I – Us and our commitment:
Our group of undertakings, as this concept is defined and considered by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, 4th, als. 19) and 20) is formed by a set of companies namely LASA – Armando da Silva Antunes SA; Luzmonte 2 Têxteis S.A.; Filasa – Fiação Armando Silva Antunes, S.A., Pinto Antunes, Lda, hereinafter referred to as LASA Group.
LASA Group is profoundly committed in maintaining the confidentiality, integrity, and security of personal information of clients, business partners and any person that interacts with LASA Group through various channels such as websites, digital files, third party social networks.
II – Collection and processing of personal data
We collect personal data from the following sources:
– A computer system consisting of a set of software solutions supported on a set of hardware devices and other similar solutions, including e-mail services and other external digital repositories and communication solutions.
– Paper records stored in a restricted access area.
– LASA Group Website – www.lasagroup.com
III – Personal and material scope of this Privacy Policy
This Privacy Policy refers exclusively to how Personal Data is collected, used, and disclosed.
The same or similar policy will also be assumed, contractually signed with the LASA Group, by entities that process the same personal data on behalf of LASA Group.
The availability through the said LASA Group website of other links to other websites outside LASA Group is made in good faith and in the interest of the user, and cannot be held responsible, in any way, for the collection, processing and discloser of the data in those Websites, nor for the reliability, correctness, legality and functionalities available there, being therefore not applicable to them this privacy policy.
LASA Group considers it mandatory and will presume for all intents and purposes, without the possibility of proof to the contrary, that each individual will read the privacy policies of all the websites acceded to.
IV- The reason for the publication of this Privacy Policy
In addition to implementing it in its organizational processes, LASA Group has drafted this Privacy Policy to inform and explain the general rules of this Privacy Policy and how personal data is collected, processed and treated, always in strict compliance with relevant laws, policies, and regulations.
For this purpose, the text of this privacy policy will be available in the physical location at LASA Group and in digital support on the websites www.lasa-group.com.
What is mentioned in this Privacy Policy complements what is stipulated about this matter in the contracts, formal or informal, celebrated with the LASA Group.
We kindly ask you to read this Privacy Policy carefully, therefore, the availability of your personal data, either in person or when accessing said Website, implies that you know and accept the conditions contained herein and the processing of them for lawful and legitimate purposes.
LASA Group expressly reserves the right to change the present privacy policy at any time, and the result is duly publicized by the same means.
V- Concept of personal data
Personal data means any information or registration, of any nature and regardless of its support or format, namely sound, image, writing, chirograph or feature, relating to the identified or identifiable singular person.
An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.
VI- The entity responsible for the processing of personal data
The entity responsible for collecting and processing the personal data and that determines the means of their processing is the LASA Group. Personal data are processed fairly and lawfully, and only to the extent necessary to fulfil their specific and legitimate purpose.
VII – Types of personal data collected and processed
In the course of its daily organisational activities, the LASA Group acquires, processes and stores personal data namely:
1. Personal data necessary to provide products to its customers, such as name, tax number, address, telephone number and e-mail address, among others, which are necessary to fulfil their specific and legitimate purpose.
2. Personal data necessary for the performance of the employment contract or service contracts concluded with its employees, such as name, tax number, address, telephone number and e-mail address, among others, which are necessary to fulfil their specific and legitimate purpose.
3. Personal data necessary to fulfil legal obligations, either to public entities or to private entities, such as name, tax number, address, telephone number and e-mail address, among others, which are necessary to fulfil their specific and legitimate purpose.
4. Data needed to manage customers and users, to fulfil contractual obligations with customers and suppliers, to satisfy legal obligations, to implement marketing actions, to conduct market studies and satisfaction surveys, to handle complaints. All of these actions involve dealing with personal data such as names, tax numbers, addresses, telephone numbers and e-mail addresses.
5. All personal data processed to reach compliance with applicable laws and to pursue LASA’s Group legitimate business interests and legal rights, in particular tax and administrative management, enforcement of legal claims, the performance of compliance investigations and for regulatory and investigative purposes, and to ensure security of the installations.
Under applicable law, personal data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
VIII – When and how personal data is collected
The LASA Group collects personal data through direct contact (phone calls) or through LASA Group’s website.
As a general rule, personal data is collected in the beginning of a contractual relationship or other business-related activity between the LASA Group and the holder of personal data.
Some of the personal data are essential for the purposes of performing a contract or taking relevant pre-contractual steps, so in the absence or insufficiency of this data, it will not begin or continue. In these cases, LASA Group will inform the data subject of the compulsory and essential nature of the personal data.
Apart from these personal data which are essential to fulfil a specific and legitimate purpose of LASA Group, personal data will only be acquired and processed after explicit consent, obtained in a free, informed way, affirmed in a clear oral or written statement, namely for newsletters subscription and other or marketing communications, where Privacy Policy laws and rules are applied.
The personal data holder can object to the processing of personal data for purposes of advertising and data analysis at any time.
