Personal Data Protection Policy

Certo Seguros respects the privacy and protection of personal data, namely of our candidates, employees, trainees and trainers in insurance mediation, as well as suppliers and customers and, in case of legal persons, their respective representatives.

The data provided by the different users are treated confidentially by Certo Seguros in accordance with the provisions of Law No. 58/2019 of August 8, recommendations and directives issued by the National Commission for Data Protection and Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016.

The monitoring of compliance with this Personal Data Protection Policy will be ensured by measuring the evaluation indicators of the controls and/or audits (internal or external), at regular intervals or when significant legislative or regulatory changes occur.

Certo Seguros undertakes to respect the best practices in the field of security and protection of personal data, having for this purpose approved a program capable of ensuring the protection of the data provided to us by all those who, in some way, relate to it.

This Privacy Policy applies to the collection and processing of personal data carried out by Certo Seguros and is intended for the general public, establishing obligations for all employees.

1. Definitions

Personal Data: All information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, electronic identifiers or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Special Categories of Personal Data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership of a natural person, and the processing of genetic data, biometric data for the purpose of uniquely identifying a person, data concerning health or data concerning sex life or sexual orientation.

Processing: means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Controller: means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its appointment may be provided for by Union or Member State law.

Personal Data Breach: is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Processor: is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Third party: is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data.

Supervisory Authority: an independent public authority established by a Member State.

CNPD: National Commission for Data Protection.

2. Collection and Processing of Data from the Holder

This Privacy Policy applies to all personal data of users that are collected by Certo Seguros for (i) the preparation of insurance proposals and contracting and/or other needs related to the insurance distribution and mediation activity (ii ) recruitment and selection activities, as well as all issues associated therewith, including the dissemination of new job offers, professional training and institutional information, (iii) information to customers and potential customers (vi) information about the existence of promotions or campaigns marketing, (v) contractual or pre-contractual management (whether of a labor, commercial or other nature) or (vi) to comply with legal obligations.

Within the scope of the activities developed by Certo Seguros, users may be contacted for the purposes described above.

The types of personal data collected, processed and stored by Certo Seguros are those necessary for the performance of (i) recruitment and selection processes for employment and training opportunities or those required for compliance with other requirements when acting as an employer, (ii) provision of services to clients, on an outsourcing or other basis, and (iii) compliance with legal, contractual and pre-contractual requirements arising from the respective activity.

  • Full name
  • Contact details (address, telephone number, e-mail address)
  • Date of birth
  • Driver's license number and details
  • Education and training
  • Professional experience and skills
  • Professional credentials, certificates or licenses
  • Membership in professional organizations
  • Any other information contained in the resume
  • Citizenship status and work authorization
  • Health or disability-related data
  • Information from and related to publicly accessible profiles you have created on employment-related social networking platforms and job portals (such as LinkedIn, Facebook, Sapo Emprego or Indeed)
  • Information collected by checking professional references
  • Career management interests and preferences
  • Employee, customer and/or supplier registration
  • User identification and password or PIN, if registered through the Certo Seguros website.

Additionally, Certo Seguros may request types of personal data deemed "sensitive":

  • National or tax identification number/social security number
  • Financial or bank account data
  • Information related to tax/tax status
  • Information contained in criminal records
  • Information about health insurance and retirement plans
  • Health data (e.g. those relating to medical examinations or accidents at work)
  • Trade union membership
  • Information contained in the employee's personnel file, such as performance reviews, disciplinary actions and payroll processing
  • Finally, interactions with Certo Insurance mobile and web applications may result in the collection, processing and storage of geolocation data

Other information you may provide to us, for example, through surveys, interactions with social profiles (linkedin, facebook, twitter, youtube, among others), as well as through other channels used to contact Certo Insurance

The provision of this type of information will be voluntary, unless required by law. Should it not be provided, this will not prejudice, for example, your employment or training opportunities.

Outsourced Entities

When processing the cardholder's data, Certo Insurance uses or may use third parties, outsourced by it, to process the cardholder's data on its behalf, and according to its instructions, in strict compliance with the law and this Privacy Policy.

These outsourced entities may not transmit the titleholder's data to other entities without prior written authorization from Certo Insurance, and are also forbidden to contract other entities without such authorization.

Certo Insurance undertakes the commitment to outsource only entities that provide sufficient guarantees for the execution of adequate technical and organizational measures, in order to ensure the defense of the rights of the titleholder.

All outsourced entities shall be bound by a written contract regulating, inter alia, the object, duration of processing, nature, purpose of processing, type of personal data, categories of data subjects and the rights and obligations of the parties.

When collecting personal data, Certo Insurance provides the holder with information about the categories of subcontracted entities that, in the specific case, may perform data processing on behalf of Certo Insurance.

Data Collection Channels

Certo Insurance may collect data directly (i.e., directly from the holder) or indirectly (i.e., through partner entities or third parties). Collection may be done through the following channels:

  • Direct collection: in person, by phone or email or via the internet;
  • Indirect collection: through partners, external companies or Group companies and entities.

