PRIVACY AND PERSONAL DATA PROTECTION POLICY
BlueOtter’s approach to personal data protection is to reduce the information collected to the absolute minimum required. No personal data is collected from you simply by browsing our website, and, if you decide to contact us, we undertake not to transfer, share or publicly disclose your personal data.
Any data you submit by email or through our contact form shall only be used for the appropriate response to your contact.
2. COUNTING AND TRACKING VISITORS
2.1. This website tracks visits anonymously through Google Analytics (GA). GA is a tool that collects and analyses data on the interaction of users with the website.
2.2. This data allows us to understand how users navigate our website and to optimise it accordingly. Reports provided by GA tell us the number of visitors, how they get to our website, how they navigate and use the different pages.
2.3. Although GA registers data about your geographical location (vaguely), device, browser and operating system, none of this information is collected in such a way as to personally identify any visitor.
2.6. By disabling cookies on your browser, you are preventing GA from recording any data about your visit to our website.
3. CONTACT FORMS AND EMAIL LINKS
3.1. Your personal data will be collected if you contact us by email or through the contact form. The personal data you provide to us will not be permanently recorded on our website, nor will they be transferred or shared with any external entities.
3.2. The information you submit will be sent to us by email, to a TLS-protected server. The email content is encrypted by using 256-bit SHA-2 cryptography, before it is sent.
4. ABOUT THE SERVER OF THIS WEBSITE
4.1. This website is hosted at Hocnet, in a datacentre located in Portugal.
4.2. All communication between this website and the browser is encrypted and sent via HTTPS.
1. TYPE OF PERSONAL DATA COLLECTED
1.1. The following personal data are collected when you submit the contact form: name, address, email address and telephone number.
1.2. The following personal data are collected when you send us an email in job applications: name, email address, telephone number and curriculum vitae.
1.3. The following personal data are collected when you send us an email for any other purpose: name, email address and telephone number.
1.4. The following personal data are collected when you fill out our customer and supplier form: name, address, place, postcode, telephone number, fax, email, taxpayer number.
2. RESPONSIBLE FOR DATA PROCESSING, SUB-PROCESSORS AND OTHER RECIPIENTS
2.1. BlueOtter is responsible for processing the personal data collected. You may contact us at:
2.3. BlueOtter, as responsible for your personal data processing, declares that it has a written agreement with all Sub-processors, through which they undertake to comply with the GDPR, and your personal data are only processed by them under the terms and conditions described therein, for the purposes set forth herein, and to the extent strictly necessary.
3. PURPOSES OF DATA PROCESSING
3.1. BlueOtter collects and processes your personal data only to appropriately respond to your contact, as well as for the following purposes:
3.2. BlueOtter undertakes not to transfer your data to other persons or entities without your prior consent, nor to transfer data to third countries without your prior consent.
4. GROUNDS FOR DATA PROCESSING
4.1. The basis for the collection and processing of personal data when they are collected by filling out the contact form, by sending an email for job applications or by sending an email for any other purpose is consent.
4.2. The basis for the collection and processing of personal data when they are collected by filling out the customer or supplier form is consent, the performance of a contract or pre-contractual arrangements at the request of the data subject.
5. DATA STORAGE PERIOD
5.1. The period of time during which data is stored and kept varies according to the purpose for which the information is processed, as well as the applicable obligations and legal requirements that may require data to be kept for a minimum period of time.
5.2. Thus, and where there is no specific legal obligation, data shall be stored and kept only for the minimum period necessary for the purposes that led to their collection or subsequent processing, after which they shall be deleted.
6. RIGHTS OF THE DATA SUBJECT
6.1. The following rights of data subjects are ensured, under the terms of the applicable legislation:
Comissão Nacional de Proteção de Dados – CNPD
Rua de São Bento, n.º 148, 3º
Phone: 351 213928400
Fax: +351 213976832
6.2. You can use the following contacts to exercise your rights:
firstname.lastname@example.org | Telephone 265115370.
7. USER CONSENT AND RIGHT TO CHANGE OR WITHDRAW CONSENT
7.1. By providing us your personal data through our website, namely by filling out the contact form, sending emails or filling out the customer or supplier form, you give consent to the processing of your personal data mentioned above, under the terms and conditions contained in this privacy and data protection policy, for the purposes identified herein.
7.2 The consent provided may be amended or withdrawn at any time, with effect to the future, through the contacts of the responsible for data processing mentioned above. The withdrawal of consent does not compromise the lawfulness of the processing carried out up to that date.
8. RESPONSIBILITY OF THE DATA SUBJECT
As data subject and user of this website, you declare that you are 16 years old or over and that the data you provide to BlueOtter are true, accurate, complete and updated. You are responsible for the accuracy of all the data you provide and for keeping them duly updated.
9. EXISTENCE OF AUTOMATED DECISIONS
We do not use any type of profiling nor adopt any automated decisions.
10. SECURITY MEASURES
10.1. BlueOtter declares that it complies with all the provisions of the GDPR - General Data Protection Regulation (Regulation EU 2016/679 of the European Parliament and of the Council, of 27 April 2016).
10.2. BlueOtter has implemented the necessary technical and organisational security measures to ensure the security of the personal data it collects and processes, and to avoid its alteration, loss and unauthorised processing and/or access, taking into account the state of technology, the nature of the data stored and the risks to which they are exposed.
