PRIVACY POLICY

This Privacy Policy explains what we do with your personal data. It describes the way we gather, use, and handle your personal data and, by doing so, how we comply with our legal obligations towards you. Your privacy is important to us and we are focused on protecting and safeguarding your personal data.

Please take a few moments to get to know our privacy practices. If you have any questions, contact us through the email address rgpd@gritsolutions.pt, or through the postal address Avenida 5 de Outubro, No 124, 9º Andar 1050-061 Lisbon.

We try to keep this Privacy Policy as simple as possible but if you are not familiar with any of the terms used or if you have any questions, don’t hesitate to contact GARIT, S.A. to know more.

Occasionally, we may alter this Privacy Policy. If you want to keep up to date, visit this page, as all alterations shall be published here.

A. Who gathers your personal data and who is the authority responsible for its handling?

The handling of any personal data gathered by GRIT SOLUTIONS, or provided to them, are responsibility of the company GARIT, S.A., a public limited company, legal person no. 516181319, with registered office at Avenida 5 de Outubro, Nº 124, 9º Andar 1050-061 Lisbon, which contact data may be found later on this Privacy Policy (hereinafter referred to as “GRIT SOLUTIONS” or “we”).

B. How is my personal data gathered and what type of data is gathered?

Please be aware that you are not forced to provide GRIT SOLUTIONS any personal data that the company might request (you can exercise your Right of Opposition at any time), but, if you choose not to do so, we might not be able to provide you our services, manage your application or answer to any question you might have.

GRIT SOLUTIONS may gather your personal data in many ways, namely when you subscribe to our newsletter, send us spontaneous applications, register yourself on the university’s employment platforms, job fairs, references of collaborators or ex-collaborators, workshops and partnerships to be contacted by GRIT SOLUTIONS, enter a contract with us (work, provision of services or other), fill your customer’s form or communicate with our customer support teams.

If you are a candidate aiming to identify and find the best job opportunities and/or possible services adapted to you, we must handle certain information about you. We only request data that will be relevant to us, such as your name, age, contact data, information on training, employment history, emergency contact, immigration status, financial information (in case we need to verify the financial context) and social security number (and you may opt to share with us other relevant information). When it is appropriate, and according to the law, we may also gather diverse information or data on any criminal convictions.

If you are a customer, we need to gather and use information about you or the people of your company in the scope of our provision of services, in order to provide you a service as complete as possible and so that our contractual relationship may correctly progress. As so, in this scope, we may request some personal data such as your name, email address, position and contact number of relevant employees for the provision of services.

If you are a supplier, we need a small amount of information concerning your personal data, in order to ensure that everything works correctly. We need the contact data of certain people in your company, so we can communicate with you, as well as other information, such as your bank data so we can pay you for the services provided (if that is part of the contractual provisions entered between us). We may also hold information that someone in your company has chosen to share with us.

When we talk about suppliers, we aim to include any companies (including traders working individually) and atypical service providers, such as independent contractors and freelance workers, that provide services to GRIT SOLUTIONS. Under certain circumstances, GRIT SOLUTIONS shall subcontract the services provided to customers to third-party suppliers that perform their services on behalf of GRIT SOLUTIONS. In this context, the suppliers which are traders working individually, freelance workers or supplier’s collaborators shall be treated as candidates for the purpose of data protection. Be aware that, in this context, GRIT SOLUTIONS demands that the suppliers inform their collaborators of the relevant parts of this Privacy Policy (namely the sections aimed at the candidates).

Certain personal data categories, such as the ones which reveal the racial or ethnic origin, political opinions, religious or philosophic beliefs or union membership, genetic data, biometric data to unquestionably identify a person, the data concerning health, sexual life or sexual orientation, are classified as “special categories of personal data” and benefit from additional protection under the terms of the General Data Protection Regulation (“GDPR”). GRIT SOLUTIONS limits, as much as possible, the circumstances in which it gathers and handles these special categories of data, only doing so when your consent has been given.

