Menu
privacy policy
The General Data Protection Regulation (GDPR) is applicable as of May 25 and, bearing this in mind, Glintt Global companies have prepared a Privacy Policy to demonstrate their commitment to and respect for the privacy and personal data protection rules of their customers and suppliers.
This Privacy Policy comes about because we want to make you aware of the general rules on privacy and the processing of your personal data, which we collect and process in strict compliance with EU and national legislation on the protection of personal data.
Glintt Global and its companies are committed to respecting the best practices in the field of security and protection of personal data, and to this end have approved a program capable of safeguarding the protection of the data made available to us by its customers and suppliers.
Contact us
For more information, see our Privacy Policy or contact us at privacidade@glinttglobal.com.
This document is an integral part of the normative body for the protection of personal data of the Glintt Group, considering the General Data Protection Regulation (2016/679), henceforth GDPR.
Whenever this document is updated, a new version will be available immediately after its approval.
Monitoring of compliance with this regulation shall be ensured by measuring control indicators and/or audits (internal or external), at regular intervals or when significant changes occur.
This Privacy Policy has been implemented with the purpose of demonstrating the commitment and respect for the rules of privacy and protection of personal data.
This Privacy Policy arises because we intend to disclose the general rules of privacy and processing of your personal data, which we collect and process in the strict respect and compliance with the community and national legislation for the protection of personal data.
The Glintt Global is committed to comply with best practices in the field of security and protection of personal data, and for this purpose has approved a program capable of protecting the data that is made available to us by all those who are related with the Group, in any way.
In this context, a Data Protection Officer and the Chief Security Officer have been appointed responsible for the implementation and verification of this Privacy Policy as well as the definition of clear rules for the processing of personal data, ensuring that all those entrusted with their personal data are aware of the way the Group processes them and what rights they have in this area.
This Privacy Policy applies to all activities that are related to the collection and processing of personal data, made by the Group.
This Privacy Policy is intended to the general public and establishes obligations to:
a) All employees of the organization;
b) Data Protection Officer and Chief Security Officer as responsible for reporting non- compliance with privacy and data protection matters.
Personal Data – Any information relating to an identified or identifiable individual; an identifiable person is one who can be identified, directly or indirectly, by reference to an identification number (e.g. social security number) or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity (e.g. name, date of birth, biometrics data, fingerprints, DNA, etc.);
Special categories of personal data – Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying an individual person, data concerning health or data concerning an individual person’s sex life or sexual orientation;
Processing – Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Controller – Individual or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Personal Data Breach – Breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;
Processor – Individual or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Third Party – Individual or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
Supervising Authority – Independent public authority which is established by a Member State.
Personal Data collection, access, recording, organization, storage, use, sharing and consultation activities are within the Glintt Global employee’s functions scope. Additionally, other activities that under the terms of the RGPD are called “processing of personal data” may also occur.
The personal data collected concerns not only employees but also suppliers, candidates and customers.
When collecting Personal Data, companies belonging to the Glintt Global provide data owners with detailed information on the nature of the data collected and on the purpose and treatment to be carried out in relation to personal data, as well as right of access to personal data.
In context of personal data processing activities, the Glintt Global makes use of or may resort to third parties, subcontracted by itself, to process, in its name, and in accordance with the instructions given by it, compliance with the provisions of the law and this Privacy Policy.
These subcontracted entities will not be able to transmit the data subject’s data to other entities without previous written authorization from Glintt Global, being also prevented from hiring other entities without permission for this purpose.
The Glintt Global commits to subcontract only entities that have sufficient guarantees to carry out the appropriate technical and organizational measures to ensure the protection of the data subject’s rights. All subcontracted entities are bound by a written agreement which governs the subject matter, the duration of the processing, the nature and purpose of the processing, the type of personal data, the categories of data subjects and the rights and obligations of the Parties.
When collecting personal data, the Glintt Global will provide its owner with information on the categories of subcontracted entities that may, in the specific case, process data on behalf of the GLINTT Group.
