Privacy and GDPR-agreement

RGPD

CIMPOR cares about your privacy. Personal data shall be used only for the purposes for which it is collected and processed in compliance with the applicable legislation relating to personal data protection.

PRIVACY POLICY AND PROTECTION OF PERSONAL DATA

CIMPOR guarantees the protection of the data entrusted to it by the users of its website, the collected information is dealt with under the appropriate legislation, namely the General Data Protection Regulation & Law No , 58/2019, of August the 8th.


1. Principles

Cimpor processes personal data based on the following principles:

  • Personal data is processed lawfully, fairly and transparently;
  • The respective collection of data is carried out only for duly determined, explicit and legitimate purposes;
  • The data collected is limited to data that is considered strictly necessary and kept only for the length of time required for the purposes for which it is processed;
  • Only employees and Group partners whose roles so require have access to personal data processed;
  • Personal data is processed confidentially;


2. Personal data

Personal data is regarded as any information relating to an identified or identifiable natural person (the data subject).


3. Data controller

The relevant data controller shall be the company within the Cimpor group with which the data subjects makes contact.


4. Data processing conditions

CIMPOR and its affiliates commit to only processing personal data when at least one of the conditions provided for in the data protection legislation is met, specifically:

  • The data subject has freely given their informed, specific, unambiguous, express prior consent to their data being processed;
  • Personal data must be processed in order for a contract to be drawn up to which the data subject is party, or in order for pre-contractual verifications to be made at the request of the data subject;
  • Personal data must be processed in order for the company to fulfil legal obligations to which it is subject;
  • Personal data must be processed to secure CIMPOR's legitimate interests.


5. 
Period of retention of personal data

In line with the aforementioned principles, CIMPOR retains personal data according to the purpose for which it was collected only for the period of time necessary to fulfil such purposes in accordance with the law. CIMPOR has established procedures to ensure that personal data is pseudonymised or deleted once the storage period has elapsed.

 

6. Rights of Data Subjects

Under the applicable law, you shall have the following rights regarding the processing of your personal data:

  • Right of access;

  • Right to rectification;

  • Right to erasure (‘right to be forgotten’);

  • Right to restriction of processing;

  • Right to data portability;

  • Right to object;

  • Right to withdraw data protection consent.

The right to erasure is limited to such data, which is not necessary for the purposes of our legitimate interests and which is not stored and processed due to our legal obligations.

Furthermore you shall have to right to file a complaint with the competent data protection authority which is the Comissão Nacional de Proteção de Dados (CNPD).


7. Safety measures

CIMPOR has employed technical and organisational measures to protect against any violation of personal data that may accidentally or unlawfully cause the destruction, loss, alteration, disclosure or unauthorised access of the personal data shared, stored or subject to any type of processing, as well as against any form of unlawful processing.

This commitment to protecting personal data also requires that whenever personal data is shared with other entities, these entities adopt technical and organisational measures that ensure the same level of protection of the data provided by Cimpor.


8. Transmission of personal data to other entities

Personal data may be shaped with subcontractors for processing for and on behalf of CIMPOR. Such subcontractors must always adhere to the technical and organisational measures necessary to adequately protect personal data belonging to users.


Data may also, where necessary, be shared with companies within the Group as well as public authorities (Tax Authority, legal authorities, the police, etc.) under the terms and conditions set out in the applicable legal rules.


9. Cross-border processing

Any transfer of personal data to companies within the Group located in countries outside the European Union may only take place within the framework of an intergroup agreement, which will ensure that all data is transferred in strict compliance with the applicable legal rules.


10. Contacts

Data subjects who wish to exercise any of the aforementioned rights or clarify any issues relating to the protection of their own privacy and that of all personal data processed by CIMPOR can do so via post, in a letter to the Data Protection Officer, Av. José Malhoa nº22, Floors 6 to 11, 1099-020 Lisbon, or, preferentially by email to DPOCIMPOR@CIMPOR.COM. 

 

Internal Control


The risk management structure within Cimpor's internal control system is also of particular note, having been strengthened through the creation of an internal audit department.


CIMPOR's governance model requires that sustainable partnerships be maintained, and risks minimised, both for the entire business - impacting the company's EBITDA - and its processes - impacting directly on operations.