MADEIRA FIDUCIA MANAGEMENT LDA (MFM), holder of the tax number 511036604, with its head office at Edifício Marina Club, Av. Arriaga 73, 1º – Sala 105, 9000-060 Funchal, phone number +351.291.200.980, fax number +351.291.200.989 and email address firstname.lastname@example.org, respecting private life protection and personal data processing legislation, namely the law nº 67/68, of October 26, the law nº 41/2004 of August 18, as modified by the law nº 46/2012 of August 29, the Regulation (EU) 2016/679, of the European Parliament and the Council, of the 27th of April 2016, as well as the legislation and regulation applicable in Portugal which establishes the following data protection policy:
DATA COLLECTION AND PROCESSING
In the context of the conclusion of any contracts, namely of provision of incorporations services, management and administration of companies operating within the institutional framework of the Madeira International Business Centre, or any telephone contacts, to its Clients and other related entities, may request the User to make their personal data available, meaning, information provided by the User that allows them to be identified and/or contacted (“Personal Data”).
Generally, “Personal Data” is required when the Client requests a service, provides or asks for information, makes a purchase or establishes a contractual relationship with MFM.
The “Personal Data” collected and processed consist mainly in information related to the name, gender, date of birth, telephone and mobile phone numbers, email, address, tax number. Other “Personal Data”, which can be necessary or convenient for the provision or collection of services by MFM, may also be collected.
Upon collection of the “Personal Data”, MFM provides its Clients with detailed information about the nature of the collected data and about the purpose and processing to be performed in relation to such “Personal Data”.
The “Personal Data” will be stored for a period of 10 years from the date of collection.
MFM undertakes the commitment of only subcontracting entities that offer the highest safety in the implementation of appropriate technical and organizational measures to ensure the protection of the User rights. All subcontracting entities are bound to the latter through a written contract in which, namely, the object, duration, nature and purpose of the processing, type of personal data, categories of the data subjects and the rights and obligations are regulated.
CHANNELS OF DATA COLLECTION
MFM can collect data directly (with the client, via telephone, email and through the website) or indirectly (through partner organizations or a third-party).
APPLICATION AND PURPOSES OF THE USER DATA
In general terms, the “User Data” is handled for the following purposes:
- Provision of services of incorporation, management and administration of companies
- Contract Management with the Client
- Billing and collection to the client;
- Information to the Client, who has requested, about new products and services available, updated information on the activity, in general.
The “User Data” collected by MFM are not shared with third parties, without the consent of the Client, except in the situation mentioned in the following paragraph. However, in case the client hires services provided by other entities, responsible for the processing of personal data, the “User Data” may be consulted or accessed by these entities, as far it is necessary for the provision of the mentioned services.
According to the applicable legal terms, MFM will be able to transmit or communicate the “User Data” to other entities in case that such transmission or communication is necessary for the contract processing or for pre-contractual diligences, requested by the Client, as well as if it is necessary for a compliance with a legal obligation to which MFM is subject.
TECHNICAL, ORGANIZATIONAL AND SECURITY MEASURES IMPLEMENTED
To guarantee the safety of the “User Data” and the maximum confidentiality, MFM processes the information provided in an utterly confidential way, according with its policies and internal procedures regarding security and confidentiality, as well as with the terms and conditions provided by law.
According to the nature, area, context and purposes of the data processing, as well as to the risks arising from that processing for the rights and freedoms of the Client, MFM undertakes the commitment of applying the technical and organizational measures necessary and appropriate to the protection of the “User Data” and the compliance with the legal requirements, both at the time of defining the means of processing and during the processing itself.
MFM is also committed to ensure that the only data processed is the necessary for each specific purpose of the processing and that such data will not be made available without human intervention to an indeterminate number of people.
CLIENTS’ RIGHTS (DATA SUBJECT)
1. RIGHT TO INFORMATION AND ACCESS TO PERSONAL DATA
When the data is collected directly with the user, MFM will provide to the client with the following information:
- Identity and contacts of the controller of data processing and protection and where applicable, their representative.
- The purposes of the processing to which the personal data is meant for, as well as, where applicable, the legal reasons for the processing.
