Please note, your browser is out of date.
For a good browsing experience we recommend using the latest version of Chrome, Firefox, Safari, Opera or Internet Explorer.

Best Price with Be our Guest Instant benefit of 10% discount

Privacy Policy

 1. Introduction

The aim of this document is to provide a concise policy declaration on data protection obligations that will be implemented in all companies that are part of and make up the BLUE & GREEN Group (hereinafter the “B&G Group”). This policy details the obligations of the B&G Group in terms of personal data processing, aimed at complying with relevant legal requirements, from the point of view of focusing efforts towards a continually changing reality, so to address the most relevant risks.

 

 2. Grounds

The B&G Group must comply with data protection principles established in current legislation.

This Policy applies to all personal data processing operations, including data collection, processing and storage by all companies of the B&G Group of personal data belonging to their employees, service providers and clients during the course of their activities.

 

3. Scope

The Policy covers all personal data, including data regarding special personal data categories, which are processed in relation to the data subjects by the B&G Group, as the Data Controller or Subcontractor.

This Policy also applies to personal data processed manually provided this date is included in a structured file.

All personal data related to special personal data categories will be processed with extra care by the B&G Group. Both categories are equally referred to as “Personal Data” in this Policy, unless stated otherwise.

 

4. Who processes your data

In the course of their daily activities, B&G Group companies may acquire, process and store personal data.

According to European and Portuguese data protection legislation, this data must be lawfully, fairly and transparently acquired and managed.

The B&G Group is committed to ensuring that your team is sufficiently aware of data protection laws and practices, in order to be able to anticipate and identify any data protection issues that may arise.

Under these circumstances, the team must ensure that the Controller is informed, so that appropriate and necessary corrective actions may be taken, and to protect the rights, freedoms and guarantees of the Data Subjects.

The B&G Group may share Personal Data of their Data Subjects with Processors provided it is necessary for the normal provision of services.

Regarding the obligations of the B&G Group, Processors’ access to Personal Data shared by the B&G Group is regulated by the contract made with their Processors.

Therefore, the B&G Group contractually ensures and regularly verifies that Processors are reliable entities that offer appropriate protection guarantees and that no more data is sent to them than is required to provide the contracted service.

During the course of their duties as Data Controller, the B&G Group may also share the Personal Data of their Data Subjects with other Data Controllers so to perform processing operations required for providing the contracted services.

Within the scope of the aforementioned joint responsibility, the B&G Group makes an agreement with the other controller, in which the purposes and responsibilities are clearly identified in compliance with the applicable data protection legislation, ensuring compliance with the Rights and Freedoms of Data Subjects by establishing appropriate communication channels to respond to requests from Data Subjects.

Regardless of the existing relationship between personal Data Recipients, the B&G Group shall outline, by means of a written formal written contract, the personal data obligations, the specific purpose or the purposes of their involvement, and the understanding that they perform data processing operations according to the Portuguese Data Protection Law.

 

5. Your data may be shared with the following Recipients:

  • Providers of digital, technical and operational support services;
  • Entities of the B&G Group;
  • Related entities, or entities the share a common management with the B&G Group;
  • Entities to which companies of the B&G Group provide services; and
  • Judicial bodies, and bodies of the Criminal Police and Administrative Authorities.

 

 6. What we do with your data:

As Data Controller, the B&G Group ensures that all Personal Data:

  • Is obtained for specific, lawful and clearly defined purposes. The Data Subject may question the purpose(s) for which the B&G Group collects and maintains the data, and the B&G Group must clearly and precisely state what those purposes are.
    • Will be compatible with the purposes for which the data was acquired.
  • Will be stored with appropriate security measures - implemented or to be implemented - to protect the data against unauthorised access, or against modification, destruction or disclosure of any Personal Data held by the B&G Group as Data Controller.
    • Will be stored complete, accurate, and updated as necessary.
  • Will be limitedly collected and only stored for the time that is strictly necessary. Excess data will not be collected and/or processed.