General Principles Applicable to the Data Processing of the Data Subject

In terms of general principles regarding the processing of personal data, Certo Seguros undertakes to ensure that they are:

  • Object of lawful, loyal and transparent processing in relation to the data subject
  • Collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
  • Accurate and up to date where necessary, with every reasonable step being taken to ensure that data which are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay
  • Kept in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed
  • Processed in a manner that ensures their security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, with appropriate technical or organizational measures being taken

Data processing performed by Certo Insurance is lawful when at least one of the following situations occurs:

  • The data subject has given his/her explicit consent to the processing of the data subject's data for one or more specific purposes;
  • Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • Processing is necessary for compliance with a legal obligation to which Certo Seguros is subject;
  • Processing is necessary for the defense of vital interests of the data subject or of another natural person;
  • Processing is necessary for the purposes of legitimate interests pursued by Certo Seguros or third parties (unless the interests or fundamental rights and freedoms of the data subject prevail and require protection of personal data).

Certo Insurance undertakes to ensure that the holder's data is processed only under the conditions listed above and in compliance with the principles mentioned above.

When the processing of the holder's data is performed by Certo Insurance based on the data subject's consent, he/she is entitled to withdraw his/her consent at any time. However, withdrawal of consent does not compromise the lawfulness of the processing performed by Certo Insurance based on the consent previously given by the data subject.

The period of time during which data are stored and kept varies according to the purpose for which the information is processed.

In fact, there are legal requirements that require data to be retained for a minimum period of time. Thus, and whenever there is no specific legal requirement, the data will be stored and kept only for the minimum period necessary for the purposes that motivated their collection or their subsequent processing, after which they will be eliminated.

Use and Purposes of Data Processing

In general terms, Certo Insurance uses the data of the data subject for several purposes, including billing and collection, for marketing purposes and for human resources management and employee recruitment, among others.

The holder's data collected by Certo Insurance are not shared with third parties without the holder's consent, with the exception of the situations mentioned in the following paragraph. In case the holder contracts Certo Seguros for services provided by other entities responsible for the processing of personal data, the holder's data may be consulted or accessed by such entities, to the extent necessary for the provision of such services.

Under the applicable legal terms, Certo Insurance may transmit or communicate the holder's data to other entities in case such transmission or communication is necessary for the execution of the contract established between the holder and Certo Seguros, or for pre-contractual diligences at the holder's request, in case it is necessary for the fulfillment of a legal obligation to which Certo Seguros is subject or in case it is necessary for the pursuit of legitimate interests of Certo Seguros or a third party.

In case of data transmission to third parties, reasonable efforts will be made so that the recipient uses the data in a manner consistent with this Privacy Policy.

Technical, Organizational and Security Measures Implemented

In order to ensure the security of the holder's data and maximum confidentiality, Certo Insurance handles the information provided to us in an absolutely confidential manner, in accordance with its internal security and confidentiality policies and procedures, which are periodically updated as needed, as well as in accordance with the terms and conditions provided by law.

Depending on the nature, scope, context and purposes of data processing, as well as the risks arising from the processing to the rights and freedoms of the data subject, Certo Insurance undertakes to implement, both when defining the means of processing and when processing itself, the necessary and appropriate technical and organizational measures for data protection and compliance with legal requirements.

It further undertakes to ensure that only the data that is necessary for each specific purpose of the processing is processed, and that such data is not made available to an indefinite number of persons.

In terms of general measures, Certo Seguros adopts the following:

  • Regular audits with a view to gauging the effectiveness of the technical and organizational measures implemented;
  • Awareness and training of staff involved in data processing operation;
  • Pseudonymization and encryption of personal data, whenever justifiable;
  • Mechanisms to ensure the permanent confidentiality, availability, and resilience of the information systems;
  • Mechanisms to ensure the timely restoration of information systems and access to personal data in the event of a physical or technical incident.

Transfer of Data Outside the European Union

The personal data collected and used by Certo Insurance is not made available to third parties established outside the European Union. Should such a transfer occur in the future, Certo Seguros undertakes to ensure that the transfer complies with applicable legal provisions, in particular with regard to determining the suitability of such country with regard to data protection and the requirements applicable to such transfers.

3. Data Subject Rights

Right to Information

The information contained in this document shall be provided in writing (including by electronic means) by Certo Seguros to the holder prior to the processing of the personal data in question. Under the terms of the applicable law, Certo Insurance is under no obligation to provide the holder with this information when and inasmuch as it is assumed that the holder is already aware of it.

The information is provided by Certo Insurance free of charge.

Right of Access to Personal Data

Certo Seguros guarantees the means allowing the data subject access to his/her personal data.

The data subject has the right to obtain from Certo Insurance the confirmation that personal data concerning him/her are or are not being processed and, if applicable, the right to access his/her personal data and the following information.

