The rules laid down in this Privacy and Data Protection Policy complement the provisions, in terms of personal data protection and processing, foreseen in the agreements made between the Clients/Users and Mundiventos Lda, as well as the rules set forth in the terms and conditions regulating the offer of the several products and services and which are duly publicized on the respective websites.
Your data are collected by MUNDIVENTOS- CONSULTADORIA, PROMOÇÕES E ORGANIZAÇÃO DE EVENTOS Lda, headquartered at AVENIDA ELIAS GARCIA, nº 57, Sobreloja, 1049- 017 LISBOA, hereafter referred to as Mundiventos.
Mundiventos processes and storages personal data within the European Union (EU) respecting the best practices concerning security and personal data protection, therefore having taken the necessary technical and organizational measures to comply with the General Data Protection Regulation (Regulation (EU) 2016/679), which is a binding legislative act for natural and legal persons (whether residents or non-residents) that process EU citizens’ data and aims to ensure that a lawful, fair and transparent personal data processing and limited to the authorized purposes.
The privacy statement is the responsibility of Mundiventos which is considered for GDPR purposes as the responsible for data processing and will determine also the aim and means of presented and collected online personal data processing.
The Data Protection Officer (DPO) ensures compliance with the regulation and is involved in all matters relating to the personal data protection. Her identification and contact details are presented at the end of this document.
What are personal data?
Personal data mean any information, of whatever nature and regardless the format (including audio and video), concerning an identifiable or identified natural person.
It is considered identifiable the natural person who can be identified, directly or indirectly, in particular by reference to a name, an identification number, geographical data, identifiers by electronic means or to one or more aspects specific to his physical, physiological, genetic, mental, economic, cultural or social identity.
What is the processing of personal data?
Processing personal data refers to an operation or a set of operations performed on personal data or on a set of personal data, through automated means or not, in particular collecting, recording, organising, structuring, storing, adapting, recovering, consulting, using, disclosing, publishing, comparing, combining, limiting, deleting and destroying data.
Our data protection policy ensures that data are:
- Object of a lawful, fair and transparent processing in relation to the data subject («lawfulness, loyalty and transparency»);
- Collected for specified, explicit and legitimate purposes not being allowed to process them further in a way not compatible with those purposes;
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Accurate and up-to-date whenever necessary; adopting all appropriate measures to ensure that inaccurate data, and considering the purposes for which they are processed, are deleted or rectified without delay;
- Stored in a way that allows data subjects identification only for the Processed in a way that guarantees their security, including protection against unauthorized or unlawful processing and against their accidental loss, destruction or damage, by adopting appropriate technical or organizational measures.
Purposes of Personal Data Processing.
Ensuring when necessary, the previous consent of the data subject, we will collect among others, the following information:
- identification data (name, place of birth, identity document or date of birth);
- contact data (as mobile phone number, address or email);
- academic qualifications data and professional situation (as level of education and CV);
- bank, financial and transaction data (such as IBAN or tax identification number);
- location data (as IP address);
- events recorded images.
In general, personal data collected are based and intended to adapt services to the Client/User needs and interests, namely for the purposes of planning congresses, conventions, seminars and exhibitions; provision of consultancy services, support and promotion in the economic and financial areas; conducting market studies; trade, import, export and promotion of telecommunications, computer, sound and image equipment and alike; access to specific services features, content suggestions, proximity information services as well as information and marketing actions.
In addition, personal data may also be processed for the purpose of complying with legal obligations and for the purposes of investigation, detection and prosecution of serious crimes.
The length of time during which personal data is stored and retained varies according to the purpose for which the information is processed.
Effectively, there are legal requirements that oblige to retain the data for a minimum period of time. Thus, and whenever there is no specific legal requirement, the data will be stored and retained only for the minimum period necessary for the pursuit of the purposes that led to its collection or subsequent processing, under the terms defined by law.
Use of personal data
The processing of personal data is based on the consent given by the data subject. Access to personal data is strictly limited to the staff of data controllers and subcontractors.
Sharing of personal data
Mundiventos ensures that it does not intend to transfer data to non-member countries which are outside the scope of the General Data Protection Regulation and if it does so, it will ask for your consent prior to such use.
