2. RESPONSIBLE FOR PROCESSING PERSONAL DATA
Clube Desportivo e Recreativo Chronos, tax ID n° 514798998, headquartered at Av. Duarte Pacheco, nº 19 – 6º Dto, 1070-100 Lisboa.
Personal data consists of any information relating to an identified or identifiable natural person (the Data Subject). Identifiable is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, electronic identifiers or one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (hereinafter just “Personal Data”).
Personal Data will be provided by the respective Data Holder when completing the Documents, regardless of their support, directly or through third parties.
The provision, to the Organization, of Personal Data collected within the scope of pre-contractual measures or in the registration process, in addition to the cases in which the information necessary for compliance with legal and contractual obligations corresponds, constitutes a necessary and essential requirement for participation in the sport test.
Personal Data will be processed by the Organization, depending on the case, either as “controller”, “processor” or as “joint controller”, for the purposes listed below, in strict compliance with the provisions of the legislation in force in terms of data processing. personal data protection.
3. DATA PROTECTION OFFICER (DPO)
The Organization has designated a data protection officer (In charge of Data Protection) who can be directly contacted by sending an email to firstname.lastname@example.org or by registered mail addressed to:
CHRONOS SPORTS AND RECREATIONAL CLUB
A/C: Data Protection Officer
Av. Duarte Pacheco, nº 19 – 6th Dto.
4. PROCESSING OF PERSONAL DATA
The Personal Data provided in the relationship established with the Organization are treated in accordance with the legally applicable precepts, namely:
Treated in a lawful, fair and transparent manner;
Collected for specified, explicit and legitimate purposes and will not be further processed in a manner incompatible with those purposes;
Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
Accurate and, if necessary, updated, and appropriate measures must be taken to ensure that inaccurate or incomplete data are erased or rectified, taking into account the purposes for which they were collected or for which they are subsequently processed;
Preserved in such a way as to allow the identification of their holders only during the strictly necessary period and within the legally permitted period for the pursuit of collection purposes or further processing.
5. TYPES OF PERSONAL DATA
The Organization only collects and processes the personal data necessary to provide a quality service, in order to be able to bill the service it provides and to be able to offer products and services that best suit the needs of its customers, as well as to be able to comply with your obligations as a “data controller or processor when acting in that capacity.
The Organization will also process personal data that is necessary for the fulfillment of legal obligations to which it is subject or for the satisfaction of its own legitimate interests.
Within the scope of the provision of services, the Organization processes the following categories of personal data:
Identification data relating to the participant such as name, date of birth, place of birth, nationality, address, citizen card, telephone contact, e-mail address, tax number, clothing sizes, name and telephone contact of the person to be contact in case of emergency);
Billing data (IBAN, bank, swift, signature, account holder name, address, policy number);
Health data and life habits (such as information regarding life habits, such as food, sports, alcohol consumption, smoking, biometric indices, history of diseases);
Call recording data (call records and recording, including voice recording and number recording);
Other categories of personal data necessary for the purposes required at all times.
6. PURPOSES, GROUNDS FOR PROCESSING AND PERIODS FOR CONSERVATION OF PERSONAL DATA
Personal Data are processed for the following purposes based, in each case, on the indicated grounds and are kept for the time strictly necessary to pursue those same purposes, according to the deadlines (or criteria adopted to define them) indicated in the following table:
Basis of Lawfulness
Treatment necessary for the execution and management of the participation in the sporting event or for pre-contractual steps with the intervention of the Organisation.
Presentation, proposal, celebration and execution of the participation in the sports event.
Until expiry of the legal limitation period of all obligations arising from registration, invoicing and participation in the sports event.
Prospecting and comercial activity
Consent of the Data Subject.
Legitimate interests of developing and growing the business of the controller or a third party.
Until one year after the end of the contractual and legal relationship.
Compliance with legal obligations, namely with supervisory, tax, fiscal and judicial authorities, among others.
Compliance with legal and statutory obligations.
