Who are we

AVE – Gestão Ambiental e Valorização Energética (AVE) was established in October 2003 with the aim of managing waste and its material or energy recovery by the cement industry using the co-processing method.

Its current corporate structure includes three shareholders:
Cimpor – Cimentos de Portugal (35%)
Secil – Companhia Geral de Cal e Cimento (35%)
SGVR – Serviços de Gestão e Valorização de Resíduos (30%)

AVE is committed to protecting the privacy of its employees, customers, suppliers, users of its services and third parties, a context in which it adopts the “Privacy Policy” reflected in this document, which reflects its commitment and respect for the rules of privacy and protection of personal data in compliance with the General Data Protection Regulation – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and the Data Protection Act, which ensures the execution of the Regulation at national level (Law No. 58/2019, of 8 August).

Why this privacy policy? Brief legal framework

The adoption of this privacy policy arises from the need to make known to all people who contact AVE, the principles and general rules for the processing of their personal data that are applied in strict compliance with the General Data Protection Regulation (GDPR).

AVE, in processing the data of its customers and third parties, as well as its employees, respects the best security practices, having for this purpose approved an internal policy capable of protecting the personal data provided to us by all those who are related to AVE, namely, within the scope of the provision of services on the market.

In this context and to promote a policy of loyalty and transparency in the processing of personal data of all data subjects, AVE has a person responsible for the protection of personal data whose role and responsibility will be the implementation of this privacy policy. and verification of compliance, ensuring its knowledge by everyone who has a relationship with the company, as well as by all its employees who process personal data.

This privacy policy will be complemented, on a case-by-case basis, by the provisions provided for in the contracts to which AVE is a party, to the extent that is justified, as amended whenever the legal framework in force at any time requires it.

By reading and agreeing with our privacy policy, you are accepting the conditions contained herein, so we ask our customers and users to pay special attention to the entire content of this document.

What is covered by our privacy policy?

The privacy policy applies to the collection and processing of personal data carried out by the company for the pursuit of its activity and the provision of services to its customers.

In the execution of the provision of services to our customers, AVE will, occasionally and to the extent strictly necessary, backup the database of our customers.

To this extent, AVE already guarantees and guarantees the total confidentiality of the copied data, committing itself not to process third-party data without your consent, as well as to delete them as soon as they are extinguished. of the assumption that led to its copying.

Prior to the transfer, Ave undertakes to ask its customers whether that transfer is being carried out in compliance with the GDPR.

What is personal data?

The protection of personal data of natural persons is a fundamental right.

Personal data is all information relating to an identified or identifiable natural person, directly or indirectly, by reference to an identifier, such as, for example, the name, identification number or specific elements of physical identity.

Data collection and processing

The collection and processing of personal data of our customers is done directly by AVE, which is the entity responsible for the treatment.

In case of doubts or requests for information, please contact us at the following address:

• Email: geral.rgpd@ave.pt
• Name of the Data Controller: Célia Alves
• Address: Rua José Almada Negreiros, 310 R/C Dto 2870-442 Montijo
• Phone: (+351) 212 308 910

What types of personal data do we collect from our customers?

Within the scope of its activity and through the contracting of the company’s specialized services, the data strictly necessary for the provision of services or supply of contracted products will be collected. In this context, data such as name, address, telephone, NIF, email, among others (as required).

How do we collect your data?

Your data may be collected, with your consent, by telephone/written by exchanging emails.

The personal data collected will be processed by computer, in compliance with the data protection legislation in force, being stored in our cloud database, AVE server and on paper (if the information is delivered on paper).

At no time will the data provided and processed be used for purposes other than those consented or contracted.

Purpose of processing and collecting personal data

The personal data provided by our customers and users are essentially intended for contractual management and adequacy of services to contracted needs.

Data retention time

Your personal data will be kept for the period strictly necessary to achieve the purpose for which they are intended or, if there are legal requirements that require their conservation, for a certain minimum period of time.

The conservation will always be maintained for the duration of the contractual relationship with the customer.

Whenever there is no legal requirement or any powerful reason that justifies the maintenance of the data, they will be stored only for the minimum period necessary to fulfil the purposes that motivated their collection.

Rights of data subjects

Under the Personal Data Protection Legal Regime, the data subject is guaranteed the right of access, updating, rectification, limitation, portability, opposition, or elimination of their personal data, which may take place through the contacts made available.

Security measures adopted to protect your data

AVE is committed to ensuring the protection and security of your personal data.

