This website ensures its users total privacy and security in the data provided for the services offered, collecting only the necessary data for the provision of the service in accordance with the explicit indications on the site.
1. Personal Data Processing:
In general, the BECRI Group's website can be visited without the need to disclose any personal information. However, there is an area of the site where the user can provide personal data to enjoy the services offered, specifically, the contact request.
The BECRI Group is bound by confidentiality regarding the data accessed within the operations of its computer system, being duly informed of the importance of complying with the legal duty of confidentiality. It is responsible for complying with this confidentiality obligation and for the strict use of the data provided by users only for the selected user-requested purpose, without being used to send information unrelated to the Group's activity and services.
1.1. Rights of Data Subjects:
In accordance with current legislation on the protection of personal data, we inform you that data subjects are guaranteed:
- Right to be Informed:
- At the time of personal data collection:
- Controller's contact details
- Purpose(s) of processing
- Retention period
- Data subjects' rights
- Right to lodge a complaint with the supervisory authority (and respective contacts)
- (If applicable) Existence of automated decisions and/or profiling.
- To inquire about the information the BECRI Group has about them and why;
- To know where their data is stored and how it is processed;
- To be informed about how the BECRI Group complies with its data protection obligations.
- Right of Access:
- Confirmation of whether personal data is being processed;
- How to obtain access to their data;
- Provision of a copy of the processed personal data, preferably in an exportable format.
- Right to Rectify, Erase, and Block:
- Information on how to keep their data up-to-date;
- Correction of outdated, incorrect, or incomplete data;
- Option to erase personal data that is no longer necessary for the purpose;
- Blocking data processing to verify accuracy or oppose.
- Right to Restriction:
- Contestation of the accuracy of personal data, during a period that allows the data controller to verify its accuracy.
- Right to Erasure/Forgetfulness:
- Request the removal of their data and the permanent deletion of data that does not conflict with legal obligations.
- Right to Portability:
- Request the portability of their data;
- Possibility to request their personal data in a frequently used or common format for transfer to another organization, even if it is a competitor.
The exercise of these rights by data subjects can be done via email at email@example.com or by postal mail, sending a letter with the following information:
Subject: Exercise of rights - personal data protection
Attn: Privacy BECRI Group
Rua do Parque Industrial, nº 60
4755036, Alvelos, Barcelos
1.2. Third Parties:
In general, personal data collected on the BECRI Group's website is not transferred to third parties unless required by legal obligation or for contract execution.
If there is a transmission of data to third parties, the BECRI Group, along with subcontractors, maintains responsibility for the processing of personal data fairly, lawfully, and transparently. Subcontractors can only process personal data according to the instructions defined by the BECRI Group and strictly comply with the law and the purposes entrusted to them under the contract.
The transmission of personal data to subcontractors will only be carried out within contractually established relationships with the BECRI Group and only when there is a valid basis for it. To ensure the confidentiality and security of data, the BECRI Group will take legally prescribed measures to ensure that the subcontracted entity provides sufficient guarantees for the protection of personal data. This includes being a reputable entity with adequate technical and organizational security measures to protect personal data against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure, or access.
Subcontractors of the BECRI Group will only process personal data for the defined and agreed-upon purposes between the parties and must ensure that data retention, when necessary and applicable, complies with the deadlines established by law and/or contract.
Data subjects must be informed at the time of data collection about the possible sharing of their data with subcontractors of the BECRI Group, whenever possible with the identification of the organization and its contact, as well as the purpose of this sharing.
If data is transferred to a subcontractor of the BECRI Group located in a third country outside the European Union, it must maintain a level of data protection equivalent to the protection provided by current legislation in the European space, notably under Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016. The rules for cross-border data transfers will not apply whenever occasional and necessary operations are involved in fulfilling a contract or within the scope of legal proceedings (judicial, administrative, or pending regulatory actions or similar).
2. Principles, Security, and Rights
Internal security and privacy standards include:
- Processing data lawfully and fairly, collecting only necessary and relevant information for the intended purpose;
- Not using collected data for a purpose incompatible with the collection;
- Ensuring explicit consent of the data subject whenever required;
- Providing free access to the deletion of used data when requested by the data subject;
- Having security systems that prevent unauthorized access, modification, or destruction of data and allow detecting intentional or unintentional information deviations.
3. Future Changes in Privacy:
If the BECRI Group changes its privacy practices, you can always stay updated in this area.
VERSION 1.0 effective as of 28-11-2023.