The Glintt Global may collect personal data directly (i.e. directly from the data subjects) or indirectly (i.e. through partner entities or third parties). This collection may be performed through the following channels:
In terms of general principles regarding the personal data processing, the Glintt Global is committed to ensure that they are:
a)The subject of a legal, fair and transparent processing in relation to the data subject’s rights;
b)Collected for specified, explicit and legitimate purposes and not subsequently processed in a manner incompatible with those purposes;
c)Appropriate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d)Accurate and up-to-date, making sure all appropriate measures being taken to ensure that inaccurate data, taking into account the purposes for which they are processed, are erased or rectified without delay;
e)Preserved in a way which allows the data subject to be identified only in the period necessary for the purposes for which the data are processed;
f)Processed in a manner that ensures their safety, including the protection against unauthorized or unlawful data processing, accidental loss, destruction or damage, meaning that the appropriate technical or organizational measures are taken;
Data processing performed by the Glintt Global is legal when at least one of the following situations occurs:
a) The data subject has given his explicit consent for the processing of his personal data for one or more specific purposes;
b) The processing is necessary for the execution of a contract in which the data subject is an integral part or for pre-contractual arrangements at the request of the data subject;
c) The processing is necessary to fulfill a legal obligation to which the Glintt Global is subject;
d) The processing is necessary to ensure the defense of the data subject’s, or any other individual’s, vital interests;
e) The processing is necessary for the legitimate interests pursued by the Glintt Global or by third parties (unless the interests or fundamental rights and freedoms of the data subject that require the protection of personal data prevail).
The Glintt Global undertakes to ensure that the data subject’s personal data is only processed in the above listed conditions and with respect for the abovementioned principles.
When personal data is processed by the Glintt Global based on the data subject’s consent, the data subject has the right to withdraw his consent at any time. The withdrawal of consent, however, does not compromise the lawfulness of the processing’s performed by the Glintt Global based on the data subject’s previously provided consent.
The retention period, during which the data is stored and maintained, varies with the purpose for which the information is processed.
Effectively, there are legal requirements that require you to retain the data for a minimum period of time. Thus, and where there is no specific legal requirement, the data will be stored and kept only for the minimum period necessary for the purposes that led to their collection or subsequent processing, after which they will be eliminated.
In general terms, the Glintt Global uses the data subject’s personal data for various purposes, namely billing and collection, marketing purposes and human resources management as well as employee recruitment, among other.
The personal data collected by the Glintt Global are not shared with third parties without the explicit consent of the data subject, except for the situations mentioned in the following paragraph. In case the data subject contracts services from the GLINTT Group, that are provided by other entities, responsible for the processing of personal data, this data may be consulted or accessed by those entities to the extent necessary for the provision of such services.
Under the applicable legal terms, the Glintt Global may transmit or communicate the data subject’s personal data to other entities in cases where such transmission or communication is necessary for the execution of the contract established between the data subject and the Glintt Global, or for pre-contractual arrangements at the request of the data subject, if it is necessary for the fulfillment of a legal obligation to which the Glintt Global is subject or in case it is necessary for the purpose of pursuing the legitimate interests of the Glintt Global or third party.
When the data subject’s data is transmitted from the data subject to third parties, efforts will be made that are reasonable for the recipient to use the data in a manner consistent with this Privacy Policy.
In the event of a personal data transmission to third parties, reasonable efforts will be made to the recipient to use the data in a manner consistent with this Privacy Policy.
In order to guarantee the appropriate security and maximum confidentiality of the data subject’s personal data, the Glintt Global processes the personal information in an absolutely confidential way, in accordance with its internal security and confidentiality policies and procedures, which are updated periodically according to the necessities, as well as in accordance with the terms and conditions legally established.
Depending on the nature, scope, context and purpose of the data processing, as well as the risks to the data subject’s rights and freedoms that arise from this processing, the Glintt Global commits to apply all the technical and organizational measures necessary and adequate for data protection and compliance with legal requirements.
It is also committed to ensure that only data that is necessary for each specific processing purpose is actually processed and that such data is not made available to an indeterminate number of people.
In terms of general measures, the Glintt Global adopts the following:
a) Regular audits to assess the effectiveness of the technical and organizational measures implemented;
b) Awareness-raising and training of personnel involved in data-processing operations;
c) Pseudonymization and encryption of personal data, when and where justified;
d) Mechanisms capable of ensuring the permanent confidentiality, availability and resilience of information systems;
e) Mechanisms to ensure the restoration of information systems and access to personal data in a timely manner in the event of a physical or technical incident.
Personal data collected and used by the Glintt Global are not made available to third parties established outside the European Union. Should this transfer take place in the future, the Glintt Global undertakes to ensure that the transfer complies with the applicable legal provisions, in particular regarding the determination of the suitability of such country in terms data protection and the requirements applicable to such transfers.
