Close
Booking

Privacy Policy & Personal Data

I. Personal Data Protection Policy

1. introduction

Intemporal respects the privacy and protection of personal data, including that of our candidates, employees, trainees, trainers in development projects, users of our websites and social media, as well as suppliers and clients, and, in the case of legal entities, their respective representatives.

The data provided by different users are handled confidentially by Intemporal in accordance with Law 58/2019 of August 8, the recommendations and directives issued by the National Data Protection Commission, and Regulation (EU) 2016/679 of the European Parliament and the Council of April 27, 2016.

The monitoring of compliance with this Policy will be ensured by measuring control and/or audit (internal or external) evaluation indicators at regular intervals or when significant legislative or regulatory changes occur.

Intemporal is committed to following best practices in the field of security and personal data protection, and for this purpose, it has approved a program capable of ensuring the protection of the data provided to us by everyone who interacts with it.

This Privacy Policy applies to the collection and processing of personal data carried out by Intemporal and is intended for the general public, establishing obligations for all employees.

2. Definitions

Personal Data - Any information related to an identified or identifiable individual; an individual is considered identifiable when they can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, electronic identifiers, or one or more specific elements of the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual.

Special Categories of Personal Data - Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data for the unique identification of a person, data related to health or data concerning sexual life or sexual orientation.

Processing - Any operation or set of operations performed on personal data or sets of personal data, by automated or non-automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or any other form of availability, comparison, or interconnection, restriction, erasure, or destruction.

Data Controller - The individual or legal entity, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its appointment may be provided for by Union or Member State law.

Personal Data Breach - A security breach that leads to the accidental or unlawful destruction, loss, alteration, disclosure, or unauthorized access to personal data transmitted, stored, or otherwise processed.

Processor - An individual or legal entity, public authority, agency, or other body that processes personal data on behalf of the data controller.

Third Party - An individual or legal entity, public authority, service, or body that is not the data subject, the data controller, the processor, or persons authorized to process personal data under the direct authority of the controller or the processor.

Supervisory Authority - An independent public authority established by a Member State.

CNPD - Comissão Nacional de Proteção de Dados (National Data Protection Commission).

3. Collection and Processing of Data from the Data Subject

This Policy applies to all personal data of users that is collected by Intemporal for (i) recruitment and selection activities, as well as all matters related to these, including the disclosure of new job offers, professional training, and institutional information, (ii) information to clients and potential clients, (iii) information about promotions or marketing campaigns, (iv) contractual or pre-contractual management (whether of a labor, commercial, or other nature), or (v) to comply with legal obligations. Within the activities developed by Intemporal, users may be contacted for the above-mentioned purposes.

The types of personal data collected, processed, and stored by Intemporal are those necessary for (i) recruitment and selection processes for job and training opportunities or those required to fulfill other requirements when acting as an employer or employment agency, (ii) provision of services to clients, in outsourcing or other arrangements, and (iii) fulfilling legal, contractual, and pre-contractual requirements arising from the respective activity.

Such information may include:

  • Full name
  • Contact details (address, phone number, email address)
  • Date of birth
  • Driving license number and details
  • Academic qualifications and professional training
  • Professional experience and skills
  • Credentials, certificates, or professional licenses
  • Membership in professional organizations
  • Any other information contained in the CV
  • Citizenship status and work authorization
  • Health-related data or data regarding disabilities
  • Information from and related to publicly accessible profiles created on social media platforms related to employment and job portals (such as LinkedIn, Facebook, Sapo Emprego, or Indeed, among others)
  • Information collected through professional reference checks
  • Interests and preferences regarding career management
  • Employee, client, and/or supplier registration
  • User identification and password or PIN, if registering via Intemporal's website.

Additionally, Intemporal may request types of personal data considered “sensitive”:

  • National or tax identification number/social security number
  • Financial data or bank account details
  • Information related to tax/fiscal status
  • Criminal record information
  • Information about health insurance and pension plans
  • Health data (e.g., related to medical exams or workplace accidents)
  • Union membership
  • Information contained in the Intemporal employee personal file, such as performance reviews, disciplinary measures, and salary processing
  • Finally, interactions with Intemporal’s mobile and web applications may result in the collection, processing, and storage of geolocation data
  • Other information that you may provide, for example, through surveys, interactions with social media profiles (LinkedIn, Facebook, Instagram, Twitter, YouTube, among others), as well as other channels used to contact Intemporal.

