At PRIMAVERA BSS, we take the General Data Protection Regulation very seriously and respect the trust you place in us in the collection and processing of your personal data.
We guarantee the security of your data and only collect data strictly necessary for the purchase or provision of services. The collection and use of this data, for other purposes such as Marketing, requires a prior consent that we want to be always clear, informed and explicit.
The data collected will be kept for the period necessary to provide the service or for the duration of the contract (if you are our customer) and will not be transmitted or transferred to any third party other than the subcontractors defined as PRIMAVERA Partners and other authorized companies working in our name for the purposes described in this policy. For example, companies contracted to provide customer support services or assist in the protection and security of our services and systems may need access to personal data to perform these functions. In these cases, these companies must formally comply with our data privacy and security requirements and are not allowed to use the personal data that we may provide them or that they may have access to, for any purpose other than that for which they were contracted.
1. What is personal data and what is collected by PRIMAVERA BSS?
PRIMAVERA BSS collects data on entities such as partners, suppliers, customers, potential customers and some contacts of the employees of these entities. We collect data such as name, email, company name, job title and telephone number. In the case of subscriptions, other data may be requested for billing purposes.
What is personal data?
Personal data is any information, of any nature and regardless of its support, including sound and image, relating to an identified or identifiable natural person.
An identifiable person is a person who can be identified, directly or indirectly, namely by reference to a name, identification number, location data, identifiers electronically or to one or more elements specific to his physical, physiological, genetic identity, mental, economic, cultural or social.
Purposes of Processing of Personal Data.
Ensuring, whenever necessary, the prior consent of the holder of personal data, we will collect, among others, the following information:
• identification data (such as name, place of birth, citizen's card or date of birth);
• contact details (such as mobile phone, address or e-mail);
• qualification and professional status data (such as education level and CV);
• bank, financial and transaction details (such as IBAN or tax identification number);
• location data (such as IP address);
• images of recording events, training (in person and online) and webinars
• voice recordings (phone calls)
In general, the personal data collected is based on and is intended for the adequacy of services and the needs and interests of the Client / User, namely for the purpose of organizing events, seminars and fairs; provision of consultancy, support and promotion services in the economic and financial areas; conducting market studies; commerce, sound and image and the like; access to specific functionalities of the services, suggestions for content, for improvement of the services offered or contracted and for quality control of the same, information services of proximity as well as information and marketing actions.
In addition, personal data may also be processed for the purpose of complying with legal obligations and for the purpose of investigating, detecting and prosecuting serious crimes.
2. For what purposes does PRIMAVERA BSS collect personal data and what is the legal basis for processing that information?
The data collected is intended for processing orders, sending communications and notifications, processing requests for information and downloads, statistical analysis or for other purposes previously consented and requested, whose detailed information will always be provided when collecting.
Your data will only be used if one of the following conditions is met:
• You gave your consent by signing or accepting a digital or paper form;
• Data is necessary for the fulfillment of a contract;
• Data is necessary to comply with legal obligations;
• The data are necessary for the purpose of the legitimate interests of PRIMAVERA BSS, as long as they do not prevail over the interests or rights, freedoms and guarantees of the data subject.
3. Does PRIMAVERA BSS use personal data for Direct Marketing?
PRIMAVERA BSS will only use your personal data to send you information previously requested or consented. Communications can be made via email, phone or SMS.
PRIMAVERA BSS will not sell or share its databases with third parties.
4. Who has access to your personal data?
PRIMAVERA BSS does not disclose any personal data to third parties without the consent of its owner, except:
• when it comes to PRIMAVERA Group companies;
• when this is necessary so that PRIMAVERA BSS employees, employees, suppliers or business partners can provide a product or service or perform a function on behalf of PRIMAVERA BSS that you have previously requested;
• when required or permitted by law.
PRIMAVERA BSS has already adopted measures to ensure that its employees and subcontractors, with access to personal data, receive training appropriate to its correct processing, with respect for this policy and legal data protection obligations.
Without prejudice, on a case-by-case basis, we will also take reasonable precautions to avoid any type of non-compliance, such as, for example, audits. If any non-compliance occurs, PRIMAVERA will apply disciplinary sanctions to its employees and may cancel contracts with subcontractors who violate the agreed measures.
Whenever PRIMAVERA BSS makes use of any subcontractor, it will safeguard compliance with the General Data Protection Regulation and other applicable legislation in terms of security and data protection, namely through the provision of contractual provisions that ensure that the subcontractor uses the data received only :
• for the specified purposes;
• in accordance with the purposes described in this policy;
• resorting to the use of adequate security means, in order to protect personal data against illegal or unauthorized treatments as well as against accidental loss, destruction or other harmful actions.