  • The purposes of the data processing
  • The categories of personal data concerned
  • The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients established in third countries or belonging to international organizations
  • Where possible, the period for which the personal data will be stored
  • The existence of the right to request from Certo Insurance rectification, erasure or limitation of processing of personal data or the right to object to such processing
  • The right to file a complaint with the CNPD or other control authority
  • If the data have not been collected from the data subject, the available information on the origin of such data
  • The existence of automated decisions, including profiling, and information regarding the logic behind and the significance and anticipated consequences of such processing for the data subject.
  • The right to be informed about the appropriate safeguards associated with the transfer of data to third countries outside the EU or international organizations.

Upon request, Certo Insurance will provide the data subject, free of charge, with a copy of his/her data being processed. The provision of other copies requested by the data subject may entail administrative costs.

Right to Rectification of Personal Data

The data subject has the right to request at any time the rectification of his/her personal data, as well as the right to have his/her incomplete personal data completed, including by means of an additional declaration.

In case of data rectification, Certo Insurance shall inform each recipient to whom the data have been transmitted of the respective rectification, unless such communication proves impossible or involves a disproportionate effort for Certo Insurance.

Right to erasure of personal data ("Right to be forgotten")

The holder of the data has the right to obtain from Certo Insurance the erasure of his/her data when one of the following reasons applies:

  • The data subject's data are no longer necessary for the purpose that motivated their collection or processing
  • The holder withdraws his/her consent on which the data processing is based and there is no other legal ground for said processing
  • Where the data subject opposes the processing pursuant to the right to object and there are no overriding legitimate interests justifying the processing
  • Where the data subject's data are processed unlawfully
  • In case the owner's data must be erased for compliance with a legal obligation to which Certo Insurance is subject

Under applicable legal terms, Certo Insurance is not obliged to erase the owner's data to the extent that the processing is necessary to comply with a legal obligation to which Certo Seguros is subject or for the purposes of the declaration, exercise or defense of a right of Certo Insurance in a legal proceeding.

In case of data erasure, Certo Insurance will inform each recipient or entity to whom the data have been transmitted of the respective erasure, unless such communication proves impossible or involves a disproportionate effort for Certo Insurance.

If Certo Insurance has made public the holder's data and is required to delete them under the right to erasure, Certo Insurance undertakes to ensure reasonable steps, including technical measures, taking into consideration the available technology and the costs of its implementation, to inform those responsible for the effective processing of personal data that the holder has requested the deletion of links to such personal data, as well as copies or reproductions thereof.

Right to Limitation of Personal Data Processing

The data subject has the right to obtain from Certo Insurance the limitation of the processing of his/her data if one of the following situations applies (limitation may consist of inserting a mark in the personal data stored with the purpose of limiting its processing in the future):

  • If you contest the accuracy of the personal data, for a period that allows Certo Seguros to verify its accuracy
  • If processing is unlawful and the data subject opposes the erasure of data and instead requests limitation of their use
  • If Certo Insurance no longer needs the owner's data for processing purposes, but such data is required by the data owner for the purposes of the statement, exercise or defense of a right in a legal proceeding
  • When the data subject has opposed the processing, until it is verified that the legitimate reasons of Certo Insurance prevail over those of the data subject

When the data subject's data are subject to limitation, they may, with the exception of conservation, only be processed with the consent of the data subject or for the purpose of the establishment, exercise or defense of a right in a legal proceeding, for the defense of the rights of another natural or legal person or for reasons of public interest as provided by law.
The data subject who has obtained the limitation of the processing of his/her data in the aforementioned cases will be informed by Certo Insurance before the limitation of processing is cancelled.

In case of limitation of data processing, Certo Insurance will communicate to each recipient to whom the data have been transmitted the respective limitation, unless such communication proves impossible or involves a disproportionate effort for Certo Insurance.

Right to Personal Data Portability

The data subject has the right to receive personal data concerning him/her that he/she has provided to Certo Insurance in a structured, commonly used and machine-readable format, and the right to transmit such data to another controller if:

  • The processing is based on consent or on a contract to which the data subject is a party
  • The processing is carried out by automated means

The right of portability does not include inferred data or derived data, i.e. personal data generated by Certo Insurance as a consequence or result of the analysis of the data undergoing processing.

The data subject has the right to have personal data transmitted directly between controllers, whenever technically possible.

Right to object to processing

The data subject shall have the right to object at any time, on grounds relating to his/her particular situation, to the processing of personal data concerning him/her which is based on the exercise of legitimate interests pursued by Certo Insurance or when the processing is carried out for purposes other than those for which the personal data were collected, including profiling, or when the personal data are processed for statistical purposes.

Certo Insurance shall cease processing the data of the data subject, unless it has compelling legitimate grounds for such processing which override the interests, rights and freedoms of the data subject or for the purposes of the establishment, exercise or defense of a right of Certo Insurance in a legal proceeding.