Providing this type of information will be voluntary, unless required by law. If not provided, it will not harm, for example, your employment or training opportunities.

4. Subcontracted Entities

In the context of processing the data of the data subject, Intemporal may use third-party entities, subcontracted by it, to process the data on its behalf, and in accordance with its instructions, in strict compliance with the law and this Privacy Policy.

These subcontracted entities may not transfer the data of the data subject to other entities without Intemporal's prior written authorization, and they are also prohibited from hiring other entities for such purposes without permission.

Intemporal is committed to subcontracting only entities that provide sufficient guarantees of implementing adequate technical and organizational measures to ensure the protection of the data subject's rights.

All subcontracted entities are bound by a written contract that regulates, among other things, the object, duration of the processing, nature, purpose of the processing, type of personal data, categories of data subjects, and the rights and obligations of the Parties.

When collecting personal data, Intemporal provides the data subject with information about the categories of subcontracted entities that may process data on behalf of Intemporal in the specific case.

5. Data Collection Channels

Intemporal may collect data directly (i.e., directly from the data subject) or indirectly (i.e., through partner entities or third parties). The collection can be made through the following channels:

  • Direct collection: in person, by phone, by email, or via the internet
  • Indirect collection: through partners, external companies, or companies within the Group and official entities

6. General Principles Applicable to the Processing of the Data Subject’s Data

In terms of general principles related to the processing of personal data, Intemporal is committed to ensuring that the data is:

  • Processed lawfully, fairly, and transparently in relation to the data subject
  • Collected for specified, legitimate, and clear purposes, and not further processed in a manner incompatible with those purposes
  • Adequate, relevant, and limited to what is necessary for the purposes for which they are processed
  • Accurate and up-to-date whenever necessary, with all reasonable measures taken to ensure that inaccurate data, considering the purposes for which they are processed, are erased or corrected without delay
  • Stored in a way that allows identification of the data subject only for as long as necessary for the purposes for which the data is processed
  • Processed in a manner that ensures its security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, with the adoption of appropriate technical or organizational measures

The data processing carried out by Intemporal is lawful when at least one of the following situations applies:

  • The data subject has given explicit consent for the processing of their data for one or more specific purposes
  • The processing is necessary for the performance of a contract to which the data subject is a party, or for pre-contractual steps at the request of the data subject
  • The processing is necessary for compliance with a legal obligation to which Intemporal is subject
  • The processing is necessary to protect the vital interests of the data subject or another individual
  • The processing is necessary for the purposes of legitimate interests pursued by Intemporal or by third parties (except where the interests or fundamental rights and freedoms of the data subject prevail and require the protection of personal data)

Intemporal commits to ensuring that the processing of the data subject's data is only carried out under the conditions outlined above and in compliance with the principles mentioned.

When the processing of the data subject’s data is carried out by Intemporal based on the consent of the data subject, the data subject has the right to withdraw their consent at any time. However, the withdrawal of consent does not affect the lawfulness of the processing carried out by Intemporal based on the consent previously given by the data subject.

The period during which the data is stored and retained varies depending on the purpose for which the information is processed.

In fact, there are legal requirements that mandate the retention of data for a minimum period of time. Therefore, unless there is a specific legal requirement, the data will be stored and retained only for the minimum period necessary for the purposes for which it was collected or subsequently processed, after which it will be deleted.

7. Utilization and Purposes of the Data Subject's Data Processing

In general terms, Intemporal uses the data of the data subject for various purposes, including billing and collection, marketing purposes, and human resources management and employee recruitment, among others.

The data collected by Intemporal from the data subject is not shared with third parties without the data subject’s consent, except in the situations mentioned in the following paragraph. If the data subject contracts services from Intemporal that are provided by other entities responsible for the processing of personal data, the data of the subject may be consulted or accessed by these entities, to the extent necessary for the provision of such services.

Under applicable legal terms, Intemporal may transfer or communicate the data of the data subject to other entities if such transmission or communication is necessary for the execution of the contract established between the data subject and Intemporal, or for pre-contractual procedures at the request of the data subject, if necessary for compliance with a legal obligation to which Intemporal is subject, or if necessary for the pursuit of legitimate interests of Intemporal or a third party.

In the event of a transfer of the data subject's data to third parties, reasonable efforts will be made to ensure that the recipient uses the data in accordance with this Privacy Policy.

