Colep is present in five EU Member States (Portugal, Germany, Poland, Spain, and the United Kingdom), and also outside the EU (Brazil, Mexico and the UAE).
A. Who are we
- Personal data will be processed (i) by Colep Portugal, S.A., with headquarters at Rua Comendador Arlindo Soares de Pinho, 1977, 3730-423 Vale de Cambra, telephone number + (351) 256.420.100, or (ii) by its subsidiaries, hereinafter referred to as "Colep".
- Colep is responsible for your personal information (and the controller for the purposes of the General Regulation on Data Protection) that Colep collects from or about you.
B. How do we use your personal information?
- Colep only treats personal data whenever is necessary to comply with legal obligations that apply to us, or such processing operation is necessary for the execution of a contract or pre-contractual procedures associated with it.
- We may also handle information if we have a legitimate interest in doing so, provided that in each case our interest is in accordance with applicable law and the rights of the data subject; this may occur, in particular for communication with our customers and suppliers; recruitment of employees; prevention and detection of fraud or provision of information on the activities of Colep.
- Should none of the other lawful basis are able to support the data processing operation, Colep will only treat the information if we have obtained the consent of the data subject to treat your personal data for specific, explicit and legitimate purposes.
- We are a global organization and may transfer certain personal information across geographical borders to our subsidiaries in accordance with applicable law.
C. How long is your personal information retained?
D. Information security
- The security of your personal information is important to Colep and we have implemented reasonable physical, technical and administrative security standards to protect personal information from loss, misuse, alteration or destruction. Colep protects your personal information against unauthorized access, use or disclosure, using security technologies and procedures, such as encryption and limited access. Only authorized individuals access your personal information, and they receive training about the importance of protecting personal information.
- Colep’s service providers and agents are contractually bound to maintain the confidentiality of personal information and may not use the information for any unauthorized purpose.
E. Rights regarding personal data
At any time, the data subject may:
- Request access to personal information - You have the right to access personal information which Colep holds about you.
- Request rectification of personal information - You have a right to request Colep to correct your personal information where it is inaccurate or out of date.
- Request to be forgotten - You have the right under certain circumstances to have your personal information erased. Your information can only be erased if your data is no longer necessary for the purpose for which it was collected, and Colep have no other legal ground for processing the data.
- Request restrict processing - You have the right to restrict the processing of your personal information, but only whereas:
- its accuracy is contested, to allow Colep to verify its accuracy; or
- the processing is unlawful, but you do not want it erased; or
- it is no longer needed for the purposes for which it was collected, but Colep still need it to establish, exercise or defend legal claims; or
- you have exercised the right to object, and verification of overriding grounds is pending.
- Object to processing - You have the right to object the processing of your personal information at any time, but only whereas that processing has Colep’s legitimate interests as its legal basis. If you raise an objection, Colep has an opportunity to demonstrate that has compelling legitimate interests which override your rights and freedoms.
The data subject may, at any time, exercise their rights or withdrawing consent, through the email address GDPRRequest@colep.com or by letter to the postal address GDPR Request, C/O Head of Information & Communication Services, Rua Comendador Arlindo Soares de Pinho, 1977, 3730-423 Vale de Cambra, Portugal. You may also contact the Data Protection Officer or the team responsible for data protection at Colep, whichever applies, at firstname.lastname@example.org.
- Your requests will be treated with special care so that we can ensure the effectiveness of your rights. You may be required to prove your identity to ensure that you are the eligible data subject.
- You should be aware that in certain cases (e.g. due to legal requirements) your request cannot be immediately met.
- In any case, you will be informed of the measures taken to that effect within 1 (one) month from the moment the request is made.
- You also have the right to submit a complaint to the Portuguese Data Protection Authority https://www.cnpd.pt/, or, if you are in a different European jurisdiction, near your local Data Protection Authority.
F. Where we store your personal information
- The data we collect from you can be transferred to, be accessible from, and stored in a location outside the European Economic Area (“EEA”). It can also be treated equally by employees outside the European Economic Area (“EEA”), working for us or one of our service providers.
- Colep only transfers personal data outside the European Economic Area ("EEA") in a secure and legal way.
- To the extent that some countries may not have legislation regulating the use and transfer of data we take steps to ensure that external entities adhere to established in this Policy. These measures may include the analysis of privacy security of external entities and/or the conclusion of contracts (based on the model adopted by the European Commission).
G. Web site & cookies