Gonçalo Neves Silva Arquitectos Associados Lda., hereinafter referred to as “GSAA,” is committed to respecting your personal data and privacy. This Data Protection and Privacy Policy aims to clearly and concisely outline how GSAA processes your personal data and ensures your privacy in the course of its activities, including the following:
DATA CONTROLLER FOR YOUR PERSONAL DATA
The data controller or data controllers for your personal data is GSAA, determining, among other things:
The personal data that must be processed in the context of providing services and/or supplying products.
The purposes for which your personal data are processed.
The means to be applied for processing your personal data.
PRINCIPLES APPLICABLE TO THE PROTECTION OF YOUR PERSONAL DATA
In the context of the relationship established with you, the processing of your personal data is carried out by GSAA in accordance with the general principles set out in the General Data Protection Regulation (“GDPR”), including:
Ensuring that your personal data will be processed lawfully, fairly, and transparently (“Principle of lawfulness, fairness, and transparency”).
Collecting your personal data for specific, explicit, and legitimate purposes and not processing them subsequently in a manner incompatible with those purposes (“Principle of purpose limitation”).
Ensuring that only relevant and necessary personal data are processed for the purposes for which they are processed (“Principle of data minimization”).
Adopting appropriate measures to ensure that inaccurate personal data, taking into account the purposes for which they are processed, are erased or rectified without delay (“Principle of accuracy”).
Retaining personal data in a way that allows identification only for the period necessary for the purposes for which they are processed (“Principle of storage limitation”).
Ensuring that your personal data are processed in a manner that ensures their security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, by implementing appropriate technical or organizational measures (“Principle of integrity and confidentiality”).
Additionally, even though not expressly stated in the GDPR, GSAA processes your data by applying technical and organizational measures to ensure Data Protection by Design and by Default, so that your personal data are processed in accordance with best practices from the moment of collection to destruction.
PERSONAL DATA, PROCESSING OF PERSONAL DATA, AND DATA SUBJECT
Personal data are all information and/or elements that, regardless of their medium, can directly or indirectly identify you to GSAA, particularly by reference to an identifier, such as a name, identification number, your location data, and/or identifiers by electronic means or one or more specific aspects of your physical, physiological, genetic, mental, economic, cultural, or social identity.
Processing of personal data means the operation or set of operations performed on personal data of data subjects, whether by automated or non-automated means, from data collection to their destruction. This cycle includes, among other things, registration, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or any other form of making available, comparison or interconnection, limitation, erasure. The concept of processing personal data is broad and applies to all operations or set of operations carried out by GSAA in relation to your personal data.
In the context of GSAA’s activities, data subjects include, but are not limited to, clients and former clients, potential clients, investors, job applicants, employees and former employees, partners, employees of partners, suppliers and service providers, their employees, applicants, and claimants, and all individuals who have a relationship with GSAA and whose personal data is involved. GSAA only processes personal data of minors in strict compliance with personal data protection legislation and other applicable laws, or when provided by parents or a legal guardian who expressly consents to such collection. If GSAA discovers that it has inadvertently collected personal data of a minor under 18, it will immediately delete the records containing that minor’s personal data. If you have parental responsibilities for a child and become aware that the child has provided us with information, please contact us using the contact details provided below so that GSAA can work with you to address the issue.
CATEGORIES OF PERSONAL DATA PROCESSED BY GSAA
In the course of its activities, GSAA processes personal data from a significant number of categories of data subjects. The personal data that GSAA collects depends on the nature of the interaction but may include the following:
Personal contact data: name, surname, postal address, phone or mobile number, fax number, email address, or other similar contact information.
Business data for service provision: data related to the provision of services or supply of products, billing data, payment data, and/or information in the context of responding to any queries, requests, or complaints.
Payment data: credit/debit card numbers, security code numbers, or other associated billing information.
Account data: Mode of acquiring services, your transaction, billing history, and assistance in the context of the GSAA services you use or any other related information.
Demographic data: country, gender, age, preferred language, general education, professional history, and general information about employment.
