Privacy Policy - Simoldes Czech

Personal Data Protection and Privacy Policy

1.Data Protection and Privacy Commitment

Simoldes Czech is committed to complying with all applicable EU and national legal standards in the field of data protection and information security.

Simoldes Czech has implemented a Personal Data Protection System and an Information Security System in order to ensure regulatory compliance and to demonstrate institutional responsibility in terms of data protection and information security, implementing all the necessary technical and organizational measures deemed appropriate, both to comply with the legal regime of the General Data Protection Regulation (EU Regulation 2016/679, of April 27, hereinafter referred to as GDPR), and to comply with the legal regime of the GDPR Enforcement Law (Law no. 58/2019, of August 8, hereinafter referred to as LERGPD), as well as other applicable complementary legislation.

For any clarification or additional information, or to exercise your rights in this area, please contact the Simoldes Czech Data Protection Officer by email at dataprotection@simoldes.com.

2.Definitions

«Personal data»

«Personal data» means information relating to an identified or identifiable natural person («data subject») – an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier. Personal identifiers are, for example, a name, an identification number, location data, electronic identifiers or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

«Processing of Personal Data»

«Processing» means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

«Cookies» (Connection Testimonials)

«Cookies» are small text files with information considered to be relevant that the devices used for access (computers, cell phones or portable mobile devices) load, through the internet browser (“browser”), when an online site is visited by a User.

3.Entity Responsible for Processing

Simoldes Plasticos Czech s.r.o., with Tax ID Number 03545695, hereinafter referred to as Simoldes Czech, is the entity responsible for the forms, online sites, systems or computerized applications, hereinafter referred to as channels or applications, through which Users or Service Recipients have remote access to Simoldes Czech services that are presented or provided, at any time, through them, and is the entity considered responsible for the processing of personal data.

The use of channels, systems or applications by any User, Service Recipient or User may involve the processing of personal data, the protection, privacy and security of which is ensured by Simoldes Czech, as the entity responsible for the respective processing, in accordance with the terms of this Data Protection and Privacy Policy.

4.Institutional Contacts of the Data Protection Officer

To contact the Simoldes Czech Data Protection Officer, please send an e-mail to dataprotection@simoldes.com or to each of the specific addresses identified in the forms, online sites or applications, describing the subject of the request and indicating an e-mail address, a telephone contact address or a correspondence address for reply.

For any other purpose, the following general contact details of Simoldes Czech Data Protection Officer may be used:

– Postal Address: Lipovka 162, 516 01 Rychnov nad Kněžnou, Česko (Czech);

– General e-mail address: mail@simoldes.com;

– General Telephone: +420 497 770 080;

– Website: www.simoldes.com.

5.Collection and Processing of Personal Data

Simoldes Czech processes the personal data strictly necessary for the provision of information and the operation of its channels, in accordance with the uses made of them by Users or Service Recipients, either those provided for the purposes of registering requests or obtaining information, or those provided for the purposes of joining those channels, or those resulting from the use of the services provided by Simoldes Czech through them, such as access, queries, instructions, requests or applications, transactions and other records relating to their use.

In particular, the use or activation of certain functionalities of the channels may involve the processing of various direct or indirect personal identifiers, such as name, home address, personal contacts, device addresses or geographical location, provided that there is express consent from the specific User, Service Recipient or User, provided that this is necessary for the management of the contractual relationship or the pursuit of legitimate interests or, finally, for the purposes of complying with legal obligations.

In all cases, User sor Service Recipients will always be informed of the need to access such data in order to use the functionalities of the channels in question, as well as the respective grounds for legitimacy for the processing of such data.

The personal data collected by Simoldes Czech is processed manually or, in certain cases, in an automated or computerized way, including the processing of files or the possible definition of profiles, within the scope of the management of the pre-contractual, contractual or post-contractual relationship with Users or Service Recipients, under the terms of the national and community regulations in force.

6.Categories of Personal Data Processed and Data Subjects

The categories or types of personal data processed are generally as follows:

– identification data;

– contact details;

– professional data;

– billing data;

– traffic and access control data.

