shape

Privacy Policy

Personal Data Protection Policy

 

Introduction 

Exato Seguros respects the privacy and protection of personal data, namely that of our candidates, employees, trainees and trainers in development projects, users of our websites and social media, as well as suppliers and clients and, in the case of legal persons, their representatives.

The data provided by the various users is treated confidentially by Exato Seguros in accordance with the provisions of Law 58/2019 of 8 August, the recommendations and directives issued by the National Data Protection Commission and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.

Compliance with this Policy will be monitored by measuring control assessment indicators and/or audits (internal or external) at regular intervals or when significant legislative or regulatory changes occur.

Exato Seguros is committed to respecting best practices in the field of security and protection of personal data, and to this end has approved a programme capable of safeguarding the protection of the data made available to us by all those who, in some way, have dealings with it.

This Privacy Policy applies to the collection and processing of personal data carried out by Exato Seguros and is intended for the general public and establishes obligations for all employees.

Definitions

 

Personal Data - All information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an electronic identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

Special Categories of Personal Data - Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership of a natural person, as well as the processing of genetic data, biometric data to uniquely identify a person, data concerning health or data concerning sex life or sexual orientation.

 

Treatment - An operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

Responsible for Treatment - It is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria applicable to his/her appointment may be provided for by Union or Member State law.

 

Personal Data Breach - It is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

 

Subcontractor - It is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller.

 

Third - It is a natural or legal person, public authority, service or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

 

Control Authority - Independent public authority set up by a Member State.

 

CNPD - National Data Protection Commission.

Collection and Processing of Data Subjects

This Policy applies to all the personal data of users that is collected by Exato®Seguros for (i) recruitment and selection activities, as well as all the issues associated with this, including the dissemination of new job offers, professional training and institutional information, (ii) information to clients and potential clients (iii) information on the existence of promotions or marketing campaigns, (iv) contractual or pre-contractual management (whether of a labour, commercial or other nature) or (v) compliance with legal obligations. Within the scope of the activities carried out by Exato®Seguros, users may be contacted for the purposes described above.

The types of personal data collected, processed and stored by Exato Seguros are those necessary to carry out (i) recruitment and selection processes for employment and training opportunities or those necessary to fulfil other requirements when acting as an employer or employment agency, (ii) the provision of services to clients, on an outsourcing or other basis, and (iii) the fulfilment of legal, contractual and pre-contractual requirements arising from the respective activity.

Such information may include:

  • Full name
  • Contact details (address, telephone number, email address)
  • Date of birth
  • Driving licence number and details
  • Academic qualifications and professional training
  • Professional experience and skills
  • Professional credentials, certificates or licences
  • Membership of professional organisations
  • Any other information contained in the CV
  • Citizenship status and work permit
  • Data related to health or disabilities
  • Information from and related to publicly accessible profiles you have created on employment-related social media platforms and job portals (such as LinkedIn, Facebook, Sapo Emprego or Indeed, among others)
  • Information collected by checking professional references
  • Interests and preferences in terms of career management
  • Employee, customer and/or supplier registration
  • User ID and password or PIN, if you register via the Exato Seguros website.

In addition, Exato Seguros may request types of personal data considered “sensitive”:

  • National or tax identification number/social security number
  • Financial or bank account details
  • Information related to tax situation
  • Information contained in the criminal record
  • Information on health insurance and retirement plans
  • Health data (e.g. relating to medical examinations or accidents at work)
  • Trade union membership
  • Information contained in the personal file of an Exato Seguros employee, such as performance analyses, disciplinary measures and salary processing
  • Finally, interactions with Exato Seguros' mobile and web applications may result in the collection, processing and storage of geolocation data
  • Other information that you may provide us, for example, through surveys, interactions with social profiles (LinkedIn, Facebook, Instagram, Twitter, Youtube, among others), as well as through other channels used to contact Exato Seguros.

