Privacy Policy

For XIS GROUP, the privacy and security of personal data of trainees, customers, potential customers, users, job seekers and other partners are aspects that are of crucial importance.

This policy applies to all systems, people and processes that make up the XIS-GROUP information system. The commitment to information security and protection in the treatment of personal data kept by the institution and collected through online forms, computer applications, or delivered / sent to its services, is assumed by the Administration of XIS GROUP.

When processing personal data we respect Your privacy, we reiterate our commitment to implementing compliance measures, in particular to ensure:

a) a lawful processing, supported by a legal basis, legitimate interest or consent of the data subject;

b) that the processing is limited to the purpose for which the data was made available;

c) that there are mechanisms to obtain the accuracy and completeness of the data made available by it;

d) the minimization of required data, requesting only those adequate for the purpose;

e) limitation in data storage, in accordance with the defined retention periods;

f) the implementation of measures for the integrity and confidentiality of information.

XIS GROUP is defining procedures for the company’s compliance with the above-described principles and requirements of the new Regulation for the Protection of Personal Data (RGPD), for the existing information systems and to carry out the prior impact assessment and implementation of measures for privacy in new data treatments to be carried out in the future.

To learn more about how we collect, use, share and protect the personal data we collect, please refer to the following sections of this Privacy Policy.

1. XIS GROUP

XIS GROUP is the trade name for the following group of companies:

  • XGT – Soluções Informáticas, S.A., headquartered at Rua do Pombal, no. 31 – CAVE C – 9050-075 Funchal, with the following tax identification number: 511123680
  • In-Formar-Empresa Formação Profissional e Serviços SA., headquartered at Rua do Pombal, 31 – CAVE C – 9050-075 Funchal, with the following tax identification number: 511038798
  • Silverspheres, Lda., headquartered at Rua do Pombal, no. 31 – CAVE C – 9050-075 Funchal, with the following tax identification number: 509397425

Under this policy, the companies mentioned above may act, in terms of data protection legislation, as “responsible for the processing”, “subcontractor” of another company of the XIS GROUP or as “jointly responsible for the processing” of data with another XIS GROUP company.

The data subject can exercise the rights conferred on him by the Regulation for the Protection of Personal Data (RGPD), in relation to each of the data controllers. Contact for matters relating to the protection of personal data can be made to the following addresses:

Postal code:

Rua do Pombal, nº 31 Cv-C – 9050-075 Funchal

E-mail:

[email protected]

2. Categories of Personal Data processed by XIS-GROUP

For the execution of its activity in the area of specialized services of security and privacy, IT consultancy, consultancy in management software, technical assistance and training, the following categories of data are dealt with:

a) Identification data (e.g. TIN, name, photo, citizen card, passport);

b) Contact details (e.g. address, mobile phone, email);

c) Demographic data (e.g. function, sex, age, employment status, qualifications, household);

d) IT usage data (e.g. traffic data, user ID, IP address);

e) Financial data (e.g. IBAN);

f) Data from tax or financial executions.

3. Purposes, grounds for processing and terms of retention of personal data

Personal data are processed for the following purposes based, in each case, on the grounds indicated in the table below and are kept for the time strictly necessary to pursue the same purposes, according to the deadlines (or criteria adopted to define them) indicated in the table below.

XIS GROUP may keep other personal data for periods longer than the duration of the contractual relationship, either based on the client’s consent, or to ensure rights or duties related to the contract, or because it has legitimate interests that underlie it, but always for the period strictly necessary to carry out the respective purposes and in accordance with the guidelines and decisions of the National Data Protection Commission (CNPD).

Objective

Data category

Legal Basis

Conservation Term

Financial Management (Contracts, Orders, Billing, Collections, Receipts, Payments and Accounting Records)

Identification data; Contact details;

Demographic data;

Financial data

Pre-contractual and contractual relationship arising from the provision of a service or supply of goods.

As long as the contractual relationship lasts.

The deadline may be longer to ensure rights or duties related to the contract or if there is a legal process or legal obligation to fulfill.

Fulfillment of legal obligations, namely with the authorities, among others, of supervision, tax and fiscal or judicial.

Identification data; Contact details;

Demographic data;

Financial data

Tax or financial foreclosure data

Legal obligation.

For declaration, exercise or defense of rights in legal proceedings.

Legal term applicable at all times for each legal and legal obligation to be fulfilled.

