Scope and Purpose
FLEX2000-PRODUTOS FLEXÍVEIS, S. A. is committed to the protection and confidentiality of the personal data of all its employees.
This Policy applies to all employees of FLEX2000-PRODUCTS FLEXÍVEIS, S. A.
It is important that you read this Policy along with any other policy made available by the company for specific situations.
Data Protection Principles
All personal data we store and process:
Are object of a lawful, fair and transparent treatment
They are collected for specific, explicit and legitimate purposes and cannot be further processed in a way that is incompatible with that purpose.
Are relevant for the communicated purposes and limited to that purpose
Are accurate and up to date
They are kept only for the time necessary for the purpose for which they were communicated.
What kind of information do we keep about you
Personal data or personal information is any information about a person that identifies him or her. Data where the identity has been anonymized is not considered personal data.
There are “special categories” of data that are considered more sensitive and, as such, require a higher level of protection.
FLEX2000-PRODUCTS FLEXÍVEIS, S.A. collects, stores and processes the following categories of personal information:
- Personal information such as name, address, cell phone, email
- Curriculum vitae
- Professional experience
- Copy of Residence Permit
- Tax framework for withholding taxes and legal contributions
In addition to these, we collect, store and process the following categories of sensitive personal data:
- Biometric Data
How is your personal information collected?
FLEX2000-PRODUTOS FLEXÍVEIS, S. A. collects personal information from employees through paper delivery, email or computer applications. Sometimes, the information is collected through recruitment companies, temporary work companies and occupational medicine companies.
During the duration of the contract, additional personal information related to your activity will be collected.
How do we use your personal information?
FLEX2000-PRODUTOS FLEXÍVEIS, S.A. only processes personal information when there is a legal basis for this purpose. As a general rule, personal data are used for the following purposes:
For the fulfillment of the employment contract.
For the fulfillment of a legal obligation
When necessary for our legitimate interests (or those of a third party) and the employee's fundamental rights and freedoms do not overlap.
Additionally, and in rare circumstances, the data may also be used to:
a. Protection of the vital interests of the employee or other natural person.
Situations in which we use your personal data
There are several situations where we use your personal data, such as: (non-exhaustive list)
- Make a decision about recruitment or appointment
- Determining the terms of work to be carried out in the company
- Whether you can legally work in Portugal
- For the payment of compensation, if you are an employee, and for the deduction of all taxes and fees required by law
To provide the following benefits:
- For the attribution of rights associated with union representation
- To manage the contract concluded
- For Business Management and planning, including accounting and auditing.
- To conduct performance reviews
- For deciding on salary and compensation issues
- To assess qualifications for a particular task or role, including promotions.
- To evaluate the renewal of the bond
- To agree on the termination of the bond
- To handle disputes involving the employee, other employees or third parties.
- To fill in the attendance record
- To manage sick leave
- To comply with occupational safety and health obligations
- To instruct disciplinary proceedings
- To monitor the use of information and the communications system to ensure compliance with IT policies
- To prevent unauthorized personnel from accessing computers and electronic communications systems
In the event that the employee does not provide the necessary information, the company will not be able to perform its obligations towards the employee, such as paying remuneration or granting a certain benefit due. In the same way, the fulfillment of other obligations with a legal source, such as safety and health at work, may be compromised.
Use of data for other purposes
The data will only be used for the purposes for which it was collected. However, in specific cases, they may be used for other purposes, as long as this purpose still falls within the limits of the initial treatment and the necessary safety conditions are guaranteed. Whenever such circumstance occurs, the company will notify the employee, stating all the reasons and legal basis for the new treatment.
Use of sensitive data
Sensitive data are personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data to uniquely identify a person, data relating to health or data relating to a person's sex life or sexual orientation.
These types of data can only be processed in specific cases provided for by law, including:
- If the data holder has given his explicit consent to the processing
- If the processing is necessary for the purposes of complying with obligations and exercising specific rights of the controller or data holder in terms of labor, social security and social protection legislation,
- If the processing is necessary to protect the vital interests of the data holder or of another natural person, in case the data holder is physically or legally unable to give consent;
- If the processing refers to personal data that have been manifestly made public by the data holder;
- If the processing is necessary for the declaration, exercise or defense of a right in a judicial process or whenever the courts act in the exercise of their jurisdictional function;
Your rights and duties as an employee Duty to keep us informed of changes
It is very important that the personal information we hold about you is correct and up to date. Please keep us informed of changes to it during your employment relationship with us.
The right of Access
You have the right to access your personal information. This allows you to receive a copy of all the personal information we hold about you and to verify that it is handled lawfully.
The right of Rectification
You have the right to rectify the personal information we hold about you. This allows you to correct any incorrect or incomplete information
The Right to Erase
You have the right to have your personal data erased. This allows you to ask us to delete or remove your personal information if there is no reasonable reason for us to continue to process it. You also have the right to ask us to delete or remove your personal information when you have exercised your right to object to processing.
Right to object to processing
You have the right to object to the processing of your personal data when we are processing it based on legitimate interest. If there is a specific situation about you, you can also object to processing.
