PRIVACY POLICY
Learn how your personal data is collected, processed, and used, and how you can access all the details.
1. Personal Data
a) What are personal data?
Personal data is any information, of any nature and in any format, relating to an identified or identifiable natural person.
An identifiable person is considered to be someone who can be directly or indirectly identified by name, identification number, location data, electronic identifier or other elements that allow reaching the person.
b) Who are the data subjects?
The client or user, an individual, to whom the data relates and who benefits from the services or products of GNS – Georgina Neto dos Santos, Lda. The customer will be the person who enters into the contract with the company, and the user is the person who uses its services or products, but who may not necessarily correspond to the customer. For example:
- In the business segment, the contract with GNS is in the name of the company, but the users are its clients or employees;
- In the particular segment, a client may acquire multiple services, with each person benefiting from the products or services being considered a user.
In this regard, the company informs that it equally protects personal data and respects the rights of customers and users.
c) Which categories of personal data do we process?
The data categories we deal with are as follows:
- Identification, Contacts, and Other Data:
Civil or tax identification numbers, payment information, billing/installation address, telephone contact, or email address; - Services:
Products and services purchased or subscribed; - Profile and Interests:
Interests in the company’s products or services, newsletter, social media, and other preferences and interests.
2. Personal Data Processing
a) Who is responsible for processing your personal data?
The entity responsible for collecting and processing your personal data will be GNS, the provider of the service or product to you, which, within this scope, determines the data collected, the means of processing, and the purposes for which the data is used.
b) The Data Protection Officer:
GNS also has a data protection officer who:
- Monitors data processing compliance with applicable regulations;
- It is a point of contact with the customer or user, to clarify issues regarding the handling of their data by the company;
- Cooperate with the supervisory authority;
- Provides information and advises the data controller or processor on their obligations regarding privacy and data protection.
c) How can I contact the Data Protection Officer?
You can contact the DPO at the following addresses:
- Letter: Data Protection Officer (DPO) GNS – Georgina Neto dos Santos, Lda. – E.N.1 – Mourisca do Vouga, 3754-901, Águeda, Portugal;
- Email: gns@ingns.com.
3. Foundation of Personal Data Processing
a) On what basis can we process your personal data?
These are the circumstances in which we handle your personal data:
- Consent:
When you have your express consent – in writing or verbally – and if that consent is free, informed, specific, and unequivocal. Examples include your consent for GNS to analyze service usage, consumption profile, and to make recommendations or send marketing messages, to use your identification or service usage data for sending marketing messages from the company; - Contract Execution and Pre-Contractual Diligences:
When the processing of personal data is necessary for the celebration, execution, and management of the contract entered into with GNS, such as, for example, the preparation of a service proposal or information about the address for installation, the provision of communication services, management of contacts, information and requests, management of billing, collection, and payments; - Compliance with Legal Obligations:
When the processing of personal data is necessary to fulfill a legal obligation to which GNS is subject, such as, for example, the communication of identification or traffic data to police, judicial, tax, or regulatory entities, or location data to ensure emergency services; - Legitimate Interest:
When the processing of personal data corresponds to a legitimate interest of GNS or third parties, such as processing data for service quality improvement, fraud detection, and revenue protection, and when our reasons for using it should prevail over your data protection rights.
4. Purposes and Period of Data Processing
a) How long do we keep your personal data for?
Your personal data is processed by GNS only for the period necessary to achieve the defined purpose or, as applicable, until you exercise your right to object, right to be forgotten, or withdraw your consent.
After the respective retention period has elapsed, the company will delete or anonymize the data whenever they are not required to be retained for a different purpose that may replace it.
b) What purposes do we process your personal data for?
- Marketing and Sales:
Marketing or selling new products or services;
Analysis of consumption profiles;
Adaptation and development of new products or services. - Customer Management and Service Provision:
Management of contacts, information, or requests;
Management of installations, activations, or disconnections;
Management of complaints or breakdowns;
Management of billing, collections, and payments;
Consumption analysis. - Accounting, Tax, and Administrative Management:
Accounting and invoicing;
Commission management;
Tax information, including submission of information to the tax authority;
Recruitment and selection processes for human resources. - Litigation Management:
Judicial and extrajudicial collection;
Management of other conflicts. - Detection of Fraud, Revenue Protection, and Auditing:
Detection of fraud and illicit practices;
Revenue protection and control;
Credit risk management;
Internal audits and investigations.
c) Network and systems management:
Support and improvement of the networks and applications that sustain the monitoring service, as well as the enhancement and support of the service.
