English

< Ready to start the project? _ >

*// Company
*// Resources
*// Solutions
*// Expertise

<Privacy Policy>

Framing

This policy describes a set of guidelines, rules and principles that must be observed by CODEWIN, S.A. to ensure the protection of the rights of data subjects.

CODEWIN, S.A. undertakes to comply with this policy in accordance with the obligations of Regulation 2016/679/EU of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR").

In this sense, CODEWIN seeks to ensure that its internal procedures are in compliance with the legal obligations of the GDPR and that the personal data of its employees, customers, suppliers or service providers and any other data subjects whose personal data CODEWIN processes in the exercise of its activity, are processed in accordance with the regulatory and legal standards in force and stored safely.

Legal Notice

Codewin arises from the merger of the company Decode S.A.com the company Sowin S.A., and is still in the process of merging, all data (namely candidates) belonging to both databases will also be merged, with the respective communication to the data subjects and the reminder that they may request the exercise of the right to be forgotten if they wish to do so at any time. Codewin guides its processes by total integrity and transparency, so it is concerned with complying with and enforcing all the precepts of the GDPR, understanding, perceiving and enforcing the legal provisions for the security and privacy of personal data.

Legal Purpose of treatment

Codewin headquartered at Rua Sousa Martins nº 10, Lisbon, registered at the Commercial Registry Office of Lisbon, under registration and legal person number 516 428 667 is the entity responsible for the processing of personal data, committing to apply the necessary technical and organizational measures, taking into account all aspects that may influence compliance with the General Data Protection Regulation (hereinafter referred to as "GDPR"), to safeguard the Fundamental Rights of Data Subjects. To this end, CodeWin, S.A. It has several technological measures ("privacy-enhancing technologies") which we constantly seek to update, having employees specially assigned for this purpose, demonstrating our concern and commitment to the Data Subject. In addition, we keep a record of the nature, scope, context and purposes of the processing of the data collected, which allows us to ensure and prove that the processing is carried out in such a way as to guarantee the full Protection of Data Subjects as a commitment that attests to our responsibility.

Contacts:

  • Postal address: Rua Sousa Martins nº 10, Lisbon
  • Phone: 918 265 359
  • Email: gdpr@codewin.pt

Application and scope

This Privacy Policy also applies to the respective employees, subcontractors, co-controllers, suppliers, customers, users of this website, trainees and candidates who operate in the Universe of this company.

For the purposes of this Privacy Policy, each company holding its own taxpayer belonging to the Moongy Business Group has its own Privacy Policy, independent and autonomous, therefore, for the purposes of Responsibility for Processing, each Company (and its assets) belonging to this Business Group  has its own independence, and none of these entities are responsible for the acts or omissions of the other entities of the group with regard to Data Protection.

Global Projects Department

The Global Projects Department (DPG) is part  of Moongy S.A., which is the Managing Company of the Moongy Group, where CodeWin, S.A. also belongs.

The Department is made up of professionals with a curriculum and technical and organizational knowledge from different areas who provide support to various subjects, among others: Information Security and Data Protection.

The DPG assists CodeWin, S.A., in the  application of the GDPR, being informed, engages appropriately and in a timely manner, in all matters related to the protection of personal data, taking into account the risks associated with the processing operations, such as their nature, scope, context and purposes. It also ensures compliance with all established processes in order to preserve the confidentiality of data.  

With regard to requesting the rights of data subjects, reporting personal data breaches and other communications related to the GDPR, this is the point of contact:

YOUR PERSONAL DATA

What is personal data?

Personal Data is information relating to an identified or identifiable natural person (Data Subject), excluding data relating to legal persons. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, etc.  

Any specific element of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

What data do we need to collect?

The personal data collected are strictly necessary and are limited to the purposes for which they are intended, which are determined, explicit, legitimate and kept for the strict period of time in which they may be necessary for their purpose. Personal data must be processed lawfully, fairly and transparently in relation to the data subject.

For the fulfillment of the business activity and as responsible for the collection, CodeWin, S.A. You

Data Category
Information to Collect

Candidate Data - Recruitment

Name; date of birth or age; sex; nationality/citizenship/place of birth; address of residence; telephone and fax number; e-mail address, mother tongue; data and copy of the identification document; immigration status (in case you need a work permit); academic qualifications; academic record; professional history; photography; marital status; household and details of any dependents.

