the website www.rosabarreto.pt and regulates the collection and processing of personal data provided by users.

However, it does not control all risks related to the use of the Internet alerting right now for the existence of risks associated with its use and operation, and consequently the sharing of data by this means.

​

RESPONSIBLE FOR THE COLLECTION AND TREATMENT OF YOUR PERSONAL DATA

The Gabinete Rosa Barreto – Contabilidade e Gestão Lda., within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter RGPD), is the entity responsible for collecting and processing personal data information through the website www.rosabarreto.pt, for the purposes stated in this privacy policy.

 

Gabinete Rosa Barreto - Contabilidade e Gestão Lda, corporate entity number 503 365 238:

• Postal address | Rua São João de Deus, 1 - Bloco B, Loja 2, Quinta da Oliveira, 2500-885 Caldas da Rainha, Portugal.

• E-mail address | support@rosabarreto.pt

• Telephone contact | +351 262 830 280, available on working days, with service hours from Monday to Friday between 09.00 and 12.30 and between 14.00 and 17.30.

If you wish to exercise any of your rights as a holder, you may contact the GRB via  e-mail address mentioned above. We will analyze your question and we will respond within a maximum period of 30 days, as required by law.

​

WHAT IS PERSONAL DATA

Any information, regardless of its support, including sound and image, relating to an individual, directly or indirectly, identified or identifiable (data subject), is understood as such.

​

PERSONAL DATA COLLECTED AND PURPOSE OF TREATMENT

The data collected by GRB through its website may be: the name, e-mail address, telephone contact of the user and any other information that the user deems pertinent and necessary to provide.

We also collect cookies when browsing our site, see information about cookies.

The GRB will process your personal data only to respond to your request, be it a request for contact sent through the form or through the electronic address provided on our website, or sending a Curriculum Vitae to be considered in the process of recruitment.

​

PROCESSING AND ALTERATION OF PERSONAL DATA

By providing your personal data to GRB, you acknowledge and consent to the processing of your personal data in accordance with this Privacy Policy and the rules and principles contained in the respective terms and conditions of the services used.

To this extent and with respect to the processing of personal data, you should read this Privacy Policy.

We inform you that, whenever it appears necessary, we will amend this Privacy Policy without the need for any prior authorization.

​

WITH WHOM DO WE SHARED YOUR PERSONAL DATA

The personal data collected on this website is not shared with third parties.

 

RIGHTS OF PERSONAL DATA SUBJECTS 

Access rights    

The holder has the right to obtain from the controller the confirmation that the personal data concerning him or her are treated or not, as well as access to the personal data that the GRB possesses.

Right of rectification    

The holder has the right to obtain, without undue delay, from GRB the rectification of inaccurate data concerning him.

Right to erasure - "right to be forgotten"  

The data subject has the right to obtain from GRB the erasure of his / her personal data, without undue delay, when, among other reasons, the data is no longer necessary for the purpose for which it was collected or processed.

Right to limit treatment             

The data subject has the right to obtain from GRB the limitation of treatment.

Right of data portability 

The data subject has the right to receive the personal data concerning him/her and which was provided to a data controller and the right to transmit such data to another data controller where the data is based on a given consent or a contract and if the treatment is performed by automated means.

Right to oppose              

The holder shall be entitled to oppose the processing of data where, having regard to his/her particular situation or where the data is processed for the purpose of direct marketing, or where the data is used for historical or scientific research or for statistical purposes or when the treatment includes profile definition automatically.

Automated individual decisions, including profile definition  The data subject has the right not to be subjected to any decision taken solely on the basis of automated processing, including the definition of profiles, except where the decision is necessary for the conclusion or execution of a contract between the data subject and a controller, or authorized by the right to which the controller is subject and is based on the explicit consent of the data subject.

Right to complain          

We would like to inform that the holder has the right to submit a complaint to the national supervisory authority on how personal data is collected and processed:

• National Commission for Data Protection (CNPD), Rua de São Bento 148, 1200-031 Lisbon, Portugal.

​

EXERCISE OF RIGHTS OF THE PERSONAL DATA HOLDER

The exercise of any of the rights legally conferred, by the respective holder, must be done by means of a letter (or e-mail to apoio@rosabarreto.pt) signed by the owner and be accompanied by a photocopy of an identity document with the signature of the holder that exercises would be exercising their right. For this purpose, you should use the attached Document I as the text base.

