This privacy policy of HFA, SA aims to demonstrate our commitment and respect for the rules of privacy and protection of personal data, as well as an insight into how it collects and processes the personal data of its employees and of individuals who are related to HFA, SA, including those that access its facilities (headquarters building).

Our privacy policy is based on Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data protection.("General Data Protection Regulation" or "RGPD").
Regulation UE 2016/679 relates to the protection of individual´s personal data.

HFA, S.A. is an accredited, trustworthy organization and aims to maintain its level of excellence in the market and continue to earn the trust of its business partners.


1. IDENTIFICATION

a) Data Handling Responsable (RTD)

HFA- Henrique, Fernando & Alves S.A.
Raso de Paredes - Apartado 309
3754 – 909 Águeda
Tel. 234 612 680
Fax 234 612689
e-mail: geral@hfa.pt

b) Data Protection Officer (DPO)

The holder of the personal data can contact the DPO through the address dpo@hfa.pt or in writing to the address of the RTD to the care of the DPO, for any matter that concerns your personal data.

2. PRINCIPLES

HFA, S.A. in accordance with national and European laws on data protection, will follow the following principles in the processing of personal data:

  • Principles of lawfulness, loyalty and transparency: personal data are always treated in a lawful, fair and transparent manner whenever: the data subject has given his consent to the processing of his personal data for one or more specific purposes; the processing is necessary for the execution of a contract in which the data subject is a party, or for pre-contractual procedures at his request; treatment is necessary for the fulfillment of a legal obligation to which HFA, S.A. is subject or the treatment is necessary for the defense of vital interests of the data owner or another individual; the processing is necessary for the exercise of functions of public interest or for the exercise of the public authority of which HFA, SA is invested or the treatment is necessary for the legitimate interests pursued by HFA, S.A. or by third parties. 
  • Principle of limitation of purpose: HFA, S.A. collects and treats personal data for explicit and legitimate purposes, and does not treat such data subsequently for other purposes;
  • Principle of data minimization: personal data collected are always adequate, relevant and limited to what is strictly necessary for the purposes for which they are processed;
  • Principle of accuracy: personal data being processed are always accurate and up-to-date whenever necessary and without delay;
  • Principle of conservation limitation: personal data are always kept in a way that allows data holders to be identified and only for the period of time necessary for the purposes for which they were collected or for the legal or regulatory retention period to which HFA, SA is bound;
  • Principle of integrity and confidentiality: personal data are always treated in a way that ensures their safety, in particular against unauthorized treatment, loss or destruction;
  • Principle of responsibility: HFA, S.A. is responsible for applying the above principles, as well as for implementing all technical and organizational measures conducive to compliance with applicable laws.

3. INFORMATION AND CONSENT

Obtaining consent for the processing of personal data is done in written form or electronically, depending on the situation.

The written form is written in a clear and simple language to facilitate your understanding, and freely and voluntarily determine the claim to provide your personal data.

The holder of the personal data is informed of the purpose for which his personal data are intended, except that they are related to the contractual relationship between the data subject and the RTD.
Without the express consent of the holder, it will not be possible to comply with the purposes

4. DISCLOSURE AND CONSERVATION OF PERSONAL DATA

HFA, S.A. will not provide information to third parties, which are not legally bound and will not disclose the personal data to which it has processed. Data shall be kept only for the period necessary to fulfill the purpose for which it was collected.

Personal data will be processed and kept during the term of the contractual relationship for the period of time that results from the consent of the data subject or for the period of time necessary to safeguard a legitimate interest of HFA, S.A. or third legally imposed.

After the expiration of the retention period, and provided that HFA, S.A. is not obliged, by legal, judicial or administrative imposition, to preserve it, personal data will be eliminated.

5. EXERCISE OF RIGHTS

The holder of the personal data can, by e-mail to the address dpo@hfa.pt or letter addressed to the RTD and the care of the DPO, at any moment:
- Access your personal data;
- Revoke consent previously granted;
- Correct or change inaccurate or incomplete data;
- Request the deletion of your personal data, when, among other reasons, the data is no longer necessary for the purposes for which it is collected;
- Limitation of the processing of personal data when verifying situations unlawful to its treatment;
- Request the portability of personal data;
- Do not accept the subjection to automated treatment of your personal data;
- Right to complain to the competent authorities, National Commission for Data Protection - CNPD.

6. SHARING PERSONAL DATA

The personal data collected will only be communicated to the entities imposed by law to comply with various legal obligations to which HFA, S.A. is subject, as well as all regarding the contractual relationship.

7. LEGITIMACY OF PERSONAL DATA TREATMENT

The processing of personal data is legitimate and necessary for the performance of a contractual relationship between the holder of the personal data and the RTD and to fulfill the aforementioned purposes and which are only carried out with the consent of the data subject.

8. SAFETY PRECAUTIONS

HFA, SA will treat the personal data always in a confidential way and maintaining the respective confidentiality, in accordance with the provisions of the regulation, adopting for this purpose, the organizational and technical measures necessary to guarantee the security of its data and avoid its alteration, loss, processing or unauthorized access, taking into account the state of the technology, the nature of the data stored and the risks to which they are exposed.

The server and network of HFA, S.A. are protected by anti-virus, firewalls and intrusion detection systems from unauthorized access or misuse of data.

9. AMENDMENTS TO THE PRIVACY POLICY

HFA, S.A. may, at any time, change this Privacy Policy.