PRIVACY POLICY
GENERAL DATA PROTECTION REGULATION
In the context of its activity and the contractual relations established, Porto Santo Line acts in order to ensure the highest standards of protection of personal data, meaning any information of any nature and regardless of the respective support, including sound and image, relating to an identified or identifiable individual (data holder).
In order to achieve this purpose, it complies with all legislation on the protection of personal data, including the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Regulation on Data Protection / GDPR), ensuring the confidentiality, integrity and availability of such data.
Through this privacy policy, Porto Santo Line intends to inform all data subjects whose processing is assured by it about the personal data collected, how and why they are used, to whom they are disclosed and how the protection of their privacy is assured.
Thus, the completion of forms and contractual documents of Porto Santo Line, the use and navigation on the site, the circulation in its facilities, the use of its ships or ships operated by it, and the provision of data, directly or indirectly, by data subjects, imply the knowledge and acceptance of the conditions of this privacy policy.
DATA PROTECTION OFFICER
Porto Santo Line is a private limited company that integrates the Grupo Sousa, has its head office at Largo dos Varadouros, no. 4, R/C, 9000-503 Funchal, VAT 511035543 and is responsible for data processing, under the terms of the GDPR, whose data protection officer can be contacted through the following e-mail: dpo@gruposousa.pt
THE TREATMENT
This privacy policy applies to all personal data collected and processed by Porto Santo Line, ensuring a high level of protection when processing the personal data of vulnerable data subjects, especially children.
In general, Porto Santo Line collects and processes personal data for the development of its business activity, namely the provision of its services, the management of the contractual relationship with its customers, suppliers and partners, from the pre-contractual procedures to the final execution of the contract, and also for the fulfilment of the legal obligations to which it is subject (including tax and regulatory obligations).
For the pursuit of the specific purposes of processing, Porto Santo Line collects and processes, depending on the context and the commercial relationship established, the personal data of the following data subjects:
(1) Customers and customer representatives;
(2) Users of services;
(3) Individual suppliers and representatives of suppliers;
(4) Other individual partners and partner representatives; and
(5) Employees.
Therefore, the personal data collected by Porto Santo Line through the website, the contract or other method of collection of the above mentioned owners may include, among others, the following: name, surname, date of birth, gender, marital status, civil identification number, passport number, taxpayer number, tax address, address in Porto Santo, e-mail address, telephone number, mobile number, type, make, model and registration of car.
The processing of personal data of children under the age of 13, within the scope of the direct offer of information society services, is preceded by the consent given by the person who proves to be the holder of the respective parental responsibilities.
The collection and processing, manual or automated, of personal data referred to by Porto Santo Line is exclusively for the following specific purposes:
(1) Provision of transport services;
(2) Application of the reduced tariff to residents on the island of Porto Santo;
(3) Supply of its products and contracted services;
(4) Compliance with customer instructions;
(5) Management of contacts with customers;
(6) Conclusion of employment and service contracts;
(7) Sending newsletters to site users, customers, suppliers and partners;
(8) Promotional communications for the dissemination of products and services aimed to customers;
(9) Allocation of customer loyalty cards;
(10) Elaboration of automated decisions, including the definition of profiles for marketing purposes;
(11) Realization of satisfaction questionnaires;
(12) Compliance with legal obligations, in which case Porto Santo Line may have to transmit the data to the requesting public entities whenever legally required;
(13) Satisfaction of Porto Santo Line's legitimate interests, namely the sending of marketing information to all those who maintain commercial relations with Porto Santo Line, namely its partners and customers;
(14) Automatic filling in of passenger and vehicle ticket data.
SENDING NEWSLETTERS AND OTHER COMMUNICATIONS
Communications relating to the sending of newsletters and invitations to events will be made to inform customers, suppliers, partners, users of the site and other entities (through individual contacts provided) of the relevant activities and steps in the context of the activity of Porto Santo Line and the universe of entities belonging to the same group.
All users of the site who have given their consent for the purposes of receiving newsletters and other communications may withdraw it by sending an email to the address rgpdpsl@gruposousa.pt or select the option "unsubscribe from the newsletter", when available.
The exercise of the right to withdraw consent does not invalidate the treatment carried out until that date on the basis of consent previously given.
Regarding customers, suppliers and partners, the sending of newsletters is based on the legitimate interest of Porto Santo Line in making its activity known to those with whom it already has a commercial relationship.
STORAGE PERIOD OF PERSONAL DATA
The personal data collected will be kept by Porto Santo Line for the period in which prevails its relationship with the customer, supplier or partner in whose team the owner of the data is integrated, and may be kept for a longer period, as established by law for the defense of rights / interest in legal proceedings or also for the pursuit of the purposes referred. For further details, access the data retention periods defined.
Link for the storage period of personal data.
Once the maximum retention period has been reached, the personal data of the owners will be irreversibly anonymised or will be safely destroyed.
