Find out how we collect, analyse and use your personal data and how you can access all details


1.Personal Data

What are personal data? 
Personal data are any information, of any nature and on any medium (e.g. sound or image), concerning an identified or identifiable individual. 
A person considered to be identifiable is one who can be identified directly or indirectly, for example by their name, identification number, location data, an electronic identifier or other elements that allow the individual to be identified.

Who are the owners of personal data? 
The Customer or User, individual, to whom the data relate and who makes use of the services or products of INDELAGUE GROUP (INDELAGUE and ROXO Lighting). The Customer will be the person who signs the contract with INDELAGUE GROUP (INDELAGUE and ROXO Lighting) and the User is the person who uses the services or products of INDELAGUE GROUP or companies of the INDELAGUE GROUP, but who may not be the same person as the Customer. For example: 
- In the business segment, the contract with INDELAGUE GROUP is in the name of the company but the Users are customers and employees of this company; 
- In the household segment, a Customer may acquire various mobile services, so that each of the individuals in the household who enjoy the use of the service or products will be considered a user.

In this context, INDELAGUE GROUP informs that it also protects personal data and respects the rights of customers and users.

What categories of personal data are we dealing with? 
The categories of data we are dealing with are the following:

Identification and Contacts
Other identification data, Civil or tax identification numbers, payment data, invoicing/installation address, phone contact or e mail address; birth date, gender or information about the family unit

Service
Products and services acquired or subscribed to

Profile and interests 
Interest in INDELAGUE GROUP products and services, Newsletter, social networks, or other preferences and interests.

2.Personal data processing

Who is responsible for the processing of your personal data? 
The responsible person for the collection and processing of customers’ personal data will be the company of the INDELAGUE GROUP group which provides the service or supplies the product and who in this context decides what data is collected, the means of processing and the uses to which the data are put.

The Data Protection Officer 
INDELAGUE GROUP also has a Data Protection Officer (DPO): 
1. monitors compliance of data processing with applicable standards; 
2. is a point of contact with the customer or user in order to clarify issues relating to the processing of their data by INDELAGUE GROUP;
3. cooperates with the control authority; 
4. provides information and guidance to the person responsible for processing or the sub-contractor about their obligations as far as data privacy and protection are concerned.

How can I contact the Data Protection Officer?
You can contact the DPO through the following addresses: 
Post: Encarregado da Proteção de Dados (DPO) INDELAGUE - INDÚSTRIA ELÉCTRICA DE ÁGUEDA, S.A. - Rua da mina 465, Covão, Zona Industrial EN1 Norte, 3750-792 Trofa, ÁGUEDA PORTUGAL
Mail: dpo@indelague.pt

3.Grounds for personal data processing

On what grounds can INDELAGUE GROUP process your personal data? 
These are the circumstances in which we treat your personal data:

Agreeement
When your express and prior agreement has been obtained – in writing, orally or by validation of an option – and if this agreement was given freely, on an informed basis, specifically and clearly. Examples are, your agreement for INDELAGUE GROUP to analyze the use of services and consumption profiles and make recommendations or send marketing messages, to use your identification data or use of services to send INDELAGUE GROUP marketing messages.

or

Contract execution and pre-contractual diligence
When personal data treatment is necessary for the signature, execution and management of a contract with INDELAGUE GROUP, such as for example for the preparation of a proposal of services, or information about the address for installation, for providing a communications service, for managing contracts, information and requests, for the management of invoicing, debt recovery and payments;

or

Compliance with legal obligations
When personal data processing is necessary to comply with a legal obligation which applies to INDELAGUE GROUP, such as for example communicating identification or traffic data to the police, legal, tax or regulatory entities, or location data to provide emergency services;

or

Legitimate interest 
When personal data treatment is of legitimate interest to INDELAGUE GROUP or third parties, such as for example the treatment of data for improving quality of service, detection of fraud and revenue protection, and when our reasons for using them should prevail over your data protection rights;

4.Means and timing of personal data collection

For how long do we process your personal data? 
Your personal data are used by INDELAGUE GROUP only for the time necessary to achieve the purpose defined or, depending on what is applicable, until you exercise your right of objection, the right to be forgotten or you withdraw your agreement. 
Following the respective retention period, INDELAGUE GROUP will delete or make the data anonymous, whenever this data should not be retained for the specific purpose that may continue to exist.

