Within the scope of its activity, PRPL, Lda. ("PUR'PLE") provides its clients (the "Clients") with management consultancy services to companies, organizations or individuals, including planning, organization, control, management, process design and implementation, reorganization of companies, human resources management, including, social and demographic studies, human dimensioning, definition and evaluation of performance, compensation, evaluation and, individual and leadership development, training, internal communication, licensing and integration of computer systems (software) and technologies to support the implementation of solutions (the "Services").
PUR'PLE is strongly committed to the protection of personal data of those who benefit from its Services, and hereby intends to inform through this privacy policy (the "Policy"), in a clear and transparent way, among others, the purposes of the collection of the personal data of its Clients, as well as the way they are processed (i.e. collection, storage, processing, transmission and disposal), ensuring that the data is collected, shared and saved taking as a reference the best practices in the field of security and protection of personal data.
It is extremely important that you read this Policy with due attention and fully understand its scope. Should you have any questions or concerns regarding this Policy, please do not hesitate to contact through the channels identified in section 5. below.
The entity responsible for processing personal data is the company PRPL, Lda. registered under the single identification and legal person number 514834242, with registered office at Rua do Açúcar, n. º 76, Armazém 29, 1950-009 Lisbon (the "Controller").
The Controller, within the scope of its activities, processes personal data for the following purposes (the "Purposes"):
In this Policy, the term "Personal Data" means the set of information that relates to the Client and that allows us to identify, directly or indirectly, the Client, and may include identification data (name, taxpayer number, ID, date of birth, nationality, birthplace, gender, marital status); contact data (e-mail, address, telephone); and other personal data that may be collected should it be deemed necessary for the Purposes of the processing.
The Controller is not accountable for the truthfulness, omissions, inaccuracies and falsehoods of the personal data transmitted to it.
The personal data collected may be processed by computer and in an automated or non-automated way, guaranteeing in all cases strict compliance with personal data protection legislation.
Where there is no specific legal requirement for a maximum period of retention, the data shall be retained for the time necessary for the Purposes for which they were collected.
The data subjects shall have the right, at any time, to access their personal data and to request for their rectifying, erasure, portability, restriction and to oppose to the processing.
Personal data subjects are entitled to withdraw their consent at any time. The withdrawal of consent does not compromise the lawfulness of the processing carried out on the basis of the consent previously given.
The exercise of any of these rights shall be done, in writing, through communication addressed to the Controller, either to the address of its registered office located at Rua do Açúcar, n.º 76, Armazém 29, 1950-009 in Lisbon, or to the following e-mail: dataprotection@prplcompany.com
In addition, the personal data subjects will always be able to file any complaints they deem necessary with the competent authority (currently the CNPD – Comissão Nacional de Proteção de Dados).
The Controller is committed to ensure the security, integrity and availability of personal data of its Clients. To this effect, it has adopted the following measures:
The Controller informs that these security measures will be reviewed and updated according to the needs and requirements of these matters.
Should a breach of security occur for any reason, which causes accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to personal data, the Controller undertakes, in accordance with applicable law, to notify the competent authorities without undue delay and, whenever possible, within 72 hours of becoming aware of such an occurrence.
In addition, and under the terms referred to in the previous paragraph, the Controller undertakes to report the violation of personal data to the respective subject.
Whenever, in the context of its Services or the Purposes described in this Policy, the Controller shares Client's personal data with subcontracted third parties, it undertakes, under the terms of the contracts to be signed with them, to adopt the necessary and appropriate measures in order to ensure that all entities, that have access to such personal data, offer high guarantees of security, limiting the communication of personal data to the minimum required.
Where necessary, and in connection with the employment of third parties by the Controller, personal data may be transferred outside the European Union under the terms and conditions permitted by the applicable law.
The Controller reserves the right to make changes to this Policy at any time, and such changes will be duly published on the website.