a) What is meant by personal data and its processing?
«Personal data» means information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, electronic identifiers, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
«Processing» means an operation or set of operations which is performed upon personal data or sets of personal data by automated or nonautomated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, limitation, erasure or destruction.
b) Who is responsible for collecting and processing your personal data?
The responsibility for collecting and processing your personal information lies with Sysmatch. SYS-MATCH – Consultores em Sistemas de Informação, Lda., legal person no. 504665901, with headquarters at 3CE – Centro de Conhecimento, Competências e Empresas – Zona Industrial do Roligo – Rua 25 de Abril Nº 313 Roligo 4520-115 Espargo - Portugal and office center located at Av. D. João II, Edifício Infante, N35, 7H Parque das Nações, 1990-083 Lisboa - Portugal.
c) What are the principles applicable to data processing?
Data processing shall be carried out in accordance with the principles set out in the General Data Protection Regulation and other applicable national and European legislation, in particular:
Principle of lawfulness, fairness and transparency: The processing of personal data is only lawful when there is a basis for lawfulness, namely:
- a) Compliance with a legal obligation;
- b) Pre-contractual arrangements or the execution of a contract;
- c) When the Data Subject has given his/her consent, i.e. through a free, specific, informed and explicit expression of will, by which he/she accepts, through a declaration (in writing or orally) or unequivocal positive act (by filling in an option), that the Personal Data will be processed;
- d) Defence of the Data Subject’s vital interests;
- e) Legitimate Interests.
Sysmatch, as the controller of personal data, takes appropriate measures to provide the data subject with information relating to the entire processing process in a concise, transparent, intelligible and easily accessible form, using clear and simple language.
- Principle of Purpose Limitation: Personal Data are only requested for specified, explicit and legitimate purposes, and may not be further processed in a way incompatible with the original purposes.
- Principle of Data Minimization: The Personal Data, object of processing, must be adequate, relevant and limited to what is necessary for the purposes for which they are processed.
- Principle of Accuracy: Personal Data must be accurate and updated whenever necessary. As for inaccurate data, all appropriate measures must be taken so that they, taking into account the purposes for which they are processed, are deleted or rectified without delay.
- Principle of Retention Limitation: Personal Data should not be retained for longer than is necessary for the purposes for which they are processed. However, personal data may be retained for longer periods provided that they are processed solely for archival purposes of public interest, or for scientific or historical research or statistical purposes.
- Principle of Integrity and Confidentiality: Through the adoption of technical or organizational measures, Personal Data must be processed in a way that ensures their security, including protection against unauthorized or unlawful processing and against their accidental loss, destruction or damage.
D) How are your personal data collected and what kind of data are collected?
When you visit the Sysmatch Website, your IP address is analysed to get an indication of the country you are in for language preference. After this query, neither the IP nor the language preference is stored in the Sysmatch database. The user can browse the Website without any restrictions and is not obliged to provide Sysmatch with any kind of personal data. If you wish, you can fill out a form with the following inputs:
- - Name
- - Company
- - Contact
- - Message
From this moment on, the treatment of the Personal Data provided by the user will be carried out in compliance with the rules set out in the General Data Protection Regulations and other applicable national and European legislation and in accordance with the principles listed in subparagraph c).
e) The security of your Personal Data:
Sysmatch makes its best efforts to protect Personal Data from any unwanted and unauthorized interference.
For this purpose, security systems, rules and other procedures are used to ensure the protection of personal data and prevent unauthorized access to data, improper use, disclosure, modification or dissemination, loss or destruction.
Access to your Personal Data is only permitted in the terms explained above and always with your consent and knowledge.
f) Time of retention of your personal data
Sysmatch only keeps personal data for as long as is strictly necessary to fulfil the purpose for which they were collected.
g) What are your rights as a personal data subject?
As the personal data subject, you are guaranteed a set of rights with regard to your personal data, in particular:
- Right of Information - The data subject has the right to obtain confirmation from the controller as to whether or not personal data concerning him/her are being processed, the purposes of processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, and the retention period;
- Right of Access – The personal data subject has the right to access them at any time;
- Right to Object – The right to object at any time to the processing of personal data concerning you, in accordance with the GRPD;
- Right of Rectification – The data subject has the right to obtain without undue delay from the controller the rectification of inaccurate personal data relating to him/her. Having regard to the purposes of the processing, the data subject has the right to have his/her incomplete personal data supplemented, including by means of an additional declaration;
- Right of Limitation – Under certain conditions, the data subject has the right to limit the processing of his/her personal data;
- Right to Erasure – The data subject has the right to obtain from the data controller the erasure of his/her personal data without undue delay;
- Right to Portability of Your Personal Data – The subject has the right to receive personal data concerning him/her which he/she has provided, in a structured format, of current use and automatic reading and to transmit such data to another controller without the controller to whom the personal data were provided being able to prevent it;
- The right not to be subject to decisions based solely on automated processes having legal or other significant effects.
h) Sharing Personal Data
Sysmatch does not disclose any personal data of its clients and users to third parties without their consent, except:
- a. when it comes to Group companies;
- b. when it is necessary for employees, suppliers or business partners to provide a product or service, or perform a function on behalf of the Sysmatch;
- c. in fulfilment of legal and/or contractual obligations. In these cases the Personal Data may be transmitted to judicial, administrative, supervisory or regulatory authorities and also to entities that lawfully carry out data collection actions, fraud prevention and combat actions, market or statistical studies.
i) Transfer of Personal Data to Third Countries or International Organizations
Sysmatch may transfer personal data collected to a third country outside the European Union ("EU") and not included in the list of countries which the EU has already assessed as meeting adequate levels of personal data protection. In such cases, it will ensure that such transfers of personal data are carried out in strict compliance with applicable legal standards for the protection of personal data, in particular those arising from the General Regulation on the Protection of Personal Data ("GRPD").
This Policy was revised and updated on 27/07/2020.