Data Protection

SCOPE OF APPLICATION

David Neto-Transports, S.A. (previously designated TDN) respects the legal rules regarding the protection of personal data of its employees, suppliers and customers. In particular, those arising from national and Community legal provisions and deliberations of the National Data Protection Commission, namely Regulation EU 2016/679.

WORKERS' PERSONAL DATA

The processing of the worker's personal data, in the context of the employment relationship, arises on the one hand from the contractual content and on the other from the fulfilment of legal obligations, namely the provisions laid down in labour, tax and community legislation and before official supervisory bodies such as AT, Social Security or ACT.

The processing of employees' personal data is reserved only to the data controller designated at any time, with limited access duly justified in accordance with the law, and in any case safeguarding confidentiality.

At any time, the employee may at his or her request access his or her protected data and request its modification or correction in case of error or incompleteness.

Workers enjoy, in accordance with the law on information rights, access and opposition to the processing of their personal data. In order to exercise these rights of access and opposition, they must submit a written request to the data controller via e-mail dadospessoais.transports@davidneto.com.

Employees may, in legal terms, exercise the right to forget their personal data, except in the cases provided for the fulfilment of legal obligations.

The treatment of workers’ clinical data obeys the treatment regime of sensitive data and is therefore exclusively access to the certified medical team, with the worker having access to them as long as he requests them directly to the working doctor.

With the conclusion of the employment contract, and throughout its execution, the employee gives his or her consent for his or her personal data to be stored in a secure digital form, processed and accessed in accordance with previously specified or punctually specified terms, as well as to be used for operational purposes, arising from the obligations towards DNT's clients, in the scope of his or her work, being however safeguarded to those clients the requirement of strict and scrupulous compliance with the provisions set out in these data protection rules.

PURPOSE OF PROCESSING WORKERS' PERSONAL DATA

Personal data of employees may be collected and processed by the Company for the following purposes:

  1. Administrative management - Individual Process of collaborator;
  2. Calculation and payment of salaries, allowances and subsidies;
  3. Calculation and withholding tax in respect of compulsory or optional deductions from remuneration arising from statutory provisions;
  4. Enforcement of a judicial decision or judgment and processing of workers' claims;
  5. Treatment of other matters relating to remuneration, benefits, allowances or subsidies;
  6. Processing of training certification by employers and/or external training bodies;
  7. Issuance of travel tickets, visas and/or other documents arising from the worker's need to travel;
  8. Registration and control of attendance and/or access;
  9. Compliance with legal obligations in the field of safety and health at work;
  10. Treatment for identification purposes, requested by customers, for the loading or unloading of goods;
  11. Internal Communications.

CATEGORIES OF PERSONAL DATA TO BE COLLECTED

For the above purposes, the entity may collect and process personal data as well as the original and copies of the respective documents falling into the following categories:

Identification Data: Name; ID; C.C; Passport; Residence Certificate; NIF; NISS; Date of Birth; Place of Birth. Identification Addresses: Address; email. Family situation: Marital status; No. of dependents. Data relating to professional activity: Qualifications. Retribution data: NIB; IBAN. Biometric data: Fingerprint. Health Data: Aptitude Diagnosis Data. Other information needed to carry out the job: Driving licence; Tachograph card; ADR certificate; CAM certificate; European Health Card; Criminal Record.

RIGHTS OF THE DATA SUBJECT

The data subject acquires the following rights:

  1. The right to be informed about how your data is used;
  2. The right to access your data without any cost or delay;
  3. The right to rectify your data in the event of inaccuracy;
  4. The right to be forgotten/wiped out;
  5. The right to restrict the processing of your data for any purpose other than that for which it was obtained;
  6. The right to data portability, i.e. the obligation on the part of the company to provide the data in their entirety in an easily accessible digital format;
  7. The right to object to the data for any purpose other than that referred to at the time they were obtained;
  8. Rights related to the automatic processing of data, that is, the right to human intervention in the processing.

DATA RETENTION PERIOD

For the purpose of administrative management of workers, the data may be kept for one year after the termination of the employment relationship;

For the purposes of workers' wages and benefits, under tax law data may be kept for a maximum period of ten years after termination of employment;

The time limit for the respective data may be extended, for reasons of legal action, after the transfer of the data to the judicial institutions or after the final judgment has been passed;

For the purposes of pensions, welfare or the payment of subsequent supplementary benefits due at the time of termination of the employment relationship, the data strictly necessary to prove the quality of work, length of service and changes in remuneration may be kept for up to ten years after the corresponding purposes have not been achieved.

