Privacy Policy

Application
This Privacy Policy applies to any and all processing of personal data carried out by Wingsys - Interactive Technology, Lda, VAT number 503465380, with the same registration number at the Commercial Registry Office of Vila Nova de Famalicão, with a registered capital of €130,000.00, headquartered at Rua do Progresso, Pavilhão 360, 4760 - 841 Vilarinho das Camba (hereinafter "Wingsys"), as the entity responsible for processing the data.

Personal data processed by Wingsys, to which this Policy applies, may be that of customers, employees, candidates, suppliers, service providers or any third person with whom Wingsys relates in its commercial activity, already established or to be established, in its own name or when acting on behalf of clients, under their respective contracts, including managers, administrators or attorneys.

The rules and procedures referred to in this policy can be explained in more detail in other internal policies.

For any questions regarding the application of this Privacy Policy, please contact us at wingsys@wingsys.pt.

Whenever necessary, Wingsys will change this Privacy Policy in accordance with laws, regulations and good practices.

These changes must be notified by Wingsys to its employees, data subjects and other recipients, through the following means of communication:

  • Employees: communication via e-mail and posting at the workplace;
  • Customers and Suppliers and Service Providers, as subcontracting entities: communication via e-mail of changes to the Privacy Policy with an impact on the services provided or on the processing operations that concern them, without prejudice to any need to change the contractual documentation or other communications with the data subjects.

Privacy
Wingsys is committed to the confidentiality and protection of the personal data of its Customers, Employees, Service Providers and Suppliers, under the legal terms and in compliance with the General Data Protection Regulation (GDPR), respecting the principles of lawfulness, loyalty and transparency, limitation of purposes, minimization of data, accuracy, limitation of conservation, integrity, confidentiality and responsibility, under the terms defined in article 5 of the GDPR.

Within the scope of its activity, Wingsys may, by automated or non-automated means, proceed with the collection, registration, organization, structuring, conservation, adaptation, alteration, recovery, consultation, use, dissemination by transmission, share, or elimination of the personal data of its customers and employees.

Wingsys will collect and process personal data for specific, explicit and legitimate purposes, and cannot be further processed in a manner incompatible with those purposes.

The data collected will only be necessary and adequate for the fulfillment of the described purposes and will be kept and updated only as long as necessary.

Some personal data must necessarily be communicated, as it is a contractual and legal obligation necessary to conclude a contract, to issue an invoice or equivalent document or in compliance with tax obligations; in case of lack of these data, or if they are insufficient, Wingsys may not have the necessary conditions to provide the product or service requested by its Customers, in this situation it will inform of the obligation to provide the data in question.

Wingsys will observe the legal norms related to the periods of personal data retention; if is not based on the fulfillment of legal obligations, it will retain them:

  • Up to five years after the end of the contractual relationship;
  • as long as contractual relationship obligations remain;
  • as long as Wingsys can be opposed.

Wingsys will use a system for the systematic review and updating of personal data present in its own systems, as well as those of third parties with whom it relates as controller, co-responsible or subcontractor.

Wingsys undertakes to use internal systems and procedures for the security and protection of the personal data of its Customers, Employees, Service Providers and Suppliers that guarantee their integrity and confidentiality.

Wingsys undertakes to maintain a fair and transparent processing of personal data in its possession.

The processing of personal data is governed by the Data Protection Law that is internally approved and by the General Data Protection Regulation 2016/679 (the "GDPR"), or other applicable legislation.

Personal Data
Wingsys uses the personal data provided by its Customers, Employees, Service Providers, Suppliers and others with whom it relates, within the scope of its professional activity, in order to comply with its contractual obligations.

The data usually collected from our Customers are, among others, the name of the contact person, address, email, phone contact and fiscal number.

The data usually collected from our Employees are, among others identification data (name, date of birth, place of birth, affiliation, sex, nationality, address and phone number, educational qualifications, identity card number, number number and Social Security number) or other data (possible degree of disability, either of himself or of a member of his household, temporary disability resulting from an accident at work or occupational disease, location and form of payments to be made by Wingsys, bank account number and identification of the institution).

Other data that may be collected from our customers and employees, if necessary, and will receive treatment under all legal obligations.

Data Subject Rights
In accordance with legal and regulatory data protection requirements, Wingsys guarantees that the data subjects can exercise their rights regarding how their personal data is treated and retained.

It also guarantees your right not to be subject to automated decisions, including profile definition.