To give our users greater speed and customization of the services provided by GRIT SOLUTIONS, this company shall resort to a browser operation called “cookies”, which allows GRIT SOLUTIONS to customize your services and website according to your interests and needs, enabling the optimization of your future activities and experience on the website. Therefore, data concerning the parameters and configuration of your browser, operating system and geolocation may be gathered. During part of your browsing on the GRIT SOLUTIONS website, we may also use software tools to measure and gather information about the session, including response times of the pages, download errors, duration of the visit to certain pages, information concerning your interaction with them, and methods used to leave them. We may also gather technical information to help us identify your device for purposes of fraud prevention and diagnosis.

C. Purposes and grounds for the handling of your personal data

The purposes and grounds based on which GRIT SOLUTIONS handles your personal data depend on your quality as a candidate, collaborator, or supplier.

If you are a candidate (where we include suppliers which are traders working individually, freelance workers, or supplier’s collaborators), please know that your personal data are gathered and handled, namely, for the following purposes:

Recruitment – includes recruiting activities for the provision of services or Backoffice functions, such as research and selection. In the case of the provision of services, there is an approach to current and potential GRIT SOLUTIONS customers, aiming to find an opportunity, be placed at GRIT SOLUTIONS, as well as related activities. In this scope, data concerning the processing of salaries and human resources management will also be handled.

Contract execution – includes activities such as entering contracts with GRIT SOLUTIONS and partners, as well as communication with third parties involved in the contracts (insurance companies, beneficiaries, intermediates).

Service development and improvement – includes the necessary activities for the development and improvement of the services provided by GRIT SOLUTIONS, analysis of the activity, and processing for potential future opportunities.

If you are a supplier or a customer, your personal data are gathered and handled, namely, for the following purposes:

Contract execution – includes all the necessary activities for the execution of the provision of services contract, namely concerning the payment processing.

Communications – includes the necessary contacts so we can contact you about our contracts.

Service development and improvement – includes the necessary activities for the development and improvement of the services provided to or by GRIT SOLUTIONS, analysis of the activity, processing for statistical and scientific purposes, as well as to offer you services and obtain support and services from you.

Compliance with the legal obligations.

In certain circumstances, to help us with the statement, exercise, or defense of a right.

GRIT SOLUTIONS may resort to third parties, external service providers, which operate on behalf of GRIT SOLUTIONS, such as companies that hold and operate the GRIT SOLUTIONS website, process payments, analyze data, provide services to the customer and sponsors, and other third parties which directly collaborate with the activity developed by GRIT SOLUTIONS, so that your personal data may be handled by these third parties for the purposes described on this Privacy Policy. These third entities shall process your personal data according to this Privacy Policy and accordingly the applicable law.

When we gather your personal data for the above-mentioned purposes or other purposes, we inform you previously or upon the moment of the gathering, and we aim to get your consent whenever necessary to legitimize the handling of your data. When you have consented to the handling activities, you shall have the right to withdraw your consent at any time.

Nevertheless, there may be some cases in which it is not your consent that legitimizes the handling of your personal data, but one of the following grounds:

When the handling is necessary to enter a contract with you or carry out its execution.

When the handling is necessary for compliance with the legal obligations to which GRIT SOLUTIONS is subject.

When the handling is necessary to reach a legitimate interest sustained by GRIT SOLUTIONS, which doesn’t endanger your interests, rights and fundamental freedoms that demand the protection of personal data – this legal base shall only be used if there is no less intrusive way to handle your personal data. We can assure you that if the legitimate interest is used as a reason to handle your personal data, we shall keep a registry of this action and you shall have the right to request this information.

When the handling is necessary for purposes of declaration, exercise, or defense of a right on a legal process.