Legitimate interests of controlling the activity of the controller or a third party.
For the declaration, exercise or defence of rights in legal proceedings.
Legal deadline applicable at each moment for each legal and judicial obligation to be fulfilled, namely 10 years for compliance with tax obligations and 7 years for compliance with obligations regarding the prevention of money laundering and financing of terrorism.
Until the expiry of the limitation or prescription period for the exercise of rights.
7. RECORDING PHONE CALLS
In the telephone contacts established between the Data Holder and the Organization, within the scope of its activity, the latter may, if applicable, record the calls, upon prior information to the Data Holder and with his consent, for the management of the relationship pre-contractual and contractual, through the Organization and compliance with legal and legal obligations, namely, as a means of proof of information or instructions transmitted and, as well as to improve the services offered or contracted and, also, to control the quality of the same. Call recordings will be kept for the periods indicated in the deliberations of the National Data Protection Commission (CNPD) that define the principles applicable to the processing of call recording data, namely, Deliberation n.º 1039/2017.
8. DATA COMMUNICATION
Personal Data may be communicated to other partner entities of Clube Desportivo e Recreativo Chronos, whose identification and contact data may be, at any time, requested from the Data Protection Officer, as identified above, and may be processed by other entities in in relation to which the Organization acts, if applicable, as “subcontractor” or “jointly responsible for the treatment”, as well as to whom the Organization has subcontracted its processing, as well as by the partners and people directly involved in the organization of the event/sporting event .
For the purposes described and in compliance with a legal obligation, Personal Data may be transmitted to judicial, administrative, supervisory or regulatory authorities, and also to entities that fit or carry out, lawfully, data compilation actions, prevention actions and combating fraud and money laundering, market studies or statistical or technical-actuarial studies.
9. DATA HOLDER RIGHTS
The holder of the Personal Data has the right to request the Organization, and through it, the co-organizers and other partners of Clube Desportivo e Recreativo Chronos, by means of a written request addressed to the Data Protection Officer:
Access, under the legally established terms and conditions, to Personal Data concerning you and which are subject to processing;
The correction or updating of inaccurate or outdated Personal Data concerning you;
The processing of missing Personal Data when those prove to be incomplete;
The erasure, in the cases specifically provided for by law, of Personal Data concerning you;
The limitation, after verifying the conditions provided for by law, of the processing of Personal Data concerning you.
Upon written request, addressed to the Data Protection Officer, the Data Subject is also entitled to:
Withdraw the consent given, when the processing of data is based solely on consent;
Oppose the processing for reasons related to your particular situation, when the processing of data is based on the legitimate interest of the “responsible for the treatment” or of third parties;
Receive from the “person responsible for the treatment”, “subcontractor” or “joint person responsible for the treatment”, in a digital format in current use and automatic reading, the personal data concerning him and that have been provided by him, processed by automated means on the grounds :
in consent provided by the Data Subject; or
in a signed contract, and may request, in writing, the respective transmission directly to another person in charge, whenever this is technically possible.
The Personal Data Holder may also request more detailed information from the Data Protection Officer, namely on the purposes, grounds for lawfulness and conservation periods and, as well as, submit complaints about the way in which their Data Personal data are processed, without prejudice to being able to do so at the National Data Protection Commission (CNPD – National Data Protection Commission, telephone: (+351) 213 928 400; e-mail: email@example.com ; website: www.cnpd.pt).
10. SECURITY OF PERSONAL DATA
The Organization has adopted adequate technical and organizational measures to protect Personal Data against accidental or unlawful loss, destruction or damage, as well as to ensure that the data provided is protected against access or use by unauthorized third parties.
The Organization guarantees privacy and security in the transmission of data from its customers and visitors to its website and other computer platforms, if available.
In situations where the Organization subcontracts the provision of services involving the transfer of personal data to other entities, these entities will be obliged to adopt the necessary technical and organizational measures in order to protect the personal data against destruction, loss, alteration , disclosure, unauthorized access or any other type of unlawful treatment.