May 21, 2018
At VALUEKEEP we take the General Data Protection Regulation (GDPR) very seriously and we respect the trust you place in us in the collection and processing of your personal data.
We guarantee the security of your data and only collect the data strictly necessary for the purchase or provision of services. The collection and use of this data, for other purposes such as Marketing, requires prior consent that we want to be always clear, informed and explicit.
The data collected will be stored for the period necessary to provide the service or during the term of the contract (if you are our customer) and will not be transmitted or transferred to any third party other than the subcontractors defined as VALUEKEEP Partners and other authorized companies working in our name for the purposes described in this policy. For example, companies hired to provide customer support services or assist in the protection and security of our services and systems may need access to personal data to perform these functions. In these cases, these companies must formally comply with our data privacy and security requirements and are not permitted to use the personal data that we may provide to them or to which they may have access, for any purpose other than that for which they were contracted.
1. WHAT KIND OF DATA IS COLLECTED BY VALUEKEEP?
VALUEKEEP collects data on entities such as partners, suppliers, customers, potential customers and some contacts with employees of these entities. We collect data such as name, email, company name, title, and phone number. In the case of subscriptions, other data may be requested for billing purposes.
2. FOR WHAT PURPOSES DOES VALUEKEEP COLLECT PERSONAL DATA AND WHAT IS THE LEGAL BASIS FOR PROCESSING THIS INFORMATION?
The data collected is used for the orders processing, sending of communications and notifications, processing of requests for information, statistical downloads, and analysis or, for other previously agreed and requested purposes, whose detailed information will always be provided to you when collecting.
Your data will only be used if one of the following conditions is met:
- You have given your consent by signing or accepting a paper or digital form;
- Data is required for compliance with a contract;
- Data are required for compliance with legal obligations;
- Data are necessary for the legitimate interests of VALUEKEEP, provided that they do not prevail over the interests or rights, freedoms, and guarantees of the holder of such data.
3. DOES VALUEKEEP USE PERSONAL DATA FOR DIRECT MARKETING?
VALUEKEEP will only use your personal data to send you previously requested or consented information. Communications can be made via email, telephone or SMS.
VALUEKEEP will not market or share its databases with third parties.
4. WHO HAS ACCESS TO YOUR PERSONAL DATA?
VALUEKEEP does not disclose to third parties any personal data without the consent of its owner, except:
- when they are companies of the PRIMAVERA Group;
- where it is necessary for VALUEKEEP employees, employees, suppliers or business partners to provide a product or service or perform a function on behalf of VALUEKEEP that you have previously requested;
- when required or permitted by law.
VALUEKEEP has already taken measures to ensure that its employees and subcontractors, with access to personal data, receive training appropriate to their correct processing, with respect to this policy and legal data protection obligations.
Without prejudice, on a case-by-case basis, we will take reasonable precautions to avoid any type of default, such as audits. Should any nonconformity occur, VALUEKEEP will apply disciplinary sanctions to its employees and may cancel contracts with subcontractors that violate the agreed measures.
Whenever VALUEKEEP makes use of any subcontractor, it will safeguard compliance with the General Data Protection Regulation (GDPR) and other applicable legislation in terms of security and data protection, namely through the provision of contractual provisions that ensure that the subcontractor uses the data received only:
- for the purposes specified;
- in accordance with the purposes described in this policy;
- using appropriate security measures in order to protect personal data against illegal or unauthorized treatment as well as against accidental loss, destruction or other harmful actions.
VALUEKEEP also undertakes not to contract another subcontractor to carry out specific data processing operations on behalf of the client without the client has given prior written authorization in general or specific form.
5. WHERE ARE YOUR DATA STORED?
VALUEKEEP stores your personal data in your data in datacenters located in European Union.
This data and its infrastructures are protected and maintained in accordance with high standards of safety and in order to comply with the applicable privacy laws and are periodically subject to external audits and audits.
VALUEKEEP does not transfer information to a country outside the European Union’s jurisdiction area, which has not been formally designated by the European Commission as having adequate levels of information protection.