The provision of this type of information is voluntary, unless required by law. If you do not provide it, this will not jeopardise your employment or training opportunities, for example.

Subcontractors

As part of the processing of the data subject's data, Exato Seguros uses or may use third parties, subcontracted by it, to process the data subject's data on its behalf and in accordance with its instructions, in strict compliance with the provisions of the law and this Privacy Policy.

These subcontractors may not transmit the data subject's data to other entities without Exato Seguros having previously given written authorisation to do so, and are also prevented from contracting other entities without authorisation to do so.

Exato Seguros undertakes to subcontract only entities that present sufficient guarantees of the execution of the appropriate technical and organisational measures, in order to ensure the defence of the rights of the holder.

All subcontractors are bound by a written contract which regulates, in particular, the object, the duration of the processing, the nature, the purpose of the processing, the type of personal data, the categories of data subjects and the rights and obligations of the parties.

When collecting personal data, Exato Seguros provides the data subject with information about the categories of subcontractors that, in the specific case, may process data on behalf of Exato Seguros.

Data Collection Channels

 

Exato®Seguros may collect data directly (i.e., directly from the data subject) or indirectly (i.e., through partner organisations or third parties). Data may be collected through the following channels:

 

  • Direct collection: in person, by telephone or e-mail or via the internet
  • Indirect collection: through partners, external companies or Group companies and official entities

General Principles Applicable to the Processing of Data Subjects' Data

 

In terms of general principles regarding the processing of personal data, Exato Seguros undertakes to ensure that they are:

 

  • Object of lawful, fair and transparent processing in relation to the data subject
  • Collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
  • Accurate and up-to-date whenever necessary, with all appropriate measures being taken to ensure that inaccurate data, taking into account the purposes for which it is processed, is erased or rectified without delay.
  • Kept in a form that allows the identification of the data subject for no longer than is necessary for the purposes for which the data are processed
  • processed in a manner that ensures their security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, and appropriate technical or organisational measures are taken

Data processing carried out by Exato Seguros is lawful when at least one of the following situations applies:

 

  • The data subject has given his/her explicit consent to the processing of the data subject's data for one or more specific purposes
  • Processing is necessary for the performance of a contract to which the data subject is a party, or for pre-contractual steps at the request of the data subject.
  • The processing is necessary for the fulfilment of a legal obligation to which Exato Seguros is subject
  • Processing is necessary for the defence of the vital interests of the data subject or of another natural person
  • Processing is necessary for the purposes of the legitimate interests pursued by Exato Seguros or by third parties (unless the interests or fundamental rights and freedoms of the data subject that require the protection of personal data prevail).

Exato Seguros undertakes to ensure that the data subject's data is only processed under the conditions listed above and with respect for the aforementioned principles.

 

When the processing of the data subject's data is carried out by Exato Seguros on the basis of the data subject's consent, the data subject has the right to withdraw his/her consent at any time.

 

The withdrawal of consent, however, does not jeopardise the lawfulness of the processing carried out by Exato Seguros on the basis of the consent previously given by the data subject.

 

The length of time for which data is stored and retained varies according to the purpose for which the information is processed.

 

In fact, there are legal requirements that oblige data to be kept for a minimum period of time. Therefore, whenever there is no specific legal requirement, the data will only be stored and kept for the minimum period necessary for the purposes for which it was collected or subsequently processed, after which it will be deleted.

Use and Purposes of Data Subject Processing

In general terms, Exato Seguros uses the data subject's data for various purposes, including billing and collection, for marketing purposes and for human resources management and employee recruitment, among others.

The data collected by Exato Seguros will not be shared with third parties without the data subject's consent, with the exception of the situations referred to in the following paragraph. If the data subject contracts services from Exato Seguros that are provided by other entities responsible for processing personal data, the data subject's data may be consulted or accessed by these entities, insofar as this is necessary for the provision of these services.

