Framing

‍

This Privacy Policy reflects BGC – Brix Global Consulting, Lda.'s (hereinafter "Brix IT") commitment to protecting the personal data of its employees, candidates, clients, partners, and all other data subjects within the scope of its operations. Brix IT ensures privacy, confidentiality, and data security in compliance with Regulation (EU) 2016/679 (GDPR) and applicable national legislation. This policy is a fundamental instrument to ensure transparency and legal compliance in the way we process personal information.

‍

Legal Purpose of treatment

‍

The processing of personal data by Brix IT is based on clear legal grounds: compliance with contractual and legal obligations, data subject consent, the legitimate interests of the company, and the execution of pre-contractual measures. These foundations ensure that all data is processed lawfully, fairly, and transparently. Brix IT guarantees that, in each instance of data collection, the specific purpose and corresponding legal basis are clearly stated, reinforcing data subjects’ control over their information.

‍

Contacts:

• Postal address: Rua da Fontinha, nº9B. 3040-657 Assafarge
• Email: gdpr@brix-it.pt

‍

‍Application and scope

‍

This policy applies to all personal data processing activities carried out by Brix IT, whether in digital or physical format. It covers employees, candidates, clients, suppliers, business partners, and website users. It also applies to data collected in recruitment, contract management, business development, and corporate communications. The policy extends to third-party service providers who process data on behalf of Brix IT.

‍

Personal Data

‍‍

Personal data refers to any information relating to an identified or identifiable natural person. Personal data processed by Brix IT may include name, address, phone number, email address, tax identification number, professional data, access credentials, interaction history, and other data relevant to the established relationship. Brix IT is committed to processing only the data strictly necessary for each identified purpose.

For the fulfillment of the business activity and as responsible for the collection, Brix IT collects the following data:

‍

Data Category

Information to Collect

Candidate Data - Recruitment

Name; date of birth or age; sex; nationality/citizenship/place of birth; address of residence; telephone and fax number; e-mail address, mother tongue; data and copy of the identification document; immigration status (in case you need a work permit); academic qualifications; academic record; professional history; photography; marital status; household and details of any dependents.

Candidate Data - Contractual Process (Admission)

Name; date of birth or age; sex; nationality/citizenship/place of birth; address of residence; telephone and fax number; e-mail address, mother tongue; data and copy of the identification document (citizen card or passport), including social security number (or equivalent in your country) and NIF; details and copy of your driving licence and/or other proof of address; financial information (country of bank domiciliation, account holder, domicile (name of bank), IBAN, BIC (or SWIFT)); other tax information; immigration status (in case you need a work permit); academic qualifications, proof of qualifications, academic record; employment history, photograph, emergency contacts; marital status, household and details of any dependents.

Customer Data - Contractual Process

Name, telephone number and e-mail address of employees of the client company.

Supplier Data - Contractual Process

Name, telephone number and e-mail address of employees of the client company, as well as financial information (country of bank domiciliation, account holder, domicile (name of the bank), IBAN, BIC (or SWIFT).

Website User Data

Cookies collect generic information, namely: i) IP address; ii) date, time, duration and frequency with which you access the website; iii) the way in which you arrive at and use the website; (ii) information related to their authorizations; iii) the area of the country from which you access the website.

‍

The collected data has the following purpose:

‍

Data Category

Purpose of Processing

Candidate Data

The following are used for recruitment:

• Fit the candidate in the respective business opportunities;
• Conducting interviews;
• Refer the candidate for qualification in client;
• Presentation of pre-proposal and/or proposal.

Employee Data

• Human Resources Management;
• Staff selection and recruitment;
• Processing of remuneration, benefits and allowances, including garnishment of salaries and reimbursement of expenses;
• Occupational safety and health;
• Management of disciplinary sanctions;
• Training;
• Time/attendance control.

Customer Data

• Provide a consulting service;
• Provide training services.

Supplier Data

We use the data solely to ensure compliance with contractual and legal obligations, to maintain clear and effective communication in our relationship, and to guarantee the proper processing of payments.

Website User Data

• Improve the user’s experience of our website.

‍

Legal Purpose of the Processing

‍

Brix IT collects and processes personal data for several purposes, including recruitment and selection, human resources management, client and supplier relationship management, corporate communication, statistical analysis, compliance with legal and contractual obligations, and IT system security. Each processing activity is supported by an appropriate legal basis and is carried out proportionally, transparently, and with respect for data subject rights. In this sense, the entire scope of this policy extends to the processing of third parties and processors, taking into account the following:

‍

• Brix IT ensures that all personal data processing is carried out in accordance with the General Data Protection Regulation (GDPR), this Privacy Policy, and the principles of lawfulness, fairness, and transparency. The data collected is strictly necessary and relevant to our activities and is processed solely for determined, explicit, and legitimate purposes. No subsequent processing is allowed if incompatible with those original purposes. Data is kept accurate and up to date, in line with the principle of accuracy, and is protected against loss, destruction, or damage through appropriate technical and organizational measures that ensure both integrity and confidentiality. Brix IT also commits to retaining personal data only for the period strictly necessary to fulfill the purposes for which it was collected, ensuring that it remains identifiable only during that necessary timeframe.

‍

The withdrawal/withdrawal of consent can be requested at any time by sending an e-mail to: gdpr@brix-it.pt.

The Personal Data collected by us will be processed and stored in accordance with the purposes and for the minimum period legally necessary.

‍

Data Retention

‍

Personal data is retained only for the time strictly necessary to fulfill the purpose for which it was collected, or to comply with legal obligations. After this period, the data is securely deleted or anonymized. For personnel selection and recruitment processes, the data will be stored for a maximum period of 5 years.

