2. RESPONSIBLE FOR PERSONAL DATA PROCESSING
Clube Desportivo e Recreativo Chronos, taxpayer number 514798998, with head office at Av. Duarte Pacheco, nº 19 – 6º Dto, 1070-100 Lisbon.
Personal data is any information regarding an individual that is identified or identifiable (the Data Owner). An individual is considered identifiable if they can be identified, directly or indirectly, in particular by referring to an identifying item, such as a name, an ID number, location data, electronic identifiers or one or more specific elements from the physical, physiological, genetic, mental, economic, cultural or social identity of such individual (henceforth referred to as “Personal Data”).
The Personal Data will be provided by the respective Data Owner in the act of filling the Documents, regardless of the medium, directly or through others.
The provision, to the Organisation, of the Personal Data collected in the scope of pre-contractual proceedings or during the registration process, besides the cases in which it corresponds to information necessary for the observance of legal and contractual obligations, represents necessary and essential requirement for participation in the sports competition.
The Personal Data shall be processed by the Organisation, according to the situations, either as “responsible for processing”, “subcontractor” or as “conjoint responsible for the processing”, for the purposes mentioned below in this Policy, in strict compliance with what is established in the current legislation in terms of protection of personal data.
3. DATA PROTECTION OFFICER (DPO)
The Organisation has appointed a person responsible for data protection (Data Protection Officer) who can be directly contacted by sending an e-mail to firstname.lastname@example.org or by registered post to the following address:
CLUBE DESPORTIVO E RECREATIVO CHRONOS
C/O: Data Protection Officer
Av. Duarte Pacheco, nº 19 – 6º Dto.
4. PERSONAL DATA PROCESSING
The Personal Data provided in the relationship established with the Organisation is processed in accordance with the legally applicable principles, namely:
- Treated in a licit way, loyal and transparent;
- Collected for specific, explicit and legitimate purposes, and they will not later be processed in a way that is incompatible with those purposes;
- Adequate, pertinent and limited to what is necessary in view of the purposes for which they are processed;
- Exact and, if necessary, actual, with appropriate measures being taken to ensure that inexact or incomplete data is deleted or amended, according to the purposes for which they have been collected or for which they will later be processed;
- Preserved in order to allow the identification of their owners only during the strictly necessary period, and within what is legally allowed for the fulfilment of the purpose of collection or subsequent processing.
5. TYPES OF PERSONAL DATA
The Organisation only gathers and processes the personal data necessary to provide a quality service, in order to be able to rend the service provided, and to offer products and services that better suit the needs of its clients, as well as in order to be able to fulfil its obligations as “responsible for data processing” or “subcontractor” when it acts as such.
The Organisation will also take care of the personal data necessary for the observance of legal obligations it is subjected to, or for the satisfaction of its own legitimate interests.
In the scope of service provision, the Organisation processes the following categories of personal data:
- Identification data from the participant, such as name, age, place of birth and nationality, address, national identity card, telephone contact, e-mail address, taxpayer number, clothes size, name and phone contact of the person to contact in emergency situation);
- Billing data (IBAN, bank, swift, signature, account holder’s name, address, policy number);
- Health and lifestyle data (such as, information regarding lifestyle habits, like diet, sport, alcohol intake, smoking, biometrical indexes, history of diseases);
- Telephone call recording data (records and recordings of telephone calls, including voice recordings and recording of numbers);
- Other categories of personal data necessary to the purposes required at all times.
6. GOALS, GROUNDS FOR PROCESSING AND TERM OF RETENTION FOR PERSONAL DATA
The Personal Data is treated with the following purposes, centred, in each case, in the stated principles, and they are kept for the strictly required time for the fulfilment of such purposes, in accordance with the terms (or criteria used to define them) shown on the table below:
Principle of Lawfulness
Term of Retention
Processing necessary for the execution and management of participation in the sports competition or for pre-contractual proceedings with the intervention of the Organisation.
Presentation, proposition, celebration and execution of participation in the sports competition.
Until the end of the legal term of prescription of all obligations emerging from the registration, billing and participation in the sports competition.
Prospection and commercial action.
Consent from the Data Owner.
Legitimate interests of development and growth of the activity by the responsible for processing or by third parties.
