This Privacy Policy explains what we do with your personal data. It describes how we collect, use, and process your personal data, and in doing so, how we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your personal data.

Please take a moment to familiarize yourself with our privacy practices. If you have any questions, please contact us at [email protected], or at the following address: Estrada da Portela, 5 3º. Andar, Escritório 3, 279-124, Carnaxide, Lisbon.

We have tried to keep this Privacy Policy as simple as possible, but if you are not familiar with any of the terms used or have any questions, please do not hesitate to contact HEIMDALL IT, LDA. for further clarification.

Occasionally, we may change this Privacy Policy. If you wish to stay updated, please visit this page, as all changes will be posted here.

Who collects your personal data and who is responsible for processing it?

How are your personal data collected and what type of data is collected?

Please note that you are not required to provide HEIMDALL IT with the personal data it may request from you (and as such, you may exercise your right to object at any time), but if you choose not to do so, we may not be able to provide you with our services, manage your application, or respond to any questions you may have.

HEIMDALL IT may collect your personal data in various ways, including when you subscribe to our newsletter, send unsolicited job applications, register on job platforms of universities, job fairs, references from current or former employees, workshops, and partnerships with the purpose of being contacted by HEIMDALL IT, enter into a contract with us (for employment, service provision, or other purposes), fill out your customer form, or communicate with our customer support teams.

If you are a candidate, in order for us to identify and provide you with the best possible job and/or service opportunities that fit your needs, we need to process certain information about you. We only request information that will be relevant to us, such as your name, age, contact details, education information, employment history, emergency contact, immigration status, financial information (in cases where we need to perform financial context checks), and social security number (and, of course, you can choose to share other relevant information with us). When appropriate, and in accordance with the law, we may also collect information or data on any criminal convictions.

If you are a customer of HEIMDALL IT, we need to collect and use information about you or the people in your company in order to provide you with the most complete service possible and for our contractual relationship to proceed correctly. Therefore, in this context, we may ask you for some personal data such as the name, email, position, and contact number of relevant employees for the provision of services.

If you are a supplier, we need a small amount of information about your personal data in order to ensure that everything runs smoothly. We need contact information for certain people in your company so that we can communicate with you, as well as other information, such as your bank details so that we can pay you for the services you provide (if that is part of the contractual provisions between us). We may also have information that someone in your company has chosen to share with us.

When we refer to suppliers, we mean any companies (including sole traders) and atypical service providers, such as independent contractors and self-employed workers, who provide services to HEIMDALL IT. In certain circumstances, HEIMDALL IT will subcontract the services it provides to clients to third-party suppliers who perform the services on behalf of HEIMDALL IT. In this context, suppliers who are sole traders, self-employed workers or employees of suppliers will be treated as candidates for the purposes of data protection. Please note that in this context, HEIMDALL IT requires suppliers to communicate the relevant parts of this Privacy Policy (including the sections directed at candidates) to their employees.

Certain categories of personal data, such as those revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, genetic data, biometric data to uniquely identify a person, health-related data or data related to a person’s sex life or sexual orientation are classified as “special categories of personal data” and benefit from additional protection under the General Data Protection Regulation (“GDPR”). HEIMDALL IT limits as much as possible the circumstances under which it collects and processes these special categories of data, only doing so when consent has been given. In order to provide our users with faster and more personalized services provided by HEIMDALL IT, we may use a browser feature called “cookies,” which will allow HEIMDALL IT to personalize its services and website according to your interests and needs, allowing for streamlined future activities and your experience on the HEIMDALL IT website. In this way, data relating to browser parameters and settings, operating system, and geo-location may be collected. During part of your navigation on the HEIMDALL IT website, we may also use software tools to measure and collect information about the session, including page response times, download errors, duration of visits to certain pages, information regarding your interaction with them, and the methods used to exit them. We may also collect technical information to help us identify your device for fraud prevention and diagnosis purposes.