‍

‍‍

Rights of the Data Subject

‍

The Holder of the personal data has the following rights, which can be exercised easily and free of charge, through the following e-mail: gdpr@brix-it.pt

Only in the case of manifestly unfounded or excessive requests may a fee be charged for the exercise of these rights (pursuant to Article 15(3) GDPR).

‍

Right to Question

Data subjects have the right to understand how their data is processed, by whom, for what purposes, and under what legal basis. Brix IT ensures clear and accessible information.

‍‍

Right to rectification

You may request the correction of incorrect or outdated data.

‍

Right to erasure/to be forgotten

In certain situations, you may request the deletion of your personal data. You can also decide to withdraw your consent to the processing of your personal data whenever you want to exercise your right to object to it.

There are some exceptions to this right, such as if they are against the exercise of freedom of expression and information, if they are necessary for compliance with legal obligations, if they are necessary for reasons of public interest or public health, if they are necessary for archival reasons of public interest, scientific research, historical, for statistical purposes or the exercise or defense of rights in judicial proceedings. In these cases, the data subject should be informed of the reason why it is not possible to respond to their request.

‍

‍Right to restriction of processing

You may request the temporary suspension of data processing, whenever one of the following situations occurs:

1. If the data is inaccurate and is disputed during the period for which it is possible to verify its accuracy;
2. Categories of data to be processed;
3. If the processing is unlawful, but the data subject opposes the end of the processing and only wants the restriction of its use;
4. If the controller no longer needs the data for processing, but the data is required by the data subject for the establishment, exercise or defense of legal claims;
5. If at any time you have objected to the respective processing and it has not ceased (i) for compelling legitimate reasons presented to the controller or (ii) for the establishment, exercise or defense of legal claims.

‍‍

Right to notification

You will be notified whenever there are significant changes in data processing.

‍

‍Right to data portability

You have the right to receive your data in a structured, commonly used, and machine-readable format.

‍

How to exercise the rights

‍

The above-mentioned rights can be exercised by submitting a written request to gdpr@brix-it.pt. Brix IT commits to responding within a maximum of 30 days, except in duly justified complex cases.

‍

Responsibilities

‍

How BRIX IT protects the data

Brix IT implements appropriate technical and organizational measures to protect personal data, including encryption, access control, backups, and ongoing staff training. We ensure that data is handled securely and in accordance with industry best practices.

‍

‍BRIX IT, is responsible for:

1. Act as a controller with respect to all duties and obligations provided for in the GDPR;
2. Monitor and control the compliance of processes with the GDPR and with the policies implemented in an appropriate and timely manner;
3. ensure that it has all the necessary resources to carry out its duties;
4. Act as a point of contact for requests from data subjects regarding the processing of their personal data and the exercise of their rights;
5. Carry out a data protection impact assessment if a certain type of processing so requires.

‍‍

Personal Data Breach

‍

In the event of a personal data breach, Brix IT will notify the supervisory authority and affected data subjects, whenever legally required. We maintain internal procedures for rapid and effective response to security incidents.

‍

‍COOKIES

‍

Cookies are small text files stored on your computer or mobile device through your web browser. During navigation, they record preferences and allow the website to recognize your device on future visits. At any time, you can decide to be notified about the receipt of cookies, to consult or change the type of cookies, as well as to block their entry into your system, through the settings of your internet browser (browser).

‍

Why are they used?

‍

Cookies are an essential part of our website's operation and facilitate your navigation on the platform. Their main goal is to enhance user experience, allowing faster, more efficient browsing, saving preferences, and removing the need to re-enter information repeatedly.

‍

The cookies currently used by the website are the following:

‍

Technical or strictly necessary cookies

Essential for website functionality. Without them, some features may be unavailable.

‍Technical or strictly necessary cookies are cookies installed with the aim of allowing navigation on the website, allowing a correct user experience, namely the security of the website or the management of consents. For this reason, these cookies do not require your consent.

‍

Performance cookies

Performance cookies help monitor site performance and identify improvement opportunities.. All information collected by these cookies is anonymous.

‍

‍Revocation and management of cookie consents

‍

Data subjects may revoke or change their consent at any time via browser settings or by contacting Brix IT. Revocation does not affect the lawfulness of processing carried out up to that point.

‍‍

Complaint to the supervisory authorities

‍

Notwithstanding the existence of the commitment of BRIX IT for resolving any type of situation. The Data Subject has the right to lodge a complaint with the competent authorities (CNPD) if any of the rights are denied.

‍National Data Protection Commission

• Av. D. Carlos I, 134 - 1.º
• 1200-651 Lisboa / Portugal
• Tel: +351 213928400 / Fax: +351 213976832
• www.cnpd.pt

‍

‍

Changes to the Privacy Policy

‍

Brix IT may update this policy whenever necessary. Changes will be published on the website with the corresponding effective date. We recommend regularly reviewing this policy.

‍‍

Governing Law and Jurisdiction

‍

The privacy policy, as well as the collection, processing or transmission of data from customers, employees and partners, are governed by the provisions of Regulation (EU) 2016/679, of the European Parliament and of the Council, of 27 April 2016, and by the legislation and regulations applicable in Portugal, namely Law No. 58/2019, of 8 August.

In case of dispute, the court of Coimbra shall have jurisdiction, with express waiver of any other.

‍

‍‍

Contact

‍

If you have any questions, wish to exercise your rights, suggestions or complaints regarding Data Protection and this Privacy Policy, you can contact us at our email address: gdpr@brix-it.pt.

‍