When the data subject's data is processed for direct marketing purposes (marketing), the data subject shall have the right to object at any time to the processing of data concerning him/her for the purposes of such marketing, which includes profiling to the extent that it is related to direct marketing. Should the data subject object to the processing of his/her data for direct marketing purposes, Certo Insurance will cease processing the data for this purpose.

The data subject shall also have the right not to be subject to any decision taken solely on the basis of automated processing, including profiling, which produces legal effects concerning him/her or similarly significantly affects him/her, unless the decision:

  • Is necessary for the conclusion or performance of a contract between the data subject and Certo Insurance
  • Is authorized by legislation to which Certo Insurance is subject
  • It is based on the explicit consent of the data subject

Procedures for the Exercise of Rights by the Holder

The right of access, right of correction, right of erasure, right to limitation, right to portability and right to opposition may be exercised by the data subject by electronic contact to geral@certoseguros.pt, at Rua 1º de Maio, nº 81, Loja E, Piso 1, 7300-205 Portalegre or by phone number +351 239 438 098.

Certo Insurance will respond in writing (including by electronic means) to the holder's request within a maximum period of one month from receipt of the request, except in cases of special complexity, where this period may be extended to two months.

If the requests submitted by the holder are manifestly unfounded or excessive, notably due to their repetitive nature, Certo Insurance reserves the right to charge administrative costs or refuse to act on the request.

Personal Data Breaches

In the event of a data breach, and insofar as such breach is likely to involve a high risk to the rights and freedoms of the data subject, Certo Insurance undertakes to communicate the personal data breach to the data subject concerned without undue delay.

Under the terms of the law, communication to the data subject is not required in the following cases:

  • In case Certo Insurance has applied adequate protection measures, both technical and organizational, and such measures have been applied to the personal data affected by the personal data breach, especially measures that make the personal data incomprehensible to any person not authorized to access such data, such as encryption
  • Where Certo Insurance has taken subsequent measures to ensure that the high risk to the rights and freedoms of the data subject is no longer likely to materialize
  • In case the communication to the data subject would imply a disproportionate effort for Certo Insurance . In such a case, Certo Seguros will make a public communication or take a similar measure by which the data subject will be informed

Changes to the Privacy Policy

Certo Insurance reserves the right to change this Privacy Policy at any time. If the change is material, a notice will be posted on the website.

Applicable Law and Jurisdiction

The Privacy Policy, as well as the collection, processing or transmission of Data of the holder, are governed by the provisions of Regulation (EU) 2016/679, of the European Parliament and of the Council, of 27 April 2016 and by the laws and regulations applicable in Portugal.

Any disputes arising from the validity, interpretation or execution of the Privacy Policy or that are related to the collection, processing or transmission of the holder's data shall be submitted exclusively to the jurisdiction of the courts of the district of Lisbon, without prejudice to the applicable mandatory legal rules.

Cookie Policy

A cookie is a file that is imported into your computer or other device when you access certain web pages that collect information about your browsing on these web pages. In some cases, cookies are necessary to facilitate navigation and enable us to store and retrieve information about a user's browsing habits or equipment, among others, and depending on the information they contain and the way you use your equipment, they can be used to recognize you.

The cookies used on this website can be classified as follows:

Own cookies: these are those that are sent to the user's terminal equipment from a device or domain managed by the publisher itself and from which the service requested by the user is provided.

Third-party cookies: these are those that are sent to the user's terminal equipment from a device or domain that is not managed by the editor, but by another entity that processes the data collected through the cookies.

Session cookies: collect and store data when the user accesses a web page.

Technical cookies: They allow the user to navigate through a webpage, platform or application and use the different options or services therein.

Personalization cookies: these enable the user to access the service with certain characteristics of a general nature predefined according to a series of criteria in the user's terminal, such as language, the type of browser through which the service is accessed, the regional configuration of the location from which the service is accessed, etc.

Analysis Cookies: these allow the party responsible for them to monitor and analyze the behavior of users of the websites to which they are linked. The information collected through this type of cookies is used to measure the activity of the websites, application or platform and to draw up navigation profiles of the users of these websites, applications and platforms, with the aim of introducing improvements in the analysis function of the data on the use of the service users.

To find out which cookies are stored by your browser, you can use the tools available in your browser.

We use social networking buttons to allow our users to share web pages or select them as favorites. These are buttons for external social networking websites. These sites may record information regarding your activities on the Internet, including our website. You can review the terms of use and privacy policies of these websites to learn exactly how they use the information and to learn how you can delete or erase this information.

We sometimes use external web services to display content within our web pages. For example, to show virtual tours, images, videos, graphics, infographics, maps or to conduct surveys. Similar to buttons for social networks, we cannot prevent these external websites or domains from collecting information about the use made of this embedded content.

Certo Insurance assumes no responsibility for legal or technical problems caused by the user's failure to comply with the recommendations indicated. This communication is intended for awareness and use by users and, therefore, should not be used for any other purpose. Certo Seguros is also not responsible for the content and veracity of third-party privacy policies included in this cookie policy.