Under the applicable legal terms, Exato Seguros may transmit or communicate the data subject's data to other entities in the event that such transmission or communication is necessary for the performance of the contract established between the data subject and Exato Seguros or for pre-contractual procedures at the request of the data subject, in the event that it is necessary for the fulfilment of a legal obligation to which Exato Seguros is subject or in the event that it is necessary for the purpose of pursuing the legitimate interests of Exato Seguros or a third party.

If the data subject's data is passed on to a third party, reasonable endeavours will be made to ensure that the recipient uses the data in accordance with this Privacy Policy.

Technical, organisational and safety measures implemented

 

In order to guarantee the security of the data subject's data and maximum confidentiality, Exato Seguros treats the information he/she has provided us with in an absolutely confidential manner, in accordance with its internal security and confidentiality policies and procedures, which are updated periodically as necessary, as well as in accordance with the terms and conditions laid down by law.

 

Depending on the nature, scope, context and purposes of the data processing, as well as the risks arising from the processing for the rights and freedoms of the data subject, Exato Seguros undertakes to apply, both at the time of defining the means of processing and at the time of the processing itself, the necessary and appropriate technical and organisational measures for data protection and compliance with legal requirements.

 

It also undertakes to ensure that only the data that is necessary for each specific processing purpose is processed and that this data is not made available to an indeterminate number of people.

 

In terms of general measures, Exato Seguros has adopted the following:

 

  • Regular audits to assess the effectiveness of the technical and organisational measures implemented
  • Sensitisation and training of staff involved in data processing operations
  • Pseudonymisation and encryption of personal data, where justified
  • Mechanisms capable of ensuring the permanent confidentiality, availability and resilience of information systems
  • Mechanisms that ensure the restoration of information systems and access to personal data in a timely manner in the event of a physical or technical incident

Data subjects' rights

Right to Information

The information contained in this document is provided in writing (including by electronic means) by Exato Seguros to the data subject prior to the processing of the personal data in question. Under the terms of the applicable law, Exato Seguros is under no obligation to provide the data subject with this information when and to the extent that it is presumed that the data subject is already aware of it.

The information is provided by Exato Seguros free of charge.

 

Right of Access to Personal Data

Exato Seguros guarantees the means by which the data subject can access his/her personal data.

The data subject has the right to obtain confirmation from Exato Seguros as to whether or not personal data concerning him/her is being processed and, if so, the right to access his/her personal data and the following information:

  • The purposes of data processing
  • The categories of personal data in question
  • The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients established in third countries or belonging to international organisations
  • If possible, the retention period for personal data
  • The existence of the right to request from Exato Seguros the rectification, erasure or limitation of the processing of personal data or the right to object to such processing
  • Right to lodge a complaint with the CNPD or another supervisory authority
  • If the data has not been collected from the data subject, the information available on the origin of that data
  • The existence of automated decisions, including profiling and information on the underlying logic, as well as the significance and expected consequences of such processing for the data subject
  • Right to be informed about the appropriate guarantees associated with the transfer of data to third countries outside the EU or international organisations

Upon request, Exato Seguros will provide the data subject, free of charge, with a copy of their data that is being processed. The provision of other copies requested by the data subject may entail administrative costs.

Right to Rectification of Personal Data

The data subject has the right to request the rectification of his/her personal data at any time, as well as the right to have incomplete personal data completed, including by means of an additional declaration.

In the event of rectification of the data, Exato Seguros will inform each recipient to whom the data has been transmitted of the rectification, unless such communication proves impossible or involves a disproportionate effort for Exato Seguros.

