The purpose of this document is make known the implementation of the new rules applicable to processing of personal data of all interlocutors (customers, employees, suppliers, partners and other entities) who interact with NAVIPOR, the rights that assist it, procedures, means processing, purposes, circuits and consents of the information collected by NAVIPOR, acting in accordance with the law and the new regulation of protection and personal data.
Personal data protection policy is the policy that define the terms which NAVIPOR treats the personal data of the interlocutors and the rights they may exercise, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council - General Regulation on the Data Protection (GRDP) - and other applicable national data protection legislation.
A personal data is all kind of information relating to a singulary person. For example, the name, an identification number, location data, contacts, even elements of your physical, economic or social identity. Processing personal data refers to any automated and non-automated operation performed on such data - collection, recording, alteration, consultation, use, transmission and destruction.
This personal data protection policy applies to all interlocutors, including external parties (workers coming from Port Labor Companies), who provide services at the various terminals where NAVIPOR operates.
NAVIPOR collects personal data strictly necessary for the percussion of your business activity. In the collection and processing of data, NAVIPOR complies with applicable legal obligations and observes the principles and rules of processing by requesting consent from employees when it is necessary to process their personal data.
NAVIPOR adopts various technical and organizational security measures in order to protect the personal data of its employees against unauthorized loss, dissemination, alteration, processing or access.
All data may be retained as long as legal obligations establish or business relationships with customers remain.
NAVIPOR may use subcontractors to provide certain services, which may require access by third parties to personal data of its employees. NAVIPOR ensures that these subcontractors fulfill with applicable legal requirements and offer adequate data protection safeguards.
a) Right of access - provision of information about personal data that NAVIPOR holds about the data subject and about their processing;
b) Right of rectification - correction, updating or inclusion of information (which may be missing) concerning the data subject;
c) Right to erasure of data (“right to be forgotten”) - erasure of data, having verified the legal requirements for this purpose (the legal deadline for retention of data to which NAVIPOR is obliged);
d) Right to limitation of processing - suspension / (temporary) cessation of data processing, subject to applicable legal requirements;
e) Right of opposition - revocation of consent for data processing made on this basis.
NAVIPOR assures workers the exercise of their access rights, rectification, opposition, deletion and limitation of treatment. Workers may exercise their rights through contact with the personal data protection officer - Paulo Rico - tel. 910385278 – email@example.com. The employee may, if not granted this right, to present a complaint to the National Data Protection Commission, the public authority that oversees the application of the legislation in Portugal.
A data breach is a breach of security that accidentally or unlawfully causes unauthorized destruction, loss, alteration, disclosure, or access to personal data processed by NAVIPOR. Examples of data breach:
NAVIPOR has implemented an incident management system for data protection, privacy and information security. If any User, Service Recipient or Customer wishes to report the occurrence of any breach of personal data, which may accidentally or unlawfully lead to unauthorized destruction, loss, alteration, disclosure or access, to personal data transmitted, retained or otherwise processed, you may contact the Data Protection Officer - Paulo Rico - tel. 910385278 – firstname.lastname@example.org.
The free, specific and informed availability of personal data by the respective holder implies the knowledge and acceptance of this Policy and implies an express authorization for its processing, according to the defined rules.
To exercise any type of data protection rights, the different parties may contact the Data Protection Officer - Paulo Rico - tel. 910385278 – email@example.com, describing the subject matter of the request and indicating an email address, telephone contact or correspondence address for further response.
In accordance with the GRDP, NAVIPOR commits itself to all new forms of data processing (new technologies, other innovative forms of data processing) that may pose a high risk or to testing existing procedures, and in order to guarantee the rights and freedoms of the personal data of its workers, to carry out a periodic risk analysis of existing procedures / circuits, focusing in particular on the origin, nature, particularity and severity of the risks and more specifically for each risk. (illegitimate access, unwanted modification, disappearance of data), the source of the risk, identification of potential impacts on data subjects' rights and freedoms, and the estimation of the likelihood and severity of those risks.
As mentioned above, NAVIPOR only collects, processes and stores the data of the various parties strictly necessary for its economic activity.