ROLEAR - Automatizações, Estudos e Representações S.A. is a public limited company with head office at Parque Rolear, Sítio do Areal Gordo, Faro, under registration and tax ID number 500 883 750.
ROLEAR’s business activity is varied and it operates in several areas;
Distribution of gas and similar products:
1 - WHY IS THIS PERSONAL DATA PROTECTION POLICY NECESSARY AND WHAT IS ITS GOVERNING PRINCIPLES?
ROLEAR is dedicated to protecting the personal data of its Clients, Website Users, its App or Newsletter Subscribers, Employees, Job Applicants, Trainees and Trainers, in all situations where such data is processed, and as such it has drawn up this Policy, which underpins its underlying commitment to complying with Personal Data protection rules and with the General Data Protection Regulation (GDPR) ((EU) Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016) and Law no. 58/2019 of 8 August which ensures execution of the aforementioned Regulation within our legal system, and with all other applicable legislation and also ensuring compliance by its Processors.
ROLEAR is dedicated to protecting the confidentiality of all personal data and it has adopted all measures it deems adequate to ensure the accuracy, integrity and confidentiality of personal data, as well as complying with all other principles that govern data processing, described as follows:
The principle of lawfulness determines that it shall only be possible to process personal data if there is a sufficiently legitimate reason for doing so. To comply with this principle, Rolear processes personal data in the following situations: in compliance with legal obligations; in undertaking pre-contractual due diligence; when executing a contract; because it has obtained consent; because it has legitimate interest in doing so..
To comply with the principle of fairness, Rolear processes personal data fairly: on the one hand taking into account its interests and those of its Processors, while on the other those of the data subjects.
The principle of transparency means that information or communication related to the processing of personal data should be easily accessible and comprehensible, and formulated in a clear and simple manner. In order to ensure compliance with this principle, any information or communication concerning processing personal data is provided by Rolear in a concise, transparent, intelligible and easily accessible manner, using clear and simple language.
The principle of purpose limitation stipulates that data should be collected for purposes that are specific, explicit and legitimate and cannot be processed in the future in a manner that is incompatible with the purposes for which they were collected. Rolear ensures compliance with this principle and does not process data for purposes that are different from those for which they were collected.
The principle of data minimisation means that the data that is to be processed must be adequate, relevant and limited to that which is required by the purposes that determine the processing. To comply with this principle, Rolear only processes personal data when the purpose of the processing cannot be achieved in a reasonable manner by any other means, i.e., when the respective processing is in fact necessary.
The principle of accuracy requires that personal data be correct and updated whenever necessary, and appropriate measures taken to allow inaccurate data to be erased or rectified without delay. To comply with this principle, Rolear offers the data subject all the necessary mechanisms for rectification.
The principle of storage limitation requires that personal data be stored only for the period that is required for the purposes of the processing. Rolear shall erase the personal data once the pre-established period for which the data was collected has ended.
The principle of integrity and confidentiality requires that personal data be processed in a manner that ensures its security, including protection against the data’s unauthorised or illegal processing, loss, destruction or accidental damage. Rolear has adopted appropriate technical and organisational measures to prevent use of data by unauthorised persons.
The principle of accountability requires creating adequate and effective measures and data protection policies based on criteria of risk, adaptability and proportionality of measures that guarantee compliance with GDPR principles and obligations, and, when requested, demonstration thereof to the supervisory authorities. Rolear ensures compliance with this and other principles stipulated in Article 5. of the GDPR and is able to prove that the technical and organisational measures that it has adopted allow for such compliance.
The principle of proportionality is part of the general principles of law of the European Union, requiring that any act carried out is able to achieve the sought after objective and does not go beyond what is necessary to achieve it, and when there are alternative means that are less likely to affect the privacy of the people in question these means shall be implemented. Rolear adopts this principle and always bears in mind the importance of adopting an approach that is proportional to the processing of personal data.
Lastly, Rolear ensures that the Processors who process Personal Data on its behalf comply with the same principles and act with the same amount of confidentiality and security;
2 - WHAT IS PERSONAL DATA?