The purposes and legal basis for the processing of your personal data are

The purposes and bases on which HEIMDALL IT processes your personal data depend on your status as a candidate, employee, or supplier. If you are a candidate (which includes suppliers who are individual traders, self-employed workers, or supplier employees), please note that your personal data will be collected and processed, namely, for the following purposes:

• Recruitment – includes recruitment activities for the provision of services or “backoffice” functions, such as research and selection. In the case of service provision, there is an approach to current and potential clients of HEIMDALL IT in order to find an opportunity, placement in HEIMDALL IT, as well as related activities. In this context, data relating to salary processing and human resource management will also be processed.
• Execution of Contracts – includes activities such as entering into contracts with HEIMDALL IT and partners, as well as communication with third parties involved in the contracts (insurance companies, beneficiaries, intermediaries).
• Development and improvement of services – includes activities necessary for the development and improvement of services provided by HEIMDALL IT, analysis of activity, and processing for potential future opportunities.

If you are a supplier or a customer, your personal data will be collected and processed, namely, for the following purposes:

• Execution of contract – includes all activities necessary for the execution of the service provision contract, namely with regard to payment processing.
• Communications – includes the necessary contacts so that we can get in touch with you regarding our contracts.
• Development and improvement of services – includes activities necessary for the development and improvement of services provided to or by HEIMDALL IT, analysis of activity, processing for statistical and scientific purposes, as well as to offer you services or to obtain support and services from you.
• Compliance with legal obligations.
• In certain circumstances, to assist us in the assertion, exercise, or defense of a legal right.

HEIMDALL IT may use third-party service providers who perform functions on behalf of HEIMDALL IT, such as companies that host or operate the HEIMDALL IT website, process payments, analyze data, provide customer service, and sponsors or other third parties that directly collaborate with the activity developed by HEIMDALL IT, so your personal data may be processed by these third parties for the purposes described in this Privacy Policy. These third-party entities must process your personal data in accordance with this Privacy Policy and applicable law.

When we collect your personal data for the purposes described above or for other purposes, we will inform you in advance or at the time of collection, and we will seek your consent whenever necessary to legitimize the processing of your data. When you have provided your consent for the processing activities, you will have the right to withdraw your consent at any time.

However, there may be some cases where it is not your consent that legitimizes the processing of your personal data, but rather one of the following grounds:

• When the processing is necessary for entering into or performing a contract with you.
• When processing is necessary for compliance with legal obligations to which HEIMDALL IT is subject.
• When the processing is necessary for the legitimate interests pursued by HEIMDALL IT, which do not override your interests, rights, and fundamental freedoms requiring the protection of personal data – this legal basis will only be used if there is no less intrusive way of processing your personal data. We can assure you that if legitimate interests are used as a reason to process your personal data, we will keep a record of that action, and you have the right to request that information.
• When the processing is necessary for the establishment, exercise or defense of legal claims.

The security of your personal data

HEIMDALL IT takes all possible measures to ensure the confidentiality and security of your personal data, carrying out all efforts and security measures to protect your personal data from misuse, interference, loss, unauthorized access, modification or disclosure.

Our measures include the implementation of appropriate access controls, to ensure that we encrypt, pseudonymize, and anonymize personal data whenever possible.

Access to your personal data is only allowed as described above, always based on the actual need to know, and subject to strict contractual obligations of confidentiality when processed by third parties.

Although transmitting data over the internet or website cannot guarantee complete security against intrusions, HEIMDALL IT and its service providers make their best efforts to implement and maintain physical, electronic, and procedural security measures designed to protect your personal data in accordance with applicable data protection requirements.

Data retention period of your personal data

HEIMDALL IT will only keep your data for the period strictly necessary to fulfill the purpose for which they were collected. In particular, in the case of personal data collected in the context of recruitment processes, they will be kept for a period of 10 (ten) years after the last contact with the candidate. As for the personal data of our suppliers and customers, they will be kept for a period of 10 (ten) years.