Until the end of one year on top of the end of the contractual and legal relationship.
Compliance with legal obligations, namely with, among others, supervisory, tax, fiscal and judiciary authorities.
Compliance with juridical and legal obligations.
Legitimate interests in controlling the activity by the responsible for processing or by third parties.
For declaration, exercise or defence of rights in judicial proceeding.
Legal term applicable in each moment for each legal and juridical obligation to be observed, namely 10 years for the observance of fiscal obligations and 7 years for the observance of obligations related to the prevention of money laundering and financing of terrorism.
Until the term of prescription or caducity for the exercise of rights.
7. RECORDING OF TELEPHONE CALLS
During the telephone contacts between the Data Owner and the Organisation, in the scope of its activity, the latter may record the calls, if that is the case, while informing the Data Owner and with their consent, for purposes of management of the pre-contractual and contractual relationship by the Organisation and the observance of judicial and legal obligations, namely, as a way to prove the transmission of information and instructions, as well as for the improvement of the services offered and their quality control. The telephone call recordings will be kept for the period stated in the deliberations of the National Data Protection Commission (CNPD), which define the principles applicable to the processing of data from telephone call recordings, namely Deliberation #1039/2017.
8. DATA COMMUNICATION
The Personal Data may be communicated to other entities and companies, partners of Clube Desportivo e Recreativo Chronos, whose identification data and contact can be requested at any moment from the Data Protection Officer, as identified above, and they may be treated by other entities under the sphere of action of the Organisation, if that is the case, as “subcontractor” or “conjoint responsible for the processing”, with which the Organisation may have subcontracted their processing, as well as the partners and people directly connected with the event/sports event’s organisation.
For the purpose of the aforementioned goals and in observance of the law, the Personal Data may be transmitted to judicial, administrative, supervisory or regulatory authorities, and also to entities that conform with or lawfully perform actions of data compilation, actions of fraud and money laundering prevention, market studies or technical-actuarial statistic studies.
9. RIGHTS OF THE DATA OWNER
The Personal Data owner has the right to ask the Organisation, and through it the entities and companies partners of Clube Desportivo e Recreativo Chronos, by means of a written request addressed to the Data Protection Officer for:
- The access, within the legally required terms and conditions, to their Personal Data that are subjected to processing;
- The amendment or updating of their Personal Data that may be inexact or outdated;
- The processing of missing Personal Data when incomplete;
- The deletion, in the situations specifically foreseen by law, of their Personal Data;
- The limitation, once the conditions foreseen by the law have been met, in the processing of their own Personal Data.
Upon written request addressed to the Data Protection Officer, the Data Owner is also entitled to:
- Remove the previously given consent, when the data processing is based on consent alone;
- Oppose the processing due to reasons connected with their particular situation, when the data processing is based on legitimate interest from the “responsible for processing” or any third parties;
- To receive from the one “responsible for the processing”, “subcontractor” or “conjoint responsible for the processing”, in current digital format that allows for automatic reading, their personal data that has been personally provided, processed by automated means with fundament:
- in consent given by the Data Owner; or
- in celebrated contract, with the possibility of requesting, in writing, the corresponding transmission directly to another responsible person, whenever that is technically possible.
The Personal Data Owner can also demand from the Data Protection Officer, more detailed information, namely concerning the goals, principles of lawfulness and terms of retention, as well as, submit complaints as to the way their Personal Data is processed, notwithstanding the possibility of doing so with the National Data Protection Commission (CNPD – Comissão Nacional de Proteção de Dados, telephone: (+351) 213 928 400; e-mail: email@example.com; website: www.cnpd.pt).
10. PERSONAL DATA SECURITY
The Organisation has adopted technical and organisational measures to protect the Personal Data against their loss, accidental or illicit destruction or damage and, just as well, to ensure that the data provided is protected against the access or use by unauthorised third parties.
The Organisation guarantees the privacy and security in the transmission of its clients’, website and other online platforms’ visitors’ data, if they are available.
In the situations in which the Organisation subcontracts the provision of services to other entities, and these involve the disclosure of personal data, such entities will be obliged to adopt the necessary technical and organisational measures to protect the personal data against destruction, loss, change, dissemination, unauthorised access, or any other type of illicit treatment.