Candidate Data - Contractual Process(Admission)

Name; date of birth or age; sex; nationality/citizenship/place of birth; address of residence; telephone and fax number; e-mail address, mother tongue; data and copy of the identification document (citizen card or passport), including social security number (or equivalent in your country) and NIF; details and copy of your driving licence and/or other proof of address; financial information (country of bank domiciliation, account holder, domicile (name of bank), IBAN, BIC (or SWIFT)); other tax information; immigration status (in case you need a work permit); academic qualifications, proof of qualifications, academic record; employment history, photograph, emergency contacts; marital status, household and details of any dependents.

Customer Data - Contractual Process

Name, telephone number and e-mail address of employees of the client company.

Supplier Data - Contractual Process

Name, telephone number and e-mail address of employees of the client company, as well as financial information (country of bank domiciliation, account holder, domicile (name of the bank), IBAN, BIC (or SWIFT)).

External Trainees Data

Full name; address of residence; e-mail address; employment phone number; number and validity of the Citizen Card; NIF; nationality; naturalness; Date of birth.

Website User Data

Cookies collect generic information, namely: i) IP address; ii) date, time, duration and frequency with which you access the website; iii) the way in which you arrive at and use the website; (ii) information related to their authorizations; iii) the area of the country from which you access the website.

need to collect and process the following data:

Data Category
Purpose of Processing

Candidate Data

The following are used for recruitment:

  • Fit the candidate in the respective business opportunities;
  • Conducting interviews;
  • Refer the candidate for qualification in client;
  • Presentation of pre-proposal.

Employee Data

The are used to:

  • Human Resources Management;
  • Staff selection and recruitment;
  • Processing of remuneration, benefits and allowances, including garnishment of salaries and reimbursement of expenses;
  • Occupational safety and health;
  • Management of disciplinary sanctions;
  • Vocational training;
  • Surveillance;
  • Time/attendance control.

Customer Data

The data collected from our Clients is quite limited, and the main reason for this collection is to ensure that the contractual provisions established are properly applied, so that the relationship unfolds without constraints. The use of this data is based on the following main purposes:

  • Provide a consulting service;
  • If the service we provide to you is carried out in association with any of our partners, we will have to share your data in order to provide you with the best possible service;
  • Provide training services.

Supplier Data

We only use the data to ensure that the contractual provisions comply with legal obligations, that our relationship and communication takes place without any constraints, as well as to ensure the processing of payments.

External Trainee Data

They are used for:

  • Effect of management and holding of training sessions;
  • Issuance of certificates;
  • Historic effects;
  • To help us improve the training experience and content.

Website User Data

They are used for:
Improve the user’s experience of our website.

What is the Legal Purpose of the Processing?

The Purposes of personal data processing are determined by the execution of the various types of formalized legal contracts that become necessary to continue the entire activity of the company, among them we state:

  • the execution of the service contracts we have with our clients
  • employment contracts we have with our employees;
  • management of internal processes of customers and employees;
  • accounting, tax and administrative management;
  • litigation management;
  • control of physical security and compliance with legal obligations.

Under the terms of the GDPR, we are duly legitimized by the following grounds of lawfulness of processing:

1 – Execution of contracts or pre-contractual steps – The processing is necessary for the conclusion, execution and management of contracts to which the data subject is a party, or at the request of the data subject himself.

2 – Compliance with a Legal Obligation – For the fulfillment of a legal obligation to which the company is subject. For example, communication of tax data.

3 – Pursuit of a legitimate interest such as the safety of people and property, the improvement of the quality of a service, to promote transparency in the scope of Social Responsibility. CodeWin, S.A. It carries out a duly recorded weighting test to ensure the legitimacy of the processing.

4 – Consent – Whenever the grounds of lawfulness listed above are not applicable, CodeWin, S.A. requests the Data Subject's Consent. Consent is a free, specific, informed and explicit manifestation of will by means of an unequivocal (and written) statement or act in which the Data Subject authorizes the Processing.

