Management and Privacy Policy
JP SUPER SOLES, LDA.
PRIVACY MANAGEMENT POLICY
1. Scope
The Privacy Management Policy sets out JP SUPER SOLES, LDA.'s commitments regarding the management of personal data privacy of data subjects, as well as compliance with the General Data Protection Regulation, identified as REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016.
Considering the inventory of personal data that JP SUPER SOLES, LDA. keeps updated, all data considered private and/or sensitive is managed in accordance with the requirements of the General Data Protection Regulation to ensure compliance with the rights of the respective data subjects.
2. Confidentiality and Privacy of Personal Data
Data subjects include corporate clients by contract, clients via Web tools, internal employees, and suppliers and service providers (subcontractors).
Personal and/or sensitive data entrusted to JP SUPER SOLES, LDA. are accessed by employees formally authorized to perform such tasks.
The data is used only for activities that have been previously authorized by the data subjects through prior, informed, and free consent.
Thus, within the framework of the commitment to ensure the privacy of personal data, its confidentiality is also ensured.
Confidentiality is ensured through the signing of agreements with JP SUPER SOLES, LDA. employees for the protection of personal data they access and process in the course of their professional activities.
3. Identification of the Personal Data Controller
The personal data controller is JP SUPER SOLES, LDA., with headquarters at Rua das Lavagueiras, Nº309, 4550-536 Pedorido, Castelo de Paiva, Aveiro, Portugal, mobile phone +351 939 510 056.
4. Collection, Processing, Sharing, and Retention of Personal Data
4.1 Collection of Personal Data
4.1.1 Situations not involving Web tools
Personal data is collected directly, through the following sources: filling out forms on the JP SUPER SOLES, LDA. website, responding to job offers with the sharing of a Curriculum Vitae, filling out paper forms, image and video capture, biometric data, email, or telephone.
Personal data may also be collected indirectly through the import of Curriculum Vitae content into the internal candidate management platform.
No other indirect personal data collection method will be performed.
The collection of sensitive personal data will only be carried out in strictly necessary cases justified by current legislation, namely, and for example, for occupational health.
4.1.2 Situations involving Web tools
Personal data is collected directly through official Web tools of JP SUPER SOLES, LDA., namely "online" shopping websites, or indirectly through "marketing automation" and "online" advertising tools of duly authorized subcontractor partners and in full compliance with JP SUPER SOLES, LDA.'s privacy management policy.
The cookie management policy complements this topic, presenting the "opt-in" and "opt-out" options available on the official website of JP SUPER SOLES, LDA.
The data subject may also "opt-out" of "online" advertising services on JP SUPER SOLES, LDA.'s social tools, namely Facebook, Instagram, and Google Ads.
JP SUPER SOLES, LDA. assumes that under no circumstances will a manual or computerized form have pre-filled options. All alternatives are selected by the data subject.
The collection of personal data will always be minimized for activities strictly necessary for the legitimate commercial interest of JP SUPER SOLES, LDA.
4.2 Processing of Personal Data
Personal data authorized by data subjects will be used by JP SUPER SOLES, LDA. for the strict purpose of supporting its commercial activities and resulting legal obligations.
4.2.1 Situations not involving Web tools
Activities included:
|
Justification |
Purpose of Processing |
Legal Basis |
|
Candidate Management |
Resume analysis and selection for interview |
Management of employee hiring lifecycle |
|
Export of Curriculum Vitae data to internal candidate management platform |
||
|
Contact with the candidate at various stages of the process |
||
|
Communication of data to the candidate in case of selection |
||
|
Data retention for future opportunities |
||
|
Contact with the candidate for new opportunities and data updates |
||
|
Human Resources Management |
Administrative human resources management Salary processing |
Operational management of the organization's support area |
|
Creation of employee card and placement in the company's contact and access directory |
||
|
Physical Security |
Access control Video surveillance image capture Attendance registration |
Control of physical security of buildings |
|
Internal and External Communication |
Publication of news, testimonials, images and videos on the company website, internal newsletter, and social media |
Promotion of the company and events in which it participates |
|
Commercial Management |
Client registration in ERP and client file Registration and archiving of commercial proposals |
Management of the commercial relationship with the client |
|
Financial Management |
Invoicing and collections Information sharing with external accounting service |
Operational management of the support area |
|
Procurement Management |
Supplier registration in ERP and supplier file Supplier contact consultation and activity registration |
|
|
Technical Assistance |
Technical assistance registration in ERP Marking the start and end location of technicians' journeys to record the distance traveled |
Operational management of the support area |
|
Information Systems Management |
Management of email system accounts and related services |
Access control |
|
Preparation of machines for delivery to the employee Retention of employee data for the above purpose |
Service provision to the employee |
|
|
Consultation of partner contacts |
Partner relationship management |
|
|
Consultation and custody of customer databases |
Provision of application software maintenance service |
Data will not be used for the purpose of creating and using sales profiles or indicators of products, regions or trends.
