INTRODUCTION
We take our duty to protect all personal data we process seriously and diligently, whether it belongs to users of our website, employees, service providers, suppliers, or customers. In this regard, we strictly comply with the General Data Protection Regulation (GDPR) and Law No. 58/2019 of August 8, as well as other applicable legislation.
2. WHO IS RESPONSIBLE FOR PROCESSING?
The controller of your personal data is BENTO RIBEIRO, FRASER & ASSOCIADOS – SOCIEDADE DE ADVOGADOS, S.P., LDA, NIPC: 518723836, with headquarters at Passeio Neptuno, 5B, Parque das Nações, 1990 169, Lisbon – Portugal.
3. GENERAL PRINCIPLES OF OUR PRIVACY POLICY
i) Only authorized persons process data that is strictly necessary for specific and legitimate purposes.
ii) The security of your data processing is a constant priority, reviewed periodically.
iii) The data belongs to its owners; we process it only in accordance with the law, guaranteeing your rights with appropriate technical and organizational measures.
iv) We promote good practices in Privacy, Data Protection, and Information Security internally, in a process of continuous improvement.
4. CONCEPTS (according to Article 4 of the GDPR, among others)
• Personal data – information relating to an identified or identifiable natural person.
• Processing – any operation performed on personal data.
• Consent – a freely given, specific, informed, and unambiguous indication of the data subject’s wishes.
• Controller – the entity that determines the purposes and means of the processing.
• Processor – an entity that processes data on behalf of the controller.
5. CATEGORIES OF DATA COLLECTED ON THE WEBSITE
• Identification (name, email, telephone number, nationality).
• Browsing data (IP, operating system, device, language, cookies).
• Professional data contained in CVs sent (qualifications, positions, employer, etc.).
We only collect what is strictly necessary (“principle of minimization”).
6. HOW AND WHEN WE COLLECT DATA
• Subscription to the BRF newsletter.
• “Contact us” form.
• Registration or participation in events.
• Submission of applications to work at BRF (directly or via agencies).
The data is stored in databases and processed for specific and legitimate purposes. Special categories (“sensitive data”) are only processed in the exceptions provided for in the GDPR; the data subject may withdraw consent at any time without affecting the lawfulness of the previous processing.
7. PURPOSES OF PROCESSING
i) Management of the contractual relationship: provision of services, billing, legal communications, insurance.
ii) Recruitment and management of applications.
iii) Sending relevant information and communications.
iv) Responding to requests for information or complaints.
v) Compliance with legal obligations.
vi) Exercising or defending rights in legal proceedings.
vii) Monitoring website security and personalizing navigation.
viii) Organization and management of events.
8. LEGAL BASIS
• Pre-contractual performance or steps.
• Compliance with legal obligations.
• Legitimate interest of BRF.
• Consent of the data subject.
• Protection of vital interests.
9. COMMUNICATION OF DATA TO THIRD PARTIES
We only communicate data when necessary to:
• Comply with legal or contractual obligations.
• Send newsletters or other consented communications.
• Subcontractors who process data on our behalf, under a contract that ensures adequate safeguards.
International transfers comply with the safeguards provided for in the GDPR.
10. RETENTION PERIODS
• These vary depending on the purpose and legal obligations (e.g., applications are retained for 1 year).
• When there is no legal deadline, we only retain data for as long as necessary; after that, we securely delete or anonymize the data.
11. DATA SUBJECT RIGHTS
• Access, Rectification, Erasure (“right to be forgotten”), Objection, Portability, Restriction, Complaint to the supervisory authority (CNPD in Portugal), Compensation, Not subject to automated decisions, Withdrawal of consent.
12. SECURITY MEASURES
We take appropriate technical and organizational measures (pseudonymization, encryption, system resilience, recovery plans, regular testing) to ensure the confidentiality, integrity, and availability of data. Despite our efforts, we cannot guarantee absolute security on open networks such as the Internet.
13. LINKS TO OTHER WEBSITES
The website may contain links to third-party websites. BRF is not responsible for the content or policies of these websites; we recommend that you read their privacy policies.
14. USE OF COOKIES
See our Cookie Policy for more information.
15. EMPLOYEE TRAINING
We continuously train all BRF employees on privacy, data protection, and information security matters.
16. CONTACTS
Email
