Privacy Notice

Privacy and Personal Data Protection Notice

 

1. Who is responsible for processing your personal data?
   
   
   The data controller is ARSOPI, with Tax Identification Number 500031061 and registered office at Relva, Vila Chã, Apartado 10, 3730-954 Vale de Cambra.
   If you need more information about any of the points included in our Privacy Policy and want to send your questions, queries or complaints related to the processing of your personal data, you can do so via the email address: dadospessoais@arsopi.pt.
   Below, we provide detailed information about the processing of your personal data carried out by ARSOPI as the data controller.
   ARSOPI ensures that the personal data to which you will have access is:
   
   
   (i) processed lawfully, fairly and transparently;
   (ii) used only for the purposes for which it is collected; and
   (iii) processed in a way that ensures its security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by adopting appropriate technical or organizational measures.
   
   
   
2. Personal data
   
   
   Personal data is any information about an identified or identifiable natural person.
   
   
   For the purposes set out in this Privacy Policy, the controller collects and processes the personal data explained in each type of processing, which will depend on the different services you request or the contractual relationship you have with our entity.
   
   
   ARSOPI is committed to treating you with complete confidentiality and applying appropriate physical, technical and organizational security measures to protect your personal data.
   You guarantee and are responsible, in any case, for the veracity, accuracy, validity and authenticity of the personal data provided and undertake to keep it duly updated.
   
   
   
3. Personal data categories
   
   3.1. Website Users
   
   
   Within the scope of using and interacting with the ARSOPI website, as well as managing communications and requests submitted by users, the following types of personal data may be processed:
   
   
   a) Identification Data: full name and, where applicable, username associated with access accounts or restricted areas.
   b) Contact Data: telephone/mobile phone number and email address.
   c) Navigation and Technical Data: IP address, date and time of access, pages visited, session duration, browser type and version, device used, operating system and other technical data necessary for the operation and security of the website.
   d) Communication and Interaction Data: messages, contact requests or information submitted through online forms (e.g., To contact us, please fill out the form below), as well as their history.
   e) Preferences and Usage Data: options selected in forms, language preferences, consents given (such as accepting cookies) and browsing behavior on the website, as configured in the cookie management panel. This data is processed exclusively to ensure the operation, improvement, security and personalization of the browsing experience, as well as to respond to contact requests, newsletter subscriptions and other legitimate user interactions with the ARSOPI website.
   
   
   3.2. Recruitment Candidates
   
   
   Within the scope of recruitment and selection processes, ARSOPI collects and processes candidates' personal data strictly necessary for evaluating their profile and suitability for the functions to be performed.
   
   
   a) Identification and Contact Data: Name, email address, citizen card number, tax identification number, address, and telephone contacts.
   b) Professional and Academic Data: Professional experience, academic qualifications, work history, and other information contained in the curriculum vitae submitted by the candidate.
   c) Complementary Data: Date of birth and any other personal data included in documents voluntarily provided by the candidate during the recruitment process.
   
   
   ARSOPI may, whenever legally permitted, collect personal data through third parties, such as recruitment companies, professional references, previous employers, or entities that carry out professional background checks.
   During selection interviews and evaluation processes, additional information relevant to the assessment of the application may also be collected.
   
   
   
4. How do we collect your personal data?
   
   4.1. Website Users
   
   
   ARSOPI collects personal data from users of its website in a transparent, lawful manner, limited to the purposes for which it is processed, through the following means:
   
   
   a) Directly from the data subject: When the user fills out forms available on the website (for example, "Contact Us"), or when they contact us by email, telephone, or other electronic means of communication provided by ARSOPI.
   
   
   b) Through website navigation: During navigation, certain technical data may be automatically collected, such as IP address, device type, operating system, browser used, and pages visited. Cookies and similar technologies may also be used, in accordance with the terms defined in ARSOPI's Cookie Policy. Only technical cookies or those strictly necessary for the operation of the website will be used; others (such as analytical or personalization cookies) will only be activated with the user's prior and express consent, through the cookie management panel.
   
   c) Through duly authorized third parties: Whenever applicable, ARSOPI may receive personal data through technology service providers or web analytics partners (e.g., Google Analytics or equivalent tools), exclusively for statistical purposes, security and improvement of the website user experience, and always in accordance with the user's consent preferences.
   