PRIMAVERA BSS further undertakes not to hire another subcontractor to carry out specific data processing operations on behalf of the client without the client having given, prior and written authorization in general or specifically.
5. Where is your data kept?
PRIMAVERA BSS keeps your personal data in its datacenter located in the national territory and in data centers located in the territory of the European Union.
These data and respective infrastructures are protected and maintained according to high security standards and in order to respect the applicable privacy laws, being periodically subjected to tests and audits by external entities.
PRIMAVERA BSS does not transfer information to a country outside the European Union's area of jurisdiction, which has not been formally designated by the European Commission as having adequate levels of information protection.
6. Is your data safe with PRIMAVERA BSS?
PRIMAVERA BSS has taken the necessary technical and organizational measures to adequately protect your data regarding processing and unauthorized access.
PRIMAVERA BSS makes every reasonable effort to prevent unauthorized or illegal use of personal data as well as its loss, destruction or damage. However, it is never possible to provide an absolute guarantee regarding the security of personal data. For this reason, PRIMAVERA BSS will promptly inform the subjects involved and the respective competent authorities (within the legally required deadlines), whenever any security breach or incident occurs.
PRIMAVERA BSS protects the security of personal data through the following means:
• use of certified encryption in all information on websites and their cloud products;
• implementation of an internal security policy that covers the processes of access control, configuration, storage, backup, support, transmission, auditing, updating of the technological infrastructure and a strong authentication policy;
• commitment to confidentiality on the part of its employees and subcontractors and that the latter only act in accordance with the instructions received, through the formalization of a contract or other valid regulation, with the same data protection obligations as those imposed on PRIMAVERA BSS;
• constant training for its employees.
Users are also responsible for fulfilling their responsibilities regarding their own safety, namely:
• Using strong passwords;
• Non-disclosure of the password to any other person;
• Do not use the same credentials for different services.
Although we have implemented a set of reasonable security measures to protect your information, the Internet is an open system and we cannot guarantee the security of the information you transmit to us through this means. Any transmission you make to us is done at your own risk and it is your responsibility to ensure that any personal data you send to us is done in a secure manner.
7. Does PRIMAVERA BSS use data from third parties or does it have specific product practices?
PRIMAVERA BSS may use data held by its customers in our products to provide analytical management insights.
When using PRIMAVERA products, you are introducing transactional data associated with the activities and business processes that are managed by the functionality of our products. These data may be processed by PRIMAVERA to produce business analytical data that will be provided to you as part of the use of our products in different functionalities and contexts.
The analytical treatment of your business data will always be done by applying analytical, statistical and intelligent algorithms, so that we can offer you more intelligent functionalities in the products. PRIMAVERA may also process your analytical data together with the analytical data of other entities, for provide smarter product features to all users of the PRIMAVERA community, but always guaranteeing the privacy and protection of your business data, without ever revealing or sharing it with third parties.
This data processing will only be carried out with your consent to be able to use our products. Consent for data processing can be revoked at any time, with the consequent loss of the right to use part or all of our products.
Your data will be kept for this purpose during the time of using our products, and after that for the period defined for the disconnection of use of our products, which must also include the legal provisions in force.
PRIMAVERA BSS may also use data held by its customers for security purposes, to comply with legal obligations or for the purpose of troubleshooting and support provided that they are properly aligned with the terms of service, upon request or with the consent of its customers.
The personal data of third parties entered into our systems by our customers are the sole responsibility of our customers. PRIMAVERA guarantees the security and confidentiality of these data, but is not responsible for the legitimacy of processing them.
PRIMAVERA reminds its customers that they also have responsibilities in terms of data protection or in fulfilling the rights of data subjects, namely through the use of the features developed in our products.
PRIMAVERA cannot and will not respond to requests for rights of third party holders whose data have been entered by our customers. In these cases, the data subject must contact the data controller (controller) directly.
8. How can you exercise your rights under the GDPR?
Under the GDPR, you can directly update your personal information or define some of your preferences, such as receiving newsletters. You can also request some specific rights such as:
• Additional information on the use of your data;
• A copy of the data stored in our databases;
• Limitation on the processing or forgetting of your personal data.
If you intend to exercise any of the rights presented above, we will proceed with your analysis and respond within the legally required deadlines (maximum of 30 days). We may need to verify or prove your identity before enforcing those rights.
If you have any questions regarding our use of your personal data, you can, at any time, contact our Customer Care service or directly contact our Data Protection Officer via email: firstname.lastname@example.org.
If you are dissatisfied with our use of your personal data or with our response after exercising any of these rights, you have the right to file a complaint with the national supervisory authority (National Data Protection Commission - CNPD | Rua de São Bento , no. 148, 3º, 1200-821 Lisboa | Tel: 351 213928400 | Fax: +351 213976832 | e-mail: email@example.com).