8. Technical, Organizational, and Security Measures Implemented

To ensure the security of the data subject's data and maximum confidentiality, Intemporal treats the information provided by the data subject as strictly confidential, in accordance with its internal security and confidentiality policies and procedures, which are periodically updated based on needs, as well as in compliance with legally established terms and conditions.

Depending on the nature, scope, context, and purposes of the data processing, as well as the risks arising from the processing to the rights and freedoms of the data subject, Intemporal is committed to applying the necessary and adequate technical and organizational measures for the protection of data and compliance with legal requirements, both at the moment of defining the processing means and during the actual processing.

Intemporal also commits to ensuring that only the data necessary for each specific purpose of the processing is processed and that such data is not made available to an indefinite number of people.

In terms of general measures, Intemporal adopts the following:

  • Regular audits to assess the effectiveness of the implemented technical and organizational measures
  • Awareness and training for personnel involved in data processing operations
  • Pseudonymization and encryption of personal data, whenever justifiable
  • Mechanisms capable of ensuring the confidentiality, availability, and resilience of information systems
  • Mechanisms ensuring the restoration of information systems and access to personal data in a timely manner in case of a physical or technical incident.

9. Transfer of Data Outside the European Union

The personal data collected and used by Intemporal is not made available to third parties established outside the European Union. If, in the future, such a transfer occurs, Intemporal commits to ensuring that the transfer complies with the applicable legal provisions, particularly regarding the determination of the adequacy of such a country in terms of data protection and the applicable requirements for such transfers.

10. Rights of Data Subjects

a. Right to Information

The information contained in this document is provided in writing (including by electronic means) by Intemporal to the data subject prior to the processing of their personal data. Under the applicable law, Intemporal is not required to provide this information to the data subject when and to the extent it is presumed that the data subject is already aware of it.

The information is provided by Intemporal free of charge.

b. Right of Access to Personal Data

Intemporal ensures the means for the data subject to access their personal data.

The data subject has the right to obtain from Intemporal confirmation as to whether their personal data is being processed, and, if so, the right to access their personal data and the following information:

  • The purposes of data processing
  • The categories of personal data in question
  • The recipients or categories of recipients to whom the personal data has been or will be disclosed, including recipients in third countries or international organizations
  • If possible, the retention period for the personal data
  • The existence of the right to request rectification, erasure, or restriction of the processing of their personal data, or the right to object to such processing
  • The right to lodge a complaint with the CNPD (National Data Protection Commission) or another supervisory authority
  • If the data has not been collected from the data subject, the available information on the source of the data
  • The existence of automated decision-making, including profiling, and information regarding the underlying logic, as well as the significance and expected consequences of such processing for the data subject
  • The right to be informed about the appropriate safeguards related to the transfer of data to third countries outside the EU or international organizations

Upon request, Intemporal will provide the data subject, free of charge, with a copy of their data undergoing processing. Providing additional copies requested by the data subject may incur administrative costs.

c. Right to Rectification of Personal Data

The data subject has the right to request, at any time, the rectification of their personal data and, as applicable, the completion of their incomplete personal data, including through an additional declaration.

In the event of rectification, Intemporal will communicate the respective rectification to each recipient to whom the data has been transmitted, unless such communication is impossible or would involve disproportionate effort on the part of Intemporal.

d. Right to Erasure of Personal Data ("Right to be Forgotten")

The data subject has the right to obtain the erasure of their personal data from Intemporal when one of the following reasons applies:

  • The data is no longer necessary for the purpose for which it was collected or processed
  • The data subject withdraws consent on which the processing is based, and no other legal basis for the processing exists
  • The data subject objects to the processing under the right to object, and no overriding legitimate interests justify the processing
  • The personal data has been processed unlawfully
  • The personal data must be erased to comply with a legal obligation to which Intemporal is subject

Under applicable law, Intemporal is not obliged to erase the data if the processing is necessary for the compliance with a legal obligation to which Intemporal is subject or for the declaration, exercise, or defense of a legal right of Intemporal in a judicial process.

In the event of erasure, Intemporal will communicate the erasure to each recipient/entity to whom the data has been transmitted, unless such communication is impossible or would involve disproportionate effort on the part of Intemporal.