Until the expiration of the statute of limitations or expiry for the exercise of rights.

Prospecting and commercial action (events, seminars and contacts for the dissemination of services or products)

Identification data; Contact details;

Demographic data;

Financial data

Legitimate interest in the development and growth of the controller’s activity (clients and trainees).

Permanent conservation, unless objected by the data subject.

Consent of the data subject. (Potential customers or trainees).

Permanent conservation, unless consent is revoked by the data subject.

Recruitment process (collection of Curricula Vitae and spontaneous applications)

Identification data; Contact details;

Demographic data

Consent of the data subject for the evaluation of the candidate’s profile and skills for the job post and conservation for future offers.

Up to 1 year from the date of data collection.

XIS GROUP Web Platforms (e.g. XISConnect),

Identification data; Contact details; Demographic data; Financial data; IT usage data

Pre-contractual and contractual relationship arising from the provision of the service.

As long as the contractual relationship lasts.

The deadline may be longer to ensure rights or duties related to the contract or if there is a legal process or legal obligation to fulfill.

Management Software Consulting

Identification data; Contact details; Demographic data; Financial data; IT usage data

Pre-contractual and contractual relationship arising from the provision of the service.

As long as the contractual relationship lasts.

The deadline may be longer to ensure rights or duties related to the contract or if there is a legal process or legal obligation to fulfill.

Training (planning, registration and communication to supervisory entities)

Identification data; Contact details; Demographic data; Financial data

Pre-contractual and contractual relationship arising from the provision of the service.

Compliance with legal and legal obligations.

As long as the contractual relationship lasts.

The deadline may be longer to ensure rights or duties related to the contract, supervisory entities or if there is a legal process or legal obligation to fulfill.

Programs financed by the European Structural and Investment Funds will be kept for a period of 3 years from the date of closure or the European Commission’s acceptance of the declaration of closure of the OP or RDP, depending on the stage in which the closure the operation has been included either in the applicable national legislation or in the specific legislation on State aid, if these set a longer period.

Programs supervised by the Institute for Qualification (IQ-RAM) will be retained for 11 years.

Planning, management and provision of technical assistance services, specialized security and privacy services, IT consulting and equipment supply.

Identification data; Contact details;

Demographic data; Financial data; IT usage data

Pre-contractual and contractual relationship arising from the provision of the service.

Legitimate interests in the development and control of the controller’s activity or by third parties.

Compliance with legal and legal obligations.

As long as the contractual relationship lasts.

The deadline may be longer to ensure rights or duties related to the contract, supervisory entities or if there is a legal process or legal obligation to fulfill.

The assistance reports are an integral part of the invoicing process, applying the legal deadline applicable at each moment for each legal and legal obligation to be fulfilled.

4. Cooky policies

General Information

When accessing the website of XIS GROUP or the Group´s companies, various information is collected, such as your IP address, browser version and type, operating system, domains and the time at which you access. We use this data for statistical purposes only in order to improve the way we present content to our users.

We may collect additional information such as email, telephone number, address and name provided by you when using our website. It is possible to use our service without providing us with your personal data, providing data that does not identify you, using a pseudonym or anonymizing the data.

With your explicit consent, you can, through the website, subscribe to Our newsletter and select areas of interest to receive emails relevant to you. We use this data and your personal data to share information that is of interest to you.

Cookies

Our website uses cookies for statistical purposes. Cookies are small files stored on your computer that monitor your activity while using our website, providing essential data to make your browsing on the website easier. When stored on your computer, cookies mean that it is not necessary to enter all of your data each time you use the website. This data allows us to customize the site according to your preferences and navigate according to your needs.

If you do not want cookies to be stored on your computer, you can use your browser settings to oppose the cookies on our website. To find out how to configure your browser settings to manage your cookies, check the Help menu of the browser you are using. You can delete the cookies that are already on your device at any time, but be aware that disabling cookies may restrict certain functions that will make you not have a navigation according to your preferences.

Google Analytics

This website uses Google Analytics as an analytics service supported by Google that helps us customize the site to promote a better experience according to your preferences. This service uses cookies to understand your visit, such as the time you browse our website and the pages visited. But please be aware that no personal data is collected by our Google Analytics account which means that we cannot see who has accessed our site. You can get more information about Google Analytics on the official Google Analytics page.