The withdrawal/withdrawal of consent can be requested at any time by sending a simple request to the e-mail address: gdpr@codewin.pt. The Personal Data collected by us will be processed and stored in accordance with the purposes and for the minimum period legally necessary.

What is the Legal Purpose of the Processing?

CodeWin, S.A. may, within the scope of its basic activities, disclose the data collected to fulfill the purposes indicated in this policy, being provided to the entities of the CodeWin, S.A. network. Only the data strictly necessary for the execution of the service,  based on compliance with a legal obligation (for example, payroll processing or any tax obligation that requires it), may also, to the extent necessary, be communicated to official entities whenever legally required and may be processed by entities subcontracted by the company (for example, internal and external auditors that allow us to preserve and improve the quality of the service). In this sense, the entire scope of this policy extends to the processing of third parties and processors, taking into account:

  • Compliance of processing with the GDPR, this privacy policy and lawful, fair and transparent processing;
  • The data collected is merely instrumental to our activity, intended to pursue a determined, specific and legitimate purpose, and there can be no subsequent processing incompatible with the determined purposes;
  • The data collected is merely instrumental to our activity, intended to pursue a determined, specific and legitimate purpose, and there can be no subsequent processing incompatible with the determined purposes;
  • The data will be kept accurate and up-to-date in order to guarantee the principle of accuracy and to guarantee the integrity and confidentiality of the data;
  • Also with regard to integrity and confidentiality, there can be no illegal and unauthorized processing to prevent any loss, destruction, or damage to the data by adopting all appropriate technical and organizational measures;
  • The retention of the Data Subject'  s data is a concern for CodeWin, S.A., whereby the data will remain identifiable solely and exclusively for the period necessary for the purposes for which the data is processed.

How we design new products

Whenever a new product is developed, it is ensured in the design itself (as a primary aspect) that it has the most advanced technical and organizational measures available to CodeWin, S.A. (taking into account the risks arising from the processing for the rights and freedoms of data, as well as the risks arising from the processing for the rights and freedoms of natural persons, being aware of the variability of probability and severity), while having privacy as a pillar throughout the processing process. In this way, the application of all the Principles determined by the GDPR from the design is ensured, protecting Data Subjects and ensuring the rights of data subjects.  

In short, CodeWin, S.A. undertakes to implement and have privacy present at the stage of product development and throughout processing in order to ensure data protection from the very design of the product ("Privacy by Design").

How long does the data be stored?

The data will be kept for: the period necessary for the purposes for which they are intended and for which they are processed within the scope of our activity; for a maximum period of 5 years for personnel selection and recruitment; for the periods required by the legal obligations to which we are subject.

YOUR RIGHTS

Rights of the Data Subject

The Holder of the personal data has the following rights, which can be exercised easily and free of charge, through the following e-mail: gdpr@CodeWin.pt

Only in the case of manifestly unfounded or excessive requests may a fee be charged for the exercise of these rights (pursuant to Article 15(3) GDPR).

Rights of the Data Subject

The data subject has the right to question whether or not the data is being processed and, if so, the right to access his or her personal data and to be provided with the following information:

  1. Purpose of the processing;
  2. Categories of data to be processed;
  3. Recipients to whom the data will be disclosed;
  4. Envisaged retention periods or, if this is not possible, the criteria used to set such a period;
  5. Existence of the right to request rectification, erasure, restriction of processing or objection to processing; security and destination measures related to the transfer of data to third countries;
  6. Right to lodge a complaint with the supervisory authority.

The data subject also has the right to obtain a copy of the personal data that is being processed.

Right to rectification

The data subject has the right to request and obtain the rectification of inaccurate data and to request that incomplete personal data be completed without undue delay.

Right to erasure/to be forgotten

The data subject has the right to request the erasure of his or her personal data, without undue delay, whenever it is no longer necessary for the purpose for which it was collected or processed. You can also decide to withdraw your consent to the processing of your personal data whenever you want to exercise your right to object to it.

There are some exceptions to this right, such as if they are against the exercise of freedom of expression and information, if they are necessary for compliance with legal obligations, if they are necessary for reasons of public interest or public health, if they are necessary for archival reasons of public interest, scientific research, historical, for statistical purposes or the exercise or defense of rights in judicial proceedings. In these cases, the data subject should be informed of the reason why it is not possible to respond to their request.