D. Safety of your personal data

GRIT SOLUTIONS uses all the possible measures to ensure the confidentiality and safety of your personal data, carrying out all the efforts and safety measures to protect your personal data from misuse, interference, loss, unauthorized access, modification or disclosure.

Our measures include the implementation of appropriate access control, to ensure that we encrypt, pseudo-denominate and make anonymous the personal data whenever possible.

Access to your personal data is only allowed on the above-mentioned terms, always according to the effective need of your knowledge, and subject to strict contractual confidentiality obligations whenever processed by third parties.

Even though the data transfer through the internet or website may not ensure complete safety against intrusions, GRIT SOLUTIONS and their service providers use the best efforts to implement and maintain physical, electronic, and procedural safety measures aimed to protect your personal data, according to the applicable data protection requirements.

E. Storage period of your personal data

GRIT SOLUTIONS shall store your data only for the strictly necessary time to fulfil the purpose for which they have been gathered.

Namely in the case of the personal data gathered on the scope of recruitment processes, these shall be stored for a period of 10 (ten) years after the last contact with the candidate.

In the case of the personal data of our suppliers and customers, they shall be stored for a period of 10 (ten) years.

F. With whom will your personal data be shared

GRIT SOLUTIONS is comprised of a business group, so your data may be disclosed to other companies of the group within the context of the provision of services shared between the companies of the group and for purposes of internal report.

On the other hand, your personal data may be shared with our customers, in the scope of technological consulting services.

As mentioned in Point C of this Privacy Policy, your personal data may be shared with external service providers that operate on behalf of GRIT SOLUTIONS. In this scope, your personal data shall be shared with the companies currently subcontracted by GRIT SOLUTIONS, as well as with other service providers to which we may resort in the future.

Under the applicable law, GRIT SOLUTIONS is bound to disclose data to the Tax Administration, Social Security, Work Conditions Authority and, in the aftermath of judicial mandates, to the legal authorities.

G. International data transfers

GRIT SOLUTIONS shares your personal data internally or with third parties for the purposes described in this Privacy Policy.

GRIT SOLUTIONS shall only send personal data gathered within the European Economic Area (EEA) to foreign countries on cases in which this is necessary to follow their instructions, comply with a legal obligation or work with agents and consultants that help us manage our businesses and services.

If a personal data transfer to the exterior of the EEA occurs, GRIT SOLUTIONS shall ensure that these are protected as if they were being used on the EEA. For this purpose, we shall use one of the following safeguards:

Transfer to a country non-belonging to the EEA where privacy legislation ensures an adequate level of personal data protection similar to the ones on the EEA.

Implementation of a contract with the foreign authority which bounds them to protect the personal data according to the same standards used by the EEA.

Transfer of personal data to organizations with specific agreements of international data transfers with the European Union (for instance, the Privacy Shield, a structure that defines standards of data privacy shared between the United States and the European countries).

H. What are your rights?

As holder of your personal data, you are granted a set of rights concerning your personal data and the way they are handled, as follows:

Right of Opposition – that is, the right to oppose, at any moment, for reasons concerning your situation, the handling of your personal data, under the terms of the GDPR.

Right of Information – that is, the right that you are granted concise, transparent, understandable, and easy-to-access information, using clear and simple language, about the way we use your personal data and about your rights.

Right of Access – that is, the right to access, at all times, your personal data.

Right of Rectification – that is, the right to rectify your inaccurate personal data or complete them if they are incomplete.

Right of Limitation – In certain situations, the holder of the data has the right to limit the handling of your personal data.

Right of Deletion – In certain situations, the holder of the data has the right to oblige the responsible for the handling to delete their personal data, with no justified delay.

Right of Portability of your personal data – that is, the right to receive your personal data or the data you have provided, in a structured format, of current use and automatic reading, as well as the right to transfer these data to another responsible for the handling, on certain situations.

