Privacy Policy

OUR COMMITMENT

TCB as a public sector entity clearly understands its role in society and the need to establish citizen confidence in the public services provided by the state, both at national and local level.

Legislation imposes privacy obligations on us, committing us to use personal data for clearly identified purposes and in accordance with data protection rights. The confidentiality and integrity of personal data are our main concerns.

This Privacy Policy establishes how TCB uses the personal data collected to personalize our users' cards, and is made up of the following sections:

Who is responsible for data processing?

Within the scope of its activities and responsibilities, TCB are responsible for collecting and processing personal data, which is processed and stored in an automated and non-automated manner.

TCBs have a Data Protection Officer, who can be contacted via email geral@tcbarreiro.pt. The Data Protection Officer is responsible, in particular, for monitoring the compliance of activities involving the processing of personal data with applicable legal and regulatory standards, and is also the point of contact between the TCB and the National Control Authority, as well as between TCB and its users in matters relating to the processing of personal data.

What are considered personal data and which is collected?

What are personal data?

Personal data is all information of any nature, collected on any type of support, relating to an identified or identifiable natural person. Identifiable is the set of information that can lead to the identification of a specific person, particularly by reference to an identifier (such as an identification number or location data).

From whom do we collect personal data?

In view of the activity carried out by TCB, the majority of data relating to individuals are processed, namely those that allow the user to be identified for the purpose of concluding a transport contract, being collected in a specific paper document, and inserted into a computer access platform. restricted.

However, to carry out its duties, data from the following types of natural persons may be collected and processed (non-exhaustive list):

  • TCB workers;
  • Current TCB users;
  • Partners and their collaborators;
  • Service providers and their employees; 2 • Candidates to work at TCB and/or professional internships;
  • Participants in events promoted by TCB (e.g., seminars and training actions).

What personal data do we process and how do we collect it?

TCB only collect data that is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.

Data collection can be done in writing (namely by filling out forms and questionnaires), as well as by accessing online surveys. As a general rule, we collect the data directly. To carry out the different purposes, we may collect the following types of personal data:

  • didentification data (such as name, age, sex and residence);
  • contact details (such as mobile phone, address or email);
  • qualification and professional status data (such as education level, professional status and CV); • location data (such as IP address);
  • mobility characterization data on a reference day (start and end point(s) of the trip(s), start and end times, modes of transport used, reason(s) for travel, reasons for choosing the mode(s), parking modalities, transport tickets, etc.)
  • images from recording events or video conferences, when permitted .

As a rule, TCBs do not collect special data, such as health data or data relating to administrative offenses or criminal offences.

Why and on what basis do we use personal data?

All data collected and processed by TCB is based on one of the following legitimacy conditions:

  • Consent: Collection is preceded by express, specific and informed consent, through written support. We collect consent, for example, for purposes related to conducting interviews or surveys, subscribing to newsletters or registering for actions promoted by TCB.
  • Execution of a contract or pre-contractual measures: when processing is necessary for the execution of a contract to which you are a party or for pre-contractual measures. This condition will be met when we process data for the purposes of public tenders, when concluding financing and cooperation protocols or when formalizing supply and service contracts.
  • Compliance with legal obligations: when processing is necessary to comply with a legal obligation. This includes, for example, the communication of data with other public bodies (national and community), tax or judicial.
  • Legitimate interest: when processing is necessary to pursue the legitimate interests of the entity responsible for the processing or third parties, without harming the rights and freedoms of its clients and/or users. This includes all treatments that result from powers conferred by law, namely the internal and external disclosure of Portuguese entities, nationally and internationally.

What are the purposes for which we collect data?

Personal data collected by TCB is only processed for specific, explicit and legitimate purposes. Whenever personal data is collected, it is intended exclusively for the purposes expressly identified at the time of collection. Here we list the main purposes that justify the collection of personal data by TCB:

  • Collection of information about personal characteristics, considering only the information necessary to meet the project objectives;
  • Contracting of supply and service provision contracts;
  • Dissemination of newsletters / publications;
  • Information regarding the service provided.

How do we guarantee the security of personal data?

We are working to introduce a variety of security measures, including encryption and authentication tools, to help protect and maintain the security, integrity and availability of personal data.