If Intemporal has made the personal data public and is required to erase it under the right to erasure, Intemporal will take reasonable measures, including technical ones, considering available technology and the cost of its application, to inform those responsible for the actual processing of the personal data that the data subject has requested the erasure of links to such personal data, as well as copies or reproductions thereof.

e. Right to Restriction of Personal Data Processing

The data subject has the right to obtain from Intemporal the restriction of the processing of their data if one of the following situations applies (restriction may involve marking the personal data retained to limit its future processing):

  • If the accuracy of the personal data is contested, for a period that allows Intemporal to verify its accuracy
  • If the processing is unlawful and the data subject opposes the erasure of the data, requesting instead the restriction of its use
  • If Intemporal no longer needs the data for processing purposes, but the data is required by the data subject for the declaration, exercise, or defense of a legal right in a judicial process
  • If the data subject has objected to the processing, until it is determined whether Intemporal's legitimate grounds override those of the data subject

When the data of the data subject is restricted, it may only, with the exception of storage, be processed with the consent of the data subject or for the declaration, exercise, or defense of a legal right in a judicial process, for the defense of the rights of another individual or legal entity, or for reasons of public interest legally provided.

The data subject who has obtained the restriction of the processing of their data in the above situations will be informed by Intemporal before the restriction is lifted.

In the event of the restriction of processing of the data, Intemporal will communicate the restriction to each recipient to whom the data has been transmitted, unless such communication is impossible or would involve disproportionate effort on the part of Intemporal.

f. Pessoais Right to Data Portability

The data subject has the right to receive the personal data concerning them, which they have provided to Intemporal, in a structured, commonly used, and machine-readable format, and the right to transmit these data to another data controller, if:

  • The processing is based on consent or a contract to which the data subject is a party
  • The processing is carried out by automated means

The right to portability does not include inferred data or derived data, i.e., personal data generated by Intemporal as a consequence or result of analyzing the data being processed.

The data subject has the right for the personal data to be transmitted directly between the controllers, where technically feasible.

g. Right to Object to Processing

The data subject has the right to object at any time, for reasons related to their particular situation, to the processing of personal data concerning them that is based on the legitimate interests pursued by Intemporal or when the processing is carried out for purposes other than those for which the personal data was collected, including profiling or when personal data is processed for statistical purposes.

Intemporal will cease processing the data subject's data, unless it presents compelling and legitimate reasons for such processing that prevail over the interests, rights, and freedoms of the data subject, or for the purpose of making, exercising, or defending a legal claim.

When the data of the data subject is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning them for the purposes of such marketing, including profiling to the extent that it is related to direct marketing. If the data subject objects to the processing of their data for direct marketing purposes, Intemporal will cease processing the data for this purpose.

The data subject also has the right not to be subject to any decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, unless the decision:

  • Is necessary for the performance of a contract between the data subject and Intemporal
  • Is authorized by legislation to which Intemporal is subject
  • Is based on the explicit consent of the data subject.

h. Procedures for Exercising the Data Subject's Rights

The rights of access, rectification, erasure, restriction, portability, and objection may be exercised by the data subject by contacting Intemporal via email at privacidade@wellowgroup.com privacidade@wellowgroup.com, by mail at Rua do Proletariado n.º 2-A 2794-063 Carnaxide, or by phone at 214139480.

Intemporal will respond in writing (including electronically) to the data subject’s request within a maximum period of one month from the receipt of the request, unless there are specific complexities, in which case this period may be extended up to two months.

If the requests presented by the data subject are manifestly unfounded or excessive, especially due to their repetitive nature, Intemporal reserves the right to charge administrative costs or refuse to process the request.

i. Personal data breaches

In the event of a data breach, and to the extent that such a breach is likely to result in a high risk to the rights and freedoms of the data subject, Intemporal is committed to notifying the affected data subject without undue delay.

Under the applicable laws, notification to the data subject is not required in the following cases:

  • If Intemporal has applied appropriate protective measures, both technical and organizational, to the personal data affected by the breach, especially measures that render the data unintelligible to any unauthorized person, such as encryption.
  • If Intemporal has taken subsequent measures to ensure that the high risk to the rights and freedoms of the data subject is no longer likely to materialize.
  • If notifying the data subject would require disproportionate effort. In such cases, Intemporal will make a public communication or take a similar measure through which the data subject will be informed.

II. Consent for Call Recording

The employees expressly give their CONSENT for the recording of calls in which they participate as part of their respective activities, namely for internal auditing, quality control, and potential proof of commercial transactions, either for Intemporal or for the respective Client.

III. Website Usage Policy

This website provides users with access to information, services, and content. The user is responsible for their proper use, as well as for any necessary registration process to access certain services or content.

The user agrees to use the information, content, and services on this website appropriately and specifically not to engage in any action that may cause physical or logical damage to the system or access it fraudulently by using unauthorized access data.