For what purposes ado we process your personal data?

Marketing and Sales 
- Marketing or sale of new products and services
- Analysis of consumer profiles
- Adaptation and development of new products or services.

Customer Management and Service Provision 
- Management of contacts, information or requests
- Management of installation, activation or disconnections
- Management of complaints or breakdowns
- Management of invoicing debt recovery and payments
- Consumption analysis

Accounting, Tax and Administrative Management 
- Accounting, invoicing
- Management of commissions
- Tax information, including the sending of information to the taxation authorities

Litigation Management 
- Legal and out of court debt collection
- Management of other conflicts.

Detection of fraud, protection of revenue and auditing 
- Detection of fraud and illicit practices
- Protection and control of revenues
- Credit risk management
- Internal audit and investigation

Network and systems management 
- Support and improvement of networks and applications that support service
- Service monitoring, improvement and support

Compliance with legal obligations 
- Location of calls for emergency services
- Judicial requests to intercept communications
- Investigation, detection and suppression of serious crimes
- Answers to judicial, regulatory and supervision entities

Information security control 
- Management of accesses, logs
- Back up management
- Management of security incidents

Physical security control 
Video surveillance in premises, in particular Offices and Factory

For what lengths of time will personal data be used and kept? 
INDELAGUE GROUP uses and keeps your personal data according to the purposes for which they are used.

There are situations in which the law obliges data to be used and kept for a minimum period of time, namely:for one year, localisation and traffic data for investigations, detection and supression of serious crimes, or 10 years for data necessary in relation to information for the tax authorities for fiscal or accounting purposes.

But, in situations where no specific legal obligation exists, the data will used only for the period necessary to achieve the purposes that were the reason for their collection and preservation and, at all times in compliance with the law, and the guidelines and decisions of the CNPD.

Thus, INDELAGUE GROUP will process and maintain your personal data for the period during which a contractual relationship is maintained with you.

However, data traffic that are needed for invoicing, for example, destination and origin numbers of calls made, date and time of communication, duration of call, IP address and mac address, will only be kept for a maximum period of 6 months starting from the date on which the data were generated.

In relation to video surveillance in its premises INDELAGUE GROUP will only keep recordings of images and related personal data for a maximum period of 30 days.

 INDELAGUE GROUP will keep other personal data for periods in excess of the duration of the contractual relationship, either based on your agreement, or to ensure rights or obligations related to the contract, or because it has legitimate interests that support so doing, but always for the period of time that is strictly necessary to achieve the respective purposes and in accordance with the guidelines and decisions of the CNPD.

Examples are: contact for purposes of marketing and sales, the preservation of data as part of invoice complaint processes, exercising guarantee rights, taking away equipment after disconnecting the customer or legal proceedings, during the time in which these are pending.
5.Personal data collection
How do we collect your personal data? 
We collect personal data based on your agreement when you acquire INDELAGUE GROUP products and services, when you download or use INDELAGUE GROUP products, services and applications or when you take part in market surveys.
The collection can be done orally, in writing or via the INDELAGUE GRPOUP website.
But your personal information can also be collected from sources that are accessible to the public or other sources.

How is the indirect collection of your personal data? 
So that you can better understand this indirect form of collection, we point out the following cases:

Data Base Shared between electronic communications operators for the purposes of contracting
If you have invoices due of a value in excess of 20% of the minimum national wage, your data may be included in a debtors list. But before including your data on the list, INDELAGUE GROUP will notify you to pay off the sum owing within 5 days, or to prove that the debt does not exist or is not payable by you. Also if you have an agreement for the repayment of the debt, if you justify the fact that invoices have not been paid because of contractual non-compliance by the operator, or if you have contested the sum invoiced or prove that you do not owe the amount that is being recovered, then you cannot be part of this data base. This list is shared among participating communications operators and INDELAGUE GROUP may make recourse to this list before making a decision about establishing service contracts with customers.