Thus, and in compliance with the General Data Protection Regulation, it has approved and implemented strict rules in this matter. Compliance with these rules constitutes an inescapable obligation of all those who legally access them and who have a relationship with us.

Bearing in mind the great concern and commitment that AVE gives to the defence of privacy issues, several security measures were adopted, of a technical and organizational nature, to protect the personal data made available to us against its dissemination, loss, use. unauthorized alteration, treatment, or access, as well as against any other form of illicit treatment.

In this sense, all personal data given to us are stored securely in AVE’s systems, such as in the SAGE accounting program – where the information is encrypted and there are restrictions on access to customer master data in this program -, and in encrypted files on the AVE server itself. The backup made by AVE to the content of its internal server is done in the cloud where all the information is encrypted.

Communication of data to subcontracted third parties – How and when?

Within the scope of its activity, AVE uses third parties to provide certain services.

Sometimes, the provision of these services implies access, by these entities, to personal data of our customers. When this happens, AVE takes the appropriate measures to ensure that the entities that have access to personal data, strictly necessary for this purpose, are reputed and offer the highest guarantees at this level, which will be duly consecrated and safeguarded. in the respective contracts.

Transfer of personal data

In the provision of certain services by the company and in the fulfilment of contractual relationships with its customers, your data may be transferred outside Portugal, namely in the use of services in international institutions.

In such a case, the applicable legal provisions will be scrupulously complied with, namely, verifying that the country or international organization has adequate guarantees regarding the protection of personal data and the elaboration of contracts containing standard contractual clauses applicable to the transfer of personal data to countries third parties adopted by Commission Implementing Decision (EU) 2021/914 of 4 June 2021, under the terms of Regulation (EU) 2016/679 of the European Parliament and of the Council, in order to duly safeguard the transfer in question.

Such data transfers will always be communicated to the data subject.

Obligations regarding data processing

Obligations of Subject Persons

In the processing of data, and in accordance with point 3. of our privacy policy, the company informs that all its employees in the exercise of their functions are subject to this privacy policy and must comply with it.

Subject Persons shall in the exercise of their functions and when they have access to personal data:

1. Process personal data in accordance with the purpose for which said personal data are intended, as well as, with the company’s instructions.
2. Ensure that access to personal data is limited in accordance with your need to know, in accordance with the confidentiality duties to which they are contractually bound.
3. Do not use the personal data to which they have access for purposes other than those that are clearly and explicitly necessary for the exercise of their functions.
4. Not to communicate personal data to third parties, even for the purpose of storing them, beyond what is necessary for the fulfilment and execution of their contractual obligations and company
5. Inform the company immediately and in writing of the existence of any irregularity regarding personal data that they detect or have knowledge of in the exercise of their functions.
6. Inform the company of the existence of any request for the exercise of rights and/or claim regarding the personal data that they are aware of in the exercise of their functions.
7. Keep documented the operations carried out in accordance with the company’s
8. Comply with the obligation of secrecy about the content of the personal data to which they have access in the exercise of their functions.
9. Respect the technical and organizational measures implemented to protect personal
10. Collaborate with the company and provide it with all the documentation and information necessary to demonstrate compliance with the obligations established in this Policy and in the legislation.

Contacts

In case of questions or comments regarding our privacy policy, write to us at the following address: geral.rgpd@ave.pt

EMPLOYEES

Purpose – What This Privacy Policy Covers

The data collected or processed by our company is intended for the full performance of the employment contract, namely for the purposes of salary processing, human resources management, recording working time and attendance, to comply with workers’ rights. provided for in the law, to ensure the fulfilment of the workers’ duties and the exercise of the employer’s rights, such as the eventual instruction of disciplinary procedures to the worker and, for other purposes permitted by law.

Additionally, personal data may also be processed for the purpose of complying with legal obligations, namely, submitting information to judicial, police or other entities, when our company is notified in accordance with the law.

The data are collected and processed under the provisions of article 6, paragraph 1, point b), insofar as they are necessary for the performance of the employment contract, as well as, based on point a) of the same article in cases where the worker has consented to its collection and treatment for certain purposes and, also in paragraphs c) and d) of the identified article 6, always of the RGPD, as it is necessary for the fulfilment of a legal obligation of the employer and / or for the purposes of the legitimate interests pursued by the company or by third parties.

