The entity responsible for processing personal data
The entity responsible for the processing of personal data is Volz Lda, with NIPC: 516 621 017 and with a registered office at Praceta dos Plátanos, 80-3º Dtº, Parede, 2775-264.
Collection and processing of personal data
Personal data voluntarily provided by the data subject, and whose processing is a contractual and/or legal obligation of VOLZ, are treated confidentially, by duly authorized employees or subcontractors, who shall follow VOLZ’s specific instructions.
Your data may be collected directly or by telephone, when you make a request for information or service, by opening a customer file, with the creation of a case number that identifies the file, when you make a product purchase or use one of the contact forms available on our website.
The personal information we collect is:
- First name;
- Last name;
- Email address;
- Telephone number;
- Fiscal Number;
- Other supplementary information, not classified as personal.
When browsing the website, whenever it is necessary to identify and collect personal data, the user will have to authorize its collection through authorization mechanisms that may vary from case to case, but which will be clear in their purpose and intuitive to use. For example in a contact form, there will be a box where the user must click to indicate that he/she authorizes the collection and processing of the personal data entered in the form and subsequent contact by VOLZ. You should, however, let it be clear that without consent of the data processing you will not be able to send your message, place orders, and contact VOLZ through the website.
Purposes of collection and categories of data
Grounds (Article 6(1)(b), (c), (d), and (f) of the GDPR): Processing is necessary for the performance of a service to which the data subject is a party, or for pre-contractual steps at the request of the data subject; for compliance with legal obligations to which VOLZ is subject; for the defense of vital interests of the data subject; for the purposes of the legitimate interests pursued by VOLZ.
With regard to data processing carried out by VOLZ in the context of compliance with legal obligations, the lawful ground for carrying out such processing – mostly data communications to external entities – will be the necessity of the processing for the purpose of compliance with such legal obligations by the data controller.
We, therefore, collect your data to:
- Customer service;
- Marketing activities – only with the explicit authorization of the user;
- Legal scope – in certain cases, we need to use the information provided, which may include personal data, to handle and resolve legal disputes or claims, for legal investigations, to enforce agreements, or to comply with legal requests from competent authorities (e.g. communications to SEF), to the extent required by law.
If we use automated means to process personal data that produces legal effects or significantly affects you, we will implement appropriate measures to safeguard your rights and freedoms, including the right to obtain human intervention.
VOLZ shall implement the necessary and appropriate measures under applicable law to ensure the protection of personal data subject to communication, strictly complying with the legal provisions regarding the requirements applicable to such communications, namely by informing customers.
In cases where VOLZ communicates personal data to third parties, it will define clear rules for contracting the processing of personal data with its subcontractors and will require them to adopt appropriate technical and organizational measures to protect your personal data.
The data may be provided to judicial or administrative authorities, provided that in compliance with legal obligations, as well as communicated to public and private bodies related to VOLZ’s activity. The data, depending on the purpose for which it was collected, may be provided to the following categories of recipients:
- Public entities;
- Subcontracted service providers;
- Other entities subcontracted by VOLZ whose corporate purpose is essential for the pursuit of the purpose for which the data was collected.
Transfer of data to third countries
The information collected will not, in principle, be transferred to third countries. In case of data transfers to countries outside the EU, priority will be given to countries under an adequacy decision issued by the EU pursuant to Article 45 of the GDPR.
VOLZ will take the necessary measures in order to ensure the privacy and security of your personal data under Article 46 of the GDPR and to use it only for the purposes for which it was collected.
Retention of personal data
Your personal data is kept by VOLZ for as long as the existing relations between this entity and the respective holders remain in force, or for the legal term of conservation or for the purpose for which they were collected, in order to allow the identification of the holders until such time as these relations or obligations have been definitively terminated.
The collected data will be destroyed at the end of its legal conservation period. The period of time during which the data is stored and conserved varies according to the purpose for which the information is used. There are, however, legal requirements that oblige data to be kept for a certain period of time.
VOLZ is committed to ensuring the confidentiality, protection, and security of its customers’ personal data by implementing appropriate technical and organizational measures to protect their data against any form of improper or illegitimate processing and against any accidental loss or destruction of such data.
To this end, we have put in place procedures to prevent unauthorized access, accidental loss, and/or destruction of personal data, and we undertake to comply with the legislation concerning the protection of personal customer data and to process this data only for the purposes for which it was collected, as well as to ensure that this data is treated with adequate levels of security and confidentiality.
Access to your personal data will be limited to those who need to know it in the exercise of their functions, strictly to the extent necessary to fulfill the purposes of the processing.
Among the cases where administrative staff has access to your data and other special categories of data are the processing of data for the purpose of billing and performing the services provided to you or for managing your requests for information or complaints.
VOLZ is not liable for the data that you make available on social media. The use of VOLZ social media may involve the transmission of data to social media service providers, who may be based outside the European Union or the European Economic Area.
The data will be stored on a server maintained and controlled by VOLZ, located in Portugal, and Cloud service providers based in the European Union.
Security is always monitored in terms of infrastructure and data access. Access is restricted and protected by various access management and encryption tools, with the aim that unauthorized third parties do not have access. The risk of loss/destruction is thus minimized, but not eliminated and there is always the possibility of illegal access to the data. In this case, leakage retention measures will be implemented.
Rights of the data subject
Right to information – at the moment of collection or processing of personal data, the holder of the personal data has the right to be informed about the purpose of the processing, the person responsible for the processing, the entities to which the data may be communicated, the conditions of access and rectification, and which compulsory and optional data will be collected.
Right of access – the holder of the personal data has the right to access them, without restrictions or delay, as well as to know what information is available about the origin of the data, the purposes of the processing, and its communication to third parties.
Right of rectification – the holder has the right to demand that the data concerning him/her is accurate and up-to-date, and may at any time request its rectification from the data controller.
Right of erasure – the data subject has the right to have their data no longer processed, erased, and deleted, under certain conditions, in the event of:
- They are no longer necessary for the purpose for which they were collected;
- The data subjects withdraw their consent or oppose the processing of the data;
- If the processing of the data does not comply with the legal provisions.
Right to restriction of processing – the data subject has the right to have their data limited to what is essential for the purpose of the processing.
Right to data portability (data transfer) – the data subject has the right to receive his/her data or to request the transmission of his/her data to another entity that becomes the new controller of his/her personal data (only if technically possible).
Right to object – the data subject has the right to object, at his or her request and free of charge, to the processing of his or her personal data for the purposes of direct marketing or any other form of prospecting and that his or her personal data be communicated to third parties unless otherwise provided by law.
Right not to be subject to automated decisions or profiling – As a data subject, you have the right not to be subject to any decision taken solely on the basis of automated processing, including profiling.
Right to know about the existence of a data breach – the personal data subject has the right to be informed if there is any security breach that compromises his/her data.
Right to complain to the supervisory authority – the personal data subject has the right to complain not only to the company’s personal data controller but also to the supervisory authority, the National Commission for Data Protection (CNPD).
You also have the right to withdraw or change, at any time, the consent you have given us to use your personal data, where this has legitimised the use of the data.
Obligations of the entities involved in the data processing
Each of the entities involved in the processing of your data is obliged to comply with the applicable legislation on data protection, in particular with regard to the security and confidentiality of processing.
Those responsible for processing personal data, as well as those who, in the course of their duties, have knowledge thereof, shall be bound by professional secrecy, in accordance with the law.
Contact Data Protection Officer
If you have any questions or if you wish, at any time, to speak to the Data Protection Officer, you may exercise this right by contacting us using the means available on the contact page.