RIGHTS OF DATA SUBJECTS
Under the terms of the law, the owner of the data may exercise the following rights with regard to personal data concerning him/her, through a written request addressed to Porto Santo Line sent to the email address rgpdpsl@gruposousa.pt
- Access - the owner of the data has the right to access them and obtain information regarding the purposes of its processing, the categories of data processed, the recipients of the data and the storage period of his/her personal data;
- Rectification - the holder of the data has the right to obtain the rectification of inaccurate personal data concerning him/her, as well as the right to complete incomplete personal data;
- Erasure of your data - the data subject has the right to request the erasure of their data in certain cases, in particular those personal data which are no longer necessary for the purpose for which they were processed, or those for which the data subject withdraws consent previously given;
- Limitation of processing - the data subject has the right to request the limitation of the processing of his/her data in certain cases, namely if he/she disputes the accuracy of the personal data, during a period that allows Porto Santo Line to verify its accuracy, if the processing of the data is unlawful and the data subject opposes the elimination of the data, requesting, in return, the limitation of its use, if Porto Santo Line no longer needs the data of the data subject for the purpose of processing, but such data are requested by the data subject for the purpose of declaring, exercising or defending a right in legal proceedings or if the data subject has objected to the processing, until it is established that the legitimate reasons of Porto Santo Line prevail over the data subject's data;
- Data Portability - the data subject may, in the cases provided for by law, request Porto Santo Line to provide personal data relating to him/her, in a structured format, of current use and automatic reading, and the right to transmit such data to another data controller;
- Opposition - the data subject may, for reasons related to his/her particular situation, oppose the processing of personal data concerning him/her based on the exercise of legitimate interests pursued by Porto Santo Line or when the processing is carried out for purposes other than those for which the personal data were collected, including the definition of profiles, or when the personal data are processed for statistical purposes;
- Complaint - the data subject has the right to complain to the National Data Protection Commission or to another competent supervisory authority under the terms of the law, if he considers that his data are not being legitimately processed by Porto Santo Line as provided for in the applicable legislation and in this Privacy Policy.
SECURITY MEASURES ADOPTED BY PORTO SANTO LINE
Porto Santo Line's main concern is to ensure the protection of the personal data of data holders whose processing it ensures against unauthorised access through the network.
To this end, it keeps in operation all the technical means at its disposal to avoid the loss, misuse, alteration, unauthorized access, disclosure, loss or destruction and misappropriation of personal data provided or transmitted, namely:
- Ensures that communication between the user's device and the Porto Santo Line website is made through secure channels and communications using the HTTPS protocol and the SSL security standard;
- Transfers data only in encrypted form;
- Permanently monitors access to information technology systems to prevent, detect and prevent the misuse of personal data;
- Carries out regular audits to assess the capacity of the technical and organizational measures adopted;
- Promotes regular awareness-raising and training actions within the scope of personal data protection for its employees;
- Adopts mechanisms to ensure the confidentiality, integrity and availability of personal data and the resilience of the information systems in which they are processed;
- It has mechanisms in place to ensure the re-establishment of information systems and access to personal data in a timely manner in the event of a physical or technical incident.
PERSONAL DATA BREACH
Porto Santo Line will notify the holders of personal data when a violation occurs that implies a high risk to their rights and freedoms, and undertakes to do so within 72 hours of the incident.
COMMUNICATION OF DATA TO OTHER ENTITIES
Porto Santo Line makes data available to other companies that are part of the Grupo Sousa within the scope of measures to prevent money laundering, terrorist financing and fraud or for the purposes of administrative and financial management inherent to the Group.
Porto Santo Line uses other entities to provide certain services. Such services may involve access by these entities to personal data of their customers, suppliers and partners.
Any sub-contractor of Porto Santo Line will treat the personal data of the data subjects in the name and on behalf of Porto Santo Line, under the strict obligation of following their instructions.
Porto Santo Line ensures that such sub-contractors offer sufficient guarantees for the implementation of appropriate technical and organisational measures so that the processing meets the requirements of applicable law and ensures the security and protection of the rights of data subjects, under the terms of the sub-contracting agreement entered into with such sub-contractors.
In certain situations, the personal data of data subjects may also be transmitted to third parties, when such data communications are necessary or appropriate (i) under applicable law, (ii) in compliance with legal obligations/legal orders, (iii) by determination of the National Data Protection Commission or other competent supervisory authority, or (iv) to respond to requests from public or governmental authorities, such as tax authorities, courts and regulatory bodies.
In any of the above situations, Porto Santo Line undertakes to take all reasonable measures to ensure the effective protection of the personal data it processes.
INTERNATIONAL DATA TRANSFERS
The provision of products and services by Porto Santo Line may imply the transfer of personal data of data subjects to third countries (not belonging to the European Union or the European Economic Area).
In such cases, Porto Santo Line will take the necessary and appropriate measures in the light of applicable law to ensure the protection of the personal data subject to such a transfer, strictly complying with the legal provisions regarding the requirements applicable to such transfers, namely informing the data subject.
CONTACTS
The owner of the data may contact Porto Santo Line to obtain further information on the treatment of his personal data, as well as for any questions related to the exercise of his legal rights, through the following e-mail address (without prejudice to, in some cases and as expressly resulting from the contractual relationship established, these rights may be exercised before the relevant customers, suppliers and partners of Porto Santo Line): rgpdpsl@gruposousa.pt
March 2020