Right to erasure of personal data (“Right to be forgotten”)

The data subject has the right to obtain from Exato Seguros the deletion of his/her data when one of the following reasons applies:

  • the data subject's data is no longer necessary for the purpose for which it was collected or processed
  • The data subject withdraws the consent on which the processing of the data is based and there is no other legal basis for such processing
  • The data subject objects to the processing under the right to object and there are no overriding legitimate interests justifying the processing
  • If the data subject's data is processed unlawfully
  • If the data subject's data must be deleted in order to fulfil a legal obligation to which Exato Seguros is subject

Under the applicable legal terms, Exato Seguros is under no obligation to delete the data subject's data insofar as the processing proves necessary for the fulfilment of a legal obligation to which Exato Seguros is subject or for the purposes of declaring, exercising or defending a right of Exato Seguros in legal proceedings.

In the event of data deletion, Exato Seguros will inform each recipient/entity to whom the data has been transmitted of the respective deletion, unless such communication proves impossible or involves a disproportionate effort for Exato Seguros.

If Exato Seguros has made the data subject's data public and is obliged to erase it under the right to erasure, Exato Seguros undertakes to take reasonable measures, including technical measures, taking into account available technology and the costs of their implementation, to inform those responsible for the effective processing of personal data that the data subject has asked them to erase the links to such personal data, as well as copies or reproductions thereof.

Right to Limitation of Processing of Personal Data

The data subject has the right to obtain, from Exato Seguros, the restriction of the processing of his/her data, if one of the following situations applies (the restriction may consist of inserting a mark in the personal data stored with the aim of limiting its processing in the future):

  • If you dispute the accuracy of the personal data, for a period that allows Exato Seguros to verify its accuracy
  • If the processing is unlawful and the data subject opposes the erasure of the data, requesting instead the restriction of its use
  • If Exato Seguros no longer needs the data subject's data for processing purposes, but such data is required by the data subject for the purposes of declaring, exercising or defending a right in legal proceedings
  • If the data subject has objected to the processing, until it is established that the legitimate reasons of Exato Seguros prevail over those of the data subject.

When the data subject's data is subject to restriction, it may, with the exception of storage, only be processed with the consent of the data subject or for the purposes of declaring, exercising or defending a right in legal proceedings, defending the rights of another natural or legal person, or for reasons of public interest legally provided for.

The data subject who has obtained the restriction of the processing of his/her data in the above cases will be informed by Exato Seguros before the restriction of processing is cancelled.

In the event of limitation of data processing, Exato Seguros will inform each recipient to whom the data has been transmitted of the respective limitation, unless such communication proves impossible or involves a disproportionate effort for Exato Seguros.

Right to Personal Data Portability

The data subject has the right to receive the personal data concerning him/her that he/she has provided to Exato Seguros, in a structured, commonly used and machine-readable format, and the right to transmit this data to another data controller, if:

  • The processing is based on consent or a contract to which the data subject is a party
  • Processing is carried out by automated means

The right of portability does not include inferred data or derived data, i.e. personal data that is generated by Exato Insurance as a consequence or result of analysing the data being processed.

The data subject has the right to have personal data transmitted directly between data controllers, whenever technically possible.

Right to Object to Treatment

The data subject has the right to object at any time, on grounds relating to his/her particular situation, to the processing of personal data concerning him/her that is based on the exercise of legitimate interests pursued by Exato Seguros or when the processing is carried out for purposes other than those for which the personal data were collected, including profiling or when the personal data are processed for statistical purposes.

Exato Seguros will cease processing the data subject's data, unless it has compelling legitimate reasons for such processing which prevail over the interests, rights and freedoms of the data subject, or for the purposes of declaring, exercising or defending a right of Exato Seguros in legal proceedings.

When the data subject's data is processed for the purposes of direct marketing, the data subject has the right to object at any time to the processing of data concerning him/her for the purposes of said marketing, which includes profiling insofar as it is related to direct marketing. If the data subject objects to the processing of his/her data for the purposes of direct marketing, Exato Seguros will cease processing the data for this purpose.