Personal data refers to information of any type or format, including sound and image, pertaining to an individual person that is identified or identifiable. An individual person is considered identifiable if they can be identified directly or indirectly, in particular with respect to a name, identification number, location data, electronic identifiers, or with respect to one or more specific pieces of information pertaining to their physical, physiological, genetic, mental, economic, cultural or social identity.
3 - WHAT DOES THE PROCESSING OF PERSONAL DATA CONSIST OF?
The processing of personal data consists of an operation or series of operations conducted with regard to personal data or sets of personal data by automated or non-automated means, namely the collection, recording, organisation, structuring, storage, adaptation, recovery, consultation, use, disclosure, distribution, comparison, interconnection, restriction, erasure or destruction of data.
4 - WHO IS RESPONSIBLE FOR PROCESSING THE DATA?
The entity responsible for processing personal data is ROLEAR - Automatizações, Estudos e Representações S.A., which determines the categories of the collected data, the purposes of its use and the means by which it is processed, and the entity may be contacted, specifying ‘Personal data privacy’ as the subject via the following points of contact:
• Post: Parque Rolear, Sítio do Areal Gordo, 8005-409 Faro;
• E-mail: firstname.lastname@example.org
5 - WHEN AND HOW DO WE COLLECT YOUR PERSONAL DATA?
ROLEAR collects your personal data via direct contact, at Rolear shops, via telephone, e-mail, post, website browsing and/or registration, and subscription to newsletters or apps ensuring, whenever necessary, that prior consent for processing has been obtained from the personal data subject. Some personal data is indispensable for contracts and in the event of its absence or insufficiency, ROLEAR may not be able to supply the requested product or service. ROLEAR may also process personal data collected and transmitted by THIRD PARTIES, who are responsible for these processing operations. Third party entities that collect and transmit personal data to ROLEAR are trusted and have the necessary skills and technical knowledge to comply with and enforce compliance with all the Personal Data Protection Regulations, thus offering high levels of protection guarantees.
6 - WHAT ARE THE TYPES OF PERSONAL DATA THAT ARE PROCESSED?
ROLEAR collects and processes the personal data necessary for performing its activities and managing its websites, social media and apps. Below are examples of the categories and types of data that ROLEAR may collect and process:
Opening client files and presenting sales proposals to clients and potential clients:
Invoicing of goods or services supplied by Rolear:
Contracting of the supply of piped gas – LPG (liquefied petroleum gas):
Registration on the Academia Rolear training platforms (SIGO platform and distance learning access platform):
Newsletter subscriptions (Rolear Mais, Rolegás, Academia, Uplive and Grupo Rolear):
Staff recruitment, drawing up and managing the respective employment contracts:
7 – WHAT TYPES OF SENSITIVE INFORMATION DO WE PROCESS?
Categories of sensitive data and data whose processing can affect personal rights and freedoms:
These include data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, location, genetic and biometric data, and data pertaining to health, sex life or sexual orientation.
ROLEAR only processes biometric data, monitoring data (video surveillance and geo-localisation), data related to and necessary for preventive occupational medicine, and data for assessing work capacity.
Data used for and necessary for preventative occupational medicine and for assessing work capacity are processed under the responsibility of a professional that is bound by a professional confidentiality obligation. ROLEAR only accesses the result of the medical assessment showing the outcome of ‘fit’, ‘unfit’ or ‘conditionally fit’.
Biometric data (personal data resulting from a specific technical processing regarding the physical, physiological or behavioural characteristics of an individual person that allows or confirms the unique identification of that individual person, namely facial images or finger print data) is used by ROLEAR to monitor absenteeism, recording only the fingerprint template and/or facial image.
Collection of information regarding the employee’s location and their travel history is exclusively from the use of geo-location devices in cars (GPS) for the purpose of protecting people and goods.
ROLEAR uses video surveillance cameras exclusively for the protection and safety of people and goods, these cameras being duly identified and limited to public locations or spaces that are accessible to people outside the company, where there is a potential risk of an offence against people or property.
8 - WHAT ARE THE PURPOSES AND REASONS FOR PROCESSING PERSONAL DATA?
