I. DATA COLLECTED AND PROCESSED BY RA
The owners of personal data are the natural persons whom they respect.
In this context, RA may collect and process the following categories of personal data: de (i) identity — such as name, date of birth, biological sex, residence, contacts, citizen card details, passport and taxpayer number, nationality, etc.; of (ii) education and professional experience — such as educational establishments attended, qualifications, certifications, languages, CV, information from previous professional experience, etc.; (iii) professionals And of professional activity — such as previous and current positions, functions performed, job description, employer/collaborating entity, professional address, business activities, information regarding completed, ongoing or pending processes, information regarding due diligence, etc.; (iv) of billing and expenses — such as the amount and notes of fees, travel expenses, representation and communications on behalf of the client, etc.; from (v) for recording image and sound — such as audio, photographic and video recordings, collected as part of the professional activity and always with the knowledge of all those involved.
The categories of personal data, indicated supra may belong to different groups of data subjects, such as customers, customer collaborators, potential customers, counterparties, or candidates to join the RA.
Personal data can be collected through various means and at different times, namely: (i) when RA receives an e-mail; (ii) when a personal identification card is provided to RA, to our employees or to one of our Lawyers; (iii) when you subscribe to our information, notifications of publications, news or events; (iv) when you submit a professional application or when you hire our services; among others.
The RA may indirectly collect personal data, through public sources. When RA processes personal data that it has collected indirectly, it will provide, at the first opportunity, all information regarding the processing of such data to the respective holders.
II. PURPOSE, BASIS FOR COLLECTION AND PROCESSING, DATA STORAGE PERIOD
RA may collect and process personal data in accordance with the purposes and grounds set out below. RA will keep the data for as long as necessary to fulfill the purposes set out in this Policy or for as long as required by applicable legal or regulatory regulations.
(i) Provision of legal services (whose basis and interest correspond to the execution of a contract), which may include the opening of a client and dossier; the recording of the service proposals submitted, of communications with the client, with other parties and/or public entities, including courts; the archiving of documentation on digital and physical media. It is in the interest of RA, in the context of providing legal services, to treat the data and information provided by the Client in an efficient and secure manner, while maintaining its integrity. (The data are kept and maintained from the beginning of the term of office and up to 20 years from the end of the term of office).
(ii) Communications and sending of information (whose basis and legitimate interest correspond to the response to requests to subscribe to news, from briefings or of alerts carried out on the RA Website or outside it), including the dissemination of legal information, whether generic or segmented, including the sending of news, briefings, legally relevant alerts, etc. (The data is kept and maintained until the respective owner expresses his opposition).
(iii) Event management (whose basis and legitimate interest correspond to consent) which may include the sending of invitations to events and the registration of participants. (The data is kept and maintained from the beginning of the contact or participation in an event, as applicable, and up to 2 years from the end of the event).
(iv) Billing and accounting management (whose basis and legitimate interest correspond to the execution of the contract and compliance with a legal obligation), which includes the accounting of expenses, control of costs and reimbursements to be borne by the Customer; billing and management of checking accounts; maintaining an archive of accounting records and supporting documentation. (The data are kept and maintained from the beginning of the term of office and up to 10 years from the end of the term of office).
(v) Submission of cases in legal directories (whose basis and legitimate interest correspond to the RA's interest in promoting the excellence of the work performed by its Lawyer. The data is kept and maintained for the duration of the process or dossier).
(vi) Collection and complaints (judicial and extrajudicial) (whose basis and legitimate interest correspond to the execution of the contract and the satisfaction of its claims), which includes the collection and recovery of amounts due by Customers. (The data is kept and maintained from the moment of billing until the payment of the amounts due or the resolution of the dispute, as applicable, or the legal period of 10 years applicable to accounting records, if higher).
(vii) Recruiting and selection (whose basis and legitimate interest correspond to carrying out pre-contractual steps at the request of the data subject), which includes the analysis of applications and CVs, as well as the internal process for selecting Lawyers and collaborators in accordance with the needs of the RA. (The data is kept and maintained from the moment the application is submitted and, if the candidate is not selected, up to 2 years from the date of submission of the application).
In other cases, RA may keep and maintain the data for the period in which the specific contractual relationship is maintained.