- Compliance with Legal Obligations:
Location of calls for emergency services;
Judicial requests for communication interception;
Investigation, detection, and prosecution of serious crimes;
Response to judicial, regulatory, and supervisory authorities. - Information Security Control:
Access management, logs;
Backup management;
Security incident management.
d) Physical security control:
Video surveillance in facilities, namely, the offices and the factory.
e) What are the deadlines for the processing and retention of personal data?
GNS processes and preserves your personal data according to the purposes for which they are processed.
There are cases where the law mandates the treatment and retention of data for a minimum period. For one year, traffic and location data are kept for the purpose of investigation, detection, and prosecution of serious crimes, or for ten years, for data required by the Tax Authority for accounting or tax purposes.
Whenever there is no specific legal obligation, the data will be processed only for the time necessary to fulfill the purposes that motivated their collection and preservation, always in accordance with the law.
So, GNS will process and maintain your personal data for as long as it maintains a contractual relationship with you.
However, the traffic data necessary for billing purposes, such as destination and origin numbers of the calls made, date/time of the communication, duration of the communication, IP address, will only be retained for a maximum period of 6 months from the date the data is generated.
Regarding the video surveillance of its premises, the company will only retain the recorded images and respective personal data for a maximum period of 30 days.
The GNS may retain other personal data for periods longer than the duration of the contractual relationship, whether based on your consent, to ensure rights or duties related to the contract, or because it has legitimate interests that justify it, but always for the strictly necessary period to achieve their respective purposes and in accordance with the guidelines of the CNPD.
5. Collection of Personal Data
a) How do we collect your personal data?
We collect personal data with your consent when you purchase products or services from GNS, when you download or use company products, services, and applications, or when you participate in market studies. The collection may be done orally, in writing, or through the website.
However, your personal information may also be collected from publicly accessible sources or other sources.
b) How is the indirect collection of your personal data carried out?
To better understand this indirect collection, we indicate the following cases to you:
- Shared database among electronic communication operators for contracting purposes:
If you have outstanding invoices exceeding 20% of the national minimum wage, your data may be included in a debtor list. But before including your data on the list, GNS will notify you to pay the amount within 5 days, prove that the debt does not exist or that it is not enforceable. Also, if you agree to settle the debt, justify the non-payment of invoices with the operator’s failure to fulfill the contract, or have complained about the billed amount or proven that you do not owe the charged amount, you cannot be part of this database. This list is shared among participating communication operators, and the company may refer to this list before making a decision regarding the contracting of services with clients. - Another relevant piece of information about credit risk or about identification and contact details for managing collections, fraud detection, and revenue protection: GNS may collect personal data from private entities that hold relevant information about the credit of the data subjects, provided that these databases comply with applicable data protection rules. The company may also access, collect, or confirm personal data on websites of Public Administration and private entities, to verify the accuracy of their identification and contact information.
6. Data Protection Rights
a) What are your rights?
Below are your rights and the details safeguarded in each one.
b) Right of access:
Right to obtain confirmation of what personal data is being processed and information about it, such as the purposes of processing, retention periods, etc.
Right to view / listen to or obtain a copy, for example, of invoices, written agreements, or recorded calls in which you are involved.
c) Right of rectification:
Right to request the rectification of your personal data that are attached or to request that incomplete personal data be completed, such as address, tax identification number (NIF), email, telephone contacts, among others.
d) Right to erasure of data:
Right to obtain the erasure of your personal data, provided that there are no valid grounds for their retention, such as cases where GNS needs to retain the data to fulfill a legal obligation for investigation, detection, and prosecution of crimes, or because there is an ongoing judicial process.
e) Right to withdraw consent or right of opposition:
Right to object to or withdraw your consent, at any time, to data processing, such as in the case of data processing for marketing purposes, provided there are no overriding legitimate interests over your interests, rights, and freedoms.
f) Right to restriction:
Right to request the restriction of the processing of your personal data, in the form of:
- Treatment suspension;
- Limitation within the scope of processing certain categories of data or processing purposes.
g) Profile and automated decisions:
The GNS can profile customers based, for example, on their preferences, personal interests, service usage, location, etc., notably to provide services, enhance product quality and experience, tailor marketing communications, etc., provided that such processing is necessary for the conclusion or execution of the contact between the data subject and the company.
