Data Protection and Reporting Channel

General Data Protection Regulation and Reporting Channel

1. DATA CONTROLLER

FRIGOCON – Indústria de Frio e Congelação, S.A. is a pioneering company in the Portuguese market, specifically in the domestic and commercial cold segment.
It specializes in the design, development, production and marketing of freezing and refrigeration equipment for supermarkets, ice cream conservators and beverage coolers.
In carrying out its activity, it needs to collect and process personal data, which implies that in this case it assumes the position of Data Controller with all the obligations and duties inherent:

FRIGOCON – Indústria de Frio e Congelação, S.A.
Rua das Calçadas, 568, 4480-492 Touguinha

Vila do Conde, Portugal
Telf: +351 252 640 140 (Call national landline)
E-mail: geral@fricon.pt
Website: https: //www.fricon.pt

2. DATA PROTECTION OFFICER

In order to ensure permanent compliance of internal practices in terms of personal data protection and to efficiently guarantee the rights of data subjects, FRIGOCON – Indústria de Frio e Congelação, S.A. has appointed a Data Protection Officer. has appointed a Data Protection Officer who plays a key role in promoting a data protection culture within IFRICON and contributes to compliance with the GDPR, such as the principles of data processing, the rights of data subjects, records of processing activities, security of processing and the notification and reporting of data breaches.

The Data Protection Officer (DPO) can be contacted at rgpd@fricon.pt.

3. TREATMENT FUNDAMENTALS

FRIGOCON – Indústria de Frio e Congelação, S.A. processes personal data exclusively for:

  • Execution of contracts to which the data subject is a party, or for pre-contractual procedures at the request of the data subject;
  • Protection of the vital interests of the data subject or another natural person; compliance with legal obligations to which the controller is subject;
  • The purposes of legitimate interests pursued by the controller or a third party, except where the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail, in particular where the data subject is a child and where the data subject has given consent to processing for one or more specific purposes.

4. Managing cookies

You can manage cookies through your browser settings. Most browsers allow you to:

  • View what cookies are on your device and delete them individually.
  • Block third-party cookies.
  • Block cookies from specific sites.
  • Block all cookies.
  • Delete all cookies when you close your browser.

To learn more about managing cookies, visit the help pages of your specific browser.

5. PERSONAL DATA PROCESSING OPERATIONS

Personal data is any information relating to an identified or identifiable natural person.

The holders of personal data are the natural persons to whom the personal data relates, namely users, employees, service providers, collaborators, partners and others.

FRIGOCON – Indústria de Frio e Congelação, S.A. may collect and process different categories of personal data such as identification and contact data, namely name, address, tax identification number, e-mail, telephone contact, date of birth, health, financial and/or asset data, among others.

Personal data is processed for various purposes:

The sole purpose of the personal data collected from our clients, employees, or any others, is to gather the information necessary to carry out our activity from the data subjects and the development of our activity, administrative, accounting and tax management, including invoicing and accounting; payments; compliance with legal obligations and response to requests from judicial authorities or other public authorities, fulfilling the legal and contractual obligations inherent in our activity.

The processing of personal data is carried out exclusively for the purposes mentioned above and only for the period of time that is necessary or obligatory for the fulfillment of those purposes, with the retention periods being determined for each purpose and appropriate to each processing in accordance with our legal obligations.

Once the retention period has elapsed, and provided that we are not obliged to retain the data by legal or administrative force, we will delete the personal data or anonymize it.

6. SECRECY AND CONFIDENTIALITY

All our employees have a duty of confidentiality and protection of information as prescribed by the General Data Protection Regulation, and are obliged to keep absolutely secret any information or knowledge of a personal, technical or other nature acquired, necessarily or involuntarily, during the employment relationship or because of it, concerning FRIGOCON – Indústria de Frio e Congelação, S.A. or any other persons, natural or legal, who are related to it, namely other employees, clients, family members, collaborators, among others, unless previously authorized in writing.

Any reproduction, copying, modification, public communication, distribution or any other type of assignment, free of charge or for consideration, of any documents, computer programs, publications, information contained in databases, or any other intellectual material belonging to or relating to FRICON or any third party related to it, is also expressly prohibited, unless previously authorized in writing.

7. SUBCONTRACTORS

FRIGOCON – Indústria de Frio e Congelação, S.A. does not transmit personal data to third parties, except in cases where this is necessary to carry out its activity or provide the contracted services, to comply with legal obligations or when consent has been given for this purpose.