Right to restriction of processing

The data subject has the right to limit/restrict the processing of his/her personal data whenever one of the following situations occurs:

  1. If the data is inaccurate and is disputed during the period for which it is possible to verify its accuracy;
  2. Categories of data to be processed;
  3. If the processing is unlawful, but the data subject opposes the end of the processing and only wants the restriction of its use;
  4. If the controller no longer needs the data for processing, but the data is required by the data subject for the establishment, exercise or defense of legal claims;
  5. If at any time you have objected to the respective processing and it has not ceased (i) for compelling legitimate reasons presented to the controller or (ii) for the establishment, exercise or defense of legal claims.

In the situations numbered above, you may be asked to suspend the processing or to limit the scope of the processing to certain categories of data (e.g. only the provision of full name and address) or even to specific processing purposes.

Direct to notification

Whenever the rectification, erasure or restriction of the processing of data is requested by the respective data controller, the controller informs the data controller that it has complied with the request, unless such communication proves impossible or involves a disproportionate effort. If the data subject so requests, the controller shall provide the data controller with information about those recipients.

Right to data portability

The data subject has the right to receive the personal data concerning him/her in a structured, commonly used and machine-readable format without CodeWin, S.A. . may object pursuant to Article 20 (1) GDPR:

  • if the processing is based on a contract;
  • the data subject has given consent;
  • the processing is carried out by automated means.

How can I exercise my rights?

To exercise any of these rights or for any questions regarding the processing of their personal data, the holder of the same must address a request to the person in charge of the entity, through the email address gdpr@CodeWin.pt.

Although these rights are explained to the data subject when collecting their personal data, if there are any doubts, they may contact the data controller via e-mail gdpr@CodeWin.pt.

RESPONSIBILITIES

How Do We Protect Your Data?

CodeWin, S.A. It has been working to maintain and preserve personal data with a high level of security. In obedience to the principle of security, secrecy and privacy, we guarantee the processing of your data only by authorized persons, only accessing and processing your data who has the legitimacy to do so, always doing so in an absolutely confidential manner. The principle  of "need-to-know" has been adopted, where employees can only have access to personal data if it is strictly necessary for the performance of their duties. Processing outside this scope is considered prohibited and subject to disciplinary sanctions, in accordance with our internal security and confidentiality policies and procedures, which are periodically updated as needed.

Depending on the nature, scope, context and purposes of the data processing, as well as the risks arising from the processing to the rights and freedoms of the data subject, we apply, both at the time of defining the means of processing and at the time of the processing itself, the technical and organizational measures necessary and appropriate for data protection. Employees are not allowed to use personal data for private or economic purposes, transmit it to unauthorized third parties and/or otherwise allow access.

CodeWin, S.A. further undertakes to ensure that, by default, only relevant, necessary and appropriate data for each specific purpose of the processing will be processed and that such data will not be made available without human intervention to an indeterminate number of persons. However, this is not foreseen, if personal data is transferred to countries outside the European Union, the applicable legal provisions are observed, namely regarding the determination of the adequacy of such country with regard to data protection and the requirements applicable to such transfers. Security measures have also been defined ranging from good practices to the prevention of external threats. These are described in the security policy. If you want to have access to it, you can request it to be sent through the email gdpr@CodeWin.pt.

Global Projects Department (DPG)

CodeWin, S.A. , assisted by the DPG, is responsible for:

  1. Act as a controller with respect to all duties and obligations provided for in the GDPR;
  2. Monitor and control the compliance of processes with the GDPR and with the policies implemented in an appropriate and timely manner;
  3. ensure that it has all the necessary resources to carry out its duties;
  4. Act as a point of contact for requests from data subjects regarding the processing of their personal data and the exercise of their rights;
  5. Carry out a data protection impact assessment if a certain type of processing so requires.

Personal Data Breach

A personal data breach is considered to be any act that jeopardizes the security of the data, accidentally or unlawfully, and that causes the destruction, loss, alteration, disclosure or unauthorized access to personal data transmitted, stored or subject to any other type of processing. We reiterate that the CodeWin, S.A. It has been working to maintain and preserve personal data with a high level of security, having technical staff solely with this mission in the company. However, there may always be slight deviations from the forecast. If any of our candidates, employees, clients, subcontractors, or even third parties detect or suspect a possible data breach, they should immediately send an email to gdpr@CodeWin.pt , indicating what happened, as well as identifying the data that may be involved. In this way, the responsible department will be able to act quickly and appropriately in accordance with the standards set out in the GDPR.

