I. Personal Data Protection Policy
Wellow™ respects the privacy and protection of personal data, in particular of our applicants, employees, trainees and trainers in development projects, users of our websites and social media, as well as suppliers and customers and, in the case of legal entities, their representatives.
The data provided by the different users are processed confidentially by Wellow™ in accordance with the provisions of Law 58/2019, of 8 August, the recommendations and directives issued by the National Data Protection Commission and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
Monitoring of compliance with this Policy will be ensured through the measurement of control assessment indicators and/or audits (internal or external), at regular intervals or when significant legislative or regulatory changes occur.
Wellow™ is committed to respecting best practices in the field of security and protection of personal data, having approved a program capable of safeguarding the protection of the data made available to us by all those who, in any way, relate to it.
Personal Data means all information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an electronic identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person..
Special Categories of Personal Data means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership of a natural person, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a person, data concerning health or data concerning sex life or sexual orientation..
Processing means any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction..
Data Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria applicable to his/her appointment may be provided for by Union or Member State law..
Personal Data Breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data which have been transmitted, stored or otherwise processed.
Data Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.
Third Party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Supervisory Authority means an Independent public authority set up by a Member State.
CNPD – Comissão Nacional de Proteção de Dados (National Data Protection Commission).
3. Collection and Processing of Data Subject
This Policy applies to all personal data of users that are collected by Wellow™ for (i) recruitment and selection activities, as well as all associated issues including the dissemination of new job offers, professional training and institutional information, (ii) information to customers and potential customers (iii) information on the existence of promotions or marketing campaigns, (iv) contractual or pre-contractual management (whether labour, commercial or other) or (v) to comply with legal obligations. As part of the activities carried out by Wellow™, users may be contacted for the purposes described above.
The types of personal data collected, processed and stored by Wellow™ are those necessary for the implementation of (i) recruitment and selection processes for employment and training opportunities or those necessary to fulfil other requirements when acting as an employer or employment agency, (ii) the provision of services to clients, whether outsourced or otherwise, and (iii) compliance with legal, contractual and pre-contractual requirements arising from the respective activities.
Such information may include:
- Full name
- Contact details (address, telephone number, email address)
- Date of birth
- Driving licence number and details
- Educational and vocational training qualifications
- Professional experience and skills
- Professional credentials, certificates or licences
- Membership of professional organisations
- Any other information contained in the CV
- Citizenship status and work authorisation
- Health-related or disability-related data
- Information from and related to publicly accessible profiles that you have created on employment-related social media platforms and job portals (such as LinkedIn, Facebook, Sapo Emprego or Indeed, among others).
- Information collected by professional reference checking
- Career management interests and preferences
- Employee, customer and/or supplier registration
- User ID and password or PIN if you register via the Wellow™ website..
In addition, Wellow™ may request types of personal data considered “sensitive”:
- National or tax identification number/social security number
- Financial or bank account details
- Information related to tax/fiscal situation
- Criminal record information
- Information on health insurance and retirement plans
- Health data (e.g. relating to medical examinations or accidents at work)
- Trade union membership
- Information contained in the Wellow™ employee personnel file, such as performance reviews, disciplinary measures and payroll processing.
- Finally, interactions with Wellow™ mobile and web applications may result in the collection, processing and storage of geolocation data.
- Other information you may provide to us, for example, through surveys, interactions with social profiles (LinkedIn, Facebook, Instagram, Twitter, Youtube, among others), as well as through other channels used to contact Wellow™.
Providing this type of information will be voluntary unless required by law. If you do not provide it, this will not jeopardise, for example, your employment or training opportunities.
4. Data Processors
These data processors may not transmit the data of the data subject to other entities without Wellow™ having previously provided written authorisation to do so, and are also prevented from contracting other entities without authorisation to do so.
Wellow™ undertakes to subcontract only entities that present sufficient guarantees of execution of the appropriate technical and organisational measures, in order to ensure the protection of the rights of the holder.
All data processors are bound by a written contract which regulates, inter alia, the purpose of the processing, the duration of the processing, the nature and purpose of the processing, the type of personal data, the categories of data subjects and the rights and obligations of the parties.
When collecting personal data, Wellow™ shall provide the data subject with information on the categories of data processors who, in the specific case, may process data on behalf of Wellow™.
5. Data Collection Channels
Wellow™ may collect data directly (i.e., directly from the data subject) or indirectly (i.e., through partner organisations or third parties). The collection can be done through the following channels:
- Direct collection: face-to-face, by telephone or e-mail or via the internet
- Indirect collection: through partners, external companies or Group companies and official entities
6. General Principles Applicable to Data Processing
The data processing carried out by Wellow™ is lawful when at least one of the following situations applies:
- the data subject has given explicit consent to the processing of the data subject’s data for one or more specific purposes
- Processing is necessary for the performance of a contract to which the data subject is party, or for pre-contractual steps at the request of the data subject.
