Privacy Policy

In ODYSAI – Sistemas de Informação S.A. (henceforth Infosistema) the trust and satisfaction of our clients, employees and other parts involved is a crucial factor of our success. For this reason, we need to guarantee the security of personal data, as well as the application of their rights.

This Privacy Policy, intends to be transparent in all matters of privacy and data protection. We have implemented technical and organizational measurements for the protection of this data, following the applicable legislation – General Data Protection Regulation (GDPR – 2016/679 of the European Parliament).  

Application Scope

This Privacy Policy is applicable to all external parts of Infosistema. Odysai offers services to different entities, individual and corporate, internationally. All of the details of our services can be found in our external communications, such as the Odysai website (www.odysai.com).

This policy is applicable to our clients, suppliers, candidates, and whomever is involved and interested in our services, products and events. Those who have requested and submitted their details to receive information about our services or any of our marketing materials and communication, are also involved.

Data Processing

In regards to all interested parts, from Infosistema, we process all personal information through different channels such as:

  • Commercial Management: through our website, when a form is submitted; when an email is shared for contact purposes; download of product or marketing materials; subscription to our events, workshops, webinars or other initiatives; subscription through public websites or social media; through a third-party database, partners and direct contact, with consent from the subject from whom this information is collected: name/surname, company, country, email address, position and telephone/mobile number.   
  • Service agreement and contractual relationship: data shared through a professional contract, website, email, in person or by telephone. This data is collected when information is requested, following a contractual service, acquisition of products, through satisfaction surveys and service agreement avaliations, where it is requested the following: name/surname, company, email address, position and telephone/mobile number.   
  • Recruitment and selection processes: through our website and recruitment management platforms, when the subject submits an application with the following data: name/surname, email address, address and telephone/mobile number.

Database Processing and Purpose

The handling of the database is essential for Odysai to send added-value information to all parts involved. We use this data, with strict compliance with the provisions of the GDPR for the following purposes:

  • Marketing and Commercial Purposes – with total consent from the parts involved, Odysai will share information about their product and services, send invitations to events, webinars, workshops, send surveys and market research, share case studies and research, market trends, as well as information about new products and services of Odysai and all parties involved within the group (JOYN Group).
  • Recruitment and Selection – with consent from all parties, the shared data will be used for integration in recruitment process, to share information and communication about current recruitment processes and potential opportunities and shared with Infosistema clients.
  • Contractual Relationship – The database will be used for the execution of contracts, to improve our service and enhance partnership relations (information shared will be based on new products and services, invites, market research and surveys about assessment services)   

Retention of Data

The database will be processed and kept for the minimum periodo necessary and proportionate for the purposes for which they were collected. The retention period will strictly follow the legislation adhered to.

For recruitment purposes, the data will be kept for a period of two years, in accordance to the Portuguese Labor Legislation.

Subcontracting and Data Sharing

In order to add value to all parties involved, ODYSAI may need to share the data with external parties which support directly with products and services. The data may be shared with the following parties:

  • Public Authority – Under the applicable law, Odysai is obliged to share personal data to the public authorities such as: Tax Administration, Social Security, the Labor Authority, and Judicial authorities, within the scope of judicial mandates
  • To JOYN Group – ODYSAI is part of a multinational business group – JOYN Group, and its data may be disclosed to other group companies in the context of service agreements shared between the group companies, also for joint advertising and commercial actions and for internal management purposes;
  • ODYSAI Clients – Pseudonymised personal data will be disclosed strictly within the scope of recruitment, selection and integration of human resources. This data will only be communicated and transferred if it is found to fit the purpose;
  • Third-party service providers of ODYSAI – This includes entities that help ODYSAI in the pursuit of its mission. We ensure technical and organizational measures, so that third party service providers can access the personal data in a confidential way and strictly complying with the law. Specific agreements are developed in order to regulate the use of personal data for this purpose.

Data Subject Rights

In compliance with the provisions of  GDPR, ODYSAI facilitates the exercise by the Data Owner of the rights conferred to him, on proof of his identity, including procedures for requesting and, where appropriate, free access, in particular, access to Data Rectification or erasure and exercise of the right of opposition.

The data subject is entitled to the following rights:

  • Access Rights – The data subject has the right to obtain from ODYSAI the confirmation as to whether or not their information is subject to handling. If applicable, the data subject has the right to access their personal data and the information on how we are using it, the entities with which they were shared with and the period during which their data is stored;
  • Rectification Rights – The data subject has the right to request ODYSAI to rectify their personal data.
  • Erasure and Oblivion Rights – The subject has the right to request ODYSAI to erase his/her personal data, and ODYSAI is obliged to delete it, whenever: the data is not necessary for the purpose for which they are used; the data subject withdraws their consent; the data subject has objected to the handling of their personal data and there are no prevailing legitimate interests justifying the handling. This follows a legal obligation under Union law or a Member State;
  • Process Restriction Rights – The data subject has the right to ask ODYSAI to temporarily use his/her personal data when he/she considers to be inaccurate and no longer needed to carry out the purposes. During the assessment as to whether the data is legitimate and/or accurate, ODYSAI’s rights to oppose, prevail;
  • Opposition Rights – The data subject has the right to oppose the use of his/her data for any of the indicated purposes;
  • Transferability Rights – The data subject has the right to receive the data that concerns him/her, in a structured format, with its current use;
  • Automated Individual Decisions, including Profiles definition – The data subject has the right to not be subject to any decision taken solely on the basis of automated processing, including profiling, which may influence legally effects or which may affect its purposes.

The rights listed may be exercised by ODYSAI for your Data Protection Officer. Contacts can be found below.

Any complaints should be addressed to the National Data Protection Commission, which is the appropriate data protection supervisory authority.

Personal data protection

ODYSAI is committed to the protection and security of personal information by implementing appropriate technical and organizational measures. This is to ensure an appropriate level of security and confidentiality against unauthorized access, use or disclosure. The technical and organizational measures, are: storage of personal data in databases with encryption information; direct access to servers and equipment which are located in restricted facilities. In case of data transfer, we are obliged to protect the data through encryption, such as the Secure Socket Layer (SSL).

Data Protection Officer

It is the responsibility of the Data Protection Officer to ensure, among other things, the compliance of data handling with the current legislation. ODYSAI has designated a Data Protection Officer, so you may be contacted directly. You will be contacted through the  contacts below mentioned regarding all matters related to the processing of your personal data and the exercise of the rights of the data subjects.

Contacts:

ODYSAI– Sistemas de Informação S.A.

Ed. Atlas II, Av. José Gomes Ferreira 11, Piso 2 – 1495-139 Algés – Portugal

dpo@infosistema.com

Changes to this declaration

ODYSAI may update this Privacy Policy at any time. Upon the update,  the date of the “last update” will be reviewed and the notification of such changes will be disseminated.


Last update: 2019-06-03