BAS treats all personal data in strict compliance with the General Data Protection Regulation (“GDPR”), as well as other applicable legislation on data protection.
In particular, the processing of personal data by BAS is governed by the following principles: lawfulness, loyalty and transparency in the processing of data; limitation of purpose; minimization of data; accuracy; conservation limitation; integrity and confidentiality and responsibility.
- Who is responsible for the process of personal data?
BAS Sociedade de Advogados, SP RL, corporate entity number 509100007, with head office at Rua Artilharia Um, 52, Páteo Bagatela, Edifício 1, 4º andar, 1250-137 Lisboa, telephone. +351 211 554 330, fax. + 351 211 554 350, firstname.lastname@example.org, is the entity responsible for the processing of personal data collected through its website.
- What data are processed and how are they collected?
BAS only collects data that is appropriate, relevant and limited to what is strictly necessary for the purposes for which they are processed, namely:
a) Clients, clients’ employees, counterparts, suppliers, partners, employees: identification, professional, professional activity, or accounting data, of the individuals themselves, in the case of natural persons or their representatives, in the case of legal persons, such as the name, nationality, contacts, citizen card details, position, duties, professional contacts and any personal data of which the treatment is strictly necessary for the performance of the contract or for the fulfilment of legal obligations;
b) Contact requests: identification data such as name and e-mail address;
c) Newsletter subscription: identification data such as e-mail address;
d) Applications: identification data such as name, e-mail address and any data contained in the curriculum.
Personal data is collected by various means, including by completing the forms on the BAS website, by sending emails, by telephone contacts, by the delivery of personal cards, by the request for proposals, by the sending of professional applications, of the contracting of the services of or by BAS.
BAS may only process health data within the provision of legal services, duly mandated for that purpose and only with the consent of the data subjects.
- What is the legal basis and for what purposes are the personal data processed?
BAS only treats personal data when there is a legal basis to justify it.
The legal bases for the processing of personal data of clients, suppliers, partners and employees are the performance of a contract and compliance with legal obligations, as provided for in no. 1 paragraph b) and c) of Article 6.º of the GDPR.
The processing of personal data of clients, employees of customers, counterparts, suppliers, partners and employees, is intended for any purpose directly related to the execution of the respective contracts or compliance with legal obligations, namely, recruitment, hiring, contractual management, job management, accounting, business activity, customer management, communication, submission of proposals, provision of advocacy services.
The processing of personal data for purposes other than those referred to, in particular personal data collected through BAS’a website or following the sending of an email with contact requests, depends on the consent of the data subjects, as provided for in point a) of Article 6.º of the GDPR.
The processing of personal data collected through BAS’s website or email address is intended to respond to requests for contact, such as sending proposals/quotes and other information about services, sending marketing communications such as newsletters, business news, technical articles, information on events or other related activities and recruitment.
- To whom is personal data transmitted?
BAS only transmits personal data to third parties in cases when this is necessary for the provision of legal services or compliance with legal obligations to which BAS is subject, namely counterparties, judicial, regulatory and other public entities, agents, BAS service providers, as well as information, communication, translation and archiving technologies chosen according to highest possible standards and which are subject to compliance with the applicable legal rules on the protection of personal data.
The transmission, when it occurs to fulfil the provision of legal services or to fulfil legal obligations to which BAS is subject or as a consequence of the consent of the data subject, is done with limitation of the data transmitted to the strictly necessary for the fulfilment of such obligations and with appropriate security measures in place. Personal data will not be transmitted in any other case without the authorization of the data subject.
- For how long is personal data stored?
BAS only stores personal data in a way that allows data subjects to be identified during the period strictly necessary to achieve the purposes for which they are processed, without prejudice to the need for longer periods of time for the purposes of complying with legal obligations.
In particular, and without prejudice to the exercise of the right to delete data, personal data shall be deleted after:
a) In the case of requests for contact: 6 months from the submission of the request, without subsequent contact;
b) In the case of personal data collected from the Newsletter subscription: 2 years from the date of obtaining the consent;
c) In the case of personal data collected from applications: 1 year, from the respective submission, in case the candidate is not selected.
- What are the rights of the data subjects?
The data subjects have the right, at any time, to withdraw their consent, without compromising the lawfulness of the treatment made on the basis of the previously given consent, request access to the personal data concerning them, as well as their rectification or erasure, and limitation of processing, as well as requiring portability of data, when legally and contractually admitted.
For the purposes of exercising their rights, the data owners must send an e-mail to email@example.com.
The data subjects also have the right to submit complaints to the competent authority for this purpose.
- How is data security guaranteed?
BAS shall adopt and undertake to apply the appropriate technical and organizational measures at any time to ensure that the processing is carried out in accordance with the GDPR, taking into account the nature, scope, context and purpose of data processing, as well as risks to the rights and freedoms of natural persons whose likelihood and severity may be variable.
These measures are updated as necessary and reviewed annually.