Mundiventos entered into an agreement with its subcontractors to oblige them not to transfer data to non-member countries.
In certain circumstances, both Mundiventos and its Subcontractors may be notified to disclose personal information in response to requests by supervisory authorities in order to meet the requirements of the GDPR.
Mundiventos is committed to ensuring the protection of the security of personal data made available to it, and has adopted and implemented strict rules in this regard. Compliance with these rules is an obligation of all those who legally access them.
Bearing in mind the concern and commitment that Mundiventos reveals in the protection of personal data, a number of technical and organizational security measures have been adopted in order to protect the personal data made available to it against its dissemination, loss, misuse, alteration, treatment or unauthorized access, as well as against all other unlawful forms of processing.
In addition, third parties that, in the scope of the provision of services, process the personal data of the Client/User in the name and on behalf of Mundiventos, are required, in writing, to carry out adequate technical and security measures that, in at any time, comply with the requirements of current legislation and ensure the protection of the data subject rights (namely, the protection of the privacy and personal data of the Clients/Users).
Access and rectification or deletion of personal data
As the data subject, the Client/User, has the right to request access to the data concerning him or her, to ask for rectification and to eliminate them. It may also limit the processing of data as well as oppose it and still require data portability.
You may do so, either directly or by written request, addressed to the person responsible for the processing, through the contacts made available for this purpose in this document.
You may also request clarification from the Data Protection Officer or submit a complaint to the CNPD whenever you feel that your rights are being infringed.
Right of access
The data subject has the right to obtain from Mundiventos the confirmation that the data concerning him or her are processed and, if applicable, to access their personal data and access the information provided by law.
Right of rectification
The data subject has the right to obtain from Mundiventos, without undue delay, the rectification of inaccurate or incomplete data concerning him or her.
Right to delete data (“right to be forgotten”)
The data subject has the right to obtain from Mundiventos the deletion of his or her data, without undue delay, and the latter has the obligation to delete the personal data without undue delay when, in particular, one of the following reasons applies:
- Personal data are no longer necessary for the purpose for which they were collected or processed;
- The data subject has withdrawn his consent for the processing of data (where processing is based on consent) and there is no other basis for such treatment;
- The data subject opposes the treatment and there are no prevailing legitimate interests justifying the processing.
Right to processing limitation
The data subject has the right to obtain from Mundiventos the processing limitation if, in particular, one of the following situations applies:
- To contest the accuracy of personal data, during a time period that allows Mundiventos to verify its accuracy;
- The processing of data is lawful and the data subject opposes the deletion of personal data and requests, on the other hand, the limitation of its use;
- Mundiventos no longer needs personal data for processing purposes, but such data are required by the subject for declaration purposes, exercise or protection of a right in a judicial process;
- If he or she opposes the processing until it is established that the legitimate basis of the controller prevail over those of the data subject.
Right of data portability
If processing depends on the consent of the data subject and such consent has been provided by automated means, the data subject has the right to receive personal data previously provided to Mundiventos in a structured format, commonly used and automatically read.
Right of opposition
In cases where data processing is carried out for: 1) the legitimate interests pursued by Mundiventos; or 2) the data processing is done for the purposes of direct marketing or 3) profiles definition, you can at any time oppose the processing of your personal data.
The data controllers and processors are allowed, after explicit consent, to send marketing emails to website user. At any time the user may cancel the consent using the link for that purpose, in the emails we send you.
Changes to this policy
This policy may be occasionally updated, for example due to changes in relevant legislation. If any material changes occur, clients will be notified by email or by notification on the website.
DATA CONTROLLERS AND PROCESSORS
MUNDIVENTOS – CONSULTADORIA, PROMOÇÕES E ORGANIZAÇÃO DE EVENTOS Lda, headquartered at AVENIDA ELIAS GARCIA, nº 57, Sobreloja, 1049- 017 LISBOA
Tel: +351 210403976
Zyrgon Portugal Unipessoal Lda
Adress: Travessa do Gibraltar Nº1, Alcântara, Lisboa
Tel: +351 939588885
DATA PROTECTION OFFICER
Dra. Patrícia Fatana Afonso
Adress: Estrada da Torre n.º 1554, R/C Loja, 2775-667 Carcavelos
Tel: +351 965808082