In the various establishments of the Data Controller, biometric data may also be processed, processed through video surveillance systems or other biometric systems that are installed.

The categories or types of personal data subjects processed are generally Users or Service Recipients and may also include, in special processing situations, members of their households or visitors to the Controller’s premises.

The detailed list of categories of personal data and categories of data subjects can be found in the Data Processing Information Sheets for each of the specific processing activities.

7.Legal Principles

All data processing operations comply with the fundamental legal principles in the field of data protection and privacy, namely with regard to its circulation, lawfulness, loyalty, transparency, purpose, minimization, conservation, accuracy, integrity and confidentiality, and Simoldes Czech is available to demonstrate its responsibility to the data subject, to the authorities or to any other third party with a legitimate interest in this matter.

8.Grounds for Legitimacy

All data processing operations carried out by Simoldes Czech have a legitimate basis, namely, either because the data subject has given their consent to the processing of their personal data for one or more specific purposes, or because the processing is deemed necessary for the performance of a contract to which the data subject is a party or for pre-contractual steps at the request of the data subject, or because the processing is necessary for compliance with a legal obligation to which the controller is subject, or in the public interest, or because the processing is considered necessary for the pursuit of the legitimate interests pursued by Simoldes Czech or by third parties – the specific grounds being referred to in the specific data processing activities.

9.Purpose of Data Processing

All personal data processed through Simoldes Czech channels is used exclusively to provide information to Users, to manage the personal information of Service Recipients deemed necessary for relationship management or communication purposes, as well as to provide services to Users and, in general, to manage pre-contractual, contractual or post-contractual relationships with Users or Service Recipients.

The personal data collected may also be processed for statistical purposes, for information dissemination or promotional actions and for communication actions, namely to promote actions to disseminate new features or new services, through direct communication, whether by correspondence, e-mail, messages or telephone calls or any other electronic communications service.

While prior information and the collection of express authorization for the latter purposes are always ensured, Users or Service Recipients may, at any time, exercise their right to withdraw consent or their right to oppose or limit the use of their personal data for other purposes that go beyond the management of the relationship with the Data Controller, namely for the purposes of pursuing legitimate interests, for sending informative communications or for inclusion in lists or information services, by sending a written request to the Data Protection Officer of Simoldes Czech, in accordance with the procedures set out below.

10.Information Sheet on Data Processing on the Websites

In accordance with the principle of loyalty and transparency and to ensure compliance with the duty to provide information, Simoldes Czech delivers directly or makes publicly available to all data subjects, depending on how their personal data is collected, information sheets on the data processing activities carried out, which are accessible for consultation at any public service unit or by request to the Data Protection Officer.

With regard to electronic sites (“Websites”) and online services (“Online”), please consult the Information Sheet on Data Processing on Electronic Sites, accessible at https://www.dataprotectionofficer.help/simoldes/information.

11.Data Retention Periods

Personal data will only be stored for the period necessary for the purposes for which it was collected or subsequently processed, ensuring compliance with all applicable legal rules on archiving and specifying the specific storage period in each of the Data Processing Information Sheets.

12.Use of Cookies (Testimonials)

Regarding the use of Cookies or Testimonials by Simoldes Czech, please consult the Cookies Policy at https://www.dataprotectionofficer.help/simoldes/policies/.

13.Communication of Data to Other Entities

The provision of information or services by Simoldes Czech to its User sor Service Recipients through the channels may involve the use of third party subcontractors, Joint Controllers or other autonomous Controllers, including entities based outside the European Union, for the provision of certain services, and this may involve access to such personal data by these entities.

In these circumstances, and whenever necessary, Simoldes Czech will only use entities that provide sufficient guarantees that appropriate technical and organizational measures have been taken so that the processing meets the requirements of the applicable rules, such guarantees being formalized in a contract signed between Simoldes Czech and each of these third parties.

