Skip to content

Learn how your personal data is collected, processed, and used, and how you can access all the details.

1. Personal Data

a) What are personal data?

Personal data is any information, of any nature and in any format, relating to an identified or identifiable natural person.
An identifiable person is considered to be someone who can be directly or indirectly identified by name, identification number, location data, electronic identifier or other elements that allow reaching the person.

b) Who are the data subjects?

The client or user, an individual, to whom the data relates and who benefits from the services or products of GNS – Georgina Neto dos Santos, Lda. The customer will be the person who enters into the contract with the company, and the user is the person who uses its services or products, but who may not necessarily correspond to the customer. For example:

  • In the business segment, the contract with GNS is in the name of the company, but the users are its clients or employees;
  • In the particular segment, a client may acquire multiple services, with each person benefiting from the products or services being considered a user.

In this regard, the company informs that it equally protects personal data and respects the rights of customers and users.

c) Which categories of personal data do we process?
The data categories we deal with are as follows:

  • Identification, Contacts and Other Data:
    Civil or fiscal identification numbers, payment details, billing / installation address, telephone contact or email address;
  • Services:
    Products and services acquired or subscribed;
  • Profile and Interests:
    Interests in the company’s products or services, newsletter, social media, and other preferences and interests.

2. Personal Data Processing

a) Who is responsible for processing your personal data?

The entity responsible for collecting and processing your personal data will be GNS, the provider of the service or product to you, which, within this scope, determines the data collected, the means of processing, and the purposes for which the data is used.

b) The Data Protection Officer:
The GNS also has a data protection officer, who:

  • Monitors data processing compliance with applicable regulations;
  • It is a point of contact with the customer or user, to clarify issues regarding the handling of their data by the company;
  • Cooperate with the supervisory authority;
  • Provides information and advises the data controller or processor on their obligations regarding privacy and data protection.

c) How can I contact the Data Protection Officer?
You can contact the DPO at the following addresses:

  • Letter: Data Protection Officer (DPO) GNS – Georgina Neto dos Santos, Lda. – E.N.1 – Mourisca do Vouga, 3754-901, Águeda, Portugal;
  • Email:

3. Foundation of Personal Data Processing

a) On what basis can we process your personal data?
These are the circumstances in which we handle your personal data:

  • Consent:
    When you have your express consent – in writing or orally – and if that consent is freely given, informed, specific and unequivocal. Examples include your consent for GNS to analyze service usage, consumption profile, and to make recommendations or send marketing messages, to use your identification or service usage data for sending marketing messages from the company;
  • Contract Execution and Pre-Contractual Due Diligence:
    When the processing of personal data is necessary for the conclusion, execution, and management of the contract entered into with GNS, such as, for example, the preparation of a service proposal or information about the address for installation, the provision of communication services, the management of contacts, information, and requests, billing management, collection and payments;
  • Compliance with Legal Obligations:
    When the processing of personal data is necessary to fulfill a legal obligation to which GNS is subject, such as the disclosure of identification or traffic data to law enforcement, judicial, tax, or regulatory entities, or location data to ensure emergency services;
  • Legitimate Interest:
    When the processing of personal data corresponds to a legitimate interest of GNS or third parties, such as processing data for service quality improvement, fraud detection, and revenue protection, and when our reasons for its use should prevail over your data protection rights.

4. Purposes and Period of Data Processing

a) How long do we keep your personal data for?

Your personal data is processed by GNS only for the period necessary to achieve the defined purpose or, as applicable, until you exercise your right to object, right to be forgotten or withdraw consent.
After the respective retention period has elapsed, the company will delete or anonymize the data whenever they are no longer required for any other purpose that could substitute them.

b) What purposes do we process your personal data for?

  • Marketing and Sales:
    Marketing or selling new products or services;
    Consumer profile analysis;
    Adaptation and development of new products or services.
  • Customer Management and Service Provision:
    Contact management, information, or requests;
    Installation, activation or shutdown management;
    Complaints or damage management;
    Billing, collection and payment management;
    Consumption analysis.
  • Accounting, Tax and Administrative Management:
    Accounting and invoicing;
    Commission management;
    Tax information, including submission of information to the tax authority;
    Processos de recrutamento e seleção de recursos humanos.
  • Litigation Management:
    Judicial and extrajudicial debt collection;
    Management of other conflicts.
  • Fraud Detection, Revenue Protection and Auditing:
    Detention for fraud and unlawful practices;
    Revenue protection and control;
    Credit risk management;
    Audit and internal investigations.

c) Network and systems management:
Support and enhancement of the networks and applications that support the monitoring, improvement, and service support.