Should you have any questions regarding this cookie policy, please contact us at geral@certoseguros.pt

Updated: 06/13/2023

Personal Data Protection Policy

Certo Seguros respects the privacy and protection of personal data, namely of our candidates, employees, trainees and trainers in insurance mediation, as well as suppliers and customers and, in case of legal persons, their respective representatives.

The data provided by the different users are treated confidentially by Certo Seguros in accordance with the provisions of Law No. 58/2019 of August 8, recommendations and directives issued by the National Commission for Data Protection and Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016.

The monitoring of compliance with this Personal Data Protection Policy will be ensured by measuring the evaluation indicators of the controls and/or audits (internal or external), at regular intervals or when significant legislative or regulatory changes occur.

Certo Seguros undertakes to respect the best practices in the field of security and protection of personal data, having for this purpose approved a program capable of ensuring the protection of the data provided to us by all those who, in some way, relate to it.

This Privacy Policy applies to the collection and processing of personal data carried out by Certo Seguros and is intended for the general public, establishing obligations for all employees.

1. Definitions

Personal Data: All information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, electronic identifiers or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Special Categories of Personal Data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership of a natural person, and the processing of genetic data, biometric data for the purpose of uniquely identifying a person, data concerning health or data concerning sex life or sexual orientation.

Processing: means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Controller: means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its appointment may be provided for by Union or Member State law.

Personal Data Breach: is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Processor: is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Third party: is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data.

Supervisory Authority: an independent public authority established by a Member State.

CNPD: National Commission for Data Protection.

2. Collection and Processing of Data from the Holder

This Privacy Policy applies to all users' personal data collected by Certo Seguros for (i) recruitment and selection activities, as well as all matters associated therewith, including disclosure of new job offers, professional training and institutional information, (ii) information to clients and potential clients (iii) information on the existence of promotions or marketing campaigns, (iv) contractual or pre-contractual management (whether of a labor, commercial or other nature) or (v) for compliance with legal obligations.

Within the scope of the activities developed by Certo Seguros, users may be contacted for the purposes described above.

The types of personal data collected, processed and stored by Certo Seguros are those necessary for the performance of (i) recruitment and selection processes for employment and training opportunities or those required for compliance with other requirements when acting as an employer, (ii) provision of services to clients, on an outsourcing or other basis, and (iii) compliance with legal, contractual and pre-contractual requirements arising from the respective activity.

  • Full name
  • Contact details (address, telephone number, e-mail address)
  • Date of birth
  • Driver's license number and details
  • Education and training
  • Professional experience and skills
  • Professional credentials, certificates or licenses
  • Membership in professional organizations
  • Any other information contained in the resume
  • Citizenship status and work authorization
  • Health or disability-related data
  • Information from and related to publicly accessible profiles you have created on employment-related social networking platforms and job portals (such as LinkedIn, Facebook, Sapo Emprego or Indeed)
  • Information collected by checking professional references
  • Career management interests and preferences
  • Employee, customer and/or supplier registration
  • User identification and password or PIN, if registered through the Certo Seguros website.

Additionally, Certo Seguros may request types of personal data deemed "sensitive":

  • National or tax identification number/social security number
  • Financial or bank account data
  • Information related to tax/tax status
  • Information contained in criminal records
  • Information about health insurance and retirement plans
  • Health data (e.g. those relating to medical examinations or accidents at work)
  • Trade union membership
  • Information contained in the employee's personnel file, such as performance reviews, disciplinary actions and payroll processing
  • Finally, interactions with Certo Insurance mobile and web applications may result in the collection, processing and storage of geolocation data

Other information you may provide to us, for example, through surveys, interactions with social profiles (linkedin, facebook, twitter, youtube, among others), as well as through other channels used to contact Certo Insurance

The provision of this type of information will be voluntary, unless required by law. Should it not be provided, this will not prejudice, for example, your employment or training opportunities.

Outsourced Entities

When processing the cardholder's data, Certo Insurance uses or may use third parties, outsourced by it, to process the cardholder's data on its behalf, and according to its instructions, in strict compliance with the law and this Privacy Policy.

These outsourced entities may not transmit the titleholder's data to other entities without prior written authorization from Certo Insurance, and are also forbidden to contract other entities without such authorization.

Certo Insurance undertakes the commitment to outsource only entities that provide sufficient guarantees for the execution of adequate technical and organizational measures, in order to ensure the defense of the rights of the titleholder.

All outsourced entities shall be bound by a written contract regulating, inter alia, the object, duration of processing, nature, purpose of processing, type of personal data, categories of data subjects and the rights and obligations of the parties.

When collecting personal data, Certo Insurance provides the holder with information about the categories of subcontracted entities that, in the specific case, may perform data processing on behalf of Certo Insurance.

Data Collection Channels

Certo Insurance may collect data directly (i.e., directly from the holder) or indirectly (i.e., through partner entities or third parties). Collection may be done through the following channels:

  • Direct collection: in person, by phone or email or via the internet;
  • Indirect collection: through partners, external companies or Group companies and entities.