14.Data Recipients

Except in the context of compliance with legal obligations, execution of contracts or pursuit of legitimate interests, under no circumstances will personal data of Users or Service Recipients be communicated to third parties that are not subcontracted entities or legitimate recipients, and this will not be carried out, also, any other communication for purposes other than those referred to above, without obtaining the prior express consent of the data subject.

15.International Data Transfers

Any transfer of personal data to a third country or international organization will only be carried out within the framework of compliance with legal obligations or guaranteed compliance with applicable community and national legal standards in this matter.

16.Security Measures

Taking into account the most advanced techniques, application costs and the nature, scope, context and purposes of the processing, as well as the risks, of varying probability and severity, for Users or Service Recipients, Simoldes Czech and all entities that are its subcontractors apply appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

To this end, several security measures are adopted in order to protect personal data against dissemination, loss, misuse, alteration, unauthorized processing or access, as well as against any other form of illicit processing.

It is the sole responsibility of the Users or Service Recipients to keep the access codes secret, not sharing them with third parties, and, in the particular case of computer applications used to access the channels, they must maintain and maintain the access devices in security conditions and follow the security practices advised by manufacturers and/or operators, particularly regarding the installation and updating of the necessary security applications, namely, among others, antivirus applications.

If there is a need to subcontract services to third parties that may have access to the personal data of Users or Service Recipients, Simoldes Czech subcontractors will be obliged to adopt security measures and protocols at the level of the organization and the technical measures necessary to protect the confidentiality and security of personal data, as well as to prevent unauthorized access, loss or destruction of personal data.

17.Exercising the Rights of Personal Data Holders

Users or Service Recipients of Simoldes Czech may, as holders of personal data, at any time, exercise their data protection and privacy rights, namely the rights to withdraw consent, access, rectification, erasure, portability, limitation or opposition to processing, under the terms and with the limitations set out in the applicable regulations.

Any request to exercise data protection and privacy rights must be addressed, in writing, by the respective holder, to the Data Protection Officer, in accordance with the procedure and contact described below.

A Form for Exercising the Rights of Personal Data Holders is accessible at https://www.dataprotectionofficer.help/simoldes/forms or at any Simoldes Czech service point, and can also be sent by email, by requesting the Data Protection Officer, at dataprotection@simoldes.com.

18.Complaints or Suggestions

Users or Service Recipients have the right to lodge a complaint, either by registering the complaint in the Complaints Book, or by submitting a complaint to regulatory authorities – in the latter case, they may submit a petition or complaint directly to the National Commission of Data Protection through the contacts available at www.cnpd.pt.

Users or Recipients of Services may also make suggestions via email sent to the Data Protection Officer via email dataprotection@simoldes.com.

19.Reporting Incidents of Personal Data Breach

Simoldes Czech has implemented an incident management system within the scope of data protection and information security.

If any User or Service Recipient wishes to report the occurrence of any situation of breach of personal data, which causes, accidentally or unlawfully, the unauthorized destruction, loss, alteration, disclosure or access, personal data transmitted, stored or subject to any other type of processing, you can contact the Data Protection Officer of Simoldes Czech or use the general contact details of Simoldes Czech.

A Personal Data Breach Incident Reporting Form is accessible at https://www.dataprotectionofficer.help/simoldes/forms or at any Simoldes Czech service point, and can also be sent by email to the Data Protection Officer at dataprotection@simoldes.com.

20.Permanent Security Contact Point

Simoldes Czech has implemented a Permanent Contact Point for the purpose of managing information security and cyberspace security incidents.

If any User or Service Recipient wishes to report the occurrence of an information security incident or a cyberspace security incident, they may contact the Simoldes Czech Permanent Contact Point via the communication channels available at https://www.dataprotectionofficer.help/simoldes/security.

An Information Security or Cyberspace Security Incident Reporting Form is accessible at https://www.dataprotectionofficer.help/simoldes/forms or at any Simoldes Czech service point, and can also be requested to be sent by email, via request to the Permanent Contact Point.