For the purposes indicated above, we may need to use subcontractors for the processing of personal data and communicate personal data to subcontractors involved in the execution of the contract, namely the Tax Authority, Social Security, Insurance Companies, and any other entities legally obliged to provide our services.

However, the transmission of data to third parties is carried out in accordance with the applicable data protection legislation and within the limits of the purposes and legal grounds defined in this Privacy Policy.

Our concern with guaranteeing secrecy and confidentiality in the processing of personal data extends to our subcontractors or service providers, to whom we demand guarantees of data processing in compliance with and obedience to the processing rules arising from the GDPR.

8. DATA PROCESSING GUARANTEES

We are guided in all our actions, and we extend the same requirement to third parties and subcontractors, by the following data processing rules:

A) Personal data will be processed in compliance with the legal data processing regime, this Privacy Policy and with the guarantee of lawful, fair and transparent processing;

B) The data collected is merely instrumental to our activity and is intended to pursue a specific, specified and legitimate purpose, with no further processing incompatible with these purposes;

C) We respect the Principle of Data Minimization, collecting only the data considered adequate, relevant and necessary for the purposes of collection and processing;

D) In compliance with the Principle of Accuracy, we will keep your data accurate and up-to-date whenever necessary, and the necessary measures will be adopted and made available to its owner to guarantee its permanent accuracy, namely the right to rectification;

E) We will process your data in accordance with the Security Principle, protecting your data from possible illegal and unauthorized processing, preventing possible loss, destruction or unforeseen damage, adopting all the appropriate technical and organizational measures for data processing that guarantees the security, integrity and confidentiality of the data.

9. SECURITY MEASURES

We use security measures, including authentication tools, to help protect and maintain the security, integrity and availability of your personal data and we take the necessary steps to ensure the secure processing of personal data in particular, precautionary measures to protect personal data against loss or abuse, and we use security procedures to prevent unauthorized access to such personal data.
All the personal data we collect is stored on servers that offer security guarantees and we subject our security systems and policies to periodic reviews to ensure that the data is safe and secure.

We also respect the confidentiality of your information and do not sell, distribute or in any other way make your information commercially available to any third party, so we undertake to keep your information confidential in accordance with the applicable legislation.

10. RIGHTS OF THE DATA SUBJECT

1) Right of Access to Data: You have the right to know whether or not your personal data is processed and to access the information that is processed about you, such as the purposes of the processing; the categories of personal data processed; if the data was not collected from you, the origin of the data if available; entities acting in the name of and on behalf of the controller; third parties to whom the data is communicated; the period for which the data is stored or the criteria used to set the period; whether your data is subject to automated decisions and whether there is profiling; if so, what the underlying logic is, as well as the importance and consequences that the data processing may have for you; if your personal data is transferred to countries or international organizations outside the European Economic Area, what guarantees exist so that the personal data continues to enjoy an adequate level of protection after the international transfer.

2) Right to Rectification of Data: You have the right to have your personal data rectified when it is inaccurate or out of date;

3) Right to erasure of data: You have the right to obtain the erasure of your personal data only in the following circumstances: The data is no longer necessary to achieve the purpose for which it was collected and there is no legal rule requiring it to be kept for longer; you have withdrawn your consent, on which the legitimacy of the processing was based; the personal data is being processed unlawfully, which requires justification on the part of the data subject; when you have objected to the processing of data for marketing purposes, including profiling that may be associated with it; when you have objected to the processing of data pursuant to no.The data must be erased by virtue of a legal obligation; consent to the processing of the data has been given by their legal representatives under Article 8 of the GDPR.

  • You also have the right to have Internet search engines disassociate links from the list of results displayed after a search using your name (de-listing).
    These links must be individually specified in the request.
  • There are situations in which the right to erasure of data, as indicated, may not apply, namely when the processing of data is necessary for the exercise of freedom of expression and information or for reasons of public interest in the field of health or for the purpose of exercising a right in legal proceedings.

4) Right to Restriction of Processing: This is the right that allows you, for a certain period of time, to restrict the processing of your data, i.e. “freeze” it, so that it cannot be communicated to third parties, transferred internationally or deleted.

