Privacy Policy

A. GENERAL PART

A.1. COLLECTION AND PROCESSING OF USER DATA

In the context of providing the website hosted at https://www.Premetal.PT/ (“Site”) and the services and communications available there, Premetal, under the tax identification number 500398488, headquartered at Quinta das Oliveiras, 7005-209 Évora, may request that the User provide personal data, that is, information provided by the User that allows Premetal to identify and/or contact the User (“Personal Data”). Personal Data is typically requested when the User:

  • registers on the Site;
  • requests contact from Premetal through the form available on the Site;

The Personal Data collected and processed consists of information relating to the name, email address and other personal information provided by the User.

When collecting Personal Data directly, Premetal provides the User with detailed information about the nature of the data collected, the purpose and processing to be carried out with regard to the Personal Data, and also the information mentioned in clause 7, through consultation of the Privacy Policy available on the Site. Premetal also collects and processes information about its hardware and software, as well as information about the pages visited by the User within the Site. This information may include: the User’s browser type, domain name, access times, and hyperlinks through which the User accessed the Site (“Usability Information”). We use this information only to improve the quality of your visit to our Site. Usability Information and Personal Data are referred to in this Privacy Policy as “User Data”.

A.2. SUBCONTRACTED ENTITIES

In the context of processing User Data, Premetal uses or may use third-party entities, subcontracted by it, to, on behalf of Premetal, and in accordance with the instructions given by it, process User Data, in strict compliance with the law and this Privacy Policy. These subcontracted entities may not transmit User Data to other entities without Premetal’s prior written authorization and are also prohibited from contracting other entities without prior authorization from Premetal. Premetal undertakes to subcontract only entities that present sufficient guarantees of implementation of appropriate technical and organizational measures to ensure the defense of the User’s rights. All entities subcontracted by Premetal are bound to it through a written contract which regulates, in particular, the object and duration of the processing, the nature and purpose of the processing, the type of Personal Data, the categories of data subjects, and the rights and obligations of the parties.

A.3. CHANNELS OF DATA COLLECTION TO PREMETAL

Premetal may collect data directly (i.e., directly from the User) or indirectly (i.e., through partner or third-party entities). Collection can be done through the following channels: Direct collection: in-person, by phone, by email, and through the Site; Indirect collection: through partners or official entities.

B. GENERAL PRINCIPLES APPLICABLE TO USER DATA PROCESSING

In terms of general principles related to the processing of Personal Data, Premetal undertakes to ensure that the User’s data processed by it are:

  • Subject to lawful, fair, and transparent processing in relation to the User;
  • Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  • Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;
  • Accurate and kept up to date, with all appropriate measures taken to erase or rectify inaccurate data without delay, considering the purposes for which they are processed;
  • Retained only for as long as necessary for the purposes for which the data are processed, and identified in a way that enables the User to be identified during that period;
  • Processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
  • Premetal’s data processing activities are lawful when at least one of the following conditions is met:
  • The User has given explicit consent to the processing of User Data for one or more specific purposes;
  • Processing is necessary for the performance of a contract to which the User is a party or in order to take steps at the request of the User prior to entering into a contract;
  • Processing is necessary for compliance with a legal obligation to which Premetal is subject;
  • Processing is necessary to protect the vital interests of the User or of another natural person;
  • Processing is necessary for the purposes of the legitimate interests pursued by Premetal or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the User which require protection of Personal Data.

B.1. USE AND PURPOSES OF USER DATA PROCESSING

In general terms, Premetal uses User Data for the following purposes:

  • To market Premetal’s products and provide services;
  • To inform the User of new products and services, through any means of communication, as it is a legitimate interest of Premetal to do so, without prejudice to the right of the data subject to oppose this treatment at any time;
  • To allow access to restricted areas of the Site, in accordance with previously established terms;
  • To ensure that the Site meets the needs of the User, through the development and publication of content that is as adapted as possible to requests and the type of User, the improvement of the Site’s search capabilities and functionalities, and the obtaining of aggregate or statistical information regarding the typical User profile;
  • Provision of Services, and other services, such as newsletters, opinion surveys, or other information or products requested or consented to by the User.

Additionally, Premetal may contact representatives of business customers for the purpose of presenting Premetal products and services, which is a legitimate interest of Premetal to do so, without prejudice to the right of the data subject to oppose this treatment at any time. User Data collected by Premetal is not shared with third parties without the User’s consent, except in the situations referred to in the following paragraph. However, in the event that the User contracts services from Premetal that are provided by other entities responsible for the processing of personal data, the User’s Data may be consulted or accessed by those entities, to the extent necessary for the provision of said services. In accordance with applicable law, Premetal may transmit or communicate User Data to other entities if such transmission or communication is necessary for the performance of the contract established between the User and Premetal, or for pre-contractual measures requested by the User, if necessary for compliance with a legal obligation to which Premetal is subject, or if necessary for the pursuit of the legitimate interests of Premetal or a third party.