The holder of the personal data should bear in mind that in certain cases (such as for legal reasons) your request may not be immediately met. In any case, it will be informed of the measures taken to that effect, within a maximum period of one month from the moment the request is made.

The holder of the personal data must consider that the GRB can process the data on behalf of the controller and thus assume a position as a subcontractor. In such cases, the owner of personal data will be informed that the request for the exercise of his rights should be made to the same controller.

The holder of the personal data may also withdraw his consent at any time. However, withdrawal of consent does not jeopardize the lawfulness of the treatment made on the basis of the prior consent given nor the subsequent processing of the same data, based on another legal basis, such as compliance with the contract or legal obligation.

 

THE PERIOD OF CONSERVATION OF PERSONAL DATA

We will process your data for as long as it takes to fulfill your request or request. In fact, the shelf life may vary according to the purpose for which the information was collected and the object of the treatment, after which the data will be deleted.

In the case of data collected following the recruitment process (curriculum vitae) are kept for 5 years, according to article 32 of the Labor Code. For resumes received outside of recruitment processes that do not authorize the conservation / archiving of the same will be kept only for 6 months and in cases where they authorize the conservation / archiving of the same will be kept for 12 months.

 

SECURITY AND CONFIDENTIALITY OF PERSONAL DATA

In fact, GRB is committed to implementing all necessary precautions to preserve the confidentiality and security of personal data collected and processed, preventing it from being distorted, damaged, destroyed, or unauthorized third parties have access to it.

Technical and organizational security measures have been developed and implemented, especially with regard to information systems, through the following acts:
- Anonymization of folders and files;
- Creation of specific files to fill in, if you would want to send certain information, so as to restrict it as much as possible and to actually send only what is strictly necessary;
- Cleaning and destruction of data files whose legal term of conservation have already been exceeded and / or whose information we do not need or is out of date;
- Adequate training for employees to apply good data protection practices;
- Use of access permission levels to categorize users;
- Limitation of access to physical and digital files;
- Implementation of the policy and principle "clean desk", i.e. not leave documents on the desk;
- Encryption of documents and folders in digital format;
- Use of programs / software for this specific purpose and encryption for the passwords, while limiting the access to certain users with features delimitation;
- Sending prints to the printer will be immediately collected or, if immediate collection is not possible, the prints are sent with a password and the printing is accompanied by the user;
- Work equipment, such as computers and mobile devices, are only accessed by a single user through the use of a secure password;
- Blocking the USB ports of computers, not allowing downloading of data;
- Blocking of the session on the computers whenever the user is absent from his workstation;
- Data storage is only allowed in network folders on the server, not in local folders on the computer;
- Reinforcement of server protection in terms of both hardware and software;
- Data backup made to external device and cloud located in mainland Portugal;
- Hiring partners / suppliers that comply with the RGPD standards.
 

ELECTRONIC COMMUNICATIONS NOT REQUIRED FOR DIRECT MARKETING PURPOSES

The user's contact information, in the form of a client, either a company or as an individual , may be used by GRB, if authorization is expressly given, in marketing actions. 

The user, in the form of a client, shall have the right to expressly oppose, by electronic mail, the sending of electronic communications for marketing, and may do so by sending written communication to the indicated email contact mentioned above, addressed to the person responsible for the processing of Personal Data.

​

INFORMATION REGARDING LINKS

On the website you may find links to other websites, made available only for the convenience of users, but GRB assumes no responsibility for them, and this Privacy Policy does not apply to them. Therefore, we advise you to read the Privacy Policy of the websites you visit.

​

INFORMATION REGARDING COOKIES

We use cookies on our website to facilitate your browsing through it.

​

What is a cookie?

A cookie is a small text file that a website sends to the browser on your device, containing information regarding your browsing that same website. Cookies are required to make browsing easier and more user-friendly, eliminating the need to repeatedly enter the same information.

​

Types of cookies

Session cookies (transient)

These cookies are deleted when you close the browser and do not collect information from your computer. They typically store information in the form of a session ID that does not personally identify the user.

Persistent cookies (permanent or stored)

These cookies are stored on the user's computer until they expire, or until you delete them. They are used to collect identifying information about the user, such as web browsing behavior or user preferences for a particular website.