Data Privacy Policy

Introduction

INAPA Group (INAPA) is committed to protect privacy of its data subjects. We will be clear and transparent about the information we are collecting and its purpose.

This policy defines the following topics:

  • Adopted principles for personal data protection;
  • Personal data we collect and process;
  • Data collection processing purposes;
  • Your rights concerning your personal data;
  • How we maintain and protect your personal data;
  • How we comply with data protection rules.

personal data CONTROLLER

INAPA is responsible for customers’ personal data collecting and processing, according the terms and purposes stated in this document, complying with applicable legal obligations. Data may be directly processed by INAPA or outsourced entities for this purpose.

personal data protection principles

Our business require Personal Data processing. This may include personal data we collect through our services delivery, our customers commitments, marketing activities or some other related and support activities. Data can be received directly from a data subject, for example, in person, by mail, email, telephone or other sources.

All employees and partners should collect only personal data that is relevant and necessary to perform their duties.

INAPA is committed to adhere to the data protection principles established by RGPD, which are:

  • Lawful, fair and transparent processing – this means that we must have a legitimate basis for which we are dealing with personal data, for example a contractual relationship with the data subject, or necessary treatment to fulfil a legal obligation to which we are subject. This also means that we must inform data subject about data treatment in an accessible and easily understandable way;
  • Purpose – we should only collect personal data for specific, explicit and legitimate purposes and not treat data beyond the purpose for which it was collected;
  • Data minimization – personal data should be adequate, relevant and limited to what is necessary regarding the purposes for which it is processed
  • Accuracy – we have an obligation to ensure that personal data is accurate and to keep personal data up to date;.
  • Limitation of storage – we should not keep personal data for a longer period than necessary for the purpose for which it was collected, although we may retain certain data for historical and statistical purposes;
  • Integrity and confidentiality– ensure data security, including protection against unauthorized or unlawful processing and against their loss, destruction or accidental damage, adopting the technical and organizational measures;
  • Legal transfer to third countries or international organizations; we only transfer personal data to third countries or to an international organization where the EU Commission has confirmed that they provide an adequate level of protection or otherwise there are adequate safeguards in place;
  • Rights of data subjects; Data owners have several rights that we must answer, for example, the right of access to a copy of the data that we have.

What personal data we collect

Personal data refers to any information related with data subject that allow to identify him, such as the name, contact information, payment data and access information to our website by data subject.

We may collect personal data from the data subject when he register on our website, intends to send or requests information through available forms, as record of commercial communications or information request.

Specifically, the following categories of personal data will be collected:

  1. Name;
  2. Surname;
  3. Address(es);
  4. E-mail address;
  5. Fixed or mobile number.

data processing purposes, why and for how long.

Data is mandatory so that we can send our communications, products and services, and also the purpose of managing your possible online orders and their delivery, as well as the applicable guarantees.

Data automatically and anonymously collected through a set of informatics based means, are temporarily recorded in own files, and automatically deleted after a certain period.

Collection of these data has purely technical objectives, such as connection configuration, system security, network technical management and website optimization.

The data to which we refer are the following:

  1. IP address of the requesting processor;
  2. Access date and time;
  3. Communicated data volume;
  4. Browser and operating system software identification data;
  5. Geographical data;
  6. Source or origin from which you accessed our website.

Collection of this data is necessary to monitor and prevent unauthorized use or activities that may be illegal (e.g. to maintain and ensure security in case of IT systems attack).

Your personal data will only be processed in cases where there is a basis of lawfulness. The basis of lawfulness will depend on the reasons why the personal data were collected and the need of its use.

We present the bases of possible lawfulness for your personal data treatment:

  • Contract execution – processing is necessary for a contract execution in which data subject is a party or for pre-contractual procedures required by data subject;
  • Legal obligation – processing is necessary for comply with a legal obligation to which the controller is subject;
  • Defence of vital interests of the data subject – processing is necessary in order to protect the vital interests of the data subject or of another individual;
  • Exercise functions of public interest or authority – processing is necessary to carry out public interest functions or to exercise official authority of which controller is invested;
  • Legitimate business interests – processing is necessary for controller´s or third party legitimate interests, except if such interests are overridden by data subject interests or fundamental rights and freedoms which require personal data protection, in particular where the data subject is a child.
  • Consent of data subject – data subject has given his consent to the processing of his or her personal data for one or more specific purposes;

Only young people aged 16 or over are authorized to give their consent. In the case of children under age, the consent of parents or guardians of children is required.

No personal data will be kept for longer than is necessary to fulfil the purpose for which they were collected. To determine the appropriate retention period, the quantity, nature and sensitivity of the personal data and the purposes of treatment were considered.

The periods during which there is a need to retain personal data due to legal obligations or to respond to complaints were considered.

