PRIVACY POLICY
PRIVACY POLICY
In the context of its activity and the contractual relationships established, GSLINES – TRANSPORTES MARÍTIMOS, LDA., hereinafter referred to “GSLINES”, acts in order to ensure the highest standards of personal data protection, meaning any information, of any nature and regardless of its support, including sound and image, concerning an identified or identifiable single person (data subject).
To achieve this purpose it complies with all legislation relating to the protection of personal data, in particular the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation/GDPR), ensuring the confidentiality, integrity and availability of such data.
Through this privacy policy, GSLINES intends to inform all data subjects whose data it processes, about the personal data collected, how and why it is used, to whom it is disclosed and how the protection of their privacy is ensured.
Therefore, the requests for quotations, the filling in of the declarations and contractual documents of GSLINES, the use and browsing on the website, the circulation in its facilities, the use of its vessels or vessels operated by it, and the provision of data, directly or indirectly, by the data subjects, imply the knowledge and acceptance of the conditions of this privacy policy.
CONTROLLER
GSLINES is a private limited company that is part of Grupo Sousa, has its headquarters in Avenida do Mar e das Comunidades Madeirenses, nº 21, 2nd floor, 9000-054 Funchal, NIPC 511011911 and is the data controller in accordance with the GDPR, whose data protection officer can be contacted via the following e-mail: dpo@gruposousa.pt.
PROCESSING
This privacy policy applies to all personal data collected and processed by GSLINES.
In general, GSLINES collects and processes personal data for the development of its business activity, in particular the provision of its services, the management of the contractual relationship with its clients, suppliers and partners from pre-contractual procedures to final performance of the contract, the necessity of the processing for the purposes of its legitimate interests and also for compliance with the legal obligations to which it is subject (including tax and regulatory obligations).
In order to fulfill the specific processing purposes, GSLINES collects and processes, depending on the context and the business relationship established, the personal data of the following data subjects:
(1) Customers and customer representatives;
(2) Service users;
(3) Individual suppliers and suppliers’ representatives;
(4) Other individual partners and partners’ representatives;
(5) Applicants; and
(6) Workers and employees.
Consequently, the personal data collected by GSLINES through the website, the concluded contract or other collection method from the above-identified data subjects may include, among others, the following: first name, surname, date of birth, gender, nationality, place of birth, profession, marital status, civil identification number, passport number, tax number, tax address, e-mail address, telephone number, mobile number, type, make, model and registration number of vehicle and other information contained in the Single Automobile Document.
The collection and processing, manual or automatically, of the personal data referred to by GSLINES is exclusively for the following specific purposes:
(1) Provision of passenger and goods transport services, including quotation requests and the conclusion of shipping contracts;
(2) Supply of its products and provision of contracted services;
(3) Fulfilling customer instructions,
(4) Managing customer contacts;
(5) Managing candidates’ databases;
(6) Entering into employment and service contracts;
(7) Fulfilling legal obligations, which GSLINES may have to transmit the data to the requesting public entities when so required by law.
Personal data processing operations concerning the applicants database are based on consent.
All applicants who have given their consent for their personal data to be included in the database, may withdraw their consent by sending an e-mail to rgpd@gruposousa.pt.
The exercise of the right to withdraw consent does not invalidate the processing carried out until that date, on basis of the consent previously given.
RETENTION PERIOD OF PERSONAL DATA
The personal data collected will be kept by GSLINES for the duration of its relationship with the client, supplier or partner in whose team the data subject is integrated, and may be kept for a longer period as established by law to defend the right / interest in legal proceedings or to pursue the purposes mentioned. For further details access the data retention periods defined here.
Once the maximum retention period is reached, the data subjects’ personal data will be irreversibly anonymised or will be securely destroyed.
