Prolacto Lacticínios de São Miguel S.A. is dedicated to the production of Dairy Products and its Derivatives, and its Policy about Web data protection and privacy is based on:
1. Introduction This Policy has been developed to support Prolacto Lacticínios de São Miguel S.A. (referred to below as “we”, “us” or “our”) data protection compliance activities, prepared following the General Data Protection Regulation (GDPR). This policy applies to all Staff and Partners of Prolacto and, where identified, Third Parties accessing the firm’s Assets (customers and other). The terms Privacy, Data Privacy and Data Protection may be used in the same sense, as they refer to the complex set of legal requirements that apply to Personal Data, which is much broader than just Information Security and Confidentiality. For example, it includes requirements around transparency of data usage and the retention of data. Adherence to this policy is mandatory to all Staff and Partners and therefore they have an individual responsibility to ensure their personal compliance with this policy and should seek guidance from their team leaders for further clarification if required. Any Staff or Partners found to have violated this policy may be subject to disciplinary action as per the processes included in the Disciplinary Procedure. 2. Data Protection Principles In the course of our business, we process Personal Data. This may include Personal Data we receive through our service opportunities, our client engagements, from sales activities or from a range of other related and support activities. The data may be received directly from a Data Subject, for example, in person, via mail, email, telephone or from other sources, including, but not limited to, third parties, joint controllers, technical and non-technical subcontractors and support services. All Staff and Partners should only collect Personal Data that is relevant and necessary to accomplish a corporate function and responsibility. Prolacto is committed to adhering to the data protection principles set out by the GDPR, which are:
3. Fair and lawful Processing Whenever we collect Personal Data, we have a legal basis on which to collect and process the data. In accordance with GDPR, we are able to identify at least one of the following grounds for processing the Personal Data:
Where we act as a Data Controller, we ensure that we have a legitimate ground to collect and process the Personal Data. In some cases, we will be acting as a data processor on behalf of our client, in which case it is ultimately the responsibility of our client to ensure they have the correct basis for processing the Personal Data, including the right to share with us. However, we should take steps to ensure that our contract is clear on our own responsibilities in this regard, and that if we are collecting Personal Data directly from Data Subjects on behalf of clients, that we have the grounds to do so legitimately. Where a Special Category of Data is being processed (see Appendix A for definition), there are a further set of conditions that should be met. GDPR requires us to provide the Data Subjects with information about the processing in order to ensure fair and transparent processing. Wherever we collect Personal Data from Data Subjects, we ensure that we provide appropriate Information on why we require the Information, and how we are going to process it. 4. Processed for specific purposes only Whenever we collect and process Personal Data, we ensure that we only use the data for the specific purposes that are communicated to the Data Subject. Prolacto should never process Personal Data for additional purposes that have not been communicated to the Data Subject. Thus, we be clear as to the purpose of processing and should understand the purpose that our clients may have collected the Personal Data for. 5. Adequate, relevant and non-excessive Processing When we collect and process Personal Data, we follow the principle of data minimization. This means that we only collect the minimum Personal Data necessary to do a particular task. At the same time, we ensure that we have an adequate amount of Personal Data to do a particular task properly. For example, collect no more than the required and necessary Personal Data to be able to identify them uniquely. 6. Accuracy of Personal Data We have an obligation to ensure that Personal Data is kept accurate and up to date. We ensure that we have reasonable processes in place to keep data accurate where required, for example employee Personal Data or existing and prospective client Personal Data held by the relevant areas. When acting as a Data Processor in relation to a client engagement, we will not be required to put in place mechanisms to keep that data updated; that will be the responsibility of the Data Controller i.e. our client. 7. Retention of Personal Data Personal Data is not retained longer than required. This means that we set and apply maximum retention periods to Personal Data that we process, and put in place processes to delete the Personal Data upon expiry of the set retention period. Therefore the following retention periods may apply: (i) as long as is necessary for the relevant activity or services; (ii) any retention period that is required by law; (iii) the end of the period in which litigation or investigations might arise in respect of the services; or (iv) for the minimum period foreseen by contract. 8. Data Subjects Rights GDPR requires us to inform individuals about the Personal Data we collect and the purposes and means for which it is processed. This Information is given in the form of a ‘Privacy Notice’.
9. Security of Data Held Prolacto maintains the information secure by protecting the Confidentiality, Integrity and Availability of the Personal Data, defined as follows:
10. Data Disclosure All Staff and Partners should avoid any inappropriate disclosure of Personal Data and adhere to our general duties in relation to Confidentiality. We may:
Personal Data can usually be disclosed:
For legal purposes data may be disclosed if:
We may transfer any Personal Data to a third country or international organization. Personal Data we hold may also be processed by Staff operating in a third country, namely Angola, or work for us or for one of our suppliers. We will ensure that at least one of the following conditions are applied:
12. Log information, cookies, and web beacons PROLACTO website uses cookies to distinguish one user from another. PROLACTO collects standard internet log information including the user’s IP address, browser type and language, access times and referring website addresses. To ensure that our website is well managed and to facilitate improved navigation, we or our service providers may also use cookies (small text files stored in a user’s browser) or web beacons (electronic images that allow our website to count visitors who have accessed a particular page and to access certain cookies) to collect aggregate data. By Prolacto - Lacticínios de São Miguel, S.A. Lagoa, 16 October, 2018 |