4.2.2 Situations involving Web tools
Included activities:
|
Justification |
Purpose of Processing |
Legal Basis |
|
e-Commerce |
User registration in the online shop or marketplaces |
Legitimate interest for providing service to the Web customer |
|
Management of online orders on Websites |
||
|
Communication with the user/customer at various stages of the order process |
||
|
Data transfer to logistics and goods transportation providers |
||
|
Retention of registered customer data for new purchases |
||
|
Data transfer to promotional digital marketing newsletter platform |
||
|
Data transfer for online advertising on social networks |
||
|
Customer support service ("online" or by phone) |
4.3 Sharing of Personal Data
4.3.1 Situations not involving Web tools
Personal data will be shared, for strictly necessary objectives and authorized by the personal data subjects, as support for the development of JP SUPER SOLES, LDA.'s activities, including:
|
Destination of Sharing |
Data to be Shared |
Legal Basis |
|
Portuguese Legal Authorities |
Name, address, tax identification number, social security user number, admission date, citizen card number |
Social security registration. Communication with tax, customs or other legal entities. |
|
Portuguese Data Protection Supervisory Authority |
Name, address, email address, phone number, citizen card number |
Communication of complaints or privacy breaches Communication with the DPO |
|
Occupational Medicine |
Name, date of birth, admission date, social security user number |
Registration in the Occupational Medicine service Creation of the medical fitness record |
|
Insurance Companies |
Name, tax identification number, address, date of birth, admission date |
Registration in employee work accident insurance policies |
|
Banking Institutions |
Name, international bank account number |
Payroll processing and expense payments |
|
Accounting Service Provider(s) |
Name, tax identification number, address, citizen card number |
Compliance with tax obligations and management of company accounting |
|
Legal Service Provider(s) |
Name, tax identification number, address, citizen card number |
Conflict management Contract execution |
|
IT Service Providers |
Name, professional history |
Presentation of candidates for outsourcing service |
Any and all additional needs will be subject to a supplementary request for informed consent from the respective personal data holders.
This data sharing will be carried out entirely within the European Union.
Considering these principles, personal data may thus be transmitted to subcontractors who, by formalising a specific agreement for each case, undertake to comply with the necessary security controls in accordance with the determinations of JP SUPER SOLES, LDA.'s privacy management policy.
4.3.2 Situations involving Web tools
Personal data will only be shared with subcontracted partners who have signed the data security management agreement in accordance with the determinations of JP SUPER SOLES, LDA.'s privacy management policy.
|
Sharing Destination |
Data to Share |
Reason |
|
Marketing Automation |
Gender, age and date of birth |
Execution of personalised campaigns for the customer |
|
Sending Newsletters and/or SMS |
Name, email address, address, date of birth, phone number |
Sending news, campaigns and personalised offers to the customer |
|
Online advertising |
Email address |
Google Ads, Facebook and Instagram advertising |
|
Logistics and Delivery |
Email address, name, phone number, shipping and billing address, date of birth, payment method, tax identification number |
Operational needs for interconnection with Chronopost, CTT and DHL |
|
Online payment |
Bank card number and ATM reference (if applicable) |
Operational needs for interconnection with HiPay and Paypal |
Data is shared with formally authorised subcontractors for digital marketing purposes. The personal data involved in these shares are subject to the consent of the respective owner, with the possibility of "opt-out" at any time.
In the case of digital marketing campaign segmentation with intercontinental subcontractors, these shares may lead to data transfers outside the European Union.
In these cases, JP SUPER SOLES, LDA. will take care to implement appropriate security controls for each identified risk situation, as well as ensure to the data subject the unconditional execution of their rights and all requirements of the General Data Protection Regulation.
4.4 Personal Data Retention
For each processing purpose presented, JP SUPER SOLES, LDA. retains the collected personal data for the maximum periods indicated below:
|
Retention Purpose |
Retention Period |
Reason |
|
Legal Documents |
10 Years |
Current legal requirements |
|
Data related to job applications |
5 Years |
|
|
Data related to human resources |
1 Year |
|
|
Data related to occupational medicine |
5 Years |
|
|
Biometric Data |
Until change of duties or end of contract |
|
|
Video surveillance |
1 Month |
|
|
Communication publications containing employee personal data |
Until end of contract |
According to operational needs and the organisation's communication strategy |
|
Communication publications containing personal data |
3 Years |
|
|
Data related to Customer Orders by Contract |
3 Years |
According to the organisation's operational needs |
|
Data related to Web Customer Orders |
3 Years |
Depending on the operational needs of the organisation |
|
Data related to Marketing and Advertising |
Until "opt-out" is performed |
Includes cookies, newsletters and SMS sending |
|
Complaints and privacy violations |
5 Years |
Support for legal proceedings if necessary |
|
Audit Records and Evidence |
5 Years |
Support for legal proceedings if necessary |
Retention means the secure storage of data, in digital or paper format, in resource(s) under the responsibility of JP SUPER SOLES, LDA., ensuring longevity and usability conditions according to the defined period.