- Processing is necessary for compliance with a legal obligation to which Wellow™ is subject.
- Processing is necessary for the defence of the vital interests of the data subject or of another natural person.
- Processing is necessary for the purposes of the legitimate interests pursued by Wellow™ or by a third party (unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail).
Wellow™ undertakes to ensure that the processing of the data subject’s data is only carried out under the conditions listed above and with respect for the principles mentioned above.
Where the processing of your data is carried out by Wellow™ on the basis of your consent, you have the right to withdraw your consent at any time. The withdrawal of consent, however, does not jeopardise the lawfulness of the processing carried out by Wellow™ on the basis of the consent previously provided by the data subject.
The period of time for which data is stored and retained varies according to the purpose for which the information is processed.
In fact, there are legal requirements that require data to be kept for a minimum period of time. Therefore, and whenever there is no specific legal requirement, the data will be stored and kept only for the minimum period necessary for the purposes for which they were collected or further processed, after which they will be deleted.
7. Use and Purposes of Data Processing
In general terms, Wellow™ uses the data subject’s data for various purposes, including billing and collection, for marketing purposes and for human resources management and employee recruitment, among others.
The data collected by Wellow™ is not shared with third parties without the consent of the data subject, with the exception of the situations referred to in the following paragraph. In the event that the data subject contracts with Wellow™ services that are provided by other entities responsible for the processing of personal data, the data of the data subject may be consulted or accessed by these entities, to the extent necessary for the provision of such services.
In accordance with applicable law, Wellow™ may transmit or communicate the data of the data subject to other entities in the event that such transmission or communication is necessary for the performance of the contract established between the data subject and Wellow™ or for pre-contractual steps at the request of the data subject, in the event that it is necessary for the fulfilment of a legal obligation to which Wellow™ is subject or in the event that it is necessary for the purpose of pursuing the legitimate interests of Wellow™ or a third party.
8. Technical, Organisational and Security Measures Implemented
In order to guarantee the data security and maximum confidentiality, Wellow™ processes the information provided by the data subject in an absolutely confidential manner, in accordance with its internal security and confidentiality policies and procedures, which are periodically updated as necessary, as well as in accordance with the terms and conditions provided by law.
Depending on the nature, scope, context and purposes of the data processing, as well as the risks arising from the processing for the rights and freedoms of the data subject, Wellow™ undertakes to apply, both at the time of defining the means of processing and at the time of the processing itself, the necessary and appropriate technical and organisational measures for data protection and compliance with legal requirements.
It also undertakes to ensure that only the data necessary for each specific purpose of processing are processed and that such data are not made available to an indefinite number of persons.
In terms of general measures, Wellow™ takes the following measures:
- Regular audits to assess the effectiveness of the technical and organisational measures implemented.
- Raising awareness and training of staff involved in data processing operations
- Pseudonymisation and encryption of personal data, where justified
- Mechanisms to ensure the ongoing confidentiality, availability and resilience of information systems.
- Mechanisms to ensure the restoration of information systems and access to personal data in a timely manner in the event of a physical or technical incident.
9. Transfer of Data Outside the European Union
The personal data collected and used by Wellow™ are not made available to third parties established outside the European Union. If such a transfer takes place in the future, Wellow™ undertakes to ensure that the transfer complies with the applicable legal provisions, in particular as regards the determination of the adequacy of such country with regard to data protection and the requirements applicable to such transfers.
10. Rights of Data Subjects
a. Right to Information
The information set out in this document shall be provided in writing (including by electronic means) by Wellow™ to the data subject prior to the processing of the personal data concerned. In accordance with applicable law, Wellow™ has no obligation to provide the data subject with this information when and to the extent that the data subject is presumed to be already aware of it.
The information is provided by Wellow™ free of charge.
b. Right of Access to Personal Data
Wellow™ ensures the means for the data subjects to access their personal data.
The data subject shall have the right to obtain from Wellow™ confirmation as to whether or not personal data concerning them are being processed and, if so, the right to access their personal data and the following information:
- The purposes for which the data are processed
- The categories of personal data concerned
- The recipients or categories of recipients to whom the personal data have been or will be disclosed, including recipients established in third countries or belonging to international organisations
- If possible, the period of retention of the personal data
- The existence of the right to request from Wellow™ the rectification, erasure or restriction of processing of personal data or the right to object to such processing.
- The right to lodge a complaint with the CNPD or other supervisory authority
- If the data have not been collected from the data subject, the information available on the origin of those data
- The existence of automated decisions, including profiling and information on the underlying logic, as well as the significance and envisaged consequences of such processing for the data subject.