The data collected will be documented, whether in paper or digital format, in a strict compliance with the legislation that regulates the protection of personal data, being stored and contained in specific paper files and database, created and managed for this purpose and of restricted and exclusive access to LASA Group employees who necessarily have to use these data in the pursuit of LASA’s Group activity. In no case shall the data collected be used for any purpose other than that for which the consent has been given by the personal data holder, where necessary, or for the lawful and legitimate purpose of the collection.
IX – Purposes of the collection and processing of personal data
Personal data is processed for administering inquiries and agreements, as well as providing information and services in connection with such inquiries and agreements. Personal data may also be used for marketing and follow ups as well as for sales and product development with the aim of improving LASA’s Group products and services. Finally, personal data is also processed for tax and administrative management, enforcement of legal claims, the performance of compliance investigations and for regulatory and investigative purposes, and to ensure security of the installations.
At the moment that the personal data is collected, LASA Group will precisely detail the sort of personal data collected and how it will be processed, held and stored.
X – For how long will personal data be kept
LASA Group will store data for the shortest time possible. That period should take into account the reasons why LASA Group needed to process the data, as well as any legal obligations to keep the data for a fixed period of time. After this period of time the personal data will be erased.
XI- Right of Access · Right to Rectification · Right to Erasure · Right to Data Portability · Right to Restriction of Processing
LASA Group provides data subjects a copy of their processed personal data upon request at our registered office at Estrada Nacional 105, Nº 3344, Nespereira, 4835-517 Guimarães, or by the electronic address lasa.geral@lasanet.pt.
If you think your data protection rights have been breached, you can lodge a complaint with the National Data Protection Commission – Av. D. Carlos I, 134 – 1º 1200-651 Lisboa – Tel: +351 213928400 – Fax: +351 213976832 – e-mail: geral@cnpd.pt
XII – How LASAGroup protects Personal Data
LASA Group took all steps reasonably necessary to ensure that your data is processed securely and protected against unauthorised access or processing.
All personal data collected through digital or paper forms, whether completed on the physical premises of LASA Group or on the website (which requires encrypted sessions of the Browser) are stored safely in our physical repositories and digital systems.
All the personal data is stored in a Data Centre owned by LASA Group, or of its subcontractor, which possesses all the advanced physical and logistic security measures, that LASA Group considers necessary for the protection of personal data.
Despite of these security measures, it is important to be aware of the risks of the internet. When transmitting personal data over the internet, particularly sensitive personal data, data subjects should ensure the use of an updated PC and Browser in terms of properly configured security patches with active firewall, antivirus and antispyware, and ensure the authenticity of the websites and avoid websites whose credibility is not trust worthy.
LASA Group will inspect and monitor work-related conduct of employees, only to the extent necessary to fulfil LASA’s Group specific and legitimate purpose and in a strict compliance with the legislation. This monitorization consists in monitoring access controls, working hours, tasks and productivity, displacements and use of company’s vehicles. Not only the employees will have prior knowledge of these actions – being, whenever legally necessary and lawful, requested their consent – but this data will be processed securely and protected by LASA Group.
The aforementioned security and compliance plan include the existence of a designated Personal Data Protection Officer, who is responsible for, among other things, verifying this Privacy Policy, maintaining clear rules for the processing of personal data and communicating with control authorities, guaranteeing to all those who entrust LASA Group with the processing of their personal data, the effective knowledge of the way in which they process it and their rights in that regard.
XIII – Appointed data protection officer
LASA Group has appointed and maintains a Data Protection Officer who can be contacted by letter to LASA’s Group address at Estrada Nacional 105, Nº 3344, Nespereira, 4835-517 Guimarães, by telephone 253 560 700, or by e-mail address dpo@lasanet.ptet.pt
XIV- Communication of data to other entities, subcontractors or third parties
Lasa Group may use subcontractors for the purpose of processing and collect data, for the same purposes that it aims to obtain, by contractual means, a guarantee of reputation and an obligation to develop technical and organizational measures adequate for data protection and to ensure the defense of the holders rights. In certain circumstances determined by law, certain personal data may have to be communicated to public authorities, such as tax authorities, courts and security forces.
In this way, any of these subcontracted entities will process the personal data of our Clients, in the name and on behalf of the Lasa Group, under obligation to adopt the appropriate technical and organizational measures to the risk in order to protect the personal data against the destruction, accidental or illicit, accidental loss, alteration, dissemination or unauthorized access and against any other form of illicit processing.
Transfer of personal data:
LASA Group may have to transfer your personal data outside of Portugal. In such case, LASA Group will rigorously comply with all applicable legal provisions, namely with respect to the determination of the reliability and suitability of the country of destination with respect to protecting personal data and the requirements applicable to such transfers.
XV- Cookies
“Cookies” are small software tags that are stored on your computer through your browser. As a rule, they only retain information related to your preferences and as such they do not contain your personal data.
Whenever this is not the case, the user shall always be asked for his or her consent to supply the data in accordance with applicable legislation.