Right to present a claim to the control authority on the way we handle your personal data – which shall be the National Commission of Data Protection, domiciled at Rua de São Bento, no. 148 – 3º, 1200-821 Lisbon, telephone +351 213928400, fax +351 213976832, email address geral@cnpd.pt.

Right to withdraw your consent – In this case, the withdrawal of the consent doesn’t compromise the lawfulness of the performed handling based on the previously given consent.

Right to not be subject to decisions uniquely based on automatized processes that produce legal effects or other significant effects.

The above-mentioned rights may be exercised at all times through a communication sent to GARIT, S.A., for the contacts established on this Privacy Policy.

Your requests will be handled with exceptional care in order to ensure the efficiency of your rights.

You may be requested to prove your identity to ensure that the sharing of personal data is only carried out with its holder.

I. Contact details concerning GRIT SOLUTIONS

If you have any questions about this Privacy Policy or about the handling and the use we carry out with your personal data, or if you want to present a claim on a possible breach of the privacy laws, please contact the responsible for the data handling through the email address email address rgpd@gritsolutions.pt, or through the postal address Avenida 5 de Outubro, No 124, 9º Andar 1050-061 Lisbon.

GRIT SOLUTIONS will update this Privacy Policy whenever necessary to reflect the feedback of the data holders, and the changes on your services, as well as to comply with all the requirements legally required.

In the case these alterations imply a significant modification of this Privacy Policy, the data holders shall be duly notified, and their consent might be requested whenever necessary.

Your satisfaction is very important to us. As such, don’t hesitate to contact us with any questions you might have, through the indicated contacts.

Cookie Policy

Definition of Cookies

Cookies are small text files that are placed on the User's computer or mobile device through an internet browser, during a visit to a digital platform. Cookies are used to make websites function, or to work more efficiently, as well as to provide statistical information to site owners. Some cookies also allow the display of relevant advertising when Users move from websites to website. Most cookies do not collect information that allows Users to be identified and are limited to collecting data of a general nature, serving to measure attendance or determine the approximate location of users who access this Website.

This Cookie Policy forms part of our Privacy Policy. For more information, please see our Privacy Policy available on this Website.

Types of Cookies

1. Category: Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. These cookies can’t be rejected as they are strictly necessary to provide a functional website.

2. Category: Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual User and thereby more valuable for publishers and third-party advertisers.

Find more about Providers Privacy Policy:

• · Google Analytics: http://www.google.com/analytics/learn/privacy.html

How long do cookies remain on Users' devices

How long cookies stay on a device depends on whether it is a "persistent" cookie or a "session" cookie. A persistent cookie will be stored on a website and will remain valid until the expiry date for which it was set unless the User deletes it before that expiration date. A session cookie will be deleted at the end of a web session and when the web browser is closed.

How to control and manage cookies

Users can control and manage cookies in multiple ways. The removal or blocking of cookies may affect the user experience and may limit access to some features of this website.

Where cookies are not strictly necessary for the operation of our website, we will ask for User consent to our use of cookies on User’s first visit to our website. Consent can be given or withdrawn by clicking ao the button on the bottom of this page.

• · Google Chrome: https://support.google.com/accounts/answer/61416?hl=en&co=GENIE.Platform%3DDesktop
• · Safari: https://allaboutcookies.org/how-to-clear-cookies-safari
• · Firefox: https://support.mozilla.org/en-US/kb/block-websites-storing-cookies-site-data-firefox
• · Microsoft Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09

Any consent to accept or reject cookies is limited to the website where this Cookies Policy is located and does not apply to other websites or pages, which may have been linked to this website. For more information about how cookies are used by these websites, please consult the specific privacy and cookie policies of those websites.

Changes to the Cookie Policy

This Cookie Policy may be revised at any time at our discretion. When such changes are made, the revision date at the top of the page will be changed. The amended Cookie Policy will be effective as of the date of revision.

We recommend that users of our website review the Cookie Policies periodically in order to be informed about our management of cookies.