Other relevant information about credit risk or about contact identification and data, for the management of bad debts, detection of fraud and revenue protection
INDELAGUE GROUP can collect personal data from private entities that keep relevant information about the credit of owners of personal data, as long as these data bases respect the applicable rules for data protection. INDELAGUE GROUP can also access, collect or confirm personal data held on government and private entity sites, in particular, to confirm the accuracy of your identification and contact data.

5.Personal data collection

How do we collect your personal data? 
We collect personal data based on your agreement when you acquire INDELAGUE GROUP products and services, when you download or use INDELAGUE GROUP products, services and applications or when you take part in market surveys.
The collection can be done orally, in writing or via the INDELAGUE GRPOUP website.
But your personal information can also be collected from sources that are accessible to the public or other sources.

How is the indirect collection of your personal data? 
So that you can better understand this indirect form of collection, we point out the following cases:

Data Base Shared between electronic communications operators for the purposes of contracting
If you have invoices due of a value in excess of 20% of the minimum national wage, your data may be included in a debtors list. But before including your data on the list, INDELAGUE GROUP will notify you to pay off the sum owing within 5 days, or to prove that the debt does not exist or is not payable by you. Also if you have an agreement for the repayment of the debt, if you justify the fact that invoices have not been paid because of contractual non-compliance by the operator, or if you have contested the sum invoiced or prove that you do not owe the amount that is being recovered, then you cannot be part of this data base. This list is shared among participating communications operators and INDELAGUE GROUP may make recourse to this list before making a decision about establishing service contracts with customers.

Other relevant information about credit risk or about contact identification and data, for the management of bad debts, detection of fraud and revenue protection
INDELAGUE GROUP can collect personal data from private entities that keep relevant information about the credit of owners of personal data, as long as these data bases respect the applicable rules for data protection. INDELAGUE GROUP can also access, collect or confirm personal data held on government and private entity sites, in particular, to confirm the accuracy of your identification and contact data.

6.Data protection rights

What are your rights?
See below your rights and the detail of what is safeguarded in each one.

Right of Access
The right to obtain confirmation of what personal data of yours is being used and information about this data, such as for example what the purposes of this use are, the lengths of time they are being kept, among others. The right to see/hear or get a copy, of, for example of invoices, written agreeements or calls in which you have been involved and which are recorded.

Right to Rectification
The right to request rectification of your personal data which are inexact or to request that partial personal data becompleted, such as for example address, tax number, e mail, phone contacts etc.

Right to delete data or “the right to be forgotten”
The right to get your personal data deleted, as long as there are no valid reasons for them to be kept, such as for example cases in which INDELAGUE GROUP has to keep data in order to comply with a legal obligation to preserve data for the investigation, detection and suppression of crimes or because there happens to be legal proceedings underway.

Right to withdraw Agreement or the right to objection
The right to object or withdraw your agreement, at any time in relation to data treatment, such as the use of data for marketing purposes, as long as there are no legitimate interests that take precedence over your interests, such as for example defense of the right to legal proceedings.

Right of Restriction
The right to request the restriction of use of your personal data, by means of:
1. Suspending use or
2. limiting the scope of use to certain categories of data and purposes of treatment.

Profile and Automated Decisions
INDELAGUE GROUP can trace customer profiles, based on for example their preferences, personal interests, use of service, location, etc., in particular to provide services, increase quality and improve product and service experience, prepare appropriate marketing communications etc., as long as this processing is necessary for the signing and execution of the contract between the owner and INDELAGUE GROUP or based on the agreement of the owner.
When the use of personal data, including its use for the definition of profiles, is wholly automatic (without human intervention) and may have an impact on your legal status or affect it significantly, you will have the right to not be subject to any decision that is based on this automatic treatment, notwithstanding those exceptions set out in the law, and will have the right to expect INDELAGUE GROUP to adopt adequate measures to protect your rights, liberties and legitimate interests, including the right to human intervention in the decisions taken by INDELAGUE GROUP, the right to make your point of view known and to contest the decision taken on the basis of the automated treatment of personal data.

Right to complain
The right to make a complaint to the control authority (CNPD), in addition to the company and to the DPO.