Basis

The processing of personal data of employees is based on:

1. In the consent given by the holder of the personal data;
2. When necessary for the performance of a contract to which the employee is a party;
3. In its need to comply with the legal obligations to which the company is subject;
4. When necessary for the purpose of the legitimate interests pursued by the company or by third

 

Data collection

Personal data, and others that may be processed by AVE, are obtained in pre-contractual steps for the execution and execution of the employment contract, as well as through other documents that may be requested during the performance of the employee’s functions. and during the employment relationship.

Legitimacy for data collection

The personal data of workers who own the data are collected and processed within the scope of an employment contract relationship and also based on the worker’s consent and also to comply with

legal obligations inherent to the performance of the employment contract, namely for of social security, for tax purposes, for safety, hygiene and medicine at work, for the purpose of fulfilling labour rights and duties, among others, which constitutes an obligation of the worker who owns the data and of AVE as responsible.

The refusal to communicate and inform the data would make it impossible to conclude and execute the normal employment contract, under the terms of the law.

Thus, our company has the legitimacy to process personal data, under the provisions of paragraphs b), a), c) and d) of article 6 of the GDPR.

Information to be provided

In compliance with this privacy policy, AVE undertakes to provide employees with the following information:

1. a) Your identity and contact details. The contact details of the data
2. The purposes of the processing for which the personal data are intended;
3. The legal basis for the processing for which the personal data are intended;
4. If any, the recipients or categories of recipients of the personal data;
5. The existence of transfers of personal data to a third country;
6. The period of retention of personal data and the criteria used to define that
7. The existence of rights and form of exercise;
8. The right to lodge a complaint with the supervisory authority;
9. The fact that the communication of personal data constitutes a legal obligation and a necessary requirement to conclude a contract;
10. The possible consequences of not providing this

This information must be presented to applicants at the time of data collection.

Legal and contractual obligations

The processing operations of employees’ personal data are necessary both for the execution of the contract and for the fulfilment of the legal obligations to which the company is subject. This includes issues imposed by labour, social security, and tax legislation, so that the communication of personal data constitutes a contractual and legal obligation.

Special Data Categories

AVE performs processing of special categories of personal data when:

1. Necessary for the purposes of complying with obligations and exercising the company’s specific rights in terms of labour, social security and social protection legislation; or,
2. Necessary for preventive or occupational medicine purposes, for the evaluation of the employee’s work capacity.

Term for conservation

AVE retains personal data only for the period necessary to carry out the purposes for which they are intended, namely during the performance of the contract.

However, the company will also keep personal data for the period necessary to comply with the legal obligations to which it is subject, namely, within the scope of labour, social security, and tax legislation. In the event of a dispute between the company and the employee, the data will be kept at least until the court decision becomes final.

Communication and transfers

Within the scope of activities related to the administration and management of the employment contract and the employment relationship, the company may communicate or transfer the personal data of employees to the entities identified below, not excluding other entities not mentioned, but which have legal legitimacy to proceed. to the processing of the data in question:

1. IGFSS – Social Security Financial Management Institute;
2. AT – Tax Authority;
3. Banking and Insurance Institutions;
4. INE – National Statistics
5. ACT – Authority for Working

 

Subcontractors

AVE may communicate the personal data of employees to service providers, namely:

1. Entity responsible for the performance of functions related to safety, hygiene and medicine at work;
   • Data collection for preventive and occupational medicine purposes will be carried out by the medical, health, hygiene and safety at work services and the breath and urine tests will be carried out by duly qualified personnel accredited by those services;
   • Such services and entities are subject to the RGPD and special legislation, so absolute confidentiality in their treatment will be guaranteed, and they cannot be assigned a purpose other than that for which they are intended.
2. Any other entity to which salary processing functions have been assigned;
3. Entity to which functions related to the management of human resources have been The communications or transfers referred to in the previous number are intended, namely:
   • The calculation and payment of remunerations, ancillary benefits, other allowances, and gratuities;
   • The calculation, withholding tax and operations related to mandatory or optional discounts on remuneration, resulting from a legal provision;
   • The performance of non-nominative statistical operations related to the processing of salaries within the scope of the processing entity;
   • Compliance with the obligations to which the company is subject, namely, within the scope of labour, social security, and tax legislation.

AVE ensures that the afore mentioned service providers present sufficient guarantees for the execution of appropriate technical and organizational measures in a way that the treatment meets its internal standards and requirements and the legislation, with the subcontracting treatment by these service providers regulated by contract. written and in accordance with this privacy policy.

Treatment safety

AVE is committed to ensuring the protection and security of your personal data.