The content of this website may not be modified or reinterpreted in a way that would make it subject to another copyright, patent, trademark, or intellectual property registration that does not belong to Intemporal.

The information available on the website may contain some technical inaccuracies or typographical errors. Therefore, Intemporal assumes no responsibility, in any way, for any direct, indirect, incidental, or collateral damages resulting from visits to its pages, including data loss, loss of revenue or other profits, and disruption of business processes derived from the use or inability to use the information present on this site. Intemporal also disclaims any responsibility for the content of third-party websites that contain links to this website and/or that can be accessed from this website.

All elements contained on this website, including texts, photos, illustrations, and others, are protected by law under the Copyright and Related Rights Code.

Copying, reproducing, or disseminating texts, photos, illustrations, and other elements contained in this electronic edition is expressly prohibited without the prior authorization of Intemporal, regardless of the means used, with the exception of the right to quote defined by law.

Commercial use of the elements contained in the electronic edition of Intemporal, including texts, photos, illustrations, and others, is expressly prohibited.

Intemporal reserves the right to take legal action against those responsible for any unauthorized copying, reproduction, distribution, or commercial exploitation of the elements contained on this website, including texts, photos, illustrations, and others.

IV. Cookie Policy

A “cookie” is a file that is imported into your computer or other device when you visit certain web pages that collect information about your browsing on those web pages. In some cases, cookies are necessary to facilitate navigation and allow for saving and retrieving information about a user’s browsing habits or their device, among other things, and depending on the information they contain and how the user uses their device, they may be used to recognize the user.

The cookies used on this website can be classified as follows:

  • First-party cookies: These are sent to the user's device from an equipment or domain managed by the publisher, from which the service requested by the user is provided.
  • Third-party cookies: These are sent to the user’s device from equipment or domains not managed by the publisher, but rather by another entity that processes the data collected through the cookies.
  • Session cookies: These collect and store data when the user accesses a web page.
  • Technical cookies: These allow the user to navigate a website, platform, or application and use the various options or services available.
  • Personalization cookies: These allow the user to access the service with some general predefined features based on a set of criteria on the user’s terminal, such as language, the type of browser used to access the service, regional settings of the location from which the service is accessed, etc.
  • Analytical cookies: These allow the responsible party to monitor and analyze the behavior of users on the websites to which they are linked. The information collected through these cookies is used to measure website, application, or platform activity and create browsing profiles of the users of those websites, applications, and platforms, with the aim of improving the data usage analysis function of the service.

To find out which cookies are stored by your browser, you can use the tools available in your browser.

We use social media buttons to allow our users to share web pages or select them as favorites. These are buttons for external social media websites. These sites may register information about your online activities, including on our website. You can review the terms of use and privacy policies of these websites to understand exactly how they use the information and how you can delete or remove such information.

Sometimes, we use external web services to display content within our web pages, such as virtual tours, images, videos, graphics, infographics, maps, or to conduct surveys. Similar to social media buttons, we cannot prevent these external websites or domains from collecting information about the use of these embedded contents.

Intemporal does not assume any responsibility for legal or technical issues caused by the user's failure to comply with the recommendations provided. This communication is intended for the knowledge and use of users and, consequently, should not be used for any other purpose. Intemporal is also not responsible for the content and accuracy of the privacy policies of third parties included in this cookie policy.

If you have any questions regarding this cookie policy, please contact us at privacidade@wellowgroup.com.

V. Final Part

1. Changes to the Privacy Policy

Intemporal reserves the right to change this Privacy Policy at any time. If the change is substantial, a notice will be posted on the website.

2. Applicable law and jurisdiction

The Privacy Policy, as well as the collection, processing, or transmission of the data subject’s data, are governed by the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, and by the applicable laws and regulations in Portugal.

Any disputes arising from the validity, interpretation, or enforcement of the Privacy Policy, or related to the collection, processing, or transmission of the data subject’s data, must be submitted exclusively to the jurisdiction of the courts of Lisbon, without prejudice to applicable mandatory legal provisions.

Download the Privacy Policy and Personal Data Protection Policy here in English.

Cookies
We use cookies. If you think it's OK, just click on "Accept all". You can also choose the type of cookies you want by clicking on "Settings". Read our cookie policy
Definitions Refuse everything Accept everything
Cookies
Choose the type of cookies to accept. Your choice will be stored for one year. Read our cookie policy
Save Refuse everything Accept everything