10.3. This website has security measures to prevent unauthorised access. Any brute-force authentication attempt quickly results in turning into lock mode. We also filter and sanitise all information submitted in forms to prevent code injections. The servers and software involved in the operation of this website are regularly monitored and updated in order to prevent security vulnerabilities, and any new tools and practices that may arise will be considered and promptly implemented if deemed relevant. In addition, in the event of any security breach, no personal data of the user is stored on the platform of this website.
The BlueOtter website may include hyperlinks to other websites that are not operated or controlled by it. As such, BlueOtter does not guarantee or is liable for the lawfulness, reliability, usefulness, truthfulness and timeliness of the content of those websites or their privacy policies, which may differ from ours. Thus, please bear these factors in mind before you pass on your personal information to those websites.
12. PERSONAL DATA BREACH
12.1. When a personal data breach occurs that could pose a high risk to your rights and freedoms, BlueOtter must notify you of such breach in a timely manner.
12.2. Such notification must include the nature of the personal data breach; the indication of a contact point where more information can be obtained; the description of the likely consequences of the personal data breach; the description of the measures taken or proposed by the responsible for data processing in order to remedy the personal data breach, including, where appropriate, measures to mitigate any possible adverse effects.
COLLECTION AND PROCESSING OF PERSONAL DATA
BlueOtter, SGPS, S.A., legal person number 514.385.561, within the scope of the RGPD-General data protection Regulation (EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016), hereby provides you the following information regarding the collection and processing of your personal data:
1. Grounds and Purposes for Processing
1.1 The grounds for the collection and processing of personal data of the Applicant is the consent provided by the latter, for the following purposes: staff selection and recruitment.
1.2 The information collected and recorded in the database is intended to enable BlueOtter to treat Applicant`s applications, in response to job and/or internship offers publicized by BlueOtter, as well as by companies within its group such as CITRI and PRORESI, or, in case of a spontaneous application to enable inclusion in any future recruitment processes.
2. Categories of Personal Data collected and processed
2.1 For the purposes referred above, BlueOtter may collect and process personal data of the Applicant which are necessary and indispensable for the purposes earlier identified, as follows:
Identification and contacts: name, date and place of birth, nationality, sex, identity document, address, telephone contact, email address.
Education, training and professional activity: studies, educational institution, grades, date of commencement and completion, degree, language knowledge, professional career.
Interests and Availabilities: Professional and personal areas of interest, geographic availability.
2.2 The data subject declares that the data provided to BlueOtter is true, accurate, complete and up-to-date. The Applicant is responsible for the accuracy of all data communicated and for keeping it duly updated.
3. Period of retention of personal data
3.1 The timeframe for the retention of personal data of the Applicant in the database is:
4. Data controller, Processors and other Recipients
4.1. BlueOtter is the controller of personal data collected. You may contact us at:
Corporate name: BlueOtter, SGPS, S.A.
4.2. Data may be addressed to companies within the BlueOtter Group of companies such as CITRI and PRORESI. These companies are also required to comply with the RGPD in respect of the processing of your personal data, and always under the conditions and for the purposes described in this document.
4.3 Data may also be addressed to subcontractors for the purposes of selection and recruitment processes by BlueOtter or by companies within the group.
4.4. BlueOtter, as controller of the user`s personal data, declares to maintain a written agreement with all its Subcontractors, through which such Subcontractors assure compliance with the RGPD, and the personal data of the Applicant may only be processed by said Subcontractors pursuant to the terms and conditions described, and for the purposes referred herein, and insofar as it is strictly necessary.
5. Applicant's rights as Holder of Personal Data
5.1. The Applicant is assured the following rights, pursuant to the applicable legislation:
Data Protection National Committee – CNPD
Rua de São Bento, n. º 148, 3
Tel: 351 213928400
Fax: +351 213976832
5.2. You may exercise your rights through the following contacts:
Corporate name: BlueOtter, SGPS, S.A.
6. Consent of the Data Subject and the right to change or withdraw consent
6.1 The Applicant hereby pays his/her consent to the processing of his/her personal data listed above, under the terms and conditions contained herein, to BlueOtter, as well as to group companies, CITRI and PRORESI, for the purposes identified hereto.
6.2 The Applicant may alter or withdraw his/her consent at any time effective as of that moment, through the contacts of the data controller already listed above.
6.3. In case the Candidate withdraws his/her consent, that fact does not compromise the lawfulness of the processing made until that date.
6.4 The processing of personal data of the Applicant is essential for the completion of personnel selection and recruitment processes, so if the Applicant changes or removes his/her consent, the latter will be excluded from said selection and recruitment processes.
7. Transfer of data to third countries
Fill in only if applicable.
8. Existence of automated decisions
BlueOtter does not take automated decisions based on the data processed, and every decision has an analysis and human intervention component.
9. Security measures
9.1 BlueOtter declares to comply with all the provisions of the RGPD - General Data Protection Regulation (EU regulation 2016/679 of the European Parliament and of the Council of 27 April 2016).
9.2 BlueOtter has implemented the technical and organizational security measures necessary to ensure the safety of the personal data it collects and processes, and to avoid its alteration, loss and processing and/or unauthorized access, taking into account the state of the technology, nature of the data stored and the risks to which they are exposed.
10. Violation of personal data
10.1. When there is a violation of personal data likely to imply a high risk to the rights and liberties of the Applicant, BlueOtter must communicate this violation, in due time.
10.2. This communication shall include the nature of the violation of personal data; an indication of a contact point where further information may be obtained; the description of the probable consequences of the violation of personal data; the description of the measures adopted or proposed by the controller to repair the breach of personal data, including, where appropriate, measures to mitigate its possible negative effects.
Lisbon, 24 May 2018.