General Principles Applicable to the Data Processing of the Data Subject

In terms of general principles regarding the processing of personal data, Certo Seguros undertakes to ensure that they are:

  • Object of lawful, loyal and transparent processing in relation to the data subject
  • Collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
  • Accurate and up to date where necessary, with every reasonable step being taken to ensure that data which are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay
  • Kept in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed
  • Processed in a manner that ensures their security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, with appropriate technical or organizational measures being taken

Data processing performed by Certo Insurance is lawful when at least one of the following situations occurs:

  • The data subject has given his/her explicit consent to the processing of the data subject's data for one or more specific purposes;
  • Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • Processing is necessary for compliance with a legal obligation to which Certo Seguros is subject;
  • Processing is necessary for the defense of vital interests of the data subject or of another natural person;
  • Processing is necessary for the purposes of legitimate interests pursued by Certo Seguros or third parties (unless the interests or fundamental rights and freedoms of the data subject prevail and require protection of personal data).

Certo Insurance undertakes to ensure that the holder's data is processed only under the conditions listed above and in compliance with the principles mentioned above.

When the processing of the holder's data is performed by Certo Insurance based on the data subject's consent, he/she is entitled to withdraw his/her consent at any time. However, withdrawal of consent does not compromise the lawfulness of the processing performed by Certo Insurance based on the consent previously given by the data subject.

The period of time during which data are stored and kept varies according to the purpose for which the information is processed.

In fact, there are legal requirements that require data to be retained for a minimum period of time. Thus, and whenever there is no specific legal requirement, the data will be stored and kept only for the minimum period necessary for the purposes that motivated their collection or their subsequent processing, after which they will be eliminated.

Use and Purposes of Data Processing

In general terms, Certo Insurance uses the data of the data subject for several purposes, including billing and collection, for marketing purposes and for human resources management and employee recruitment, among others.

The holder's data collected by Certo Insurance are not shared with third parties without the holder's consent, with the exception of the situations mentioned in the following paragraph. In case the holder contracts Certo Seguros for services provided by other entities responsible for the processing of personal data, the holder's data may be consulted or accessed by such entities, to the extent necessary for the provision of such services.

Under the applicable legal terms, Certo Insurance may transmit or communicate the holder's data to other entities in case such transmission or communication is necessary for the execution of the contract established between the holder and Certo Seguros, or for pre-contractual diligences at the holder's request, in case it is necessary for the fulfillment of a legal obligation to which Certo Seguros is subject or in case it is necessary for the pursuit of legitimate interests of Certo Seguros or a third party.

In case of data transmission to third parties, reasonable efforts will be made so that the recipient uses the data in a manner consistent with this Privacy Policy.

Technical, Organizational and Security Measures Implemented

In order to ensure the security of the holder's data and maximum confidentiality, Certo Insurance handles the information provided to us in an absolutely confidential manner, in accordance with its internal security and confidentiality policies and procedures, which are periodically updated as needed, as well as in accordance with the terms and conditions provided by law.

Depending on the nature, scope, context and purposes of data processing, as well as the risks arising from the processing to the rights and freedoms of the data subject, Certo Insurance undertakes to implement, both when defining the means of processing and when processing itself, the necessary and appropriate technical and organizational measures for data protection and compliance with legal requirements.

It further undertakes to ensure that only the data that is necessary for each specific purpose of the processing is processed, and that such data is not made available to an indefinite number of persons.

In terms of general measures, Certo Seguros adopts the following:

  • Regular audits with a view to gauging the effectiveness of the technical and organizational measures implemented;
  • Awareness and training of staff involved in data processing operation;
  • Pseudonymization and encryption of personal data, whenever justifiable;
  • Mechanisms to ensure the permanent confidentiality, availability, and resilience of the information systems;
  • Mechanisms to ensure the timely restoration of information systems and access to personal data in the event of a physical or technical incident.

Transfer of Data Outside the European Union

The personal data collected and used by Certo Insurance is not made available to third parties established outside the European Union. Should such a transfer occur in the future, Certo Seguros undertakes to ensure that the transfer complies with applicable legal provisions, in particular with regard to determining the suitability of such country with regard to data protection and the requirements applicable to such transfers.

3. Data Subject Rights

Right to Information

The information contained in this document shall be provided in writing (including by electronic means) by Certo Seguros to the holder prior to the processing of the personal data in question. Under the terms of the applicable law, Certo Insurance is under no obligation to provide the holder with this information when and inasmuch as it is assumed that the holder is already aware of it.

The information is provided by Certo Insurance free of charge.

Right of Access to Personal Data

Certo Seguros guarantees the means allowing the data subject access to his/her personal data.

The data subject has the right to obtain from Certo Insurance the confirmation that personal data concerning him/her are or are not being processed and, if applicable, the right to access his/her personal data and the following information.