- The right to be informed about the appropriate safeguards associated with the transfer of data to third countries outside the EU or international organisations.
Upon request, Wellow™ will provide the data subjects, free of charge, with a copy of their data that is being processed. The provision of other copies requested by the data subject may entail administrative costs.
c. Right to Rectification of Personal Data
The data subjects have the right to request the rectification of their personal data at any time and the right to have incomplete personal data completed, including by means of an additional declaration.
In the event of rectification of the data, Wellow™ shall communicate to each recipient to whom the data have been disclosed the rectification thereof, unless such communication proves impossible or involves a disproportionate effort for Wellow™.
d. Right to Erasure of Personal Data (“Right to be forgotten”)
The data subjects have the right to obtain from Wellow™ the erasure of their data where one of the following grounds applies:
- The data are no longer necessary for the purpose for which they were collected or processed.
- The data subject withdraws the consent on which the processing of the data is based and there is no other legal basis for such processing.
- The data subject objects to the processing under the right to object and there are no overriding legitimate interests justifying the processing.
- If the data are processed unlawfully
- If the data must be erased for the fulfilment of a legal obligation to which Wellow™ is subject.
In accordance with applicable law, Wellow™ is not obliged to erase the data subject’s data to the extent that the processing proves necessary for compliance with a legal obligation to which Wellow™ is subject or for the purposes of declaring, exercising or defending a right of Wellow™ in a judicial proceeding.
In the event of deletion of data, Wellow™ shall communicate to each recipient/entity to whom the data have been transmitted the deletion of the data, unless such communication proves impossible or involves a disproportionate effort for Wellow™.
If Wellow™ has made the data public and is obliged to erase them under the right to erasure, Wellow™ undertakes to take reasonable steps, including technical measures, taking into account available technology and the costs of their implementation, to inform the persons responsible for the actual processing of the personal data that the data subject has requested them to erase links to, and copies or reproductions of, those personal data..
e. Right to Limitation of Processing of Personal Data
The data subjects have the right to obtain from Wellow™ the restriction of the processing of their data, if one of the following applies (the restriction may consist of inserting a mark on the personal data stored for the purpose of limiting its processing in the future):
- If you contest the accuracy of the personal data, for a period enabling Wellow™ to verify its accuracy.
- If the processing is unlawful and the data subject opposes the erasure of the data, instead requesting the restriction of its use.
- If Wellow™ no longer needs the data for processing purposes, but the data are required by the data subject for the establishment, exercise or defence of legal claims.
- If the data subject has objected to the processing until it is established that Wellow™’s legitimate grounds override those of the data subject.
When the data subject’s data is subject to limitation, it may, with the exception of conservation, only be processed with the consent of the data subject or for the purposes of declaring, exercising or defending a right in a judicial proceeding, defending the rights of another natural or legal person, or for reasons of public interest legally provided for.
The data subjects who have obtained the restriction of processing of their data in the above cases will be informed by Wellow™ before the restriction of processing is cancelled.
In the event of restriction of processing, Wellow™ shall inform each recipient to whom the data have been disclosed of the restriction of processing, unless such communication proves impossible or involves a disproportionate effort for Wellow™.
f. Right to Portability of Personal Data
You have the right to receive the personal data concerning you that you have provided to Wellow™ in a structured, commonly used and machine-readable format and the right to transmit those data to another controller if:
- the processing is based on consent or a contract to which the data subject is a party
- The processing is carried out by automated means
The right of portability does not include inferred data or derived data, i.e. personal data that is generated by Wellow™ as a consequence or result of the analysis of the data being processed.
The data subject has the right to have personal data transmitted directly between controllers, where technically feasible.
g. Right to Object to Processing
You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you that is based on the exercise of legitimate interests pursued by Wellow™ or where the processing is carried out for purposes other than those for which the personal data were collected, including profiling or where the personal data are processed for statistical purposes.
Wellow™ will cease processing your data unless it has compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims by Wellow™.
Where your data are processed for direct marketing purposes, you have the right to object at any time to the processing of data relating to you for the purposes of such marketing, which includes profiling insofar as it relates to direct marketing. If you object to the processing of your data for the purposes of direct marketing, Wellow™ will cease processing the data for that purpose.
You also have the right not to be subject to any decision taken solely on the basis of automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless the decision:
- Is necessary for the conclusion or performance of a contract between you and Wellow™
- Is authorised by legislation to which Wellow™ is subject
- Is based on the explicit consent of the data subject
h. Procedures for the Exercise of Rights by the Data Subject
The right of access, the right to rectification, the right to erasure, the right to restriction, the right to portability and the right to object can be exercised by the data subject by contacting us by email at firstname.lastname@example.org, or by the address Rua do Proletariado n.º 2-A 2794-063 Carnaxide or by the telephone number 214139480.
