SCOPE OF APPLICATION
Portugalenses complies with legal regulations concerning the protection of personal data belonging to its employees, suppliers, and customers. This includes adhering to national and EU legal provisions, as well as rulings from the National Data Protection Commission, specifically Regulation EU 2016/679.
PERSONAL DATA OF EMPLOYEES
The processing of employees’ personal data within the employment relationship arises from both contractual obligations and compliance with legal requirements, such as labor, tax, and EU regulations, and obligations to oversight bodies such as the Tax Authority (AT), Social Security, or the Working Conditions Authority (ACT).
Processing of employee personal data is restricted to the designated data controller and is limited to justified and lawful access. Confidentiality is always ensured.
Employees can request access to their protected data at any time and may request corrections if errors or omissions are identified.
Employees have the rights to information, access, and objection to the processing of their personal data as stipulated by law. To exercise these rights, employees must submit a written request to the data controller at geral@portugalenses.pt.
Employees can exercise their right to be forgotten, except in cases where data retention is required to comply with legal obligations.
Processing of health-related data complies with the rules for sensitive data and is exclusively accessible to certified medical personnel. Employees may access their medical data by directly requesting it from the occupational physician.
Upon signing the employment contract and during its execution, the employee consents to their personal data being securely stored, processed, and accessed as previously or specifically outlined. This includes its use for operational purposes related to client obligations while ensuring strict adherence to the internal data protection policy.
PURPOSE OF PROCESSING EMPLOYEE DATA
Employee personal data may be collected and processed for the following purposes:
- Administrative management – individual employee records.
- Calculation and payment of wages, allowances, and subsidies.
- Calculation and withholding of mandatory or optional deductions as required by law.
- Execution of judicial decisions or handling employee requests.
- Management of remuneration-related matters, such as benefits and allowances.
- Processing of training certifications by the employer or external training entities.
- Issuance of travel tickets, visas, or other necessary travel documents.
- Attendance and access control.
- Compliance with occupational health and safety obligations.
- Identification purposes for client-related cargo loading or unloading.
- Internal communications.
CATEGORIES OF PERSONAL DATA TO BE COLLECTED
The following categories of personal data may be collected and processed:
- Identification Data: Name, ID card, passport, residence certificate, tax ID (NIF), social security number (NISS), birthdate, place of birth.
- Address Information: Address, email.
- Family Status: Marital status, number of dependents.
- Professional Activity Data: Qualifications.
- Remuneration Data: Bank account details (IBAN).
- Biometric Data: Fingerprints.
- Health Data: Fitness certificates.
- Other Employment-Related Data: Driver’s license, tachograph card, ADR certificate, European health card, criminal record.
RIGHTS OF DATA SUBJECTS
Data subjects have the following rights:
- To be informed about how their data is used.
- To access their data without delay or cost.
- To request correction of inaccurate data.
- To request deletion of their data.
- To restrict processing for purposes other than originally intended.
- To data portability, enabling transfer in an accessible digital format.
- To object to data processing for unrelated purposes.
- To human intervention in automated decision-making processes.
DATA RETENTION PERIOD
- Administrative Management: Data may be retained for one year after employment ends.
- Remuneration and Benefits: Data may be retained for up to ten years for tax purposes.
- Judicial Matters: Retention may extend beyond ten years if required for ongoing legal proceedings.
- Pensions and Benefits: Necessary data may be retained for up to ten years after the cessation of obligations.
DATA RECIPIENTS
The following entities may receive personal data:
- Entities legally entitled to access data or at the request of the data subject.
- Financial institutions managing payroll accounts.
- Pension funds and social security schemes.
- Insurance companies for work or personal accident insurance.
- Training entities for certification purposes.
- Travel agencies or transport companies for work-related travel.
- Accounting and payroll departments for salary processing.
- Internal or external auditors for certification processes.
- IT service providers managing data systems.
- Regulatory authorities (e.g., Macron Law, Social Security – A1, Port Authorities – SEF).
- Clients, for security purposes, such as driver identification for site access.
- Group companies solely for recruitment purposes.
CUSTOMER DATA
Customer data is collected through contractual relationships with Portugalenses and interactions during the service agreement.
Data is retained only as necessary to provide services, issue invoices, and comply with legal obligations.