  • The purposes of the data processing
  • The categories of personal data concerned
  • The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients established in third countries or belonging to international organizations
  • Where possible, the period for which the personal data will be stored
  • The existence of the right to request from Certo Insurance rectification, erasure or limitation of processing of personal data or the right to object to such processing
  • The right to file a complaint with the CNPD or other control authority
  • If the data have not been collected from the data subject, the available information on the origin of such data
  • The existence of automated decisions, including profiling, and information regarding the logic behind and the significance and anticipated consequences of such processing for the data subject.
  • The right to be informed about the appropriate safeguards associated with the transfer of data to third countries outside the EU or international organizations.

Upon request, Certo Insurance will provide the data subject, free of charge, with a copy of his/her data being processed. The provision of other copies requested by the data subject may entail administrative costs.

Right to Rectification of Personal Data

The data subject has the right to request at any time the rectification of his/her personal data, as well as the right to have his/her incomplete personal data completed, including by means of an additional declaration.

In case of data rectification, Certo Insurance shall inform each recipient to whom the data have been transmitted of the respective rectification, unless such communication proves impossible or involves a disproportionate effort for Certo Insurance.

Right to erasure of personal data ("Right to be forgotten")

The holder of the data has the right to obtain from Certo Insurance the erasure of his/her data when one of the following reasons applies:

  • The data subject's data are no longer necessary for the purpose that motivated their collection or processing
  • The holder withdraws his/her consent on which the data processing is based and there is no other legal ground for said processing
  • Where the data subject opposes the processing pursuant to the right to object and there are no overriding legitimate interests justifying the processing
  • Where the data subject's data are processed unlawfully
  • In case the owner's data must be erased for compliance with a legal obligation to which Certo Insurance is subject

Under applicable legal terms, Certo Insurance is not obliged to erase the owner's data to the extent that the processing is necessary to comply with a legal obligation to which Certo Seguros is subject or for the purposes of the declaration, exercise or defense of a right of Certo Insurance in a legal proceeding.

In case of data erasure, Certo Insurance will inform each recipient or entity to whom the data have been transmitted of the respective erasure, unless such communication proves impossible or involves a disproportionate effort for Certo Insurance.

If Certo Insurance has made public the holder's data and is required to delete them under the right to erasure, Certo Insurance undertakes to ensure reasonable steps, including technical measures, taking into consideration the available technology and the costs of its implementation, to inform those responsible for the effective processing of personal data that the holder has requested the deletion of links to such personal data, as well as copies or reproductions thereof.

Right to Limitation of Personal Data Processing

The data subject has the right to obtain from Certo Insurance the limitation of the processing of his/her data if one of the following situations applies (limitation may consist of inserting a mark in the personal data stored with the purpose of limiting its processing in the future):

  • If you contest the accuracy of the personal data, for a period that allows Certo Seguros to verify its accuracy
  • If processing is unlawful and the data subject opposes the erasure of data and instead requests limitation of their use
  • If Certo Insurance no longer needs the owner's data for processing purposes, but such data is required by the data owner for the purposes of the statement, exercise or defense of a right in a legal proceeding
  • When the data subject has opposed the processing, until it is verified that the legitimate reasons of Certo Insurance prevail over those of the data subject

When the data subject's data are subject to limitation, they may, with the exception of conservation, only be processed with the consent of the data subject or for the purpose of the establishment, exercise or defense of a right in a legal proceeding, for the defense of the rights of another natural or legal person or for reasons of public interest as provided by law.
The data subject who has obtained the limitation of the processing of his/her data in the aforementioned cases will be informed by Certo Insurance before the limitation of processing is cancelled.

In case of limitation of data processing, Certo Insurance will communicate to each recipient to whom the data have been transmitted the respective limitation, unless such communication proves impossible or involves a disproportionate effort for Certo Insurance.

Right to Personal Data Portability

The data subject has the right to receive personal data concerning him/her that he/she has provided to Certo Insurance in a structured, commonly used and machine-readable format, and the right to transmit such data to another controller if:

  • The processing is based on consent or on a contract to which the data subject is a party
  • The processing is carried out by automated means

The right of portability does not include inferred data or derived data, i.e. personal data generated by Certo Insurance as a consequence or result of the analysis of the data undergoing processing.

The data subject has the right to have personal data transmitted directly between controllers, whenever technically possible.

Right to object to processing

The data subject shall have the right to object at any time, on grounds relating to his/her particular situation, to the processing of personal data concerning him/her which is based on the exercise of legitimate interests pursued by Certo Insurance or when the processing is carried out for purposes other than those for which the personal data were collected, including profiling, or when the personal data are processed for statistical purposes.

Certo Insurance shall cease processing the data of the data subject, unless it has compelling legitimate grounds for such processing which override the interests, rights and freedoms of the data subject or for the purposes of the establishment, exercise or defense of a right of Certo Insurance in a legal proceeding.

When the data subject's data is processed for direct marketing purposes (marketing), the data subject shall have the right to object at any time to the processing of data concerning him/her for the purposes of such marketing, which includes profiling to the extent that it is related to direct marketing. Should the data subject object to the processing of his/her data for direct marketing purposes, Certo Insurance will cease processing the data for this purpose.