Right to request restriction of processing
You have the right to request the suspension of the processing of your personal data, for example, if you want us to verify its accuracy or grounds for processing.
Right of Transfer
You have the right to request the transfer of your personal information to another party.
Our obligations as an employer
Specifically, the sensitive data collected will be used to:
- In case of health data to be included in sick leave for the fulfillment of work obligations.
- Information on the state of physical and mental health and disabilities to ensure safety and health at work and to verify the ability to perform the tasks, to provide adequate adaptations to the workplace and to carry out adequate management of absences.
- The recorded images and other personal data recorded through the use of video or other technological means of remote surveillance, are intended for the protection and safety of people and property and will only be used in the context of criminal proceedings and determination of disciplinary responsibility that occurs simultaneously.
- Workers' biometric data will only be considered for attendance control and access control to the employer's premises.
- Information about union membership will only be used for attribution of due benefits during working hours.
- The blood alcohol test will only be used to guarantee the protection and safety of the worker or third parties due to the demands of the activities that he will perform.
- Regarding the criminal record, this same can only be requested from the worker if the function is included in the table of purposes of the criminal record certificate
The worker's consent does not constitute a requirement for the legitimacy of the processing of his personal data:
- If the treatment results in a legal or economic advantage for the worker; or
Processing is necessary for the performance of a contract to which the data subject is a party, or for pre-contractual measures at the request of the data subject
In further cases, for the processing of sensitive personal data, the employee will be asked to give his express consent. Such consent must be included in a document provided by the employer containing the employee's reasons for the processing of this data. The data subject has the right to withdraw his consent at any time.
The criminal record will only be required for the execution of the contract and pre-contractual measures, namely the verification of the aptitude to perform certain functions in the company and evaluation of suitability and for the fulfillment of legal obligations to which the employer is subject, that is, when in question the exercise of any profession or activity for which the exercise of the total or partial absence of a criminal record is required.
Automated individual decisions
Automated decisions occur when an electronic system uses personal information to make a decision without any human intervention. The employer is authorized to use these mechanisms whenever necessary for the conclusion or execution of the employment contract; when authorized by the law of the member state in which the company is carrying out the activity or when the employee's express consent is given to do so.
The worker may withdraw his consent at any time.
The employer will implement data protection measures in the human resources management computer systems, to safeguard the rights and freedoms and legitimate interests of the data subject, namely the right to, at least, obtain human intervention from the person in charge, express their point of view and contest the decision.
The transfer of personal data of workers between the companies that make up the PENTAFLEX GROUP will only occur in cases of occasional transfer of a worker and to the extent that it is proportional, necessary and appropriate to the objectives to be achieved. The transfer may also occur in the case of secondment to another State.
Personal data will also be transferred to third parties that provide employment relationship management services, including:
Professional training entities
Public management entities
Only subcontractors that present sufficient guarantees of carrying out adequate measures to comply with the requirements imposed by the GDPR will be selected. These service providers are not authorized to use the data of FLEX2000-PRODUCTOS FLEXÍVEIS, S.A. workers for their own purposes, only carrying out the treatments expressly identified by the employer and under the terms established by it. Service providers will be notified of the terms established by FLEX2000-PRODUTOS FLEXÍVEIS, S. A. All employees of the service provider are bound by a duty of confidentiality.
Transfers outside the European Union
Employees' personal data will not be transferred to countries outside the European Union.
Personal data security measures
In order to guarantee the proper level of security of the personal data of its employees, FLEX2000-PRODUCTS FLEXÍVEIS, S. A. has implemented the following measures:
- Application of segregated access human resources management software
- Physical files with access reserved and restricted to Human Resources personnel
This measure aims to prevent accidental loss of data, use or access to data by unauthorized employees, its alteration or its disclosure.
Therefore, access to data is limited to employees and service providers whose functions necessarily imply access to data. The treatment by them will be done under the terms stipulated by FLEX2000-PRODUCTS FLEXÍVEIS, S.A. and are subject to confidentiality duties.
FLEX2000-PRODUTOS FLEXÍVEIS, S. A. also develops procedures to solve any suspected breach of security and will notify its workers in the event of any leakage, pursuant to the GDPR.
Fees for exercising your right
You will not have to pay any fee to access your personal information (or to exercise any other right), however, we may charge a minimal fee if your requests are clearly unfounded or excessive.
Alternatively, FLEX2000-PRODUCTS FLEXÍVEIS, S.A. may, in these circumstances, refuse to comply with the request.
What can we need from you
FLEX2000-PRODUCTS FLEXÍVEIS, S. A. may request specific information about you, in order to confirm your identity and guarantee your right of access to personal data. This is a security measure to ensure that your personal information is not disclosed to any person who is not authorized to access it.
Right to withdraw consent
In situations where you have given your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent at any time. To withdraw your consent, please contact our Data Protection Officer, whose details are below. After we receive notice, we will stop processing your personal information for the purposes originally agreed upon, unless we have another lawful basis for doing so.
Data Protection Officer
Contacts with the data protection officer must be made to the email address DPO@flex2000.pt