Although data transmission over the internet or website cannot guarantee complete security against intrusion, we and our service providers and business partners are making best efforts to implement and maintain physical, electronic and procedural security measures designed to protect your personal data in accordance with applicable data protection requirements. Among others, the following are being implemented:

  • Restricted access to personal data based on the “need to know” criterion and only within the scope of the communicated purposes;
  • Protection of information technology systems through firewalls, with a view to preventing unauthorized access to your personal data;
  • Permanent monitoring of access to information technology systems with a view to preventing, detecting and preventing the misuse of personal data.

Personal data is stored on protected servers, ours and those of our suppliers/service providers, and is accessed and used exclusively in accordance with our policies and standards (or equivalent policies and standards of our suppliers/service providers).

Additionally, third-party entities that, within the scope of providing services, process personal data in the name and on behalf of TCB, are obliged to carry out appropriate technical and security measures that, at all times, satisfy the requirements set out in legislation. in force and ensure the defense of the data subject’s rights.

How long do we retain personal data?

TCB processes and retains personal data only for the period deemed necessary to pursue or complete the processing purposes for which they are intended, respecting the maximum periods necessary to comply with contractual, legal or regulatory obligations.

As a general rule, and when there is a contract that legitimizes the processing of data, TCB will keep such data as long as such contractual relationship continues.

Other circumstances exist, such as compliance with legal or regulatory obligations (for example, for the purposes of complying with tax obligations, personal data relating to billing must be kept for a minimum period of ten years from the date of the act), as well as the pending legal proceedings, which may legitimize your data being kept for a longer period of time. After the conservation period ends, TCB will delete said data.

Personal data collected during interviews, Focus Groups, workshops or surveys will be irreversibly anonymized (anonymized data may be retained) or will be securely destroyed, one month after the completion of the project in which they were collected, understanding that A project is complete when it is approved by the client.

For customer service and marketing purposes, personal data will be kept until you explicitly withdraw your consent.

What are the rights of data subjects?

Under current legislation, from the moment we collect and process personal data, there is a set of rights that, at any time, can be exercised with TCB.

  • Right of access: right that allows you to obtain information regarding the processing of data and its characteristics (namely the type of data, the purpose of the processing, to whom your data can be communicated, retention periods and what data you have to provide mandatory or optional).
  • Right to rectification: right that allows you to request the rectification of data, requiring that it be accurate and current, for example, when you consider that it is incomplete or out of date.
  • Right to erasure of data or “Right to be forgotten”: right that allows you to request the deletion of data, when you consider that there are no valid grounds for preserving the data and as long as there is no other valid basis that legitimizes such processing (such as execution of a contract or compliance with a legal or regulatory obligation).
  • Right to Limitation: right that allows the suspension of processing or the limitation of processing to certain categories of data or purposes.
  • Right to Oppose: right that allows you to oppose certain purposes and as long as there are no legitimate interests that prevail over individual interests. One example of this right concerns opposition to direct marketing purposes.

All rights described above may be exercised, with the limitations provided for in applicable legislation, upon written request, to be sent via email geral@tcbarreiro.pt.

Questions related to the processing of your data can also be sent directly to the Data Protection Officer, to the same email. A complaint may also be lodged with the National Control Authority.

Data transmission

Who do we share your personal data with?

In accordance with the TCB's duties, and depending on the respective purpose, data may be shared with third parties, which include national and international public bodies and private entities for the purposes of fulfilling legal or regulatory, contractual obligations or public interest functions.

They may also be accessed by TCB service providers, considered necessary for the execution of the purposes described above, particularly with regard to information collection services. The TCB guarantee that they only use service providers that present the guarantees of implementing necessary and appropriate technical and organizational measures to protect personal data and that explicitly agree to comply with the standards imposed by the TCB.

Legislation

The processing of personal data of users and customers carried out by TCB, as well as the sending of commercial communications carried out by electronic means, are in accordance with current national and community legislation, namely the General Data Protection Regulation.

Possible adaptations to the Privacy Policy

Since, in addition to European legislation, the approval of national legislation regulating a variety of matters is still awaited, namely:

  • data portability and right to erasure;
  • definition of special categories of personal data, such as biometric and health data;
  • obligation of self-assessment by those responsible for processing personal data and subcontractors;
  • certification mechanisms to prove the compliance of processing operations carried out by responsible parties and subcontractors;
  • obligation to notify the CNPD in the event of a personal data breach;
  • obligation for a Data Protection Officer to exist in public and private entities;
  • increase in fines,

This Privacy Policy may be revised as the applicable rules become clearer, at any time, with prior notice and possibly with immediate effect.

The changes will be published on our website www.tcbarreiro.pt and, if necessary, you will be asked to renew your knowledge and consent.