The data subject shall also have the right not to be subject to any decision taken solely on the basis of automated processing, including profiling, which produces legal effects concerning him/her or similarly significantly affects him/her, unless the decision:

  • Is necessary for the conclusion or performance of a contract between the data subject and Certo Insurance
  • Is authorized by legislation to which Certo Insurance is subject
  • It is based on the explicit consent of the data subject

Procedures for the Exercise of Rights by the Holder

The right of access, right of correction, right of erasure, right to limitation, right to portability and right to opposition may be exercised by the data subject by electronic contact to geral@certoseguros.pt, at Rua 1º de Maio, nº 81, Loja E, Piso 1, 7300-205 Portalegre or by phone number +351 239 438 098.

Certo Insurance will respond in writing (including by electronic means) to the holder's request within a maximum period of one month from receipt of the request, except in cases of special complexity, where this period may be extended to two months.

If the requests submitted by the holder are manifestly unfounded or excessive, notably due to their repetitive nature, Certo Insurance reserves the right to charge administrative costs or refuse to act on the request.

Personal Data Breaches

In the event of a data breach, and insofar as such breach is likely to involve a high risk to the rights and freedoms of the data subject, Certo Insurance undertakes to communicate the personal data breach to the data subject concerned without undue delay.

Under the terms of the law, communication to the data subject is not required in the following cases:

  • In case Certo Insurance has applied adequate protection measures, both technical and organizational, and such measures have been applied to the personal data affected by the personal data breach, especially measures that make the personal data incomprehensible to any person not authorized to access such data, such as encryption
  • Where Certo Insurance has taken subsequent measures to ensure that the high risk to the rights and freedoms of the data subject is no longer likely to materialize
  • In case the communication to the data subject would imply a disproportionate effort for Certo Insurance . In such a case, Certo Seguros will make a public communication or take a similar measure by which the data subject will be informed

Changes to the Privacy Policy

Certo Insurance reserves the right to change this Privacy Policy at any time. If the change is material, a notice will be posted on the website.

Applicable Law and Jurisdiction

The Privacy Policy, as well as the collection, processing or transmission of Data of the holder, are governed by the provisions of Regulation (EU) 2016/679, of the European Parliament and of the Council, of 27 April 2016 and by the laws and regulations applicable in Portugal.

Any disputes arising from the validity, interpretation or execution of the Privacy Policy or that are related to the collection, processing or transmission of the holder's data shall be submitted exclusively to the jurisdiction of the courts of the district of Lisbon, without prejudice to the applicable mandatory legal rules.

Cookie Policy

A cookie is a file that is imported into your computer or other device when you access certain web pages that collect information about your browsing on these web pages. In some cases, cookies are necessary to facilitate navigation and enable us to store and retrieve information about a user's browsing habits or equipment, among others, and depending on the information they contain and the way you use your equipment, they can be used to recognize you.

The cookies used on this website can be classified as follows:

Own cookies: these are those that are sent to the user's terminal equipment from a device or domain managed by the publisher itself and from which the service requested by the user is provided.

Third-party cookies: these are those that are sent to the user's terminal equipment from a device or domain that is not managed by the editor, but by another entity that processes the data collected through the cookies.

Session cookies: collect and store data when the user accesses a web page.

Technical cookies: They allow the user to navigate through a webpage, platform or application and use the different options or services therein.

Personalization cookies: these enable the user to access the service with certain characteristics of a general nature predefined according to a series of criteria in the user's terminal, such as language, the type of browser through which the service is accessed, the regional configuration of the location from which the service is accessed, etc.

Analysis Cookies: these allow the party responsible for them to monitor and analyze the behavior of users of the websites to which they are linked. The information collected through this type of cookies is used to measure the activity of the websites, application or platform and to draw up navigation profiles of the users of these websites, applications and platforms, with the aim of introducing improvements in the analysis function of the data on the use of the service users.

To find out which cookies are stored by your browser, you can use the tools available in your browser.

We use social networking buttons to allow our users to share web pages or select them as favorites. These are buttons for external social networking websites. These sites may record information regarding your activities on the Internet, including our website. You can review the terms of use and privacy policies of these websites to learn exactly how they use the information and to learn how you can delete or erase this information.

We sometimes use external web services to display content within our web pages. For example, to show virtual tours, images, videos, graphics, infographics, maps or to conduct surveys. Similar to buttons for social networks, we cannot prevent these external websites or domains from collecting information about the use made of this embedded content.

Certo Insurance assumes no responsibility for legal or technical problems caused by the user's failure to comply with the recommendations indicated. This communication is intended for awareness and use by users and, therefore, should not be used for any other purpose. Certo Seguros is also not responsible for the content and veracity of third-party privacy policies included in this cookie policy.

Should you have any questions regarding this cookie policy, please contact us at geral@certoseguros.pt

Updated: 06/13/2023