  • Compliance with Legal Obligations:
    Call routing for emergency services;
    Judicial requests for interception of communications;
    Investigation, detection and repression of serious crimes.
    Response to judicial, regulatory and supervisory entities.
  • Information Security Control:
    Access management, logs;
    Backup management;
    Security incident management.

d) Physical security control:
Video surveillance in facilities, particularly in offices and the factory.

e) What are the deadlines for the processing and retention of personal data?

GNS processes and preserves your personal data according to the purposes for which they are processed.

There are cases where the law requires the treatment and conservation of data for a minimum period, of one year, traffic and location data are used for the purpose of investigation, detection, and repression of serious crimes, or for 10 years, data necessary for information to the Tax Authority for accounting or tax purposes.
Whenever there is no specific legal obligation, data will be processed only for the period necessary to fulfill the purposes that motivated its collection and preservation, and always in accordance with the law.

So, GNS will process and maintain your personal data for as long as it maintains a contractual relationship with you.

However, the traffic data necessary for billing purposes, such as destination and origin numbers of the calls made, date/time of the communication, duration of the communication, IP address, will only be retained for a maximum period of 6 months from the date the data is generated.

Regarding the video surveillance of its premises, the company will only retain the recorded images and respective personal data for a maximum period of 30 days.

The GNS may retain other personal data for periods longer than the duration of the contractual relationship, whether based on your consent, to ensure rights or duties related to the contract, or because it has legitimate interests that justify it, but always for the strictly necessary period to achieve their respective purposes and in accordance with the guidelines of the CNPD.

5. Collection of Personal Data

a) How do we collect your personal data?

We collect personal data with your consent when you purchase products or services from GNS, when you download or use company products, services, and applications, or when you participate in market studies. The collection can be done orally, in writing or through the website.
But your personal information can also be collected from publicly accessible sources or other sources.

b) How is the indirect collection of your personal data carried out?
To better understand this indirect collection, we indicate the following cases to you:

  • Base de dados partilhada entre os operadores de comunicações eletrônicas para efeitos de contratação:
    If you have outstanding invoices totaling more than 20% of the national minimum wage, your data may be included in a debtors list. But before including your data on the list, GNS will notify you to pay the amount within 5 days, prove that the debt does not exist or that it is not enforceable. Also, if you agree to settle the debt, justify the non-payment of invoices with the operator’s failure to fulfill the contract, or have complained about the billed amount or proven that you do not owe the charged amount, you cannot be part of this database. This list is shared among participating communication operators, and the company may refer to this list before making a decision regarding the contracting of services with clients.
  • Another relevant piece of information regarding credit risk or regarding identification and contact data, for debt management, fraud detection, and revenue protection:
    GNS may collect personal data from private entities that maintain relevant information about the credit of the data subjects, provided that these databases comply with applicable data protection rules. The company may also access, collect, or confirm personal data on websites of Public Administration and private entities, to verify the accuracy of their identification and contact information.

6. Data Protection Rights

a) What are your rights?
Below are your rights and the details safeguarded in each one.

b) Right of access:

Right to obtain confirmation of what your personal data is being processed and information about it, such as the purposes of the processing, retention periods, etc.
Right to view / listen to or obtain a copy, for example of invoices, written agreements, or calls in which one is involved and that are recorded.

c) Right of rectification:

Right to request the rectification of your personal data that are attached or to request that incomplete personal data be completed, such as address, tax identification number (NIF), email, telephone contacts, among others.

d) Right to erasure of data:

Right to obtain the erasure of your personal data, provided that there are no valid grounds for their retention, such as cases where GNS needs to retain the data to fulfill a legal obligation for investigation, detection, and prosecution of crimes, or because there is an ongoing judicial process.

e) Right to withdraw consent or right of opposition:

Right to object to or withdraw your consent, at any time, to data processing, such as in the case of data processing for marketing purposes, provided there are no overriding legitimate interests over your interests, rights, and freedoms.

f) Right to limitation:
Right to request limitation of the processing of your personal data, in the form of:

  • Treatment suspension;
  • Limitation within the scope of processing certain categories of data or processing purposes.

g) Profile and automated decisions:

The GNS can profile customers based, for example, on their preferences, personal interests, service usage, location, etc., notably to provide services, enhance product quality and experience, tailor marketing communications, etc., provided that such processing is necessary for the conclusion or execution of the contact between the data subject and the company.