The data subject also has the right not to be subject to any decision taken solely on the basis of automated processing, including profiling, which produces legal effects concerning him or her or significantly affects him or her in a similar way, unless the decision:

  • It is necessary for the conclusion or execution of a contract between the holder and Exato Seguros
  • Is authorised by legislation to which Exato Seguros is subject
  • Is based on the explicit consent of the data subject

Procedures for the Exercise of Rights by the Holder

The right of access, the right to rectification, the right to erasure, the right to restriction, the right to portability and the right to object can be exercised by the data subject by contacting us by email at  privacidade@exatoseguros.pt, Rua do Proletariado n.º 2-A 2794-063 Carnaxide or by telephone at 214139480.

Exato Seguros will respond in writing (including by electronic means) to the holder's request within a maximum period of one month from receipt of the request, except in cases of particular complexity, where this period may be extended by up to two months.

If the requests submitted by the holder are manifestly unfounded or excessive, particularly due to their repetitive nature, Exato Seguros reserves the right to charge administrative costs or refuse to comply with the request.

Personal Data Breaches

In the event of a data breach and insofar as such breach is likely to entail a high risk to the rights and freedoms of the data subject, Exato Seguros undertakes to communicate the personal data breach to the data subject concerned without undue delay.

Under legal terms, communication to the owner is not required in the following cases:

  • If Exato Seguros has applied appropriate technical and organisational protection measures and such measures have been applied to the personal data affected by the personal data breach, in particular measures that render the personal data unintelligible to any person not authorised to access such data, such as encryption.
  • If Exato Seguros has taken subsequent measures to ensure that the high risk to the rights and freedoms of the data subject is no longer likely to materialise
  • In the event that communication to the data subject involves a disproportionate effort for Exato Seguros. In this case, Exato Seguros will make a public announcement or take a similar measure through which the data subject will be informed.

Consent to Call Recording

The employees hired give their express CONSENT for the recording of calls in which they are involved in the execution of their activity, namely for the purposes of internal auditing, quality control and possible proof of commercial transaction, of Exato Seguros itself or of the respective Client.

Website Usage Policy

This website provides users with access to information, services and content, and the user assumes responsibility for its correct use and for the registration process required to access certain services or content.

The user undertakes to use the information, content and services on this website appropriately and, in particular, not to carry out any action that may cause physical or logical damage to the system and not to access it fraudulently by using unauthorised access data.

The content of this website may not be modified or reinterpreted in such a way as to be protected under any other copyright, patent, trade mark or intellectual property registration that does not belong to Exato Seguros.

The information provided on the website may contain some technical inaccuracies or typographical errors. Consequently, Exato Seguros assumes no liability whatsoever for any direct, indirect, incidental or collateral damage resulting from visiting its pages, including loss of data, loss of revenue or other income, and interruption of business processes arising from the use or inability to use the information on this site. Exato Seguros also declines any responsibility for the content of third-party sites that contain links to this website and/or that can be accessed from this website.

All the elements contained on this website, namely texts, photos, illustrations and others are protected by law, under the Code of Copyright and Related Rights.

It is expressly forbidden to copy, reproduce and disseminate the texts, photos, illustrations and other elements contained in this electronic edition without the express authorisation of Exato Seguros, regardless of the means used, with the exception of the right to quote as defined by law.

The commercial use of the elements contained in the electronic edition of Exato Seguros, namely texts, photos, illustrations and others, is expressly prohibited.

Exato Seguros reserves the right to take legal action against the authors of any unauthorised copying, reproduction, dissemination or commercial exploitation of the elements contained on this website, namely texts, photos, illustrations and others.

Cookie Policy

A “cookie” is a file that is imported into your computer or other device when you access certain web pages that collect information about your browsing on those web pages. In some cases, cookies are necessary to facilitate browsing and make it possible to store and retrieve information about a user's browsing habits or their equipment, among other things and, depending on the information they contain and the way they use their equipment, they can be used to recognise the user.