Information provided by the Glintt Global to the data subject (when data is collected directly from the data subject):
a) The identity and contacts of the Glintt Global, as well as the responsible for the data processing and, if applicable, of its representative;
b) The Data Protection Officer contacts;
c) The purpose of the processing to which the personal data are intended and, where applicable, the legal basis for this processing;
d) If the personal data processing is based on the Group’s legitimate interests or a third party’s legitimate interests, an indication of such interests;
e) Where applicable, the recipients or categories of recipients of personal data;
f) Where applicable, an indication that personal data will be transferred to a third country or an international organization, and whether or not there is a compliance decision adopted by the Commission or reference to appropriate transfer guarantees;
g) The time limit for the retention of personal data or the criteria used to define the same;
h) The existence of the right to ask the Glintt Global for access to personal data, as well as its rectification, erasure or limitation, the right to object to the processing activities and the right to portability;
i) Where the data processing is based on the data subject’s consent, the right to withdraw consent at any time without compromising the lawfulness of the processing carried out on the basis of the consent previously provided;
j) The right to present a complaint to the supervisory authority;
k) An indication of whether or not the communication of personal data constitutes a legal or contractual obligation or a requirement to conclude a contract, and whether the data subject is obliged to provide the personal data and the possible consequences of not providing such data;
l) where applicable, the existence of automated decisions, including the definition of profiles, and information on the underlying logic, as well as the importance and expected consequences of such processing for the data subject;
m) In the event that the personal data is not collected directly by the Glintt Global from the data subject, in addition to the information referred to above, the data subject is also informed about the personal data categories that are under processing, as well as the origin of the data and if these are normally accessible to the public;
n) If the Glintt Global intends to process the data subject’s personal data, for a purpose other than that for which the data was initially collected, prior to such processing the Glintt Global shall provide the data subject all the information on that purpose and any other relevant information, such as described in the above terms.
Procedures and measures implemented to fulfill the right to information:
The abovementioned information is provided in writing (including by electronic means) by the Glintt Global to the data subject prior to the processing of his personal data. Under applicable law, the Glintt Global is not required to provide the data subject with this information when and to the extent that the data subject is presumed to have knowledge of them.
The information is provided by the Glintt Global for free.
The Glintt Global guarantees the means of access by the data subject to their personal data.
The data subject has the right to obtain confirmation from the Glintt Global that the personal data concerning him or her are processed and, if applicable, the right to access their personal data and the following information:
a) The purposes for processing the data;
b) The personal data categories in question;
c) The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular the recipients established in third countries or belonging to international organizations;
d) If possible, the personal data’s retention period;
e) The existence of the right to request the Glintt Global to rectify, erase or limit the processing of personal data, or the right to object to such treatment;
f) The right to present a complaint to the supervisory authority;
g) If the data has not been collected from the data subject, the available information on the origin of the data;
h) the existence of automated decisions, including the definition of profiles, and information on the underlying logic, as well as the importance and expected consequences of such processing for the data subject;
i) The right to be informed of the appropriate safeguards attached to the transfer of data to third countries outside the EU or to international organizations.
Upon request, the Glintt Global will provide a copy of the data that is being processed, to the data subject, free of charge. The supply of other copies requested by the data subject may entail administrative costs.
The data subject has the right to request, at any time, the rectification of his / her personal data and also the right to have incomplete personal data completed, including by means of an additional declaration.
When the rectification of the data is verified the Glintt Global will inform each recipient to whom the data has been forwarded to of the respective rectification, unless such communication proves impossible or involves a disproportionate effort for the GLINTT Group.
The data subject has the right to obtain from the Glintt Global the erasure of his data when one of the following reasons applies:
a) The data subject’s data is no longer required for the purpose for which it was collected or processed;
b) The data subject withdraws the consent on which the data processing is based and there is no other legal basis for such processing;
c) The data subject is opposed to treatment under the right of opposition and there are no other prevailing legitimate interests that justify the processing activities;
d) If the data subject’s data is treated unlawfully;
e) In case the data subject’s data has to be erased in order to fulfill a legal obligation that the Glintt Global is subject to.
Under the applicable legal terms, the Glintt Global is not required to erase the data subject’s data to the extent that the processing activities prove necessary to fulfill a legal obligation to which the Glintt Global is subject to, or for the purposes of declaration, exercise or defense of a right in legal proceedings.
In case of data subject’s data deletion, the Glintt Global shall notify each recipient / entity to whom the data have been transmitted of deletion unless such communication proves impossible or entails a disproportionate effort to the GLINTT Group.
If the Glintt Global has made the data subject’s data publicly available and is obliged to delete it under the right to delete the data, the Glintt Global undertakes to ensure that measures are reasonable, including technical in view of available technology and the costs of its application, to inform those responsible for the effective processing of personal data that the data subject asked them to erase the links to these personal data, as well as copies or reproductions thereof.