5. Transfer of personal data with other entities

Your data may be passed on to subcontractors so that they can be processed in the name and on behalf of XIS GROUP companies. In this case, the XIS-GROUP company “responsible for data processing” will take the necessary contractual measures to ensure that the subcontractors respect and protect the data subject’s personal data.

XIS GROUP companies will only transmit your personal data to the following categories of recipients:

a) Tributary Authority; b) Courts or their representatives; c) Other entities necessary for the management and operation, namely: accounting, IT assistance, IT security, communications, remote hosting in the cloud (cloud); d) Supervisory and auditing entities within the scope of professional training (e.g. DRFP); e) XIS GROUP companies; f) External partners and trainers within the scope of professional training courses.

6. Rights of Data Subjects

Customers, as data subjects, enjoy the following rights:

6.1. Right of access

Whenever you request it, you can obtain information about which personal data of yours are processed by XIS GROUP. You can also access your personal data, as well as obtain the following information:

• The purposes for which your personal data are processed; • The type of personal data that are processed; • Entities to whom your personal data may be communicated, including European Union entities or international organisations; • The period of retention of your data or, if this is not possible, the criteria for setting this period; • The rights you enjoy in relation to the processing of your personal data; • If personal data has not been collected from you, information about its origin and type of data in question;

6.2. Right of correction

Whenever you believe that your personal data (provided by you) is incomplete, you can ask for it to be completed, or you can request its rectification if it is found to be incorrect. (e.g. address, TIN, contacts, personal preferences).

6.3. Right to erasure

Under certain circumstances, the data subject may request the deletion of their personal data. XIS GROUP will inform you of the possibility or not to satisfy this right in view of existing retention obligations through legal imposition or legitimate interest.

6.4. Right to Limitation of Treatment

The right to limit the processing of your personal data allows you to ask the person responsible for processing them to restrict the scope of access and processing of your personal data or to suspend the processing activities. You may request the limitation of the processing of your personal data in the following cases:

• if you dispute the accuracy of your personal data, for a period of time that allows XIS GROUP to verify their accuracy; • if XIS GROUP no longer needs the personal data for processing purposes, but if these data is necessary for the purposes of declaration, exercise or defense of a right in a legal proceeding.

6.5. Right to portability

You may request XIS GROUP to deliver in a structured, commonly used and automatically readable format, the personal data you have provided. You also have the right to request that XIS GROUP transmits these data to another controller, provided that this is technically possible.

The right to portability only applies in the following cases:

• when processing is based on explicit consent or the performance of a contract; • when the processing in question is carried out by automated means.

6.6. Right of opposition

You have the right to object to the processing of your personal data at any time, for reasons related to your particular situation, and when the processing is carried out for purposes other than those for which the data were collected, but which are compatible with them .

In such cases, XIS GROUP will no longer process your personal data, unless you have legitimate reasons for carrying out such processing and these prevail over your interests.

The exercise of your right to object may imply the suspension or termination, in whole or in part, of the benefits associated with the purpose of processing the data in question.

You may also object to the processing of your data for direct marketing purposes.

6.7. Right to withdraw your consent

In cases where data is processed based on your consent, you may withdraw your consent at any time.

If you withdraw your consent, your personal data will no longer be processed, unless there is another reason, such as legal and regulatory obligations or the public interest of XIS-GROUP, which justifies such processing.

6.8. Right to file complaints with XIS-GROUP or supervisory authority

The exercise of your rights is free, unless the request is manifestly unfounded or excessive, in which case a reasonable fee may be charged considering the associated costs.

The response to your requests must be provided within a maximum period of 30 days, unless it is a particularly complex request, in which case this period may be longer.

XIS GROUP has appointed a Personal Data Protection Officer, pursuant to Articles 37, 38 and 39 of the General Data Protection Regulation. You can contact the XIS GROUP DPO and exercise your rights via the following email: [email protected]

If you intend to file any complaints regarding matters related to the processing of your personal data, you may do so with the National Data Protection Commission, the competent supervisory authority in Portugal (www.cnpd.pt).

7. Changes to this policy

XIS-GROUP may amend this Privacy Policy at any time to reflect current privacy practices. When we make changes to this statement, we review the “updated date” at the bottom of the document. We advise you to read this Privacy Policy periodically so that you are aware of how XIS GROUP companies protect your information.

Data de Atualização: 02-out-18