Privacy and GDPR-agreement

PRIVACY POLICY

  1. Introduction

The companies R. C. Sanches, Lda; Multifood, Lda; Talentoveloz Unipessoal, Lda; Gastrolisboa; Alma Tables, Lda; Delidelux, Lda E Itáloco Restaurante Italiano, Lda as entities that operate restaurant establishments under the name “Plateform”, assume as the highest and core commitment of its business activity, to process the personal data of its Customers (hereinafter “Data Subjects”), ensuring total respect for their privacy, and the protection, and security of personal data in the face of external threats and improper internal usage, in accordance with Regulation 2016/679 of the European Parliament and Council, of 27 April 2016 (hereinafter “RGPD”).

Consequently, the Data Subjects are made aware and have the right to be informed, within the scope of the corresponding contract, on how Plateform gathers, organises, maintains, shares, searches, uses, edits, stores, processes, protects and deletes the Subjects’ Personal Data provided to it.

This Personal Data is provided through the website, the provision of services / complaint made at the corresponding restaurant establishment.

The legitimate purposes for which Plateform processes Personal Data are a result of compliance stemming from relevant legislation, requiring Plateform to ensure that legal conditions are in place for properly processing the Subjects’ Personal Data. In the specific case of Plateform, the Data Subjects that are the object of this process are Plateform Employees/Service Providers, which are subject to an internal privacy policy, and Customers and Potential Employees.

In addition, Data Subjects also have the right to be informed regarding how their Personal Data is handled for other purposes that are relevant within the scope of business carried out by R.C. Sanches, circumstances which Plaform intends to make the Subjects aware of, under the terms of this Privacy Policy.

Therefore, Plateform has placed its privacy policy on the website, where any Data Subject can and should access and carefully review this privacy policy, written clearly and simply to facilitate its understanding by Data Subjects and the exercise of their rights (also known as ARCO Rights – Rights to Access, Rectification, Cancellation and Opposition).

  1. Scope of Application and Responsibility for Processing

This privacy policy applies to personal data processed by Plateform, directly or indirectly, within the scope of its business activity, obtained through all the tools at its disposal – website, restaurant establishment.

Within the scope of processing the personal data indicated above, Platrform may define, specifically, concrete privacy policies that improve, develop or specify concrete aspects of processing personal data, carried out for the purposes indicated or any new purposes that may be developed or undertaken by Plateform, which commits to ensuring compliance with the RGPD regarding those new business developments.

In compliance with the applicable legal dispositions, these sectoral privacy policies will be made known to the Data Subjects, through the means agreed upon between the Parties and available for said purpose, in accordance with the applicable legal and contractual provisions.

The entities responsible for the treatment of the Personal Data are all of the mentioned above, placed at Avenida D. João II, n.º 30, 4.ºB, 1990-092 Lisboa, Parque das Nações.

 

You may contact Plateform regarding any issues related to this privacy policy, using the following contact information for the Head of Data Protection:

E-mail address: rgpd@multifood.pt

Dedicated Telephone Line: 218166590

Registered Post with Advice of Delivery:

C/O Head of Data Protection

R.C. Sanches, S.A.

Avenida D. João II, nº30, 4ºB

Parque das Nações 1990-092 Lisbon.

In addition to the foregoing, the head of data processing may, in specific and particular cases – the object of sectoral privacy policy – subcontract third parties to carry out the personal data processing in question, always ensuring, at all times, the rights and guarantees of Data Subjects and the compliance, by said subcontractors, of all applicable legal, regulatory and contractual obligations.

In this specific situation, Plateform subcontracts management and maintenance services regarding the IT platform and website.

 

  1. Purposes for Processing and Legal Grounds

The Personal Data of Employees and Service Providers is processed by Plateform under the terms of the Internal Privacy Policy in effect and which is made known to these Data Subjects, as part of the process of making work contracts or contracts for the provision of existing services.

The Personal Data of Customers and, in particular, Potential Employees that is the object of processing – within the scope of potential recruitment procedures carried out over the website or other tools – includes:

 

 

 

  • Regarding Customers:
    1. On the website: Customer’s full name, telephone number and email;
    2. Other personal data that is particularly technical in nature may be obtained when accessing the website (see Chapter 12 below).
  • Regarding Potential Employees:
    1. On the Website: Full name of the Potential Employee, telephone number and email and personal data provided in a Curriculum Vitae (full name, mailing address, email, telephone, academic and professional background, among others);
    2. Other personal data that is particularly technical in nature may be obtained when accessing the website (see Chapter 12 below).

All personal data identified is appropriate, pertinent and limited to the corresponding purposes, thereby fully respecting the essential principles of the RGPD.