DATA SUBJECTS’ RIGHTS
Under the terms of the law, the data subject may exercise their subsequent rights regarding the personal data concerning them, by written request, addressed to GSLINES to the email address rgpd@gruposousa.pt
– Access – the data subject has the right to access their data and obtain information regarding the purposes of their processing, the categories of data processed, the recipients of the data and the retention period of their personal data;
– Rectification – the data subject has the right to obtain the rectification of inaccurate personal data concerning him or her, as well as to complement incomplete personal data;
– Erasure of your data – the data subject has the right to request the erasure of their data in certain cases, namely personal data which is no longer necessary for the purpose for which it was processed, or for which the data subject withdraws the consent previously given;
– Restriction of Processing – the data subject has the right to request the restriction of the processing of their data in certain cases, in particular if they contest the accuracy of the personal data, for a period allowing GSLINES to verify their accuracy, if the processing given to the data is unlawful and the data subject opposes the erasure of the data, requesting, on the other hand, to restrict their use if GSLINES no longer needs the subject’s data for the purposes of processing, but they are required by the subject for the declaration, exercise or defence of a right in legal proceedings or if the subject opposes the processing, until it is established that the legitimate interests of GSLINES outweigh theirs;
– Data Portability – the data subject may, in cases provided for by law, request from GSLINES the personal data concerning them that they have provided, in a structured, commonly used and machine-readable format, and the right to transmit such data to another controller;
– Objection – the data subject may, on grounds relating to their particular situation, object to the processing of personal data concerning them which is based on the exercise of legitimate interests pursued by GSLINES or where the processing is carried out for purposes other than those for which the personal data have been collected, including profiling, or where the personal data is processed for statistical purposes.
– Complaint – the data subject has the right to complain to the Portuguese Data Protection Authority or other competent supervisory authority under the law if they consider that their data is not being legitimately processed by GSLINES as set out in the applicable legislation and this Privacy Policy.
SECURITY MEASURES ADOPTED BY GSLINES
GSLINES has as its prime concern the protection of the personal data of the subjects’ data, whose processing ensures against unauthorised access through the network.
For this purpose, it shall maintain in operation all the technical means within its reach to prevent the loss, misuse, alteration, unauthorised access, disclosure, loss or destruction and misappropriation of the personal data provided or transmitted, namely:
– Transfers data only in encrypted form;
– Continuously monitors the accesses made to the information technology systems to prevent, detect and prevent the misuse of personal data;
– Conducts regular audits to evaluate the capacity of the technical and organisational measures adopted;
– Promotes regular awareness and training actions regarding the protection of personal data to its employees;
– Adopts internal procedures and mechanisms that ensure the confidentiality, integrity and availability of personal data and the resilience of the information systems in which they are processed;
– It has in place mechanisms that guarantee the re-establishment of the information systems and access to personal data in a swift manner in the event of a physical or technical incident.
PERSONAL DATA BREACH
GSLINES will notify personal data subjects when a breach involving a high risk to their rights and freedoms takes place and obliges to do so within 72 hours of the incident.
REPORTING TO OTHER ENTITIES
GSLINES makes data available to other companies within Grupo Sousa as part of measures to prevent money laundering, terrorist financing and fraud or for administrative and financial management purposes inherent in the Group.
GSLINES uses other entities to provide certain services. Eventually this provision of services may involve access, by these entities, to personal data of its customers, suppliers and partners.
Any processor of GSLINES will process the personal data of the data subjects in the name and on behalf of GSLINES, in the strict obligation to follow its instructions.
GSLINES shall ensure that such processors provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing will meet the requirements of the applicable law and ensure the security and protection of the subject’s rights under the terms of the processing agreement concluded with such processors.
In certain situations, the personal data of data subjects may also be transmitted to third parties where such data communications are necessary or appropriate (i) in the light of applicable law, (ii) in compliance with legal obligations/judicial orders, (iii) by determination of the Portuguese Data Protection Authority or other competent supervisory authority, or (iv) to respond to requests from public or government authorities, such as tax authorities, courts and regulatory bodies.
In any of the above situations, GSLINES is committed to taking all reasonable steps to ensure the effective protection of the personal data it processes.
INTERNATIONAL DATA TRANSFERS
The provision of products and services by GSLINES may involve the transfer of data subjects’ personal data to third countries (which do not belong to the European Union or the European Economic Area).
In such cases, GSLINES shall adopt the necessary and appropriate measures under the applicable law to ensure the protection of personal data, object of such transfer, strictly complying with the legal provisions regarding the requirements applicable to such transfers, namely by informing the data subject.
CONTACTS
The data subject may contact GSLINES for further information about the processing of their personal data, including for copying the appropriate or adequate safeguards or for information where these are available in case of international data transfers, as well as for any questions relating to the exercise of their legal rights, at the following email address (without detriment to the fact that, in some cases and as expressly arising from the contractual relationship established, these rights may be exercised towards the relevant GSLINES clients, suppliers and partners): rgpd@gruposousa.pt.