  • You have the right to obtain the restriction of data processing in the following situations: When you contest the accuracy of the data until the data controller has verified the quality of the data; when you have objected to the processing of data until it has been verified that legitimate interests prevail; when the data is required by the data subject for the purpose of exercising a right in legal proceedings, even if it is no longer necessary for the data controller; when the data has been processed unlawfully and the data subject does not want it erased, but rather limited in its use (until such time as you eventually take legal action against the data controller).
  • You have the right to be informed by the controller before the restriction of processing you have requested is lifted.
  • When processing is restricted, the data may only be used with your consent, for the purposes of exercising a right in legal proceedings or defending the rights of a natural or legal person or for weighty reasons of public interest.

5) Right to Data Portability: This is the right to receive your personal data from a controller in a structured, commonly used and machine-readable format, and the right to transmit it to another controller, only if the data processing in question is based on consent or a contract and is carried out by automated means; the right to have your data transmitted directly between controllers, whenever this is technically possible, but only covers the data provided by you.

6) Right to object: You have the right to object, at any time, to the processing of your personal data, on grounds relating to your particular situation, where this is necessary for: the performance of a task carried out in the public interest or in the exercise of official authority; the pursuit of the legitimate interests of the controller or of a third party; the re-use of data for a purpose other than that for which it was originally collected, including profiling.

  • In these cases, the controller ceases processing, unless it has compelling legitimate reasons that override the rights and freedoms of the data subject, or for the purposes of exercising a right in legal proceedings.
  • You have the right to object, at any time and without justification, to the processing of your data for direct marketing purposes, including associated profiling.

7) Right to withdraw consent: You have the right to withdraw the consent you have given for the processing of your data at any time, unless there is a legal basis requiring such processing.

8) Right not to be subject to any decision taken solely on the basis of automated processing: you have the right not to be subject to any automated individual decision, i.e. taken solely on the basis of automated processing, including profiling, which produces effects in your legal sphere or significantly affects you in a similar way.
Automated individual decisions may be adopted if such decisions are necessary for the conclusion or performance of a contract between the data subject, are authorized by legislation to which FRIGOCON – Indústria de Frio e Congelação, S.A. is subject or are based on your explicit consent – We do not adopt automated individual decisions, i.e. with similar legal effects or significant impacts.

9) Right to Complain: You also have the right to lodge a complaint with the Supervisory Authority: Comissão Nacional de Proteção de Dados – CNPD – Av.
D. Carlos I, 134 – 1.º 1200-651 Lisboa; Tel: 351 213928400, Fax: +351 213976832 and e-mail geral@cnpd.pt or www.cnpd.pt.

11. EXERCISING THE RIGHTS OF THE DATA SUBJECT

1) As the data subject, you may at any time exercise your rights by sending a request to the address of the head office mentioned above or to the e-mail rgpd@fricon.pt.

2) You must identify yourself accurately and be able to prove your identity when exercising your rights, but you do not have to provide more personal data than is processed by the controller – you must keep proof that you have submitted a request to exercise your rights.

3) FRIGOCON – Indústria de Frio e Congelação, S.A., as data controller, facilitates the exercise of rights, namely by providing a specific form for this purpose;

4) The exercise of rights shall be free of charge unless the requests made by a data subject are manifestly unfounded or excessive, in particular because of their repetitive nature, in which case the controller may require payment of a reasonable fee to cover the administrative costs of providing the information or communication, or of taking the measures requested, or refuse to comply with the request.

5) Special situations:
Children – the exercise of rights in relation to children’s personal data is carried out by their legal representatives, without prejudice to the possibility of the children themselves being able to exercise them directly, given their age and maturity and the situations in which the processing of data is already legitimized by the child’s consent, as provided for in article 8 of the GDPR and article 16 of Law 58/2019, of August 8;

Deceased persons – the exercise of rights in relation to the personal data of deceased data subjects, when sensitive data is involved (Article 9(1) of the GDPR) or data relating to privacy, image or communications data, is exercised by whoever has been designated for this purpose by the data subject or, failing that, by their heirs.
Also according to article 17 of Law 58/2019, of August 8, the data subject can leave it to third parties to exercise rights over their personal data after their death;

Co-responsibility – the exercise of rights in relation to the processing of personal data in which there is more than one controller can be carried out with any of the controllers, regardless of what is agreed between the co-responsible parties.

12. CHANGES TO THE PRIVACY POLICY

FRIGOCON – Indústria de Frio e Congelação, S.A. reserves the right to change, modify, add to or rectify this Privacy Policy at any time, without the need for any prior notice, and such changes will be duly publicized.

13. Code of Conduct for the Prevention of Corruption and Related Offenses

Code of Conduct: See the document here.

14. Risk Prevention Plan

Risk Prevention Plan: See the document here.

15. Complaints Channel