Plateform processes the personal information of the Data Subjects in an automated manner, for the specific purposes, strictly and fully observing the legal grounds provided for in the RGPD, applicable as appropriate.

In this manner and in summary terms, excluding the processing regarding Employees and Service Providers – the object of an autonomous internal privacy policy – the purposes for which the processing of Personal Data is carried out and the corresponding legal condition are as follows:

 

 

Purpose for Processing

Legal Basis

Recruitment process regarding contract of Potential Employees for exercising operational or administrative functions.

Execution of a contract or precontractual proceedings at the request of the Data Subject[1]

Processing of Personal Data of Potential Employees and Customers, for the control and security in various facilities under the management of the Video Surveillance Head.

Processing necessary for the protection of legitimate interests pursued by the Companies

Processing of Customers’ Personal Data within the scope of providing services provided by the Companies, a legal relationship established with the Customer and a billing process. 

Execution of a contract or precontractual proceedings at the request of the Data Subject

Processing of Customers’ Personal Data for the purposes of marketing, including but not limited to (i) giving information regarding any updates of Plateform’s social activity (Newsletters), (ii) issuance of promotional discounts and (iii) other institutional information

Consent granted by the Data Subject for these specific purposes

Processing of Customers’ Personal Data for the statistical analysis and business management of Plateform. 

Processing necessary for the protection of legitimate interests pursued by the Companies

Processing of Customers’ Personal Data for the purposes of Complaints

Compliance with Plateform’s legal obligations

Processing of Technological Personal Data (cookies)

Consent granted by the Data Subject for this specific purpose

 

  1. Communication of Personal Data

Plateform grants access to Data Subjects’ Personal Data to third parties exclusively subcontracted for the purpose of ensuring the provision of services necessary for managing and maintaining the Website, specifically in managing programmes that include the aforesaid platforms and their current and future developments.

Within the scope of that which is described above, Plateform, in compliance with the applicable legal and regulatory obligations, requires the above-mentioned subcontracted entities to commit to taking all necessary security precautions, given the nature of Personal Data and the risks presented by its processing, to protect the security of Personal Data provided by Data Subjects and, specifically, to guarantee as far as possible it is not distorted or corrupted and accessed by unauthorised third parties.

  1. Subcontractors

Plateform grants access to Data Subjects’ Personal Data to third parties exclusively subcontracted for the purpose of ensuring the provision of services necessary for managing and maintaining the website, in accordance with that which is set forth in Chapter 4.

Within the scope of recruiting Potential Employees, the entities mentioned above may also grant access and share Data Subjects’ Personal Data with Companies in its Business Group.

Within the scope of that which is described above, Plateform, in compliance with the applicable legal and regulatory obligations, requires the above-mentioned subcontracted entities or those that are part of the same Business Group to commit to taking all necessary security precautions, given the nature of Personal Data and the risks presented by its processing, to protect the security of Personal Data provided by Data Subjects and, specifically, to guarantee as far as possible it is not distorted or corrupted and accessed by unauthorised third parties.

  1. International Transfers of Personal Data

Plateform and the entities described in Item 5 above shall fully carry out the corresponding processing of Personal Data of Data Subjects in the European Economic Area (EEA), and as such does not foresee making any international transfer of Personal Data.

  1. Retention Period

Plateform shall retain Data Subjects’ Personal Data only for the time necessary to carry out the purpose for which it was gathered, at which time Personal Data is deleted after the clear and autonomous communication presented by the Data Subject, under the terms provided for in the next Chapter.

 

Generally, and except for the defence of legitimate interests by Companies, the retention periods in effect are as follows:

Purpose for Processing

Retention Period

Recruitment process regarding contract of Potential Employees for exercising operational or administrative functions.

Until the end of the recruitment process or, should there be consent granted by the end of the consent renewal period defined by Plateform (5 years) or the revocation of consent.

Processing of Personal Data of Potential Employees and Customers, for the control and security in various facilities under the management of the Video Surveillance Head.

External Personal Data related to the recording of images in Plateform restaurant facilities or establishments are the object of processing for a period of 30 (thirty) days, unless it is shown to be fundamentally necessary for guaranteeing the compliance of Plateform’s legal obligation or legitimate interest.

Processing of Customers’ Personal Data within the scope of providing services provided by the Companies, a legal relationship established with the Customer and a billing process. 

In fulfilment of Plateform’s legal obligation or legitimate interest, the Personal Data obtained will be maintained for the period necessary for guaranteeing the applicable tax obligations.

