Zyrgon Portugal Lda. respects the privacy of its clients/users, employees, and suppliers. This Privacy Policy describes who we are, for what purposes we may use your data, how we process it, with whom we share it, how long we retain it, as well as how to contact us and exercise your rights. The rules set out in this Data Protection Policy complement the provisions regarding the protection and processing of personal data set forth in the contracts entered into by Clients/Users, Employees, and Suppliers with Zyrgon Portugal Lda., as well as the rules provided in the terms and conditions governing the offering of various products and services and which are duly published on the respective websites.

Your data is collected by Zyrgon Portugal Lda., with headquarters at Travessa do Sebeiro Nº12, hereinafter referred to as Zyrgon.

Zyrgon processes and stores personal data within the European Union (EU) and adheres to best practices in the field of security and protection of personal data, having adopted the necessary technical and organizational measures to comply with the General Data Protection Regulation (Regulation (EU) 2016/679), which is a directly binding legislative act for individuals and legal entities, whether residents of the EU or not, who process data of EU citizens and aims to ensure that the processing of personal data is lawful, fair, transparent, and limited to authorized purposes.

This privacy statement is under the responsibility of Zyrgon, which is considered the data controller for the purposes of the GDPR and will determine the purpose and means of processing personal data presented and collected online.
The Data Protection Officer (DPO) ensures compliance with the regulation and is involved in all matters related to the protection of personal data. Their identification and contact method are provided at the end of this document.

What is personal data?
Personal data is any information, of any nature and regardless of format, including sound and image, relating to an identified or identifiable individual.
An identifiable individual is one who can be identified, directly or indirectly, particularly by reference to a name, identification number, location data, online identifiers, or to one or more specific factors of their physical, physiological, genetic, mental, economic, cultural, or social identity.

What does the processing of personal data involve?
The processing of personal data consists of an operation or set of operations carried out on personal data or sets of personal data, through automated means or not, namely the collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, comparison, interconnection, restriction, erasure, or destruction.

Our data protection policy ensures that data is:

1. Processed lawfully, fairly, and transparently in relation to the data subject (“lawfulness, fairness, and transparency”);

2. Collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes;

3. Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;

4. Accurate and kept up to date where necessary; every reasonable step must be taken to ensure that personal data that are inaccurate, in relation to the purposes for which they are processed, are erased or rectified without delay;

5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;

6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures;

Purposes of Personal Data Processing
By ensuring the data subject’s prior consent where required, we will collect, among others, the following information: Full Name, Civil Identification Number, Tax Identification Number, Date of Birth, Email, and Phone Number.
In general, the personal data collected is intended for managing the contractual relationship, providing contracted services, tailoring services to the needs and interests of the Client/User, Employee, and Supplier, namely to enable access to specific service features, suggest content, provide localized information services, and carry out information and marketing actions.
Additionally, personal data may be processed for the purpose of complying with legal obligations and for the purpose of investigating, detecting, and suppressing serious crimes.

Cookies
Our website uses cookies or similar technologies to ensure the best user experience and to analyze trends, track user movements within the site, and gather demographic information about our user base as a whole.
Our cookies record information such as Internet Protocol (IP) address, browser type, Internet Service Provider (ISP), referring/exit pages, files accessed on our site (e.g., HTML pages), operating systems, date and time, to analyze trends on the site.

Retention period
The period of time for which personal data is stored and retained varies depending on the purpose for which the information is processed.
In fact, there are legal requirements that require data to be kept for a minimum period. Thus, and whenever there is no specific legal requirement, data will be stored and retained only for the minimum period necessary for the purposes that motivated its collection or subsequent processing, under the terms defined by law.

Age requirement
By accepting this privacy policy, you confirm that you are 18 years of age or older.

Use of personal data
Zyrgon will contact you to present the goods and/or services it offers. The processing of such data is based on the consent given by the data subject. Access to personal data is strictly limited to the staff of the data controllers and subcontractors.

Sharing personal data
Zyrgon guarantees that it does not intend to transfer data to countries outside the scope of the General Data Protection Regulation and if it does, it will ask for your consent.
Zyrgon has entered into agreements with its subcontractors whereby they are bound not to transfer data to third countries.
In certain situations, both Zyrgon and its subcontractors may be required to disclose personal information in response to requests by supervisory authorities to comply with GDPR requirements.

Security of processing
Zyrgon is committed to ensuring the security of the personal data made available to it, having implemented strict rules in this area. Compliance with these rules is a duty of all those who legally access this data.
Given Zyrgon’s concern and commitment to the protection of personal data, several technical and organizational security measures have been adopted to protect the personal data made available against dissemination, loss, misuse, alteration, unauthorized access, or any other form of unlawful processing.
Additionally, third-party entities that, in the course of providing services, process personal data of the Client/User, Employee, and Supplier on behalf of Zyrgon are required, in writing, to implement appropriate technical and security measures that at all times meet the requirements established by current legislation and safeguard the data subjects’ rights (namely, the privacy and personal data protection of Clients/Users, Employees, and Suppliers).

Access, rectification, or deletion of personal data
As the data subject, the Client/User, Employee, and Supplier has the right to request access to their data, request that it be rectified or deleted. You may also limit the processing of your data, object to it, and request data portability.
You can do this directly or by written request to the Data Controller, using the contact details provided in this document.
You may also contact the Data Protection Officer for clarification or submit a complaint to the CNPD whenever you believe your rights are being violated.

Right of access
The data subject has the right to obtain from Zyrgon confirmation of whether or not personal data concerning them is being processed and, if so, access to that data and the information provided by law.

Right to rectification
The data subject has the right to obtain from Zyrgon, without undue delay, the rectification of inaccurate or incomplete data concerning them.

Right to data erasure (“right to be forgotten”)
The data subject has the right to obtain from Zyrgon the erasure of their personal data, without undue delay, and Zyrgon has the obligation to erase personal data, without undue delay, when one of the following grounds applies:

1. a) The personal data is no longer necessary for the purpose for which it was collected or otherwise processed;

2. b) The data subject withdraws consent on which the processing is based and there is no other legal ground for the processing;

3. c) The data subject objects to the processing and there are no overriding legitimate grounds for the processing;

Right to restriction of processing
The data subject has the right to obtain from Zyrgon restriction of processing where one of the following applies:

1. a) The accuracy of the personal data is contested by the data subject, for a period enabling Zyrgon to verify its accuracy;

2. b) The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead;

3. c) Zyrgon no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise, or defense of legal claims;

4. d) The data subject has objected to processing pending verification of whether the legitimate grounds of the controller override those of the data subject.

Right to data portability
If processing is based on consent and carried out by automated means, the data subject has the right to receive the personal data concerning them, which they have provided to Zyrgon, in a structured, commonly used, and machine-readable format.

Right to object
In cases where data processing is based on 1) Zyrgon’s legitimate interests; 2) data is processed for direct marketing purposes; or 3) profiling, the data subject may object at any time to the processing of their personal data.

Marketing emails
Data controllers are permitted, after explicit consent, to send marketing emails to website users. You may withdraw your consent at any time via the unsubscribe link provided in each email.

Changes to this policy
This policy may be updated occasionally, for example due to changes in relevant legislation. If any material changes are made, clients will be notified by email or by notification on the website.