a) Your privacy and the protection of your personal data are very important to CoLAB BIOREF;
b) This is a mission we take very seriously because we know we have a legal duty to protect the personal data we process, whether it belongs to users of our website, our employees, service providers, suppliers, and customers;
c) This duty is, therefore, a daily priority in the exercise of our activity, and we comply with and enforce the terms of the General Data Protection Regulation, of 27 April 2016, concerning the protection of natural persons regarding the processing of personal data and the free movement of such data (GDPR), rectified on 23 May 2018 (Official Journal of the EU L 127/2) and corrected on 12 October 2020 (Council of the European Union) and, also, Law 58/2019, of 8 August, which implements the GDPR in the Portuguese legal system;
d) If you have any questions, comments, or suggestions regarding our Privacy Policy, please contact us using the contact details provided below.
2. WHO IS RESPONSIBLE FOR PROCESSING YOUR DATA?
Associação para as Biorrefinarias (hereinafter CoLAB BIOREF) with taxpayer number 515 316 881, headquartered at Rua Amieira Apartado 1089, 4466-901 S. Mamede Infesta, is responsible for processing your personal data.
3. GENERAL PRINCIPLES OF OUR PRIVACY POLICY
a) Within the scope of your relationship with us, namely when you access our website, provide us with your personal data, or interact with us in ways that allow us to collect it, such as through the forms we provide, we would like to highlight that you are accepting this Privacy Policy, with your personal information being processed according to the rules and principles informed here, including future changes that may be made.
b) This policy is based on the foundational principles that we share with you below, which are guiding and essential for us:
i) The security of processing your data is a constant priority for us, which we review periodically according to technological innovation and in which we invest regularly;
ii) We understand that personal data does not belong to us but to its owners, and it is our duty to process it according to the legal norms in force, respecting and ensuring the respect of your rights, for which we have implemented the necessary technical and organizational measures.
iii) We promote and internally disseminate good practices in Privacy, Data Protection, and Information Security, which we regularly review because we understand that we are in a process of continuous improvement, within which we know it is always possible to do more and better.
4. CONCEPTS AND INFORMATION FOR DATA SUBJECTS
a) For the purposes of this policy, we follow the definitions set out in Article 4 of the General Data Protection Regulation, particularly the ones listed below without excluding compliance with other definitions provided there:
i) Personal Data - personal data is any information relating to an identified or identifiable natural person, where an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;
ii) Processing - any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction;
iii) Consent - the data subject’s consent is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
iv) Controller - the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
v) Processor - a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
5. WHAT CATEGORIES AND PERSONAL DATA DO WE COLLECT ON OUR WEBSITE?
a) For the provision of our services, we collect various categories of personal data, namely, identification data, data relating to academic qualifications, and browsing data.
b) We collect only the data that is strictly necessary, in strict compliance with the principle of data minimization, namely:
i) name;
ii) email address;
iii) phone contact;
iv) Nationality;
v) IP addresses, operating system, access device, language, and information collected by cookies;
vi) personal data such as qualifications, certifications, positions held, employer data, all resulting from Curriculum vitae if submitted by you.
6. HOW AND WHEN DO WE COLLECT AND PROCESS YOUR PERSONAL DATA ON OUR WEBSITE?
a) Your personal data may be collected:
i) When you subscribe to the CoLAB BIOREF newsletter, by email or through our website;
ii) When you fill out the fields of the "Contact Us" form available on our website;
iii) When you request registration or participate in one of the events organized by CoLAB BIOREF;
iv) When you submit an application to collaborate with CoLAB BIOREF, by email or through the form available on our website.
b) The personal data we collect is processed electronically and stored in databases, strictly complying with European and national legislation in force regarding Privacy, Data Protection, and security of processing.
c) We will only process your personal data according to a specific and legitimate purpose(s) determined at the time of collection, not subsequently processing that data in a manner incompatible with those purposes, except for public interest archiving, scientific or historical research, or statistical purposes. In these cases, under the GDPR, the incompatibility mentioned above does not apply.
d) If we collect and process special categories of personal data ("sensitive data"), this processing will only be carried out according to the exceptions provided for in Article 9, paragraph 2 of the GDPR and,
e) If this data referred to above is collected from the data subject and the processing is based on their consent, we will inform them of the right to withdraw that consent.
f) Please note that under the legal provisions of the GDPR, if you withdraw your consent, it does not affect the lawfulness of the processing based on consent before its withdrawal.
7. FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA?
a) We process your personal data for the following purposes:
i) Management and execution of the contractual relationship;
ii) Recruitment, when the user/data subject applies through spontaneous applications or within recruitment processes we initiate, under which we may receive applications from recruitment agencies;
iii) Sending information of interest and communications within the scope of our activity;
iv) Clarifications regarding information requests you make to us;
v) Response to manage and respond to your requests or complaints;
vi) Compliance with legal obligations to which we are subject;
vii) For the purpose of exercising or defending rights within the scope of a judicial process, regardless of its nature;
viii) To monitor the security of our website, optimize your visit, navigability, and personalization;
ix) Organization and management of events organized by us or jointly with other entities.
8. ON WHAT LEGAL GROUNDS DO WE PROCESS YOUR PERSONAL DATA?
a) We only process your personal data in strict compliance with the principle of lawfulness.
b) Depending on the circumstances, we process your personal data based on one or more of the following grounds of lawfulness:
i) Your consent (e.g., for recruitment purposes and for sending communications within the scope of our activity, subject to your explicit consent);
ii) Execution of a contract or pre-contractual measures (e.g., within the scope of establishing a contractual relationship, we need to process your data for its formalization and execution);
iii) Compliance with legal obligations;
iv) Legitimate interest.
9. TO WHOM MAY WE TRANSMIT YOUR PERSONAL DATA?
a) We may transmit your personal data to:
i) Public authorities and other entities to whom we are legally required to transmit data (e.g., in compliance with tax obligations);
ii) To entities with whom we maintain partnerships (e.g., in the context of events);
iii) To service providers, in compliance with contractual conditions, in the context of the provision of services for which we hire these entities.
b) Whenever we use entities that process personal data on our behalf, we take the necessary steps to ensure that these entities offer sufficient guarantees regarding the implementation of appropriate technical and organizational measures so that the processing meets the requirements of applicable law and ensures the protection of the rights of data subjects.
10. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
a) We retain your personal data for the period strictly necessary to fulfill the purpose(s) for which it was collected.
b) This retention period may vary depending on the purpose of processing:
i) For the duration of your contractual relationship with us and, after its termination, for the period necessary to comply with legal obligations;
ii) For the duration necessary to manage and process your application in the context of recruitment processes;
iii) For the period necessary to manage your requests and complaints, communications, or information requests;
iv) Until the withdrawal of your consent, in cases where the processing is based on it.
11. WHAT ARE YOUR RIGHTS?
a) Under the GDPR, you have the right to:
i) Request access to your personal data;
ii) Request rectification of your personal data;
iii) Request erasure of your personal data;
iv) Request restriction of processing of your personal data;
v) Request data portability;
vi) Object to processing;
vii) Lodge a complaint with the supervisory authority.
b) To exercise your rights, you can contact us using the contact details provided below.
12. HOW DO WE ENSURE THE SECURITY OF YOUR DATA?
a) We implement technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
b) These measures are regularly reviewed and updated according to technological developments and best practices.
13. HOW CAN YOU CONTACT US?
If you have any questions about our Privacy Policy or wish to exercise your rights, you can contact us at:
i) Email: [Insert email address]
ii) Address: Rua Amieira Apartado 1089, 4466-901 S. Mamede Infesta
14. CHANGES TO THE PRIVACY POLICY
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on our website. We recommend reviewing this Privacy Policy periodically to stay informed about how we are protecting your data.
15. USE OF COOKIES
To learn more about cookies and how we use them on our website, please refer to our Cookie Policy.
16. CONTACTS
a) If you have any questions or concerns about how we collect and process personal data, you can contact us, and we will respond within the applicable legal deadlines:
b) To protect your privacy, if necessary, we will take the necessary measures to verify your identity by requesting additional information limited to what is strictly necessary for identification purposes.
c) If you wish to exercise your rights, and without prejudice to any applicable limitations, please use the provided contacts and we will immediately send you our "Data Subject Rights Exercise Form," which you should return to the email or address indicated above.
d) All responses will comply with legally stipulated deadlines.
17. REVIEW OF OUR PRIVACY POLICY
We reserve the right to change the content of our Privacy Policy without prior notice, without prejudice to informing and publishing the changes on our website, making these changes an integral part of the Privacy Policy.