Legal Information

Neptune SA - Privacy Policy

Please read and acknowledge our Privacy Policy, Terms of Use, and Cookie Policy.

By using this website, you agree to this Privacy Policy.

‍

PRIVACY POLICY AND PERSONAL DATA PROTECTION

In line with our VALUES, driven by our VISION, and guided by our MISSION, we are focused on acting responsibly within the community we belong to, as well as in our relationships with all our partners. In this regard, ensuring the protection of privacy and personal data and its transparent and fair processing is essential for the entire Neptune SA group.

‍

The protection of privacy and personal data is a fundamental commitment of all companies within Neptune SA group, based on the following principles for its processing:

• The processing of personal data is carried out lawfully, fairly, and transparently;
• The collection is only carried out for clearly defined, explicit, and legitimate purposes in accordance with applicable legislation;
• The data collected is limited to what is strictly necessary and retained for the time necessary for the purposes for which it is processed;
• Only employees, collaborators, and partners of the Group whose functions require access have access to the processed personal data;
• Personal data is treated confidentially.

‍

A. Personal Data

According to the General Data Protection Regulation, i.e., Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (hereinafter referred to as "GDPR") - personal data is any information of any nature and in any medium related to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, identification number, location data, electronic identifiers, or one or more specific elements of the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

‍

B. Data Controller

The data controller will be Neptune SA group company with which the data subjects interact.

C. Conditions for Processing

The companies within Neptune SA group will only process personal data if one of the conditions laid out in the aforementioned European regulation is met, namely:

• If the data subject has given their consent for the processing of their personal data;
• If the processing of personal data is necessary for the performance of a contract to which the data subject is a party or for pre-contractual measures taken at the request of the data subject;
• When processing is necessary for compliance with a legal obligation to which the Neptune group is subject;
• If the processing is necessary for the purposes of legitimate interests pursued by Neptune SA group.

‍

CONSENT

When you have given your explicit consent (in writing, orally, or through the validation of an option) and such consent is free, informed, specific, and unambiguous. Examples include your consent for Neptune SA group to analyze job applications or validate educational and specific training certificates.

‍

EXECUTION OF CONTRACT AND PRE-CONTRACTUAL MEASURES

When the processing of personal data is necessary for the conclusion, execution, and management of the contract established with us, e.g., for preparing proposals or budgets, managing contacts, information, and requests, managing billing, collection, and payments.

COMPLIANCE WITH LEGAL OBLIGATIONS

When the processing of personal data is necessary for compliance with a legal obligation to which the Neptune group is subject, e.g., the communication of identification data to police, judicial, tax, or regulatory authorities.

‍

LEGITIMATE INTERESTS

When the processing of personal data corresponds to a legitimate interest of Neptune SA group or third parties and when our reasons for using it prevail over your data protection rights.

D. Data Retention Period

In compliance with the previously stated principles, the personal data processed by Neptune SA group is retained for the time strictly necessary for the purposes for which it was collected. The determination of these periods is made based on defined retention criteria suitable for each processing while respecting the legal and regulatory obligations that apply to the Group.

E. Rights of Data Subjects

Neptune group ensures that data subjects can exercise their rights granted by the GDPR regarding data protection, namely:

• Right of access to personal data (the data subject can obtain confirmation on whether their personal data is being processed and access information about it);
• Right to rectification (the data subject can request the rectification or completion of their data);
• Right to erasure (the data subject can request the deletion of their personal data) in the following situations:
    i. if the personal data is no longer necessary for the purposes for which it was collected or processed;
    ii. if consent on which the processing is based is withdrawn and there is no other legal basis for it;
    iii. if the data subject objects to the processing and there are no legitimate interests that override it;
    iv. if the personal data has been unlawfully processed;
    v. if the personal data must be deleted to comply with a legal obligation;

• Right to restriction of processing (the data subject has the right to request the restriction of processing) when:
    i.the data subject contests its accuracy, for a period that allows verification of its accuracy;
    ii. the data subject believes that the processing is unlawful;
    iii. the data is no longer necessary for processing purposes, but such data is necessary for the establishment, exercise, or defense of a legal claim;

• Right to data portability (when processing is based on consent or the execution of a contract and is carried out by automated means, the data subject may request the provision, in a structured, commonly used, and machine-readable format, of personal data concerning them that they have provided, as well as request that such personal data be transmitted to another data controller, provided that this is technically feasible);

• Right to object (the data subject has the right to object to processing) at any time when:
    i. there is no legitimate interest on the part of the data controller that overrides it;
    ii. the processing is carried out for purposes other than those for which the data were collected;

• Right not to be subject to solely automated individual decision-making (in certain situations, the data subject has the right to request human intervention when decisions are made based on solely automated processing);
• Right to withdraw consent (the data subject has the right to withdraw the consent they have given for the processing of their personal data);
• Right to lodge a complaint with the National Data Protection Authority (regarding any matters related to the processing of their personal data).

If you wish to exercise any of the rights mentioned or clarify any issues related to the protection of your privacy and personal data by Neptune group SA, you can contact us via a letter addressed to the Group's headquarters, for the attention of the Permanent Committee for the GDPR, or by email at: legal@neptune.org.pt. 

F. Security Measures

The companies within Neptune group have technical and organizational security measures in place to ensure the protection of personal data against breaches (“personal data breach”: a security breach that leads to, accidentally or unlawfully, the destruction, loss, alteration, unauthorized disclosure, or access to personal data transmitted, stored, or otherwise processed) and against any other form of accidental or unlawful processing.

This commitment made by the Neptune group to protect personal data also implies that whenever personal data is transmitted to other entities, they are required to adopt technical and organizational measures that ensure the same level of protection. Neptune SA group will conduct an impact assessment whenever the processing of data poses a risk to the rights and freedoms of individuals. Whenever we do this, we commit to comply with the relevant community and national guidelines, such as Regulation 1/2018 of the National Data Protection Commission.

G. Communication of Personal Data to Third Parties

In the course of its activities, the companies that make up Neptune SA group may need to communicate or grant access to the personal data processed under their responsibility to other entities, ensuring that they have appropriate technical and organizational measures in place to adequately protect personal data.

Personal data will only be accessed or shared with the following entities:

• Companies belonging to Neptune SA group;
• Subcontracting entities that provide services to the Group, such as IT support, document management, legal support, human resources;
• Clients of Neptune group companies or representatives designated by them;
• Public authorities (for example, the Tax and Customs Authority).

Neptune SA group may need to transfer personal data to a third country outside the European Union that does not fall within the list of countries that the EU has deemed to have adequate levels of personal data protection. In such cases, Neptune SA group will ensure that data transfers are made in strict compliance with applicable legal standards.

‍

H. Additional Information

The data subject may request information or clarifications regarding the processing of their personal data by any company of Neptune SA group at the following email address: legal@neptune.org.pt.

This document may be subject to changes at any time. In this case, changes will be duly announced and communicated through the institutional communication channels commonly used by Neptune SA group.