5. Data Subject Rights
JP SUPER SOLES, LDA. ensures that all data subjects will be able to exercise their rights, provided for and described in the General Data Protection Regulation, and for this purpose, a Data Protection Officer (DPO) has been appointed.
The data subject has the following rights:
5.1. Right to be informed:
The data subject has the right to obtain clear, transparent, and understandable information about how JP SUPER SOLES, LDA. uses their personal data. It is for this purpose that this Privacy and Cookies Policy is provided.
5.2. Right of access:
In addition to the right to information, the data subject may access their personal data processed and stored by JP SUPER SOLES, LDA. In these cases, JP SUPER SOLES, LDA. will provide them with a copy of the personal data undergoing processing.
5.3. Right to rectification:
The data subject has the right to rectify their personal data if it is incorrect, outdated, or if they wish to complete it. To do so, they may contact JP SUPER SOLES, LDA., or, alternatively, if they have registered on the website, by going to their "customer area".
5.4. Right to erasure/right to be forgotten:
The data subject may request JP SUPER SOLES, LDA. to delete their data, but this is not an absolute right, as there may be legal grounds or other legitimate interests for retaining their personal data.
The deletion of personal data is irreversible, meaning it cannot be recovered.
5.5. Right to object, including to direct marketing:
The data subject may unsubscribe from the JP SUPER SOLES, LDA. Newsletter, or choose to be removed from other direct marketing communications at any time, as well as object to the processing of their personal data. The data subject may directly remove themselves from the Newsletter by clicking on "Remove", change their notification consent via email and/or SMS in their customer area, or contact JP SUPER SOLES, LDA. to request the desired changes. They may also object, at any time, to the creation of their profile and the use of their data for market research or other advertising actions.
5.6. Right to withdraw consent to data processing at any time:
The data subject may withdraw their consent to data processing when such processing is based on their consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
5.7. Right to lodge a complaint with the supervisory authority:
If a privacy violation is identified, the data subject may communicate it via this channel or directly with the supervisory authority they select.
Following complaint or privacy violation registrations, JP SUPER SOLES, LDA. ensures the execution of a communication procedure with the data subject, informing them timely and in accordance with the provisions of the General Data Protection Regulation, at each step of processing their complaint, and in strict compliance with the deadlines and conditions defined by the regulation.
5.8. Right to data portability:
The data subject has the right to move, copy or transfer data from our database to another.
5.9. Right to restriction of processing:
The data subject has the right to request the restriction of processing of their data in the following situations: if they contest the accuracy of the data, if the processing is unlawful and they do not wish to delete their data but only restrict it, if the data is no longer necessary for JP SUPER SOLES, LDA. but is necessary for the customer, or if they have exercised the right to object mentioned above, during the period in which JP SUPER SOLES, LDA. analyses whether its legitimate grounds for processing override that right.
Any data subject, to exercise their rights and/or submit any question related to this topic, namely the submission of complaints, should place their request in writing by using the email address cs@workingsafeshop.com.
6. Roles and Responsibilities
The top management of JP SUPER SOLES, LDA. has the function of ensuring that the Privacy Management Policy is aligned with the company's strategy, as well as ensuring its continuous improvement.
The Data Protection Officer's function is to ensure continuous and systematic compliance with the requirements of the General Data Protection Regulation, that all data subject rights are being met, and that appropriate security controls are operationalised for these objectives.
All employees of JP SUPER SOLES, LDA., as well as its subcontractors, are responsible for complying with and enforcing the commitments of the Privacy Management Policy.
7. Review and Continuous Improvement
The Privacy Management Policy will be reviewed annually, or whenever there are significant changes in the inventory of personal data and/or in the IT or documentary supports that underpin the guarantee of data subject rights.
Each review will result in a new version of the Privacy Management Policy.
8. Disclosure and Publication
The Privacy Management Policy will be disclosed to all personal data subjects who interact with JP SUPER SOLES, LDA., and will be available whenever requested, as the information it contains is classified as publicly accessible.
The Privacy Management Policy is available on the Website, in the online business support tools, and also on social media where JP SUPER SOLES, LDA. has a presence.