Preference data: Information about your preferences and interests, as far as they relate to the services and how you prefer to receive communications.
Social media data: Information shared on social media in interaction with GSAA, where transparency is ensured through appropriate privacy policies.
IT usage data: User ID, functions, rights, login times, computer name, and IP address.
Please note that you are not obligated to share your personal data with GSAA. However, if you choose not to share your personal information, GSAA may not be able to provide the services or deliver the products you request, ensure certain specialized features, or respond effectively to any queries you may have.
PURPOSES OF PROCESSING YOUR PERSONAL DATA
With respect to the “Purpose limitation” principle, the development and execution of various activities pursued by GSAA entail a significant number of purposes for the processing of your personal data, such as:
Accounting, Tax, and Administrative Management: Client management, supplier management, administrative management, and economic and accounting management.
Commercial Activity and Marketing: Contact management, client management for service provision, marketing activities, and surveys and opinion polls.
Creation and Profiling Analysis.
Human Resources Management: Personnel selection and recruitment.
Electronic Communications Management: Website usage management and traffic data retention.
Compliance with Legal Obligations: Data transfer to third parties.
LEGAL BASIS
With reference to the “Lawfulness” principle, in the course of its activities, GSAA only processes your personal data when there is a legal basis that legitimizes the processing, including:
Consent: GSAA will only process your personal data if you consent to the processing through a clear, specific, informed, and explicit manifestation of will, by accepting it through a declaration (in writing or orally) or an unequivocal positive act (by ticking an option) that your personal data be processed.
Pre-contractual Measures or Contractual Performance: GSAA may process your personal data if necessary, among other things, for the performance of a service contract of which you are a party as a Worker, Client, and/or Supplier, or to perform pre-contractual measures upon your request.
Compliance with a Legal Obligation: GSAA may process your personal data to ensure and guarantee compliance with legal obligations to which it is subject under the legislation of a Member State and/or the European Union.
Protection of Vital Interests of the Data Subject: GSAA may process your personal data to safeguard your vital interests, especially when such processing is essential to your life.
Legitimate Interests: GSAA, other data controllers, or third parties may process your personal data, provided that such processing does not override your interests or fundamental rights and freedoms.
RETENTION PERIOD FOR YOUR PERSONAL DATA
With reference to the “Storage limitation” principle, GSAA retains your personal data only for the period necessary for the specific purposes for which they were collected. However, GSAA may be obliged to keep some personal data for a longer period, taking into account factors such as:
Legal obligations under current laws to retain personal data for a certain period.
Prescription periods under current laws.
(Potential) Legal disputes.
Guidance issued by competent data protection authorities.
During the period of processing your personal data, GSAA ensures that they are processed in accordance with this Data Protection and Privacy Policy. Once your data is no longer required, GSAA will securely delete them.
SHARING YOUR PERSONAL DATA
Subcontractors: Your personal data may be shared with companies responsible for providing services to GSAA. These companies are bound by a written contract and may only process your personal data for the purposes specifically established and are not authorized to process your personal data, directly or indirectly, for any other purpose, for their own benefit or for a third party.
Other Data Controllers and/or Third Parties: Your personal data may be shared internally with other GSAA companies that comply with applicable data protection rules based on the purposes associated with the processing.
At your request and with your consent, your personal data may be shared with other entities.
In compliance with legal and/or contractual obligations, personal data may also be transferred to judicial, administrative, supervisory, or regulatory authorities and to entities lawfully conducting data compilation, fraud prevention and combat activities, market research, or statistics.
YOUR RIGHTS AND HOW TO EXERCISE THEM
As the Data Subject of the personal data processed by GSAA, you have the right to access, rectify, limit, port, erase, and object to the processing of personal data under certain circumstances. These rights can be exercised in accordance with this chapter of the Data Protection and Privacy Policy.
Right to Information Provision: You have the right to obtain clear, transparent, and easily understandable information about how GSAA uses your personal data and what your rights are.