Personal data will be safely deleted after the defined retention period. It will be taken into consideration, over the time, actions to minimize personal data that are being processed, and evaluated the possibility of its anonymization so that they cannot be associated with the data subject, nor identify him, in which case it may be possible to use that information without being notified again.

personal data safety of the data subject

INAPA respects best practices regarding information and personal data security and protection and has adopted a demanding program of policies and rules to ensure the confidentiality, integrity and availability of the information which deals with and that it is under its responsibility. This program is known by all INAPA employees and partners. INAPA’s general information security policy of establishes a broad set of technical and organizational measures, structured in various security areas, including:

  • Logical security measures, such as the use of firewalls and intrusion detection systems, the existence of a policy for information access and logging;
  • Physical security measures, among which a strict access control to INAPA physical facilities by employees, partners and visitors, as well as a very limited and permanently monitored access to INAPA essential technological infrastructures;
  • Other measures such as mask, encryption, pseudonymization and anonymization of personal data, as well as a set of measures aimed comply with the principle of privacy from its conception and by default. Whenever INAPA companies use outsources or third parties, they will be responsible to comply with applicable legislation, for the personal data they have to communicate and will ensure that:
  • personal data sharing complies with current legal regulation;
  • transmission is made safely and that
  • outsourcers or third parties are contractually bounded to observe the confidentiality and secrecy duties and to ensure security of the personal data. Such data cannot be used for any other purpose, for its own benefit or that of a third party, nor to correlate it with other available data.

sharing personal data of the data subject

Personal data of the data subject can be shared with other companies within the INAPA.

Personal data from data subject may also be shared with the following third parties for the purposes described in this Privacy Policy:

  1. Government authorities, police forces and regulators;
  2. Service providers (E-mail, website, transporters, financial/insurance institutions, security and surveillance);
  3. Analysis tools for websites visits.

your data protection rights

By law, the data subject has the right to:

  • Request information about whether we hold data subject personal data and, if so, what data and why we hold them.
  • Request access to personal data, receiving a copy of the personal data we hold about you and verify that we are treating it in a legitimate way.
  • Request rectification of the personal data that we hold about you in order to complete, at any time missing or inaccurate data that we have about you.
  • Request deletion of your personal data at any time when a storage period is reached or the processing of data is no longer lawful. You will also have the right to ask us to delete or remove your personal data in cases where you have exercised your right to oppose treatment (see below).
  • Opposition to the processing of personal data in cases where we depend on a legitimate interest (or those of a third party) and there is a valid reason to object. You also have the right to object in cases where we are processing personal data for direct marketing purposes.
  • Opposition to automatic decision making, including profiling.
  • Request the limitation of data processing by requiring the suspension of processing of personal data.
  • Request the portability of personal data in a structured and electronic form for you or another entity.
  • Withdraw consent. In the limited circumstances in which you may have provided your consent to the collection, processing and transfer of your personal data for a particular reason, the data subject has the right to withdraw his or her consent for that particular treatment at any time.

If you wish to exercise any of these rights, please use our contacts below.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly excessive or unfounded. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to ask you for specific information to help us confirm your identity and to guarantee your right to access information (or to exercise any of the other rights). This is another appropriate security measure to ensure that personal information is not disclosed to anyone who does not have the right to receive it.

Cookies

What are cookies?

In order to provide a more personalized service, this site uses cookies to collect and store information. A cookie is a small data package that is stored on the device from which certain web pages are accessed.

This type of files cannot damage your equipment. Cookies allow a web page, among other things, to store and retrieve information about the use of the website, allowing us to improve its quality and offer you a greater experience of use.

By browsing our website the visitor accepts that we can put cookies on your device and access them when you visit the site in the future.

If you want to delete any cookies that are already on your computer, see help and support area in your Internet browser for instructions on how to locate the file or directory that stores cookies.

You can find more information about cookies, how to prevent them, and how to delete them at www.aboutcookies.org. Please note that if we delete our cookies or disable future cookies you may not be able to access certain areas or features of our site.

The website uses these types of cookies:


Technical cookies

These cookies allow you to browse the site and use features such as the shopping cart.


Web Analytics Cookies

 The website uses Google Analytics cookies in order to quantify the number of visitors. These cookies serve to analyse and measure the way users navigate the Internet. This information allows this website to continuously improve its services and the experience of using it and buying products and services by users. For more information, you can visit Google Analytics privacy page: http://www.google.com/analytics/learn/privacy.html

 

Customization Cookies

 When a user browses and / or purchases online, the website will remember your preferences (for example, username, language, or location). This makes the user experience in terms of browsing easier, simpler and personal.

Talk to us

The data subject may contact INAPA on all matters related to the processing of his data and the exercise of the rights conferred by the applicable legislation through: privacy@inapa.pt/ privacy@inapa.es/ privacy@inapa.fr/ privacy@papierunion.de/ privacy@inapa.be