   4.2. Recruitment and Selection Processes
   
   
   ARSOPI collects personal data from candidates within the scope of recruitment and selection processes through the following means:
   
   
   a) Directly from the candidate: When the candidate submits a spontaneous application, responds to a job advertisement, submits their CV (in physical or digital format), or participates in interviews and assessment processes conducted by ARSOPI.
   
   
   b) Through third-party entities: Data may be collected through recruitment platforms, temporary employment agencies, personnel selection agencies, or professional references and previous employers, in cases where the candidate has expressly authorized this.
   
   
   c) During interviews and assessments: During interviews and assessment processes, additional information may be collected regarding skills, availability, professional experience, expectations, or other data relevant to the evaluation of the application.
   
   
   
   
5. For what purposes do we collect personal data?
   
   5.1. Website Users
   
   
   ARSOPI processes the personal data of its website users for specific, explicit, and legitimate purposes, respecting the principles of necessity, proportionality, and purpose limitation defined in Regulation (EU) 2016/679 (GDPR).
   
   
   In particular, the personal data collected through the website may be processed for the following purposes:
   
   
   a) Management of requests, communications, and user relationship: Responding to contact requests, information, quotes, or other requests submitted through the website forms or electronically; managing support communications, technical assistance, or commercial follow-up.
   b) Management of commercial relationships and provision of services: Whenever contact established through the website results in a contractual or commercial relationship, the data is used for the preparation of proposals, order management, invoicing, contract execution, and associated administrative and accounting management.
   c) Sending institutional and informational communications: With the prior and express consent of the data subject, ARSOPI may send informational communications, institutional newsletters, invitations to events, or updates on its products and services.
   d) Gathering opinions and continuous improvement: Collecting feedback, opinions, or evaluations from users and clients on the products, solutions, and services provided, with a view to continuously improving the quality and suitability of ARSOPI's responses.
   e) Technical and functional management of the website: Ensuring the operation, maintenance, security, and continuous improvement of the website, including the management of cookies and similar technologies, under the terms defined in ARSOPI's Cookie Policy.
   f) Statistical analysis and optimization of the digital experience: Conducting statistical analyses and aggregated and anonymous studies on the use of the website, with the aim of understanding user behavior and improving navigation, content, and functionalities available online.
   g) Compliance with legal and security obligations: Ensure compliance with legal, regulatory and IT security obligations, as well as protect ARSOPI's systems and infrastructure against unauthorized access, fraud or illegal activities.
   h) Management of consents and privacy preferences: Register and respect the consent and privacy options provided by users regarding the use of their personal data, cookies and electronic communications.
   
   
   5.2. Recruitment and Selection
   
   
   Within the scope of recruitment and selection processes, ARSOPI processes candidates' personal data for the following purposes:
   
   
   a) Management of unsolicited applications and response to job advertisements: Receiving, analyzing, and processing applications submitted through the website, by email, physically, or through recruitment platforms.
   b) Evaluation of qualifications and suitability for the job: Analyzing the skills, experience, and professional profile of candidates in relation to the requirements of the available positions.
   c) Conducting interviews and assessment processes: Conducting interviews, technical tests, and collecting supplementary information necessary for the evaluation of the application.
   d) Communication with candidates: Establishing contact with candidates during the selection process, including notifications about the status of the application or possible future opportunities.
   e) Verification of professional references: Confirming information contained in the resume, through references or previous employers, whenever legally permissible and/or with the candidate's consent.
   f) Candidate database management: Maintaining a database of candidates for consideration in future recruitment opportunities, based on the express consent of the data subject.
   g) Compliance with legal and contractual obligations associated with recruitment processes and eventual signing of an employment contract.
   
   
   
   
6. Use of data for other purposes
   
   ARSOPI uses personal data only for the specific, explicit, and legitimate purposes that motivated its collection, as defined in this Privacy Policy. As a rule, personal data is not processed for purposes other than those for which it was originally collected. However, in specific and duly justified situations, data may be used for other purposes compatible with the initial purpose of the processing, provided that: these purposes fall within the limits of the original processing; there are adequate guarantees of security, confidentiality, and data protection; and the new processing is based on a criterion of lawfulness provided for in Article 6 of the GDPR. Whenever ARSOPI intends to process personal data for a purpose substantially different from the initial one, the following conditions will be met:
   
   
   1. The data subject will be informed in advance of this new purpose;
   2. The legal basis supporting the new processing will be communicated to them;
   3. When necessary, new express consent from the data subject will be requested before the data is used.
   