Right of Access: You have the right to obtain information about the personal data that GSAA processes (if it is processing them) and certain information (similar to that provided in this Data Protection and Privacy Policy) about how this data is processed. This right allows you to know and confirm that we use your data in accordance with data protection laws. GSAA may refuse to provide the requested information whenever doing so would require GSAA to disclose personal data of another person or if the information negatively affects another person’s rights.
Right to Rectification: If your data is incorrect or incomplete (for example, if your name or address is incorrect), you may ask GSAA to take reasonable measures to correct it.
Right to Erasure: This right is also known as the “right to be forgotten” and, simply put, allows you to request the deletion or removal of your data, provided that there are no valid grounds for GSAA to continue using them or their use is unlawful. It is not a general right to erasure, as exceptions are allowed (e.g., when the data is necessary for the establishment, exercise, or defense of a legal claim).
Right to Restrict Processing: You have the right to “block” or prevent future use of your data while GSAA assesses a request for rectification or as an alternative to erasure. When processing is restricted, GSAA can still store your data, but cannot use it further. GSAA maintains a list of data subjects who have requested “blocking” of future data use to ensure that this restriction is respected.
Right to Data Portability: You have the right to obtain and reuse certain personal data for your own purposes across different organizations. This right only applies to your own data that you have provided to GSAA, and GSAA processes with your consent and which are processed by automated means.
Right to Object: You have the right to object to certain types of processing, for reasons related to your particular situation, at any time during that processing, for the legitimate interests of GSAA or third parties. GSAA may continue to process this data if it can demonstrate “compelling legitimate grounds for the processing which override your interests, rights, and freedoms” or if the data is required for the establishment, exercise, or defense of a legal claim.
Right to Lodge a Complaint: You have the right to lodge a complaint with the competent supervisory authority, the Comissão Nacional de Proteção de Dados – CNPD, if you believe that the processing of your personal data violates your rights and/or the applicable data protection laws.
You can exercise the rights provided by applicable data protection legislation at any time in writing via email at goncalosilva@goncalosilva.pt.
SECURITY OF YOUR PERSONAL DATA
GSAA will process your personal data in accordance with the policies and internal standards of GSAA, using technical and organizational measures to promote the security and integrity of your personal data, particularly protection against unauthorized or unlawful processing, and against accidental loss, destruction, or damage. Without limiting, GSAA uses logical and physical security requirements and measures to protect your personal data by preventing unauthorized access. GSAA ensures that information is stored on secure computers in a closed information center and implements control procedures to ensure compliance with GSAA’s security policies. However, because the transmission of information over the Internet is not completely secure, GSAA cannot guarantee the security of your data when transmitted on an open network.
CONFIDENTIALITY
GSAA recognizes that the information you provide to us may be confidential. GSAA does not sell, rent, distribute, or commercially make personal data available to any third party, except when necessary to share information with Service Providers for the purposes set out in this Data Protection and Privacy Policy. GSAA maintains the confidentiality and integrity of your data and protects it in accordance with this Data Protection and Privacy Policy and all applicable laws.
COOKIES
GSAA uses cookies for the collection of information about website usage. Whenever you use the website, GSAA processes your personal data collected through the use of cookies in accordance with our Cookie Policy. For more information on the use of cookies, we recommend reading and reviewing the Cookie Policy and checking it regularly for the most up-to-date versions.
CONTACT INFORMATION
If you have any questions or wish to obtain more information about how we process your Personal Data and our practices regarding information security, please do not hesitate to contact us at the following addresses:
Email: goncalosilva@goncalosilva.pt
Address: Calçada do Sacramento 18 1st Floor, Chiado 1200-394 Lisbon, Portugal
CHANGES TO THIS DATA PROTECTION AND PRIVACY POLICY
GSAA may periodically update this Data Protection and Privacy Policy, as well as any other specific data protection and privacy statements. When making changes to this Data Protection and Privacy Policy, a new date will be added to the end of the Data Protection and Privacy Policy.
Date: October 2023