- The period for which the personal data will be stored.
- The right to require from MFM the access to the personal data, as well as its correction, elimination or restriction. The right to object to the processing of the data and the right to the accessibility of data.
- The right to withdraw at any time the consent, without compromising the lawfulness of processing made on a prior consent, in case the data processing is based on the Client’s consent.
- The right to submit a complaint before the National Committee for Data protection or other control authority.
- The indication on whether the communication of personal data constitutes or not a legal or contractual obligation, or a necessary requisite to celebrate a contract, as well as if the subject is obliged to provide personal data and the potential consequences of not providing those data.
In the event the “User Data” is not collected directly by MFM, besides the information mentioned above, the Client is also informed about the categories of personal data, object of the processing, about the data origins and eventually if they are from sources available to the public.
The information shall be provided in writing (including the electronic means) by MFM to the Client prior to the personal data processing concerned. According to the applicable legislation, MFM has no obligation to provide the User with the information collected when and insofar the Client is already aware of them.
MFM ensures the means that allow the Client to consult his or hers personal data. The Client has the right to obtain from MFM the confirmation if their “Personal Data” are object of the processing, and if so, it has the right not only to access personal data, but also to the information pertained in the points a) to g).in the point 1 of this chapter.
Upon request, it will be provided to the Client, without charge, a copy of the “User Data” that is in the processing stage.
2. RIGHT TO RECTIFICATION OF PERSONAL DATA
The Client has the right to request, at any time, the rectification of their “Personal Data” and the right to have their incomplete data completed, including by means of an additional declaration. In the event the data are rectified, MFM communicates it to each recipient to whom the data were transmitted, unless such communication is considered impossible or involves a disproportionate effort.
3. RIGHT OF ERASURE OF DATA (“RIGHT TO BE FORGOTTEN”)
The Client has the right to obtain, on the part of MFM, the elimination of their data, when one of the following grounds applies:
- The “User Data” are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- The Client withdraws consent on which the processing is based and there is no other legal ground for the processing;
- The Client objects to the processing under the right of opposition and there are no overriding legitimate grounds for the processing;
- The data have been unlawfully processed;
- The “User Data” have to be erased for compliance with a legal obligation to which MFM is subject.
According to the applicable legal terms, MFM has no obligation to erase the “User Data” as far as the processing proves necessary for the compliance of a legal obligation to which MFM is subjected or for the establishment, exercise or defense of legal claims.
In the event the data is eliminated, MFM will communicate it to each recipient/entity to whom the data were transmitted, unless such communication proves impossible or involves a disproportionate effort.
4. RIGHT TO DATA PORTABILITY
The Client has the right to receive the personal data that concerns him or her, and that has been provided to MFM, in a structured form, generally used and machine-readable, and the right to transfer that data to another entity if:
- The processing is based on a consent or on a contract in which the Client is part of;
- The processing is carried out by automated means.
The right to portability does not include the inferred and derived data, for example, personal data that are generated as a consequence or result of the analysis of the data which are subjected to the processing.
5. RIGHT TO OBJECT THE PROCESSING
The Client has the right to object, on grounds relating to their particular situation, at any time to the processing of personal data concerning him or her.
The “User Data” will never be processed for direct commercial purposes (marketing).
PROCEDURES FOR EXERCISING THE CLIENT’S RIGHTS
The right to access, rectification, erasure, limitation, portability and objection can be exercised by the Client by means of contact through email.
MFM will reply to the Client’s request, in written form (including the electronic means), in a maximum period of a month after the date of the reception of the request, except in case of particular complexity, in which case that period may be extended until two months.
PERSONAL DATA BREACHES
In the case of a personal data breach and considering that breach is likely to result in a significant risk to the Client’s rights and freedoms, MFM undertakes the commitment of communicating that personal data breach to the Client concerned within 72 hours after being aware of the incident.
According to the legal terms, communication to the Client is not required in the following cases:
- If MFM has implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorized to access it, such as encryption;
- If MFM has taken subsequent measures which ensure that the significant risk to the rights and freedoms of the Client is no longer likely to materialize.