General Data Protection Regulation (GDPR)
As from May 25, 2018, in all the European Union, the General Data Protection Regulation (GDPR), enters in force concerning the protection of individuals with regards to the processing of personal data.
Servdebt has been working with its Clients and Employees, in order to incorporate into our procedures and practices the principles and rules of the GDPR.
It is very important to us, that you know that Servdebt is committed to protecting your privacy and your personal data. The processing of personal data shall take place under the terms of the current law.
What is Personal Data?
Under the GDPR, the term “personal data” means “any information relating to an identified or identifiable individual”.
Therefore, any information which may be directly or indirectly used, enabling an individual to be identified, either by itself or in combination with other information shall be considered as “personal data”.
Data Processing Principles
Data protection and data processing can be complex matters. The GDPR sets out the following Principles:
- Lawfulness, Fairness and Transparency: Under the GDPR, personal data must be processed lawfully, in a fair and transparent manner in relation to the data subject.
- Purpose Limitation: Personal data must be collected and processed for specific, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Data Minimization: Personal data must be adequate, relevant and limited to the necessary in relation to the purposes for which it is being processed.
- Accuracy: Personal data must be accurate and kept up to date and, whenever necessary, reasonable steps must be taken to ensure that inaccurate data, considering its processing purposes, is promptly erased or rectified.
- Storage Limitation: Personal data must be kept in a form which allows identification of data subjects only for the necessary period of time considering the purposes for which the personal data is being processed.
- Integrity and Confidentiality: Personal data must be processed in a manner that ensures its appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
What are your rights as a Data Subject?
The GDPR defines a set of rights regarding the protection of data subjects, namely:
- Right of Access and information: The right to know which personal data is being processed and the right to obtain copy of it;
- Right to rectification: The right to obtain the rectification of inaccurate or incomplete personal data;
- Right to Erasure: The right to request the erasure of personal data, within the limits of the law;
- Right to restriction of processing: The right to restrict processing of personal data, within the limits of the law;
- Right to object: The right to object to processing of personal data, within the limits of the law;
- Right to object and automated individual decision-making: The right to request human intervention in personal data processing and not be subject to a decision based solely on automated processing, namely profiling, within the limits of the law;
- Right to data portability: The right to receive and transmit the personal data previously provided.
As Data Controller and/or Data Processor, Servdebt is available to provide any clarification or answer to requests regarding the exercise personal data rights, through the following channels:
By Email: email@example.com
Or by means of letter addressed to:
Data Protection Officer
Praça Marquês de Pombal,
n.º 3 A, 1.º Piso,
The reply shall be sent by the same means.
This service tends to be free of charge. However, if the request is considered unfounded, repetitive or excessive by Servdebt, under the GDPR, the reply will be subject to the previous payment of an administrative fee of € 20,00.