ROLEAR processes the personal data of its Clients, Website Users, Apps or Newsletters Subscribers, Employees, Job Applicants, Trainees and Trainers in order to undertake pre-contractual due diligence, to execute and sign contracts, to fulfil legal obligations, to pursue its legitimate interests or because it obtained consent:
In accordance with our legal obligations, we process personal data for the following reasons:
As part of performing pre-contractual due diligence, we process personal data for:
As part of a contract we process personal data to:
Subsequent to your consent, we process personal data for the following:
On the basis of our legitimate interest, we process personal data to:
9 - HOW LONG DO WE KEEP YOUR PERSONAL DATA?
Data is stored and kept only for the amount of time that is deemed sufficient and necessary for the purposes that led to its collection and processing, after which the data shall be erased, notwithstanding the right to erasure and legal provisions that require keeping personal data for a longer minimum period of time. When dealing with a newsletter subscription or app registration, data shall be stored and kept for the duration of the subscription or registration.
10 - WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?
RIGHTS TO ACCESS, RECTIFY, UPDATE, RESTRICT, ERASE, OBJECT AND WITHDRAW CONSENT:
As personal data subjects, clients and website users are entitled to, at any time, request access, rectification, updating, restriction or erasure of their personal data, as well as the right to object to the use of the data for commercial purposes, and the right to withdraw consent without compromising the legality of the processing conducted within the scope of that consent.
RIGHT TO DATA PORTABILITY (DATA TRANSFER):
The data subject has the right to receive the personal data provided whenever the processing is conducted by automated means and has occurred due to the signing of a contract or subsequent to the data subject’s consent. Within the scope of this right, the data subject also has the right to request transfer of their data to another entity, which then becomes the new controller of their personal data, whenever such is technically possible.
HOW CAN YOU ACCESS, RECTIFY, UPDATE, RESTRICT, ERASE, OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA OR WITHDRAW YOUR CONSENT?
The personal data subject may do so by directly contacting ROLEAR at the address of its head office located at Parque Rolear, Sítio do Areal Gordo, 8005-409 Faro; or via its Data Protection Officer (DPO) via an e-mail sent to email@example.com .
11 - HOW CAN YOU MAKE A COMPLAINT?
Notwithstanding being entitled to submit complaints directly to ROLEAR via the contact information made available for such purposes, the client/user may complain directly to the Supervisory Authority, namely the National Data Protection Commission (NDPC), via the contact information supplied by that entity.
12 -WHAT MEASURES HAS ROLEAR ADOPTED TO ENSURE THE SECURITY OF ITS PERSONAL DATA?
ROLEAR guarantees the security of the personal data made available by adopting various advanced security measures of a technical and organisational nature, in order to protect the personal data against its distribution, loss, improper use, change, unauthorised processing or access, as well as against any other form of illicit processing, namely by placing the servers in a specific physical space with restricted access and 24 (twenty-four) hour surveillance, 7 (seven) days a week, with only duly authorised persons being able to access the servers using logical security tools for security clearance.
ROLEAR shall not be responsible for content that is accessed via any hyperlink that may lead its clients and website users to browse outside of its domain whenever third parties are responsible for such hyperlinks.
TRANSFER OF DATA TO THIRD PARTIES:
ROLEAR uses third parties to supply certain services that include maintenance and technical support and these third parties may have access to some of the personal data of ROLEAR clients and website users, namely the data necessary for providing the support. ROLEAR ensures that the entities that have access to the data are credible and offer high levels of protection guarantees, and they shall never receive data that is beyond what is necessary for supplying the contracted service; nevertheless, ROLEAR shall be responsible for the personal data that is made available. ROLEAR shall also transfer data to third parties, namely network operators, banks and insurance companies, judicial and administrative authorities, supervisory and regulatory authorities, or those parties who undertake preventive actions and combat fraud, tax evasion and terrorism, or conduct market studies or produce statistics.
13 - WHAT ARE COOKIES, WHAT ARE THEY USED FOR AND HOW DO WE USE THEM?
Grupo Rolear: https://www.rolear.pt/pt/cookie-declaration/
Rolear Mais: https://www.rolearmais.pt/pt/cookie-declaration/
Academia Rolear: https://www.academiarolear.pt/pt/cookie-declaration/
14 - HOW CAN YOU FIND OUT ABOUT CHANGES MADE TO THE ROLEAR PERSONAL DATA PROTECTION POLICY?