6. IS YOUR DATA SECURE WITH VALUEKEEP?
VALUEKEEP has taken the technical and organizational measures necessary to adequately protect its data regarding unauthorized processing and access.
VALUEKEEP makes all reasonable efforts to prevent the unauthorized or illegal use of personal data as well as its loss, destruction or damage. However, it is never possible to provide absolute assurance regarding the security of personal data. For this reason, VALUEKEEP will promptly inform the individuals involved and their competent authorities (within the time limits legally required), whenever a security breach or incident occurs.
VALUEKEEP protects the security of personal data through the following ways:
- use encryption with certificate across all information from websites and their cloud products;
- implementation of an internal security policy covering the processes of access control, configuration, storage, backup, support, transmission, auditing, updating the technological infrastructure and a strong authentication policy;
- the commitment of confidentiality on the part of its collaborators and subcontractors and that the latter only act according to the instructions received, through the formalization of a valid contract or other normative, with the same obligations regarding data protection as those imposed on VALUEKEEP ;
- training for its employees.
It is also up to the users to fulfill their responsibilities with regard to their own safety, namely:
- Proceeding to the use of strong passwords;
- Non-disclosure of the password to any other person;
- Do not use the same credentials in different services.
Although we have implemented a set of reasonable security measures to protect your information, the Internet is an open system and we can not guarantee the security of the information you transmit to us through this medium. Any transmission that you make to us is made at your own risk and it is your responsibility to ensure that any personal data you send us is done safely.
7. DOES VALUEKEEP USE THIRD-PARTY DATA OR HAVE SPECIFIC PRODUCT PRACTICES?
VALUEKEEP can use data held by its customers in our products to provide analytical management insights.
By using VALUEKEEP products you are introducing transactional data associated with the activities and business processes that are managed by the features of our products. This data can be processed by VALUEKEEP to produce business analytical data that will be provided to you in the use of our products in various functionalities and contexts.
The analytical treatment of your business data will always be done by the application of analytical, statistical and intelligent algorithms so that we can offer you smarter functionalities in the products. VALUEKEEP can also handle your analytical data in conjunction with analytical data from other entities to provide more intelligent product functionality to all users of the VALUEKEEP community, but always ensuring the privacy and protection of your business data without ever revealing it or share with third parties.
This data processing will only be done with your consent to use our products. The consent to the processing of data can be revoked at any time, with the consequent loss of the right to use part or all of our products.
Your data will be kept for this purpose during the time of use of our products, and thereafter for the period defined for the unlinking of use of our products, which should also contemplate the legal provisions in force.
VALUEKEEP may also use data held by its customers for security purposes, to comply with legal obligations or for troubleshooting and support purposes provided that they are properly aligned with the terms of service, upon request or with the consent of its customers.
The personal data of third parties inserted into our systems by our customers are the responsibility of our clients. VALUEKEEP guarantees the security and confidentiality of this data, but it is not responsible for the legitimacy of its treatment.
VALUEKEEP reminds its clients that they also have responsibilities in the scope of data protection or in the fulfillment of the rights of the holders of such data, namely through the use of the functionalities developed in our products.
8. HOW CAN YOU EXERCISE YOUR RIGHTS UNDER THE GDPR?
Under the GDPR, you can either directly update your personal information or set some of your preferences such as receiving newsletters.
You can also request some specific rights such as:
- Additional information about the use of your data;
- A copy of the data stored in our databases;
- Limitation on the processing or forgetting of your personal data.
If you want to exercise any of the rights above, we will analyze them and respond within the legally required deadlines (maximum of 30 days). We may need to verify or prove your identity before performing these rights.
If you have any questions regarding our use of your personal data, you may at any time contact our Customer Care service on +351 253 309 950 or directly contact our Data Protection Officer at email@example.com.
If you are dissatisfied with our use of your personal data or with our response after exercising any of these rights, you have the right to submit a complaint to the national control authority (National Commission for Data Protection - CNPD. , nº 148, 3º, 1200-821 Lisboa | Tel: 351 213928400 | Fax: +351 213976832 | e-mail: firstname.lastname@example.org).