When processing personal data, including profiling, solely through automated means and capable of producing legal effects concerning you, you shall have the right not to be subject to any decision based solely on such automated processing, except for exceptions provided by law, and shall have the right for the company to adopt appropriate measures to safeguard your rights, freedoms, and legitimate interests, including the right to human intervention in the decision-making process by the GNS, the right to express your point of view, or contest the decision made based on automated processing of personal data.
h) Right to complain:
Right to submit complaints to the supervisory authority, the CNPD, in addition to the company or the DPO.
i) How can you exercise your rights?
Exercising rights is free, except in the event of a manifestly unfounded or excessive request, in which case a reasonable fee may be charged considering the costs. The information must be provided in writing, but can also be provided orally. In this case, the GNS must verify your identity through other means.
The response to requests must be provided within a maximum period of 30 days, unless it is a particularly complex request.
Exercise your rights through the following addresses:
GNS – Georgina Neto dos Santos, Lda
Address: E.N.1 – Mourisca do Vouga, 3754-901, Águeda, Portugal
Email: gns@ingns.com
Phone: +351 234 644 224/44
7. Transmission of Personal Data
Under what circumstances are your personal data communicated to other entities, subcontractors or third parties?
Your data may be transmitted to subcontractors for them to process it on behalf of GNS.
In this case, the company will take the necessary contractual measures to ensure that the subcontractors respect and protect the personal data of the data subject. The data may also be transmitted to third parties – entities distinct from GNS or the subcontractors, companies with which GNS develops partnerships, if consented by the data subject – or entities to whom the data must be communicated by law, such as the tax authority.
8. Protection of Personal Data
a) How does GNS protect your personal data?
The GNS has implemented appropriate, necessary, and sufficient logical, physical, organizational, and security measures to protect your personal data against destruction, loss, alteration, dissemination, unauthorized access, or any other form of accidental or unlawful processing.
b) GNS has implemented:
- Requirements and logical security measures, such as the use of firewalls and intrusion detection systems in your systems, the presence of a strict policy regarding access to systems and information, and the logging of actions taken by company employees regarding personal data of customers or users;
- Physical security measures, including strict access control to GNS’s physical facilities by employees, partners, and visitors, as well as highly restricted and constantly monitored access to the company’s essential technological infrastructure;
- Data protection means from conception using technical means such as masking, encryption, pseudonymization, and anonymization of personal data, as well as a set of privacy-enhancing preventive measures;
- Scrutiny, audit, and control mechanisms to ensure compliance with security and privacy policies;
- A program of information and training for GNS employees and partners;
- Access rules for clients or users to certain products or services, such as the implementation of a password, to enhance control and security mechanisms.
9. Useful Tips for Protecting Your Data
Site of GNS and third parties:
Regarding the use and handling of personal data on the GNS website, be sure to consult the rules regarding the use of cookies.
The website, products or applications of the company may contain links to third-party websites, products, or services related to it.
The collection or processing of personal data requested by third parties is solely your responsibility, and the company cannot be held liable under any circumstances for the content, accuracy, truthfulness, or legitimacy of those websites, or for the misuse of data collected or processed through them.
We alert GNS customers and users to this fact and the need, before using the websites, products, or applications, to read and accept the rules regarding the processing of personal data defined by third parties.
10. Others Advices
GNS advises caution in exposing your personal data as it circulates on the internet, actions that are entirely the responsibility of the customer, as these data are not fully protected against potential breaches. Adopting complementary security measures, including maintaining equipment and programs properly updated and configured with firewall and protection against malicious software, refraining from browsing dubious reputation sites or those lacking adequate authenticity guarantees, physically protecting your equipment, avoiding placing access credentials on public access computers, and using strong passwords.