To exercise their rights, the data subjects must contact Wingsys through the contacts provided below for this purpose and these requests will be forwarded by legal requirements.

Wingsys may, prior to processing the application, carry out a verification of the applicant's identity, whenever it has doubts about the identity of the person who applied.

Requests to exercise rights will be answered without undue delay and within a maximum period of one month from the date the request is received.

Given the high complexity of the request or the number of requests made, the response period can be extended up to two months.

If the response period is extended, Wingsys will inform the data subject, within a maximum period of one month after the date the request is received, of the reasons for the delay in responding to the request.

Wingsys seeks to respond to all requests, which are subject to analysis to verify that their fulfillment complies with the applicable legal and regulatory requirements. Whenever there is a legal and / or regulatory framework that prevents the data subject from exercising a right that he has invoked, Wingsys reserves the right not to accede to the request. In such situations, Wingsys will communicate to the data subject, within a maximum period of one month from the date of receipt of the request, the reasons why the request will not be satisfied and the possibility of complaining to a supervisory authority and bringing legal action.

When the requests submitted are manifestly unfounded or excessive, Wingsys reserves the right to demand payment of a reasonable fee taking into account the administrative costs of providing the information or taking the requested measures.

The rights that can be invoked are set out in the following points as they are defined in the applicable legal and regulatory rules, giving note of their main particularities. Wingsys provides preferred means of communication to invoke them.

Requests for invoking the rights of Wingsys Employees, within the scope of their professional relationship, should be made via email to wingsys@wingsys.pt. For situations that are not covered in the next sections, the data subject may claim his right through one of the channels presented in the Contacts section.

1. The right of access
At any time, you can contact Wingsys to understand if your personal data is being processed. You can ask Wingsys about:

  • personal data in question;
  • the justifying reasons for processing that information;
  • the addressees to whom the personal data were or will be disclosed;
  • their origin;
  • the respective retention period, if possible.

If you request it, you can receive a copy of the personal data being processed.

2. The right to correct and update your data
The data subject may, taking into account the purposes of the processing, correct his personal data if they are incorrect or incomplete, as well as update them, whenever they are out of date.

3. The right to delete data ("right to be forgotten")
Every data subject has the right to request the deletion of personal data whenever it is found, for example:

  • that it is no longer necessary for the purpose for which it was collected or processed;
  • that data subject withdraws its consent, in cases where this is applicable;

provided that there is no other legal basis for said treatment, legitimate interests prevailing that justify the treatment or the need for processing is necessary for the purposes of declaring or defending a right in a judicial process.

Wingsys will analyze the order and, being considered valid in the light of the applicable legal and regulatory rules, will confirm whether the data was deleted or the reason why this was not possible.

If you wish to withdraw your consent, you can do so by sending an e-mail to rui.barbosa@wingsys.pt, with the subject "Withdraw my consent to process Personal Data"; however, we clarify that this does not compromise the legality of the processing carried out based on previously given consent.

4. The right to limit the processing of your data
The data subject can request to limit the processing of his data by checking one of the legal conditions:

  • When the data subject contests the accuracy of the personal data, in which case the processing must be limited for a period that allows Wingsys to verify its accuracy, or when the data subject has opposed the processing, until it is found that the reasons legitimate data controller over the data subject;
  • When the processing is illegal and the data subject requests only to limit its use;
  • When Wingsys, or the data processor on behalf of Wingsys, no longer needs the personal data for processing purposes, but such data is required by the data subject for the purpose of declaring, exercising or defending a right in a judicial process;
  • With the exception of preservation, when treatment has been limited, personal data will only be processed by Wingsys with the consent of the subject, for the purpose of declaring, exercising or defending a right in a judicial process defending the rights of another person, natural or collective, or for reasons of public interest.

In case of cancellation of the limitation given to the processing of personal data, Wingsys will inform the data subject in advance.

5. The right to data portability
The data subject has the right to request that Wingsys transfer or deliver the personal data in a structured, commonly used and automatic reading format, whenever this is in the possession of Wingsys, under the applicable legal terms and:

  • whenever the processing of data is carried out by automated means and is based on the subjects' consent;
  • or is necessary for the execution of a contract to which the subject is a party or for pre-contractual steps at the request of the data subject.

Wingsys will comply with the request, as far as is feasible, within one month of receiving it.

Wingsys shall refuse requests for portability whenever these affect the rights and freedoms of third parties, or if another limitation established in applicable legal or regulatory rules applies.