   
   This policy also applies to customer data (website users) and to all job applicants at ARSOPI, ensuring that any reuse of personal information fully respects the principles of lawfulness, fairness, transparency, and purpose limitation.
   
   
   
7. What are the legal grounds for processing personal data?
   
   ARSOPI only processes personal data when there is a legal basis as set out in Article 6 of Regulation (EU) 2016/679 - General Data Protection Regulation (GDPR).
   
   Generally, personal data is processed based on the following legal grounds:
   
   7.1. Website Users
   
   

   The processing of personal data of ARSOPI website users is based exclusively on the legal grounds set out in Article 6 of the GDPR, applicable to the digital context and electronic interactions:

   
   

   1. Performance of pre-contractual steps (art 6.º, n.º 1, al. b)): When processing is necessary to respond to requests submitted through the website, such as contact requests, quotes, information about services or other communications initiated by the user. This is related to the management of contractual and pre-contractual service relationships, including quality control of the service provided.

   
   

   2. Legitimate interest (art 6.º, n.º 1, al. f)): When processing is essential to ensure the operation, security and technical improvement of the website, prevent unauthorized access or fraud, and optimize the browsing experience, without prejudice to the rights and freedoms of data subjects. This will also be related to the management of Complaints/Suggestions.

   
   3. Consent (art. 6.º, n.º 1, al. a)): When the user expressly authorizes the processing for optional purposes, such as marketing, information campaigns or the use of non-essential cookies (analytical, personalization or advertising). Consent is always freely given, informed, specific and revocable at any time, without affecting the lawfulness of previous processing.
   
   
   7.2. Recruitment and Selection
   
   The personal data of job or internship applicants is processed based on the following grounds:
   
   

   1. Execution of pre-contractual due diligence (art. 6.º, n.º 1, al. b)): Processing is necessary to assess the application and decide on the possible conclusion of an employment or internship contract. This basis applies because the candidate provides their data with a view to concluding a contract, and it is essential to collect information to schedule interviews, administer selection tests, or assess suitability for the job.

   
   

   2. Compliance with a legal obligation (art. 6.º, n.º 1, al. c)): Arising from labor, social security, and immigration legislation, which requires verification of the legal capacity to work in Portugal. It also includes the obligation to retain certain records in case of inspections or audits by official entities.

   
   

   3. Consent (art 6.º, n.º 1, al. a)): Used in specific situations not covered by the previous bases, namely for the retention of the curriculum vitae or personal data for a longer period, with a view to future employment opportunities. Consent is freely given, informed, specific, and can be withdrawn at any time, without prejudice to the lawfulness of the processing carried out up to the date of withdrawal.

   
   
   
8. For how long do we retain your personal data?
   
   
   The personal data collected and processed are kept, according to their purpose, in compliance with applicable legal deadlines.
   In cases where there is no legal deadline regarding the retention and storage of personal data, such data will only be stored and kept for the appropriate period and to the extent necessary, according to the purposes for which they were collected, unless, at any time, the data subject, within the legal limits, exercises their rights of objection, limitation, erasure or withdrawal of their consent.
   Whenever the data subject exercises, within the legal limits, their rights of objection, erasure or withdrawal of consent, ARSOPI will proceed with the deletion or anonymization of the data, unless its retention is required by law or necessary for the defense of ARSOPI's legitimate rights or interests in judicial, administrative or arbitration proceedings.
   
   
   
9. Who do we share your personal data with?
   
   
   ARSOPI is committed to treating personal data confidentially and sharing it only with third parties when necessary, legitimate, and proportionate to the purposes of the processing, or when there is a legal obligation to do so.
   The responsible entities may disclose the data to other companies within their group, in the context of service sharing and for internal reporting purposes. The data may also be shared with the clients of the responsible entities, within the scope of human resources recruitment services and, where applicable, in the provision of temporary work.
   The sharing referred to in the preceding paragraphs may be carried out for the purpose of contacts related to other offers not only to the one for which the application is made.
   They may also be shared with third-party service providers of the responsible entities (namely legal, accounting or auditing services) and with public authorities, under applicable law, to whom we are obliged to disclose data, such as the Authority for Working Conditions (ACT), as well as following court orders, to the respective judicial authorities.
   
   
   
   
10. What are the rights of data subjects?
    
    Data subjects, as such, have the following rights:
    
    
    • Right to information - the data subject has the right to be informed about how their data will be processed by ARSOPI in accordance with Articles 13 and 14 of the GDPR.
      
    • Right of access - the data subject has the right to access their personal data and all information relating to the processing in question.
      