Processing of Customers’ Personal Data for the purposes of marketing, including but not limited to (i) giving information regarding any updates of Plateform’s social activity (Newsletters), (ii) issuance of promotional discounts and (iii) other institutional information

The Customers’ Personal Data that allows the fulfilment of the described purpose will be retained until the request is made for deleting the Subject’s Personal Data or in the event of account inactivity for a period longer than 5 years.

Processing of Customers’ Personal Data for the statistical analysis and business management of Plateform. 

The Customers’ Personal Data that allows the fulfilment of the described purpose will be retained until the request is made for deleting the Subject’s Personal Data or during the period necessary for guaranteeing Plateform’s legal obligations.

Processing of Customers’ Personal Data for the purposes of Complaints

The Customers’ Personal Data that allows the fulfilment of the described purpose will be retained until the request is made for deleting the Subject’s Personal Data or during the period necessary for guaranteeing Plateform’s legal obligations.

Processing of Technological Personal Data (cookies)

The Customers’ Personal Data that allows the fulfilment of the described purpose will be retained until the request is made for deleting the Subject’s Personal Data or during the period necessary for guaranteeing Plateform’s legal obligations.

 

 

 

  1. ARCO Rights of Data Subjects

Any Data Subject who provides his personal data to Plateform may, if he or she so wishes, at any time and tending to be free of charge – in fulfilment of applicable legislation – carry out his rights to access, correct, delete (or deindex) personal data or even, depending on the applicability of that option, the right to limit or oppose the processing or transfer of the Personal Data.

Similarly, regarding the processing of Personal Data that was the object of consent by the Data Subjects, Plateform guarantees the possibility of the subjects’ exercising their right to revoke consent, observing all the applicable legal provisions.

All the rights indicated above may also be exercised through the following platforms and subject to available technology:

E-mail address: rgpd@plateform.pt

Dedicated Telephone Line: 218166590

Registered Post with Advice of Delivery:

C/O Head of Data Protection

Avenida D. João II, nº30, 4ºB

Parque das Nações 1990-092 Lisbon.

Plateform scrupulously complies with and will comply with all the obligatory information rights provided for in the applicable legislation, within the scope of the corresponding contractual relationships entered into between Plateform and the Data Subjects.

Plateform commits, always and in every case, to comply with the legally established periods for fulfilment and execution resulting from the exercise of the ARCO rights by any Data Subject.

Plateform reserves the right to exercise, in accordance with the corresponding legal and regulatory standards, all the rights of exception conferred by applicable legislation, for the full/partial execution of the Data Subjects’ ARCO rights.

In any case, if the Data Subject believes that Plateform infringed or may have infringed his rights under the terms of the applicable legislation on data protection, he or she may file a complaint with the Data Protection National Commission.

  1. Responsibility of Data Subjects

The Data Subjects pledge to use maximum prudence, on any of the technology tools made available by Plateform, to avoid any unauthorised access to their Personal Data, keeping confidential any passwords and information that may be in their personal accounts (if any).

Should the Data Subject or any other user of any one of the technology tools made available by Plateform provide false or incorrect information to Plateform, the latter shall not be held liable in this case.

  1. Mandatory Character of Requested Personal Data

The Personal Data which, in the forms provided by Plateform, are not properly identified as “optional” must be completed in order to meet the corresponding purposes specified above.

Consequently, if the Data Subject does not provide the necessary Personal Data to meet the purposes specified above, Plateform cannot fulfil that request.

 

 

  1. Personal Data Protection Measures

Keeping in mind the great concern and commitment Plateform shows in safeguarding privacy issues, several safety measures were adopted that are technical and organisational in character, in order to protect personal data that is provided to us against its disclosure, loss, improper use, change, or unauthorised processing or access, as well as, against any other type of illegal processing.

In this regard, the forms for collecting personal data require encrypted sessions and all personal data provided will be stored securely on the systems contracted for by Plateform with additional access control and the inability to extract information, protected by all physical and logical security measures that we believe to be essential for protecting your Personal Data.

For further clarification, please contact Plateform’s Head of Data Protection using the contact information listed in Item 2 above.

  1. Cookies Policy

The website uses cookies. Learn more about cookies and accept or deny their use on the aforesaid website.  

For further clarification, please contact Plateform’s Head of Data Protection using the contact information listed in Item 2 above.

  1. Law Applicable

          This Privacy Policy is drawn up in accordance with and fully subject to Portuguese Law and RGPD. 

  1. Changes to the Privacy Policy

Plateform reserves the right to change its Privacy Policy described here or any terms and conditions of Sectoral Privacy Policies, always in strict observance of applicable national and Community legislation.

Last Revision: October 2019

 

[1] This legal basis does not encompass the possibility of Plateform retaining the Personal Data of Potential Employees for other recruiting processes, in which case Plateform will obtain the informed consent of the Potential Employees.