In the event of a data breach and to the extent that such a breach is likely to entail a high risk to the rights and freedoms of customers, employees and other employees and/or partners, CodeWin, S.A. undertake to report such a breach to the National Data Protection Commission within 72 hours of becoming aware of the incident and to the holders of personal data whenever such a breach is likely to entail a high risk to their rights.

COOKIES

What are cookies?

Cookies are small text files that are stored on your computer or mobile device through your web browser. Through the navigation that is made, they record your preferences and allow the website to identify your device the next time you access. At any time, you can decide to be notified about the receipt of cookies, to consult or change the type of cookies, as well as to block their entry into your system, through the settings of your internet browser (browser).

Why are they used?

Cookies are an essential part of the operation of our website and to facilitate your navigation on the Platform, and their main purpose is to improve the user's search experience. For example, they are used to help determine the usefulness, interest, and number of uses of the website, allow for faster and more efficient navigation, and also eliminate the need to repeatedly enter the same information. The information collected by Cookies also allows us to improve the website through estimations and usage patterns, and to allow it to be adapted to the individual interests of users.

As described below, the website uses technical or strictly necessary cookies, performance cookies, functionality cookies and advertising cookies. Each of these cookies may be installed  by CodeWin's websites (first-party cookies) or by websites external to CodeWin (third-party cookies), and may be removed as soon as the user leaves the website (session cookies) or remain on the terminal equipment after the user leaves the website (persistent cookies).

The cookies currently used by the website are the following:

Technical or strictly necessary cookies

Technical or strictly necessary cookies are cookies installed with the aim of allowing navigation on the website, allowing a correct user experience, namely the security of the website or the management of consents. For this reason, these cookies do not require your consent.

Cookie
Cookie designation
Purpose
Nature of the cookie
Duration

Performance cookies

Performance cookies allow us to count visits and traffic sources, so that CodeWin can measure and improve the performance of the website. These cookies help us to know which pages are most visited and to analyse how visitors use the website. All information collected by these cookies is anonymous.

Revocation and management of consents

The user may, at any time, revoke or change the preferences of consents previously granted. To do this, simply access the cookie management tool.

The use of cookies can also be set in your browser preferences, namely in the privacy options. For this purpose, we recommend that you consult the help section/menu of your browser or visit the web pages of the respective provider.

Complaint to the supervisory authorities

Not with standing the existence of the commitment of CodeWin, S.A. for resolving any type of situation. The Data Subject has the right to lodge a complaint with the competent authorities (CNPD) if any of the rights are denied.

From the competent authority:

National Data Protection Commission

Av. D. Carlos I, 134 - 1.º

1200-651 Lisboa / Portugal

Tel: +351 213928400 / Fax: +351 213976832

www.cnpd.pt

Changes to the Privacy Policy

CodeWin, S.A. reserves the right to change this Privacy Policy at any time, and such change will be duly published herein.

In any case, we suggest that you review this Policy regularly so that, in case of changes or updates, you can always be duly informed about them.

Governing Law and Jurisdiction

The privacy policy, as well as the collection, processing or transmission of data from customers, employees and partners, are governed by the provisions of Regulation (EU) 2016/679, of the European Parliament and of the Council, of 27 April 2016, and by the legislation and regulations applicable in Portugal, namely Law No. 58/2019, of 8 August.

Any Disputes arising from the validity, interpretation or execution of the Privacy Policy, or that are related to the collection, processing or transmission of the Client's data, shall be submitted exclusively to the jurisdiction of the judicial courts of the District of Lisbon, without prejudice to the applicable mandatory legal rules.

Contact

If you have any questions, wish to exercise your rights, suggestions or complaints regarding Data Protection and this Privacy Policy, you can contact us at our email address: gdpr@codewin.pt.

Ready to start the project?_

Codewin - 2023
All rights reserved
Company
Solutions
Expertise
Resources