How can you exercise your rights?
Exercising your rights is free of charge, except if it concerns a request that is plainly unfounded or excessive, a situation in which a reasonable rate may be charged, taking into account the costs involved. Information should be supplied in writing but, on request, can be given orally. In this case, INDELAGUE GROUP must verify your identity by other means that are not oral. 
A response to requests must be provided within a maximum period of 30 days, unless the request is especially complex.

Exercising these rights should be done via the following addresses: 

INDELAGUE - INDÚSTRIA ELÉCTRICA DE ÁGUEDA, S.A. 
Morada: Rua da mina 465, Covão, Zona Industrial EN1 Norte, 3750-792 Trofa, ÁGUEDA PORTUGAL 

Mail:dpo@indelague.pt
Telephone: +351 234 612 310

7.Personal Data transmission

Under what circumstances can your personal data be transmitted to other entities, sub-contractors or third parties?
Your data can be transmitted to sub-contractors so that they can use them for and in the name of INDELAGUE GROUP. In this case, INDELAGUE GROUP will take the necessary contractual measures to ensure that subcontractors respect and protect the owner’s personal data.  
The data can also be transmitted to third parties – entities which are distinct from INDELAGUE GROUP or subcontractors, companies with which INDELAGUE GROUP has built partnerships, where the owner has given his permission – or entities to which data have been communicated due to legal requirements, such as the fiscal authorities.  

8.Personal Data protection

How does INDELAGUE GROUP protect your personal information? 
INDELAGUE GROUP has implemented adequate, necessary and sufficient logistical, physical, organizational and security measures to protect your personal data against destruction, loss, alteration, diffusion, unauthorized access or any other form of illicit or accidental treatment.

INDELAGUE GROUP has implemented:

-Logical security measures and requirement, such as the use of firewalls and systems for detecting intrusion into its systems, the existence of a rigorous policy in relation to accesses to systems and information, and a register of actions taken by INDELAGUE GROUP staff on personal data of customers and users (logging);

-Physical security measures, among which can be highlighted strict control over access to INDELAGUE GROUP physical installations by staff, partners and visitors, as well as access to the essential INDELAGUE GROUP technological infrastructure, which is highly restricted and continuously monitored;

-Means for protecting data from design (“privacy by design”) using technical means such as masking, encryption, aliasing and rendering personal data anonymous, and also a range of preventive measures that encourage privacy (“privacy by default”);

-Mechanisms for scrutiny, auditing and control, in order to ensure compliance with privacy and security policies;

-A program of information and training for staff and partners of INDELAGUE GROUP;

-Access rules for Customers and Users to specific products and services, such as for example the introduction of a password, in order to strengthen security and control procedures.

9.Useful tips for protecting your data

INDELAGUE GROUP Websites and of third parties 
Concerning the use and treatment of personal data on INDELAGUE GROUP websites, please make sure that you look at the rules on the use of cookies on the respective websites.

Websites, products or applications of INDELAGUE GROUP can contain links to third party websites, products and services which have no connection to INDELAGUE GROUP or which are not covered by this Privacy Policy.

The collection or treatment of personal data requested by these third parties is their sole responsibility, and INDELAGUE GROUP cannot be held responsible under any circumstances for the content, the accuracy, veracity or legitimacy of these websites or for the misuse of the data collected or treated through them.

We alert customers and users of INDELAGUE GROUP to this situation and to the need, before using these websites, products or applications, to read and accept the rules defined by these third parties in relation to the treatment of personal data.

Further advice
INDELAGUE GROUP advises caution in revealing your personal data and in exchanging this data on the internet, acts which are entirely the responsibility of the customer, in view of the fact that these data are not entirely protected against possible abuse, as well as adopting complementary security measures, including the maintenance of devices (PCs, tablets or mobile phones) and programs that are properly updated and configured with firewalls and protection against malicious software (e.g., antivirus), not to navigate on sites of questionable reputation or for which you do not have due guarantees of authenticity, the physical protection of your devices and to avoid putting access credentials on computers that can be accessed by the public (e.g., cybercafés, hotels etc.) and the use of passwords that are strong and differentiated according to each service or website.