The data subject has the right to limit the processing of his data by the Glintt Global if one of the following situations applies (the limitation may be to insert a mark in the personal data preserved in order to limit the processing in the future):
a) If you challenge the accuracy of personal data, for a period that allows the Glintt Global to verify its accuracy;
b) If the processing is unlawful and the data subject is opposed to the erasure of the data, requesting, however, the limitation of its use;
c) If the Glintt Global no longer requires the data subject’s data for processing purposes but such data is required by the data subject for the purposes of declaration, exercise or defense of a right in a legal proceeding;
d) If the data subject has objected to the processing, until the reasons are effectively verified the legitimate reasons of the Glintt Global prevail over those of the data subject.
When the data subject’s data are subject to limitation, they may only be dealt with after the data subject’s consent or for the purposes of declaring, exercising or defending a right in a judicial process, defending the rights of another natural or legal person, or for reasons of public interest, except for the purpose of its conservation.
The data subject that has obtained the limitation of their personal data processing, as mentioned in the above cases, will be informed by the Glintt Global before the processing limitation is annulled.
In the event of data processing limitation, the Glintt Global shall communicate to each recipient to whom the data has been transmitted to the respective limitation, unless such communication proves impossible or involves a disproportionate effort for the GLINTT Group.
The data subject has the right to receive the personal data concerning him and which he has provided to the Glintt Global in a structured, current and automatic reading format and the right to transmit this data to another controller, if:
a) The processing is based on the consent or a contract of which the holder is a party;
b) The processing is carried out by automated means.
The portability right does not include inferred data or derived data, i.e. personal data that is generated by the Glintt Global as a consequence or result of the analysis of the data being processed.
The data subject has the right to have the personal data transmitted directly between those responsible for the processing, whenever this is technically possible.
The data subject has the right at any time to object, on grounds relating to his particular situation, to the processing of personal data concerning him which is based on the exercise of legitimate interests pursued by the Glintt Global or when processing is carried out for purposes other than those for which personal data have been collected, including the definition of profiles, or where personal data are processed for statistical purposes.
The Glintt Global shall cease processing the data subject’s data unless it submits compelling and legitimate reasons for such treatment that prevail over the rights interests and freedoms of the data subject, or for the purpose of declaring exercise or defense of an Glintt Global right in a judicial proceeding.
When the data subject’s data is processed for the purpose of direct marketing (marketing), the data subject has the right to object at any time to the processing of the data that concern him for the purposes of such marketing, which profile definition insofar as it relates to direct marketing. Should the data subject oppose the processing of their data for the purposes of direct marketing, the Glintt Global ceases processing of the data for this purpose.
The data subject also has the right not to be subject to any decision taken exclusively on the basis of automated processing, including profiling, having legal effects or significantly affecting it in a similar way, unless the decision:
a) Is necessary for the signature or execution of a contract between the holder and the GLINTT Group;
b) Is authorized by legislation to which the Glintt Global is subject; or
c) is based on the data subject’s explicit consent.
The right of access, the right of rectification, the right of erasure, the right of limitation, the right of portability and the right of opposition can be exercised by the data subject through contact with the Group’s Data Protection Officer or Chief Security Officer, as well as with the representative of the unit responsible for the treatment, taking into account the processing in question, through the email privacidade@glinttglobal.com and/or through the page available on the Site www.glinttglobal.com.
The Glintt Global will respond in writing (including by electronic means) to the data subject’s request within a maximum of one month from the receival of the request, except in cases of special complexity, where this period can be extended by up to two months.
If the requests made by the data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the Glintt Global reserves the right to charge administrative costs or refuse to comply with the request.
In the event of a data breach and to the extent that such breach is liable to entail a high risk to the rights and freedoms of the data subject, the Glintt Global commits to notify the personal data breach to the data subject concerned, without undue delay.
Under legal terms, notification to the holder is not required in the following cases:
a) If the Glintt Global has implemented appropriate technical and organizational protection measures and these measures have been applied to personal data affected by the personal data breach, in particular measures that make the personal data incomprehensible to any unauthorized person to access such data, such as encryption;
b) If the Glintt Global has taken subsequent action to ensure that the high risk to the data subject’s rights and freedoms is no longer likely to materialize; or
c) If the communication to the data subject implies a disproportionate effort for the GLINTT Group. In this case, the Glintt Global will make a public communication or take a similar action through which the data subject will be informed.
The Glintt Global reserves the right to change this Privacy Policy at any time. If the Privacy Policy is modified, the date of the last change, available at the top of this page, is also updated. If the change is substantial, a notice will be placed on the Site.
The Privacy Policy, as well as the collection, processing or transmission of data subject’s data, shall be governed by the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and by the legislation and applicable in Portugal.
Any disputes arising from the validity, interpretation or execution of the Privacy Policy, or that are related to the collection, processing or transmission of the data subject’s data, must be submitted exclusively to the jurisdiction of the courts of the district of Lisbon, without prejudice to the legal norms applicable.
about us
investors
join us