Thus, the B&G Group has implemented a procedure to respond to the Data Subjects’ requests in order to efficiently and appropriately manage such requests within the time limits set out in the legislation.

The B&G Group has implemented or is implementing available levels of Personal Data security and protection, as well as technical and organisational measures to protect against the loss, misuse, change, or unauthorised access of Personal Data, as well as against any other form of unlawful processing.

All Employees of the B&G Group are also subject to confidentiality standards.

 

7. Purposes and lawfulness of the Processing operations:

 

  • Clients

The B&G Group processes the Personal Data of their Clients to ensure compliance with the service agreement made with the Data Subjects or the Joint Data Controllers (regarding data and Data Subjects they collect, such as counterparts, employees and others). The personal data identified herein, which is subject to processing operations, is required for the execution of a contract or for pre-contractual arrangements or for compliance with legal obligations, or in the case of marketing, the data may fall under consent.

Special Category data on Clients, or obtained from Clients, will be subject to appropriate processing operations, insofar as the data is required for important public interest reasons, such as preventing money laundering and financing terrorism.

The processing of Personal Data belonging to Clients, or obtained from Clients, which is related to criminal convictions and infringements or to related security measures, will always be subject to the protection of rights and freedoms of Data Subjects, with operations regarding said data strictly limited to the compliance with applicable legal obligations.

 

  • Employees

The B&G Group processes the data of their employees to enforce the work contract. The data processed is required to enforce a contract to which the Data Subject is a party, or for the purpose of pre-contractual arrangements at the request of the Data Subject.

The personal data of employees is also collected and processed for the purpose of complying with legal obligations that the Data Controller is subject to.

Operations relating to the processing of Special Category data collected from Employees are required for the purpose of complying with legal obligations and exercising the specific rights of the Data Controller or the Data Subject in terms of labour, social security and social protection law, and also for the purpose of preventive or occupational healthcare, and to assess the employee’s work capacity.

The processing of Personal Data belonging to Employees, or obtained from Employees, which is related to criminal convictions and infringements or to related security measures, will always be subject to the protection of rights and freedoms of Data Subjects, with operations regarding said data strictly limited to the compliance with applicable legal obligations.

 

  • Service Providers

The B&G Group processes the Personal Data of their Service Providers to ensure compliance with the service agreement made with the Data Subjects or the Joint Data Controllers (regarding data and Data Subjects they collect, such as counterparts, employees and others). The Personal Data identified herein, which is subject to processing operations, is required for the execution of a contract or for pre-contractual arrangements or for compliance with legal obligations.

Special Category data on Service Providers or obtained from Service Providers will be subject to processing operations, insofar as the data is required to declare, exercise or defend a right in a legal procedure, or if the processing is required for the purpose of complying with obligations and exercising the specific rights of the Data Controller or the Data Subject in terms of labour, social security and social protection law or if the data is of public interest.

The processing of Personal Data belonging to Service Providers or obtained from Service Providers, which is related to criminal convictions and infringements or to related security measures, will always be subject to the protection of rights and freedoms of Data Subjects, with operations regarding said data strictly limited to the compliance with applicable legal obligations.

 

 8. Criteria for Calculating Retention Periods

The B&G Group will store Personal Data for the period they deem necessary and sufficient for the purposes behind the data collection and processing. The data storage time will vary according to the purpose for which the data is processed and according to legal standards demanding data storage. At the end of this period, the data will be deleted pursuant to the appropriate technical and operational guarantees, as documented in each of the relevant processes.

 

 9. Right of Access and Exercise of Rights

Data Subjects can exert their rights under the applicable data protection law by writing to the following email address: blueandgreen@dataprotection.pt

The B&G Group has also appointed a Data Protection Officer, in accordance with best practices in the field, who can be contacted at the following email address: blueandgreen@dataprotection.pt