III. SECURITY AND TRANSMISSION OF PERSONAL DATA TO THIRD PARTIES
RA has a strict security policy for the personal data being collected and processed, ensuring its protection against destruction, loss, alteration, disclosure and unauthorized access, as well as against any other form of illegal or abusive treatment. The technical and organizational security measures created and implemented by RA are also required of RA service providers who can process personal data.
Except in cases where this is necessary to provide the agreed services or to comply with legal obligations, RA does not transmit personal data to third parties. The transmission of data to third parties, when provided for and authorized, is carried out in accordance with applicable data protection legislation and within the limits of the purposes and legal bases defined in this Policy.
RA may - when this is necessary to defend the Client's best interests or constitutes a legal obligation - share personal data with entities relevant to the practice of providing legal advice, such as other Lawyers, counterparties, courts, administrative and regulatory authorities, local, regional or central public authorities, the Bar Association, service providers to RA within the scope of one of the purposes described supra, such as providers of computer, communication, translation, or digital and physical archiving of information and documents.
In cases where the transmission involves a transfer of personal data outside the European Union, RA: (i) will carry out this transfer based on an adequacy decision of the Commission, under the terms of which the country or international organization in question guarantees a level of protection for personal data equivalent to that arising from European Union law; or (ii) when there is no adequacy decision by the Commission, it will ensure that these data transfers are carried out in accordance with the legal provisions, with the appropriate and necessary guarantees to ensure the protection of personal data.
IV. RIGHTS OF THE DATA SUBJECT
The data subject has the following rights: (i) access - at any time the data subject may request confirmation of data processing by the RA, request consultation and access to personal data, information about the respective treatment, obtain a copy of the personal data stored and subject to treatment; (ii) rectification — at any time the data subject may request that they be rectified or completed; (iii) erasure — at any time the data subject may request that they be deleted, but the RA may prevent such deletion based on a legal obligation to store the data or on a prerogative conferred under the terms of applicable law, which assigns the right to store the data; (iv) limitation/suspension of treatment — the data subject may request the limitation and/or suspension of data processing by RA, when the accuracy of the personal data is called into question, or when the data subject objects to their processing, incurring on the RA, in these cases, the obligation to verify the legitimacy and reasonableness of the request, as well as to detect possible conflict situations, limiting/suspending the processing of the data if it is concluded that such action does not violate the legitimate interests and/or legal obligations of the RA, or of a third party; (v) data portability — at any time the data subject may request that they be delivered to him in a structured, commonly used and machine-readable format, as long as technically possible; (vi) opposition — the data subject may object to the processing of the data at any time, if this treatment is based on the exclusive interest of the RA or if it is carried out for purposes other than those for which the data were collected. Unless there are legitimate reasons to oppose the request to oppose the treatment, such as legal obligations or permissions/rights conferred under the law to protect your interests, RA will accept the request for opposition submitted, ceasing to process such personal data; (vii) Don't be subject to automated decisions About cases Individuals — the RA does not have automated decision-making procedures on individual cases; (viii) — Remove the consent — at any time the data subject may withdraw consent to the processing of the data, if the processing of the data is carried out on the basis of consent. Unless there is a legal basis and the RA's legitimacy to object to this type of request, personal data will no longer be processed; (ix) filing complaints with the supervisory authority — at any time the data subject may submit complaints to the competent supervisory authority regarding matters related to the processing of personal data (National Data Protection Commission).
In view of the foregoing, there are legal obligations, rights and freedoms of third parties, and/or legitimate interests of the RA or of a third party that must prevail over the rights of the data subject, the exercise of the stated rights supra may be limited or conditioned, accordingly.
V. EXERCISE OF RIGHTS BY THE DATA SUBJECT, CONTACTS OF RA
To exercise the stated rights supra, as well as for additional clarifications related to this Privacy Policy or to the processing of personal data carried out by RA, the data subject may contact RA through emailing to the email address geral@raassociados.pt, or by letter, addressed to Rogério Alves, Law Firm, SP, RL, sent to Av. Álvares Cabral 61, 4th floor, 1250-017 Lisbon, Portugal.
VI. CHANGES TO THE PRIVACY POLICY
This Privacy Policy may, freely and at any time, be subject to changes by RA, provided that the new applicable provisions are published in the respective field designated for the purpose of the RA Website. For the foregoing, it is in the best interest of the data subject to consult the Privacy Policy regularly, effectively and fully aware of the version of the Privacy Policy that is applicable at that time, accepting it in full every time they access and use the Website.