Who will your personal data be shared with?

The HEIMDALL IT is part of a business group, so your data may be disclosed to other companies within the group in the context of shared services between group companies and for internal reporting purposes.

On the other hand, your personal data may be shared with our clients in the scope of technological consulting services.

As already mentioned in point C of this Privacy Policy, your personal data may be shared with external service providers who perform functions on behalf of HEIMDALL IT. In this context, your personal data may be shared with the companies currently subcontracted by HEIMDALL IT, as well as other service providers we may use in the future.

In accordance with applicable law, HEIMDALL IT is required to disclose data to the Tax Administration, Social Security, the Authority for Working Conditions, and, following judicial mandates, to judicial authorities.

International transfers of data

HEIMDALL IT shares personal data internally or with third parties for the purposes described in this Privacy Policy.

HEIMDALL IT will only transfer personal data collected within the European Economic Area (EEA) to foreign countries in cases where it is necessary to follow your instructions, to comply with a legal obligation, or to work with agents and consultants who help us manage our business and services.

If we transfer personal data outside the EEA, HEIMDALL IT will ensure that it is protected in the same way as if it were being used in the EEA. To this end, we will use one of the following safeguards:

• Transfer to a country outside the EEA whose privacy legislation ensures an adequate level of protection of personal data similar to that existing in the EEA.
• Implementation of a contract with the foreign entity that obliges them to protect personal data in accordance with the same standards used in the EEA.
• Transfer of personal data to organizations with specific international data transfer agreements with the European Union (e.g. Privacy Shield, a framework that sets privacy standards for data shared between the United States and European countries).

What are your rights?

As the owner of your personal data, you are granted a set of rights regarding your personal data and how it is processed, which are as follows:

• Right to object – that is, the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her, under the terms of the GDPR.
• Right to information – that is, the right to be provided with concise, transparent, understandable, and easily accessible information, using clear and plain language, about how we use your personal data and about your rights.
• Right of access – that is, the right to access your personal data at any time.
• Right of rectification – that is, the right to rectify personal data concerning you that is inaccurate, or to complete it if it is incomplete;
• Right to restriction – under certain conditions, the data subject has the right to restrict the processing of their personal data;
• Right to erasure – under certain conditions, the data subject has the right to obtain from the controller the erasure of their personal data without undue delay.
• Right to data portability – i.e., the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance, in certain circumstances.
• Right to lodge a complaint with the supervisory authority regarding how we process your personal data – which is the National Data Protection Commission, located at Av. D. Carlos I, n.o 134 – 1.o, 1200-651 Lisbon, phone +351 213928400, fax +351 213976832, and email [email protected].
• Right to withdraw consent – in this case, the withdrawal of consent does not affect the lawfulness of the processing based on the consent given before.
• Right not to be subject to decisions based solely on automated processing that produce legal or other significant effects.

The aforementioned rights can be exercised at any time through a communication directed to HEIMDALL IT, LDA., at the contacts indicated in this Privacy Policy.

Your requests will be treated with special care, so that we can ensure the effectiveness of your rights.

You may be asked to provide proof of your identity in order to ensure that the sharing of personal data is only done with its owner.

Details of contact related to HEIMDALL IT.

If you have any questions about this Privacy Policy or about the processing and use of your personal data, or if you wish to file a complaint about a possible violation of privacy laws, please contact the data controller at [email protected] or at the postal address Estrada da Portela, 5, 3rd Floor, Office 3, 279-124, Carnaxide, Lisbon.

HEIMDALL IT will update its Privacy Policy whenever necessary to reflect feedback from data subjects, changes to our services, as well as to comply with all legally required requirements.

If such changes involve a significant modification to this Privacy Policy, data subjects will be duly notified, and their consent will be requested whenever necessary. Your satisfaction is very important to us. Therefore, please do not hesitate to contact us with any questions you may have, using the contacts indicated.