PT MGA, as a company specialized in negotiation, strategy and investment, sees compliance with legal obligations as a priority to its business. In this sense, it respects the privacy of all its workers, customers, business partners and suppliers, guaranteeing the treatment of their personal data always in compliance with the legislation in force, in particular in compliance with the General Data Protection Regulation.

Introduction

PT MGA provides services to companies and institutions, without dealing with personal data of final consumers.

This Privacy Policy aims to inform people of the policies and practices related to the collection and use of personal data by PT MGA and the rights that data subjects have with regard to their processing.

PT MGA recognizes that the protection of personal data is a responsibility of its organization, and therefore undertakes to update this Policy as new legislation and/or new data processing practices are adopted.

Collection and processing of personal data

PT MGA may collect information regarding its employees, customers and suppliers.

The processing of personal data is based on the grounds provided for in Article 6 of the GDPR, namely consent, compliance with a legal obligation, the execution of a contract, the defense of vital interests or legitimate interests pursued by PT MGA.

All the procedures for collecting, organizing, systematizing and analyzing information carried out by PT MGA take place within the scope of its business activity and obey internal company policies, duly monitored and scrutinized by all personnel with an employment relationship to PT MGA, which are in full compliance with all applicable national and European legal standards. PT MGA does not sell databases to third parties and only shares the information collected with third parties or subcontractors that provide guarantees of compliance with the legislation.

Clients, suppliers and business partners’ personal data

By becoming a PT MGA customer, or if you work for a PT MGA customer company, information about you may be collected, which may include your name, the name of your company, date of birth, marital status, marriage regime and data of the spouse if necessary, citizen card, passport, tax identification number, data related to bank information, home and work address, e-mail, curriculum vitae, and landlines and mobile phones. Additional information may be processed that is necessary depending on the nature and purpose of the relation.

The data can be shared with partners or subcontractors who comply with the security requirements of personal data required by PT MGA and are kept for as long as the business relationship is maintained or for the fulfillment of legal obligations and protection of legitimate interests pursued by PT MGA.

Correspondence

The exchange of correspondence, either by post, email or any other way, may be saved and used for replying or for sending correspondence regarding similar matters. If you want PT MGA to delete your personal data or stop using your data to send any type of communication, please contact pl@ptmga.pt.

Workers’ personal data

The communication of personal data is a necessary requirement for entering into an employment contract, since, without them, PT MGA would not be able to meet its legal obligations as an employer nor communicate with workers. For these purposes, workers’ personal data is treated, containing information such as name, address, citizen card number, tax identification number, marital status, marriage regime and spouse data if necessary, address, telephone, email, banking information related data, among others. The name, image and function of workers can be made available on social networks according to their functions. To comply with legal obligations, personal data may be transmitted to entities such as the Tax Authority, Social Security, the Foreigners and Borders Service and Public Security Police. Personal data may also be transmitted to PT MGA’s customers in order to obtain authorizations for access to facilities and software used in the scope of PT MGA’s activity. The data is kept for as long as the contract is in force and up to one year after the end of the contract and, thereafter, if a legal proceeding is under way in which the personal data is or may have to be used or if the data must be maintained due to legal obligations.

The personal data of workers (photos and videos), collected at events, may be disclosed on social networks, if their consent is given in advance.

Data obtained via third parties

PT MGA may receive personal data from data subjects, workers, customers, suppliers and partners to provide a service or carry out joint activities. Whenever possible, personal data is duly coded in order to protect the identification of data subjects.

Data sharing with third parties

PT MGA guarantees that it does not share personal data for any commercial purposes.

PT MGA may share information with public authorities (for example, courts), upon request and within its legal limits, for the fulfillment of legal obligations.

PT MGA may also share information regarding personal data with enforcement agents, external auditors, certified accountants, law firms, training and certification bodies and other entities, at their request and always with the safeguards required by the legislation of protection of personal data.

Occasionally, PT MGA may require third parties to be sent information regarding events in which it has participated or purchased services.

Exceptionally, PT MGA may process other information upon request or with express authorization to comply with contractual or legal obligations to pursue legitimate interests or to defend vital interests of the data subject or third parties.

Information safety

To ensure the privacy of the data it handles, PT MGA holds mechanisms to ensure physical, digital and administrative process security, by encrypting and blocking access to its databases and external suppliers’ databases.

Worker training and awareness raising

PT MGA trains its employees on the relevance of the confidentiality of personal data and information security. Workers are further trained in the internal methodologies and procedures used by PT MGA to ensure the safety of all data.

Data storage

All data is stored by PT MGA in its own servers or on cloud service providers with all the safeguards in terms of personal data protection and the best international practices in the field of information security. PT MGA keeps personal data for the minimum time necessary to pursue the purposes for which they were collected.

For more information on where and for how long your data is kept, and on the rights of access and deletion of your personal data, please contact pl@ptmga.pt.

Data transfers for third party countries

In the event of data transfers to countries outside the EU, priority will be given to countries that are subject to an EU adequacy decision under Article 45 of the GDPR. If this does not happen, PT MGA will take the necessary precautions in order to ensure the privacy and security of your personal data under the terms of article 46 of the GDPR.

Data subjects’ rights

To ensure that the processing of personal data is done in a properly transparent and equitable manner, PT MGA, as the controller, ensures the following rights for data subjects:
– Right of access
• The data subject may request access to his personal data processed by PT MGA and information related to the respective treatment.
– Right of rectification
• The data subjects may request the rectification of their data, when wrong, inaccurate or incomplete.
– Right to be forgotten
• The data subjects may request PT MGA to stop processing their data or to delete it. They may further request PT MGA to stop processing their data for specific purposes.
– Right to limit data treatment and right to opposition
• The data subjects may request for PT MGA to limit the processing and have the right to object to the processing of their data or to withdraw their consent at any time. The withdrawal of consent does not compromise the lawfulness of the treatment carried out based on the consent previously given.
– Right to file a complaint
• The data subjects may submit a complaint to the supervisory authority (National Data Protection Commission – geral@cnpd.pt) whenever they deem that their rights, as data subjects, are being violated.
– Right to portability
• The data subjects are entitled to receive their personal data and to transmit it to another controller.
– Right not to be subject to automated decisions or profile definitions
• The data subjects have the right not to be subjected to any decision taken solely on the basis of automated processing, including the definition of profiles. They further have the right to be informed when there is a personal data breach that could imply a high risk to their rights and freedoms.

You may contact pl@ptmga.pt to find out if your personal data is being processed by PT MGA.

Privacy Policy changes and updates

This document can be modified and adapted. PT MGA reserves the right to change the respective Privacy Policy at any time and for any reason, without third parties being notified. You can consult the updated Privacy Policy on the website www.ptmga.pt.

By using this website and by allowing your data to be processed by PT MGA, you are accepting the application of Portuguese legislation on the protection of personal data and the competence of Portuguese courts to settle any question relating to the processing of personal data.

Doubts?

In case of any doubts related to the processing of personal data, please contact pl@ptmga.pt.