So, and in the Compliance with the General Data Protection Regulation has approved and implemented strict rules in this matter. Compliance with these rules is an obligation of all those who legally access them and who have a relationship with us.

Bearing in mind the great concern and commitment that the company imposes in the defence of privacy issues, several security measures were adopted, of a technical and organizational nature, in order to protect the personal data made available to us against its dissemination, loss, use unauthorized alteration, treatment or access, as well as against any other form of illicit treatment.

In this sense, all personal data of employees are securely stored in the company’s systems in encrypted files on AVE’s own server, as well as the backup made by AVE to the content of its internal server is done in the cloud where all the information is encrypted. Paper documentation is stored in a safe place.

CANDIDATES

Purposes

Within the scope of the recruitment processes carried out by AVE, it will process personal data to analyse and select the most suitable candidates for the positions and needs of the vacancies that are available at that time.

The candidate must always be informed that the personal data collected may be used for the purposes of preparing and concluding the employment contract, in case of success, and for the employee file.

Basis

The processing of candidates’ personal data is based on:

1. The candidate’s consent for the purposes of analysing the application;
2. In its need for pre-contractual steps at the request of the candidate in case of success of the application;
3. Compliance with AVE’s legal

Data collection

Candidates’ personal data is collected through:

1. By e-mail sent by the candidate;
2. Through the candidate’s

Personal data may also be collected at the time of interviewing candidates.

AVE may also validate the personal data collected from third parties when the function in question to which the candidate proposes to do so requires, in particular, due to legal obligations to which AVE is bound.

Spontaneous submissions

At times when AVE is not in the recruitment phase, the personal data contained in spontaneous submissions will be deleted in strict compliance with the General Regulation for the Protection of Personal Data.

Information to be provided

AVE undertakes to provide candidates with the following information:

1. The identity and contact details of AVE;
2. The contact details of the data controller;
3. The purposes of the processing for which the personal data are intended;
4. The legal basis for the processing for which the personal data are intended;
5. If any, the recipients, or categories of recipients of the personal data;
6. The existence of transfers of personal data to a third country;
7. The period of retention of personal data and the criteria used to define that period;

 

1. The existence of rights and form of exercise;
2. The right to lodge a complaint with the supervisory authority;
3. The fact that the communication of personal data constitutes a legal obligation and a necessary requirement to conclude a contract;
4. The possible consequences of not providing such data;
5. The existence of automated decisions, including the definition of

This information must be presented to candidates at the time of data collection, or, where personal data is not collected from candidates, no later than one month after obtaining the personal data or at the time of first communication with candidates, except when candidates already have knowledge of the information in question.

Categories of Personal Data.

In this context, data such as name, address, telephone, NIF, email, among others (as required). When AVE processes special categories of personal data, it will base said treatments:

1. To fulfil AVE’s obligations in the field of preventive or occupational medicine, for the assessment of the employee’s work capacity, the medical diagnosis, if applicable;
2. Consent to the processing of such personal data by the data subject for one or more specific

Term for conservation

During the recruitment period, the data provided will be kept until the vacancy in question is filled, they will be kept for a period of 1 year. In the case of admission, their treatment will comply with the provisions of the previous chapter.

AVE considers that the retention period referred to in the previous paragraph is sufficient in view of the best market practices so that the applicants’ personal data remain sufficiently updated for the purpose for which they are intended.

At the end of this period, the applicants’ data will be automatically deleted, however, the data that, due to the fulfilment of AVE’s legal obligations, must be kept for longer periods will be kept.

Other treatments

If AVE intends to proceed with the further processing of applicants’ personal data for a purpose other than that for which the data were initially collected before such processing begins AVE will provide applicants with information about that purpose. and any other pertinent information under the law.

Communication and Transfers

AVE may communicate the candidates’ personal data to other Group companies within the scope of the intra-group relationship and within the framework of services that are shared between companies belonging to the Group, ensuring the confidentiality of the data transmitted, as well as the strict fulfilment of all obligations relating to the processing of personal data provided for in this Policy and in the legislation in force by the companies belonging to the Group.

Treatment safety

AVE applies the appropriate administrative, logical, and physical measures to applicants’ personal data to ensure an adequate level of security, considering the nature, scope, context, purposes and risks of the processing.

These measures will consider both the general principles established in this Policy, as well as the best practices and the Information Security Policy.

Exercise of rights

The exercise of rights by candidates will be regulated by the procedure and rules provided for in this Policy and in the legislation in force.