DATA RECIPIENTS

They are the recipients of the data:

  1. The entities to whom the data must be communicated pursuant to a legal provision or at the request of the data subject;
  2. The financial institutions which manage the entity's accounts for the payment of employees' wages;
  3. The entities managing Pension Funds or the Provident Fund Scheme;
  4. The insurance companies with which an occupational injury or personal accident insurance contract is concluded;
  5. Training bodies for issuing training certificates;
  6. Travel agencies or transport companies to issue travel documents;
  7. The Accounting Offices or Departments for the purpose of wage processing or corporate accounting obligations;
  8. Audit entities (internal and external) within the scope of the certification processes;
  9. To external consultants in the context of their advisory services;
  10. To the entities that in the scope of Medicine and Safety at Work ensure at all times the fulfilment of these obligations in the company;
  11. The entities that ensure the computer management in the processing of personal data;
  12. Regulating Entities (Macron Law; S.S - A1; Port Services – SEF);
  13. Clients - the employees' data are sent to clients within the scope of the obligations stipulated in the transport contracts signed, for security reasons, specifically for the purpose of identifying drivers for entry into their premises;
  14. Group companies, solely and exclusively for the purpose of recruitment procedures.

PRIVATE CUSTOMERS

Our records include data that were obtained in the contractual relationship with TDN and in the various interactions that took place following the contract.

Purpose:

Provision of services - where necessary, we process the data to comply with legal requirements in order to provide you with our services.

David Neto-Transports, S.A. will keep your personal data for the period strictly necessary to provide the Services, respective invoicing and fulfilment of legal obligations.

Your personal data may be communicated to TDN service providers for the purpose of providing services and to judicial, physical and regulatory authorities for the purpose of complying with legal requirements.

At any time, you have the right to access your personal data and, within the limits of the contract and the Regulations, to amend them, oppose their processing, withdraw consent and exercise the other rights provided for by law. If you withdraw your consent, this does not compromise the lawfulness of the processing carried out until that date.

You have the right to be notified, as provided for in the regulation, in the event of a violation of your personal data, and you can lodge a complaint with the authorities.

We ensure the protection and confidentiality of your personal data. We have taken the necessary technical and organisational measures to comply with the regulation, ensuring that the processing of your personal data is lawful, fair, transparent and limited to the authorised purposes. We take the measures we consider appropriate to ensure the accuracy, integrity and confidentiality of your personal data, as well as your other rights.

PHOTOS/FILMING/RECORDING

It is forbidden to photograph, film or make any kind of recording, or other process of copying and/or reproduction of personal documents, without the consent of the holder of the data, except in cases provided for by law or duly authorized by a competent authority for this purpose.

FINGERPRINT ATTENDANCE CONTROL EQUIPMENT

Purpose of using fingerprint attendance control equipment. The installation and use of fingerprint attendance control equipment is aimed at managing attendance within the entity. Registration and processing of personal data. For the use of fingerprint attendance control equipment, it is necessary for the system to collect employee's fingerprint data in advance, and record their name, employee number and category/section. When the employee uses the equipment, the system records the date and time of entry and exit of the period worked. Use of personal data Only the head of the entity and authorised officials, to the extent strictly necessary, may access and process the data. Attendance records will be handed over to administrative and financial processing staff for administrative, salary and benefit management. For the purpose of the disciplinary investigation, the respective data will possibly be transferred to the head of the disciplinary investigation. For the purpose of investigating crimes, and in cases where the provisions of the law must be complied with, the respective data will possibly be transferred to the judicial institution, criminal police bodies or other competent authorities.

PERSONAL DATA OF TRAINEES AND TRAINERS

The processing of the personal data of trainees and trainers occurs, on the one hand, from the contractual content and, on the other hand, from the fulfilment of legal obligations towards official bodies.

The processing of personal data of trainees and trainers is reserved only to the data controller designated at any time, with limited access duly justified under the terms of the law, and in any case safeguarding confidentiality.

At any time, the trainee/trainer may, at his request, access his protected data and request its modification or correction in case of error or incompleteness.

Trainees/trainers shall enjoy, in accordance with the law, the rights to information, access and opposition to the processing of their personal data. In order to exercise these rights of access and opposition, they have to submit a written request to the data controller via e-mail dadospessoais.transports@davidneto.com.

The trainee/trainer may in legal terms exercise the right to forget his/her personal data, except in the cases foreseen for the fulfilment of legal obligations, with the conclusion of the training contract, and during all the execution, the trainee/trainer gives his/her consent that his/her personal data may be stored in a secure digital form, processed and accessed in the terms previously specified or punctually specified.

For trainees and trainers, the regime provided for in this regulation for workers, in terms of processing of collection, purpose of processing, category of data to be collected, storage periods, recipients of the data, that provided for workers' personal data, with the necessary adaptations and if applicable.

WORKERS’ RIGHTS

Workers enjoy, in accordance with the law, the rights to information, access and opposition. In order to exercise their right of access, they must submit a written request to the person responsible for processing the data by email dadospessoais.transports@davidneto.com or request a separate form from the Human Resources department.

VIOLATION OF DATA PROTECTION RULES OF PROCEDURE

In the event of a leak of information, violation of the Internal Regulations of the Data Protection Policy, or any other form of illicit behaviour, this entity shall report the incident to the National Data Protection Commission (CNPD) within 72 hours.