21.Whistleblower Protection

Simoldes Czech has implemented a Reporting Channel, in accordance with current legal standards, guaranteeing the protection of data subjects’ personal data, in accordance with the Whistleblower Protection Policy accessible at https://whistleblowingofficer.com/simoldesczech/.

The Whistleblowing Team at Simoldes Czech can be contacted using the contact details available at https://whistleblowingofficer.com/simoldesczech/whistleblowing-officer.

The Simoldes Czech Reporting Platform is accessible via the link available at https://whistleblowingofficer.com/simoldesczech.

A Whistleblower Reporting Form is accessible at https://www.dataprotectionofficer.help/simoldes/whistleblowing or at any Simoldes Czech service point, and can also be requested to be sent by email, by submitting a request to the Whistleblowing Team.

22.Prevention of Corruption

Simoldes Czech has implemented a Regulatory Compliance Program within the scope of Corruption Prevention, in accordance with current legal standards, ensuring the protection of holders’ personal data, in accordance with the Corruption Prevention Policy available at https://www.dataprotectionofficer.help/simoldes/corruption.

For the purposes of submitting complaints within the scope of the corruption prevention regime, any interested party may use

– the Simoldes Czech Reporting Platform, accessible via the link available at https://www.dataprotectionofficer.help/simoldes/whistleblowing or

– the Whistleblower Reporting Form, accessible at https://www.dataprotectionofficer.help/simoldes/whistleblowing or at any Simoldes Czech service point.

23.Data Protection Policies and Special Information Sheets

With a commitment to transparency and information and to guarantee the adequacy of the Data Protection and Privacy Policy to the different data processing operations carried out and, above all, to the different categories of data holders, Simoldes Czech can develop Protection Policies of special data, such as, for example:

– the Data Protection and Privacy Policy in the Employment Context;

– the Data Protection and Privacy Policy in Application Management;

– the Data Protection and Privacy Policy for Supplier Employees or

– the “Cookies” Policy or Connection Testimonials.

These special policies are made available directly to the respective categories of holders or in the context of related processing activities and are available for consultation upon request to the Data Protection Officer, by email at dataprotection@simoldes.com.

The Data Protection Policies are also complemented with Information Sheets on Data Processing, reinforcing transparency and information on specific data processing activities at Simoldes Czech and these sheets are made available at the time of data collection, at any point of service or through contact with the Data Protection Officer.

24.Information Sheet on Data Processing in Relationships with Users

The Information Sheet on Data Processing in Relationships with Users or Service Recipients is accessible at https://www.dataprotectionofficer.help/simoldes/information.

25.Data Protection Officer

For any information, complaint, incident reporting or exercise of any type of data protection and privacy rights or for any matter relating to data protection and information security, Users or Service Recipients who interact with to Simoldes Czech, you can

– contact the Data Protection Officer directly via email at dataprotection@simoldes.com, describing the subject of the request and indicating an email address, a telephone contact address or a mailing address for a reply, or, if you prefer,

– contact any Simoldes Czech unit or service point, requesting communication with the Data Protection Officer.

26.Express Consent and Acceptance

The terms of the Data Protection and Privacy Policy are complementary to the terms and provisions, regarding personal data, set out in the Specific Conditions of Use of each of Simoldes Czech’s communication channels.

The free, specific and informed provision of personal data by the respective holder implies knowledge and acceptance of the conditions contained in this Policy, considering that, by using the channels or by making their personal data available, Users or Service Recipients are expressly authorizing their processing, in accordance with the rules defined in each of the applicable collection channels or instruments.

27.Change of Data Protection and Privacy Policy

In order to ensure its updating, development and continuous improvement, Simoldes Czech may, at any time, make changes, which are considered appropriate or necessary, to this Data Protection and Privacy Policy, ensuring its publication in the different channels to guarantee transparency and information to Users or Service Recipients.

28.Versions of the Data Protection and Privacy Policy

Version of this Policy: 202311.

Date: 20231102.

To consult the previous versions of the Data Protection and Privacy Policy, please send a request by email to dataprotection@simoldes.com.