    • Right to rectification - the data subject has the right to request the correction of personal information that ARSOPI holds about them that is outdated, incorrect or incomplete.
      
    • Right to erasure - the data subject has the right to request the erasure of their personal data in certain situations. This allows you to ask ARSOPI to erase personal information concerning you if there is no acceptable reason for it to continue processing it.
      
    • Right to restriction of processing - the data subject has the right to request the restriction of the processing of their personal data, for example, if they want us to verify its accuracy or the legal basis for processing.
    • Right to data portability - the data subject has the right to request the portability of their personal information to another data controller.
      
    • Right to object to processing - the data subject has the right to object to the processing of their personal data when ARSOPI is processing that data based on legitimate interest.
      
    • Right to withdraw consent - in situations where the data subject has given consent for the collection and processing of their personal data for a specific purpose, they have the right to withdraw their consent at any time. Such withdrawal of consent does not compromise the processing of data carried out based on the consent previously given.
      
    You may also request more detailed information, specifically regarding the purposes, legal basis, and retention periods, as well as submit complaints to ARSOPI about how your personal data is processed, without prejudice to your right to also do so with the competent authority.
    
    
    The exercise of these rights can be carried out via the email address: dadospessoais@arsopi.pt. ARSOPI may request specific information about you in order to confirm your identity and ensure a response to the exercise of your rights. This is a security measure to ensure that your personal information is not disclosed to any person who is not authorized to access it.
    The exercise of rights does not presuppose the payment of any fee. However, ARSOPI may charge a reasonable fee taking into account the administrative costs of providing the information if the requests are clearly unfounded or excessive, particularly due to their repetitive nature. Alternatively, ARSOPI may, in these circumstances, refuse to comply with the request.
    Data subjects have the right to lodge a complaint with the National Data Protection Commission (CNPD) if they consider that the processing of their personal data by ARSOPI violates the General Data Protection Regulation (GDPR) or applicable national legislation on privacy and data protection. The complaint can be submitted directly to the CNPD through the following official contacts: Email: geral@cnpd.pt, available on the website: www.cnpd.pt.
    
    

11. Under what circumstances do we transfer your personal data to third countries?
    
    
    The sharing of images (video) and audio (sound) on the social networks mentioned below by the data controller may give rise to international transfers of personal data to a third country or an international organization. It is important to clarify that ARSOPI does not share the personal data collected on its website on social networks, despite maintaining an institutional presence on them. Any processing carried out on these platforms results exclusively from the interaction that the user establishes directly with the social network operator.
    Therefore, please note that ARSOPI has limited influence on the data processing carried out by the operators of social network platforms.
    The social media platform operator manages all the service's IT infrastructure, defines its own data protection rules, and maintains its own relationship with users. Furthermore, the operator is solely responsible for all matters relating to your user profile data, to which ARSOPI has no access.
    We must also inform you that the transmission and/or subsequent dissemination of images (video) and audio (sound) on social networks entails risks, particularly regarding the reuse of personal data for purposes other than those for which it may be shared on social networks.
    For more information on the data processing carried out by the social media platform operator, please consult the operator's privacy policy:
    
    
    Facebook: https://pt-pt.facebook.com/privacy/policy/  
    Youtube: https://policies.google.com/privacy  
    Instagram: https://privacycenter.instagram.com/policy  
    LinkedIn: https://pt.linkedin.com/legal/privacy-policy  
    
    
    In this regard, within the scope of using the platform, your personal data will generally also be processed and stored on servers located in third countries, under the terms better defined by the aforementioned policies, which are the sole responsibility of the respective platform operators. The data subject acknowledges that the images (video) and audio (sound), once made available online, may be reused and disseminated by third parties.
    
    
    
    
12. What security measures are in place?
    
    
    ARSOPI uses various security measures, including authentication tools, encryption, and digital certificates to help protect and maintain the security, integrity, and availability of your personal data.
    Although data transmission over the internet or website cannot guarantee complete security against intrusions, ARSOPI and its service providers and business partners make every effort to implement and maintain physical, electronic, and procedural security measures designed to protect the personal data of data subjects in accordance with applicable data protection requirements.
    
    
    
13. Changes to the Privacy Notice
    
    
    This Privacy Notice may be updated or changed at any time without prior notice.
    All updates to the Privacy Notice will be communicated via a notice on our website: https://www.arsopi.pt/pt/ so that such changes can be immediately understood.