When processing personal data, including profiling, solely through automated means and capable of producing legal effects concerning you, you shall have the right not to be subject to any decision based solely on such automated processing, except for exceptions provided by law, and shall have the right for the company to adopt appropriate measures to safeguard your rights, freedoms, and legitimate interests, including the right to human intervention in the decision-making process by the GNS, the right to express your point of view, or contest the decision made based on automated processing of personal data.

h) Right to claim:
Right to lodge complaints with the supervisory authority, the CNPD, in addition to the company or the DPO.

i) How can you exercise your rights?

Exercising rights is free, except in the event of a manifestly unfounded or excessive request, in which case a reasonable fee may be charged considering the costs. The information must be provided in writing, but can also be provided orally. In this case, the GNS must verify your identity through other means.

The response to requests must be provided within a maximum period of 30 days, unless it is a particularly complex request.

Exercise your rights through the following addresses:

GNS – Georgina Neto dos Santos, Lda

Address: E.N.1 – Mourisca do Vouga, 3754-901, Águeda, Portugal

Telephone: +351 234 644 224/44

7. Transmission of Personal Data

Under what circumstances are your personal data communicated to other entities, subcontractors or third parties?

Your data may be transmitted to subcontractors for them to process on behalf and on account of GNS.
In this case, the company will take the necessary contractual measures to ensure that subcontractors respect and protect the personal data of the data subject.
The data may also be transmitted to third parties – entities distinct from GNS or subcontractors, companies with whom it develops partnerships, if the data subject consents – or entities to whom the data must be communicated by law, such as the tax authority.

8. Protection of Personal Data

a) How does GNS protect your personal data?

The GNS has implemented appropriate, necessary, and sufficient logical, physical, organizational, and security measures to protect your personal data against destruction, loss, alteration, dissemination, unauthorized access, or any other form of accidental or unlawful processing.

b) GNS has implemented:

  • Requirements and logical security measures, such as the use of firewalls and intrusion detection systems in your systems, the presence of a strict policy regarding access to systems and information, and the logging of actions taken by company employees regarding personal data of customers or users;
  • Physical security measures, including strict access control to GNS’s physical facilities by employees, partners, and visitors, as well as highly restricted and constantly monitored access to the company’s essential technological infrastructure;
  • Data protection means from conception using technical means such as masking, encryption, pseudonymization, and anonymization of personal data, as well as a set of privacy-enhancing preventive measures;
  • Scrutiny, audit, and control mechanisms to ensure compliance with security and privacy policies;
  • A program of information and training for GNS employees and partners;
  • Access rules for clients or users to certain products or services, such as the implementation of a password, to enhance control and security mechanisms.

9. Useful Tips for Protecting Your Data

Site of GNS and third parties:

Regarding the use and handling of personal data on the GNS website, be sure to consult the rules regarding the use of cookies.

The website, products or applications of the company may contain links to third-party websites, products, or services related to it.

The collection or processing of personal data requested by third parties is solely your responsibility, and the company cannot be held liable under any circumstances for the content, accuracy, truthfulness, or legitimacy of those websites, or for the misuse of data collected or processed through them.

We alert GNS customers and users to this fact and the need, before using the websites, products, or applications, to read and accept the rules regarding the processing of personal data defined by third parties.

10. Others Advices

GNS advises caution in exposing your personal data as it circulates on the internet, actions that are entirely the responsibility of the customer, as these data are not fully protected against potential breaches. Adopting complementary security measures, including maintaining equipment and programs properly updated and configured with firewall and protection against malicious software, refraining from browsing dubious reputation sites or those lacking adequate authenticity guarantees, physically protecting your equipment, avoiding placing access credentials on public access computers, and using strong passwords.