B.2. TECHNICAL, ORGANIZATIONAL AND SECURITY MEASURES IMPLEMENTED

To ensure the security of User Data and maximum confidentiality, Premetal treats the information provided to us as absolutely confidential, in accordance with its internal security and confidentiality policies and procedures, which are updated periodically as needed, as well as in accordance with the legally established terms and conditions. Depending on the nature, scope, context, and purposes of the data processing, as well as the risks arising from the processing for the User’s rights and freedoms, Premetal undertakes to apply, both at the time of defining the means of processing and at the time of the processing itself, the necessary and appropriate technical and organizational measures to protect User Data and comply with legal requirements. It also undertakes to ensure that, by default, only the data necessary for each specific purpose of the processing are processed and that this data is not made available without human intervention to an indefinite number of people. In terms of general measures, Premetal adopts the following:

  • Regular audits to assess the effectiveness of the technical and organizational measures implemented;
  • Awareness-raising and training of personnel involved in data processing operations;
  • Pseudonymization and encryption of Personal Data;
  • Mechanisms capable of ensuring the permanent confidentiality, availability, and resilience of information systems;
  • Mechanisms that ensure the restoration of information systems and access to Personal Data in a timely manner in the event of a physical or technical incident.

B.3. TRANSFERÊNCIAS INTERNACIONAIS

Em determinados tipos de tratamento, os dados pessoais recolhidos pela Premetal poderão ser disponibilizados a terceiros, podendo envolver a sua transferência para fora do Espaço Económico Europeu. Em tal caso, a Premetal compromete-se a assegurar que a transferência observa as disposições legais aplicáveis, nomeadamente quanto à determinação da adequabilidade de tal país no que respeita a proteção de dados e aos requisitos aplicáveis a tais transferências.

B.4. UTILIZAÇÃO DE COOKIES

Os cookies são pequenos ficheiros de informação que são enviados para o seu computador ou telemóvel quando visita um website. Os cookies são enviados de volta ao site de origem em cada visita subsequente ou para outro site que reconheça esse cookie. Os cookies são úteis porque permitem que um site reconheça o dispositivo do utilizador, permitindo-lhe navegar eficientemente pelas páginas, recordando também as suas preferências e melhorando em geral a experiência do utilizador. Alguns dos cookies emitidos pelo servidor terão apenas a duração da sessão e expirarão quando encerrar o browser. Outros cookies são usados para recordar quando um utilizador regressa a um site e têm um período de duração maior. A maioria dos browsers aceitam cookies automaticamente. Pode modificar a configuração do seu browser para não aceitar ou para ser notificado cada vez que se cria um cookie. Pode obter mais informação sobre cookies, incluindo como ver os cookies que foram criados no seu dispositivo e como geri-los ou eliminá-los usando diferentes tipos de browsers, em www.allaboutcookies.org. A capacidade de ativar, desativar ou eliminar cookies também se pode efetuar no seu browser. Para isso, siga as instruções no seu browser (geralmente localizadas nas opções “Ajuda”, “Ferramentas” ou “Editar”). Desativar um cookie ou uma categoria de cookies não apaga o cookie do seu browser, para tal necessita efetuar o apagamento manualmente. Ao bloquear ou eliminar cookies é possível que não consiga disfrutar ao máximo das funcionalidades do website.

C. USER RIGHTS (DATA SUBJECTS)

C.1. PROCEDURES FOR THE EXERCISE OF USER RIGHTS

The right of access, the right of rectification, the right to erasure, the right to restriction of processing, the right to data portability, and the right to object may be exercised by the User by contacting Premetal via email at geral@premetal.pt. Premetal will respond in writing (including by electronic means) to the User’s request within one month of receiving the request, except in cases of particular complexity, where this period may be extended by two months. If the requests made by the User are manifestly unfounded or excessive, particularly because of their repetitive nature, Premetal reserves the right to charge administrative costs or refuse to follow up on the request.

C.2. PERSONAL DATA BREACHES

In the event of a data breach and to the extent that such breach is likely to result in a high risk to the rights and freedoms of the User, Premetal undertakes to notify the data subject concerned of the personal data breach within 72 hours of becoming aware of the incident. Under the law, notification to the User is not required in the following cases:

  • If Premetal has applied adequate protection measures, both technical and organizational, and those measures have been applied to the Personal Data affected by the personal data breach, especially measures that render the Personal Data unintelligible to any person not authorized to access that data, such as encryption;
  • If Premetal has taken subsequent measures that ensure that the high risk to the rights and freedoms of the User is no longer likely to materialize; or
  • If notification to the User would involve a disproportionate effort for Premetal. In that case, Premetal will make a public communication or take a similar measure through which the User will be informed.

D. FINAL PART

D.1. CHANGES TO THE PRIVACY POLICY

Premetal reserves the right to change this Privacy Policy at any time. If the change is substantial, a notice will be posted on the Website.

D.2. APPLICABLE LAW AND JURISDICTION

The Privacy Policy, as well as the collection, processing or transmission of User Data, are governed by the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and the applicable laws and regulations in Portugal. Any disputes arising from the validity, interpretation or performance of the Privacy Policy, or related to the collection, processing or transmission of User Data, shall be submitted exclusively to the jurisdiction of the judicial courts of the district of Redondo, without prejudice to the applicable mandatory legal provisions.

CONTACT INFORMATION OF THE DATA CONTROLLER

Address:
Quinta das Oliveiras, 7005-209 ÉVORA
Portugal
Telephone: +351 266 760 090
(Call rate to Portugal landline)
Email: geral@premetal.pt