The cookies used on this website can be categorised as follows:

  • Own cookiesThe following are those that are sent to the user's terminal equipment from a device or domain managed by the publisher itself and from which the service requested by the user is provided.
  • Third-party cookiesCookies: are those that are sent to the user's terminal equipment from a device or domain that is not managed by the publisher, but by another entity that processes the data collected through cookies.
  • Session cookies: collect and store data when the user accesses a web page
  • Technical cookies: allow the user to navigate through a web page, platform or application and to use the different options or services that exist on them
  • Personalisation cookiesThese allow the user to access the service with some general characteristics that are predefined according to a series of criteria on the user's terminal, such as the language, the type of browser through which the service is accessed, the regional configuration of the location from which the service is accessed, etc.
  • Analysis cookiesThese cookies allow the person responsible for them to monitor and analyse the behaviour of the users of the websites to which they are linked. The information collected through this type of cookie is used to measure the activity of the websites, application or platform and to draw up browsing profiles of the users of said sites, applications and platforms, with the aim of introducing improvements to the function of analysing the data on the use of the users of the service.

To find out which cookies are stored by your browser, you can use the tools available in your browser.

We use social media buttons to allow our users to share web pages or select them as favourites. These are buttons for external social networking websites. These sites may record information about your activities on the Internet, including our website. You can analyse the terms of use and privacy policies of these websites to find out exactly how they use the information and to find out how you can delete or erase this information.

We sometimes use external web services to display content within our web pages. For example, to show virtual tours, images, videos, graphics, infographics, maps or to carry out surveys. As with social media buttons, we cannot prevent these external websites or domains from collecting information about your use of this embedded content.

Exato Seguros assumes no responsibility for legal or technical problems caused by the user's failure to comply with the recommendations indicated. This communication is intended to be known and used by users and should therefore not be used for any other purpose. Exato Seguros is also not responsible for the content and veracity of the privacy policies of third parties included in this cookie policy.

If you have any questions about this cookie policy, please contact us at privacidade@exatoseguros.pt

Final Part

Changes to the Privacy Policy

Exato Seguros reserves the right to change this Privacy Policy at any time. If the change is substantial, a notice will be placed on the website.

Applicable Law and Jurisdiction

The Privacy Policy, as well as the collection, processing or transmission of the data subject's data, are governed by the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and by the legislation and regulations applicable in Portugal.

Any disputes arising from the validity, interpretation or execution of the Privacy Policy, or which are related to the collection, processing or transmission of the data subject's data, must be submitted exclusively to the jurisdiction of the courts of the district of Lisbon, without prejudice to the applicable mandatory legal rules.

Private individuals

Companies

Links

Legal Disclaimer
Exato - Consultoria & Mediação de Seguros, Lda. (“Exato Seguros”), with registered office at Rua do Proletariado, n.º 2-A, 2791-563, Carnaxide, registered at the Commercial Registry Office under the single registration and legal person number 514960558, telephone number: +351212461157, contact email address geral@exatoseguros.pt and with the following web address: www.exatoseguros.pt. Exato Seguros has been registered with ASF - Autoridade de Supervisão de Seguros e Fundos de Pensões (the entity responsible for supervising the activity) since 14/12/2018, under the category of Insurance Agent, under no. 418467900, with authorisation to carry out the activity of insurance distribution in the Life and Non-Life Branches, information that can be verified and confirmed at www.asf.com.pt .Exato Seguros is authorised to receive premiums for delivery to the insurance company and, in general, is authorised to take out insurance in the name and on behalf of insurance companies, but it never proposes or assumes risk cover in its own name, which is the exclusive competence of insurance companies under the terms of the applicable legislation. It does not dispense with consulting the legally required pre-contractual and contractual information.

Exato Seguros © All rights reserved

Cookies
We use cookies. If you think it's OK, just click on "Accept all". You can also choose the type of cookies you want by clicking on "Settings". Read our cookie policy
Definitions Refuse everything Accept everything
Cookies
Choose the type of cookies to accept. Your choice will be stored for one year. Read our cookie policy
Save Refuse everything Accept everything