6. The right to object to the processing of your data
The data subject has the right to request, at any time, that Wingsys cease the processing of his personal data. After receiving your order, Wingsys will review the order and, being considered valid in the light of the applicable legal and regulatory rules, Wingsys will cease the treatment in question.

If no decision is made as to the viability of the request within a maximum period of one month, Wingsys will suspend the processing concerned, as far as possible, until the final decision is made.

7. The right to file a complaint
The data subject may, if he considers that his data has not been processed under legal provisions, file a complaint with the supervisory authority.

Currently, the authority with control functions for the purposes of data protection in Portuguese territory is the Comissão Nacional de Proteção de Dados - National Data Protection Commission - (“CNPD”), to whom it can ask any questions or submit complaints, in case it verifies the non-compliance with rules regarding personal data protection.

CNPD may, at the time, be contacted as follows:

Processing of personal data by Wingsys
In general, Wingsys processes subjects' personal data in the following contexts, taking into account the following purposes and legal grounds:

Recruitment
In the context of Employee recruitment processes, Wingsys will only ask candidates for data strictly necessary for the purposes of the recruitment process, and communication of all legal information to the candidate is ensured.

Execution of the employment contract and fulfillment of obligations as an employer
Wingsys processes data of its Employees for the purpose of executing the employment contract or the fulfillment of its legal obligations as an employer, namely to carry out salary processing, to fulfill obligations related to health, safety and hygiene at work, medicine at work , etc.

This information will be collected in person or via e-mail, provided by the employee and stored in a computer system and Wingsys paper files.

The identification and contact details of employees may be sent to entities subcontracted by Wingsys, always with the guarantee of compliance with the applicable legal and regulatory rules.

Any special category data will be processed in strict compliance with the applicable legal and regulatory rules, and should not:
be the object for purposes other than those for which they were collected;
be used by a person who should not have access to them.

And being implemented technical and organizational measures to guarantee the segregation of access to data.

As a legal obligation, Wingsys must retain the data of its Employees even after the end of the contractual bond, until legal rights or obligations are expired.

When signing the employment contract, all employees must sign a confidentiality agreement, committing themselves not to disclose any information to which they have access during their duties, in particular personal data of other subjects, and to obey this policy, in accordance with with the terms applicable at any time as a result of any changes made to it.

Training
As part of the training given to its Employees, Wingsys may collect, in addition to the trainees' identity, information regarding the training received by them.

Within the ambit of training actions, the names of Employees may be transmitted to the entities, contracted by Wingsys, providing training services.

Employees will be previously informed about the transmission of personal data, the recipients of the same and the purposes for which such transmission is intended, as well as other information that should be transmitted to them under the legal and regulatory terms.

Medicine at Work and hygiene and safety
Following the applicable legal and regulatory standards, should be ensured to employees the established measures relating to medicine at work and hygiene and safety at work (HSW). In this context, identification and health data about Employees are collected and processed by the legal terms.

The collected data are recorded on a medical sheet and can be requested by a supervisory authority within the ambit of HSW.

This information may be collected and processed by providers of medicine and hygiene and safety at work hired by Wingsys, always in strict compliance with the applicable rules.

Wingsys ensures that it knows and fully complies with all requirements regarding the processing of personal data for the purposes of medicine and hygiene and safety at work.

Insurance
As part of the execution of certain legally mandatory insurance contracts, personal data of a special nature of the employees as insured persons and their beneficiaries may be communicated.

Such communications must be made directly from the employees to the insurance company with which the insurance contract was signed.

As part of the execution of insurance contracts that do not require the transmission of special category data, Wingsys may, eventually, intervene in the processing of the data, always under the principle of minimizing the processing.

Use of telephone and computer equipment
Wingsys may make available to its employees the use of computer and telephone equipment, whenever justified, and necessary for the normal performance of its functions. The use of this equipment, owned by Wingsys, will be limited to professional purposes.

If the equipment provided is, or can be, monitored by the operator or supplier company, such treatment must be communicated to the employee at the time of delivery of the equipment.

Such monitoring will be preceded by due analysis from a legal and regulatory point of view, as well as impact analysis.

Other communications to Employees
Wingsys may collect identification and contact data for purposes not connected with work or services in question, when justified by valid purposes and legal grounds.

The collection and processing of identification and contact data to congratulate or support employees in personal situations, such as celebrating birthdays, weddings or for support in the event of the death of a collaborator's family member, can be done based on prior consent of making personal communications.