Wellow™ will respond in writing (including by electronic means) to the data subject’s request within a maximum of one month from receipt of the request, except in cases of particular complexity, where this period may be extended up to two months.
If the requests submitted by the data subject are manifestly unfounded or excessive, in particular because of their repetitive nature, Wellow™ reserves the right to charge administrative costs or refuse to comply with the request.
i. Personal Data Breaches
In the event of a data breach and insofar as such breach is likely to result in a high risk to the rights and freedoms of the data subject, Wellow™ undertakes to communicate the personal data breach to the data subject concerned without undue delay.
Under the law, communication to the data subject is not required in the following cases:
- Wellow™ has implemented appropriate technical and organisational protection measures and those measures have been applied to the personal data affected by the personal data breach, in particular measures that render the personal data unintelligible to any person not authorised to access it, such as encryption.
- If Wellow™ has taken subsequent steps to ensure that the high risk to the data subject’s rights and freedoms is no longer likely to materialise.
- If communication to the data subject would involve a disproportionate effort for Wellow™. In such a case, Wellow™ will make a public communication or take a similar measure whereby the data subject will be informed
II. Consent to Call Recording
Contracted employees give their express CONSENT to the recording of calls in which they are involved in the execution of their activities, in particular for the purposes of internal auditing, quality control and possible proof of commercial transaction, of Wellow™ itself or of the respective Client..
III. Website Usage Policy
This website provides users with access to information, services and content, and the user assumes responsibility for its correct use and for the registration process required to access certain services or content.
The user undertakes to use the information, content and services on this website properly and, in particular, not to take any action that may cause physical or logical damage to the system or to access it fraudulently by using unauthorised access data.
The content of this website may not be modified or reinterpreted in such a way as to be protected under any other copyright, patent, trade mark or intellectual property registration that does not belong to Wellow™.
The information provided on the website may contain some technical inaccuracies or typographical errors. Consequently, Wellow™ assumes no responsibility in any form for any direct, indirect, incidental or collateral damage resulting from visiting its pages, including loss of data, loss of revenue or other income, and interruption of business processes derived from the use or inability to use the information on this site. Wellow™ furthermore declines any responsibility for the contents of third party websites that contain links to this website and/or that can be accessed from this website.
All items contained on this website, including texts, photos, illustrations and others are protected by law under the Code of Copyright and Related Rights.
The copying, reproduction and dissemination of the texts, photos, illustrations and other items contained in this electronic edition without the express authorisation of Wellow™ is expressly prohibited, regardless of the means used, with the exception of the right of citation defined by law.
The commercial use of the elements contained in the electronic edition of Wellow™, including texts, photos, illustrations and others, is expressly prohibited.
Wellow™ reserves the right to take legal action against the authors of any unauthorised copying, reproduction, dissemination or commercial exploitation of the items contained on this website, including texts, photos, illustrations and others.
A “cookie” is a file that is imported into your computer or other device when you access certain web pages that collects information about your browsing on those web pages. In some cases, cookies are necessary to facilitate browsing and allow you to store and retrieve information about a user’s browsing habits or their equipment, among others, and depending on the information they contain and how you use your equipment, they may be used to recognise you.
The cookies used on this website can be categorised as follows:
- Own cookies: those that are sent to the user’s terminal equipment from a device or domain managed by the publisher itself and from which the service requested by the user is provided.
- Third party cookies: those that are sent to the user’s terminal equipment from a device or domain that is not managed by the publisher, but by another entity that processes the data collected through cookies.
- Session cookies: those that collect and store data when the user accesses a web page
- Technical cookies: those that enable the user to navigate through a web page, platform or application and to use the different options or services available therein
- Customisation cookies: those that allow the user to access the service with some general characteristics predefined according to a series of criteria on the users’ terminal, such as language, the type of browser through which they access the service, the regional configuration of the location from which they access the service, etc..
- Analytics cookies: those that allow the person responsible for them to monitor and analyse the behaviour of the users of the websites to which they are linked. The information collected through this type of cookies is used to measure the activities of the websites, application or platform and to create browsing profiles of the users of these sites, applications and platforms, with the aim of introducing improvements in the function of analysing the data of use of the users of the service.
To find out which cookies are stored by your browser, you can use the tools available in your browser.
We sometimes use external web services to display content within our web pages. For example, to show virtual tours, images, videos, graphics, infographics, maps or to conduct surveys. Like social media buttons, we cannot prevent these external websites or domains from collecting information about your use of this embedded content.
V. Final Part
2. Applicable Law and Jurisdiction