Access control
Wingsys may collect and process identification data or record video surveillance images in its own facilities, for the purpose of access control or criminal prevention, based on Wingsys' legitimate interests.

In any case, the processing of such data for the indicated purposes must be preceded by legal analysis and prior impact analysis, and all measures must be taken to comply with the legal and regulatory rules.

Customers
In the development of its activity, Wingsys also processes personal customer data necessary for the execution of the contract and / or for the fulfillment of legal obligations, for the management of the contractual relationship, including, but not limited to:

  • Registration as a new Customer;
  • Sending communications for the purpose of contractual execution and management, and / or marketing campaigns, when this is consented by the client;
  • Response to any communications sent by mail, telephone, email or other means;
  • Management and collection of applicable payments, fees and / or charges.

The use of the this data is made, as a general rule, in the context of the contractual bond and for the execution of the contract or for the fulfillment of a legal obligation to which Wingsys is subject, unless the consent of the subject in relation to explicit purposes or in cases where there is room for the application of another fundament in a legal or regulatory rule.

In some cases, due to a legal obligation, Wingsys must retain the data of these subjects after the end of the contractual bond, in which case the subject will be, at the time of collection, informed about the applicable retention periods or the criteria according to which they may be identified.

Upon signing the contract, the Employees, Suppliers or Service Providers will sign a confidentiality agreement, committing themselves not to disclose any information they have access to during the contractual relationship with Wingsys, in particular personal data of other subjects, and comply with this Policy, in accordance with the terms applicable at all times as a result of any changes made to it.

In some cases, due to a legal obligation, Wingsys must retain the data of these subjects after the end of the contractual bond, in which case the subject will be, at the time of collection, informed about the applicable retention periods or the criteria according to which they may be identified.

Third parties with whom we share your information

Wingsys, in the course of its activity, may use third parties - subcontractors - to provide certain services, which may imply access by these third parties to personal data of the data subjects; ensuring that, in these circumstances, the appropriate technical and organizational measures are taken to ensure that the subcontracted entities satisfy the applicable legal requirements and offer adequate guarantees in terms of data protection.

Wingsys may also have to communicate personal data to public and private entities, as required by law, such as Tax and Customs, Social Security, Insurance Institutions, Accounting Offices, or others.

Your personal data will be kept safe at all times and will only be shared with such third parties when strictly necessary. Your personal data may, in particular, be disclosed to the following entities:

  • Professional consultants (including, among others, legal advisors and financial advisers), insurance companies, banks, auditors, organizations and financial administrators;
  • Service providers, including, among others, IT and system administration services, hosting and cloud storage services and other software used to meet the needs and data management within the scope of the activity developed;
  • The Portuguese government or any other public authorities or national regulatory authorities, when Wingsys is required to do so by any applicable laws.

Responsibility

For contractual reasons, Wingsys holds some of your personal data, namely for the management of the contractual relationship. This means that, before you, we are responsible for the treatment we give them.

Wingsys will process all personal data, for which it is responsible, with the utmost confidentiality, fulfilling and enforcing, within its capabilities and responsibility, its lawful use.

Wingsys employees who do not comply with the terms and conditions of this Privacy Policy, or other internal rules on the protection of personal data, are subject to disciplinary proceedings.

Retention
Personal data is retained in strict compliance with the law or for the period essential for the satisfaction of the purpose that motivated its collection and treatment, during the activity performed by Wingsys.

Wingsys complies with all legal obligations, also with regard to the retention and updating of personal data.

The storage and destruction of data are carried out safely. The data collected is strictly necessary and is protected from loss, misuse, unauthorized access or exposure.

Security measures
Wingsys ensures the security of your data and compliance with all legal obligations in the event of a breach of security.

To guarantee the security of personal data, Wingsys has implemented a set of technical and technological measures and procedures.

Wingsys will use a range of data security controls, defined according to business needs and security policies, and will actively monitor those controls to detect flaws or breaches, including the revision of the authorizations for access to personal data, own or third parties, by the data subjects and Wingsys employees.

Other data processing
If it is necessary to process your data for a new purpose, which is not covered by this document, Wingsys will send you a notification explaining the reason and conditions of processing.

International data transfer
Wingsys will not transfer personal data outside the European Union or to an international organization, unless adequate safeguards are in place to ensure that personal data is kept safe, such as Standard Data Protection Clauses or European Commission's Adequacy Decisions.

Contacts
Please contact Wingsys regarding this Privacy Notice or your personal data:

Internal Responsible for the Processing of Personal Data