SirFire aims to ensure that the processing of personal data complies with Regulation (EU) 2016/679 of April 27, 2016.
This document establishes the company’s Privacy Policy and outlines the main rules observed by SirFire regarding the processing of personal data.
The collection and processing of personal data provided to SirFire, as well as the exercise of data subjects’ rights, are governed by this Privacy Policy, internal regulations, and other applicable instruments.
CNPD: National Data Protection Commission.
Data subject’s consent: any freely given, specific, and informed expression of will by which the data subject accepts that their personal data be processed.
Personal Data: any information relating to an identified or identifiable natural person.
Sensitive Data: personal data concerning philosophical or political beliefs, trade union membership, religious faith, private life, racial or ethnic origin, health, sexual life, and genetic data.
Data interconnection: linking data from one file with data from another file.
Personal Data Protection Legislation (LPDP): Regulation (EU) 2016/679 of April 27, 2016.
RPDP: Regulation (EU) 2016/679 of April 27, 2016.
Controller: SirFire or another group company that determines the purposes and means of processing personal data.
Processor: a person or entity that processes personal data on behalf of the controller.
Third party: a person or entity to whom the controller discloses personal data.
Data subject: a natural person whose personal data is processed.
Processing of personal data: any operation performed on personal data such as collection, storage, use, disclosure, or deletion.
The processing of personal data governs the collection and processing of personal data and the exercise of related rights under applicable legislation.
Processing is carried out according to the principles of lawfulness and fairness, purpose limitation, adequacy and proportionality, accuracy, storage limitation, transparency, security, and legitimacy.
Personal data collected will be processed and stored electronically by SirFire or its subcontractors for managing the relationship between SirFire and the data subject and for service execution.
SirFire processes personal data only when necessary for business activities, legal or contractual compliance, or the stated purposes.
SirFire assumes the data provided is authorized, true, and accurate, and will take measures to correct or delete inaccurate or incomplete data.
Personal data is retained only for the period necessary to fulfill its purpose and is then permanently deleted.
Collected data may include names, delivery details, addresses, email addresses, and phone numbers.
Personal data may be transferred to entities outside Portugal for the purposes described in this policy.
Transfers to countries outside the EU/EEA may occur, and consent will be requested when required.
Personal data may be disclosed to third parties to comply with legal obligations, protect vital interests, support business transactions, or for other legitimate legal purposes.
Personal data may be shared with subcontractors for processing under SirFire’s instructions.
Subcontractors must provide sufficient security guarantees and comply with this Privacy Policy.
Data interconnection will not be performed without prior authorization from CNPD.
Any authorized interconnection will ensure legitimate purposes, non-discrimination, adequate security measures, and consideration of the nature of the data.
Data subjects have the right to access, update, rectify, and object to the processing of their personal data under applicable law.
While browsing the website, certain information may be collected automatically through IP addresses, cookies, web tags, and navigation data.
IP addresses are used to diagnose server problems, determine connection routes, and gather statistical information.
Customers may access their Client Area to edit personal data or request updates and corrections.
The website may contain links to external sites, for which SirFire is not responsible. Users are encouraged to review their privacy policies.
SirFire implements technical and organizational measures to protect personal data against unauthorized access, loss, or alteration.
Special security measures are adopted when processing sensitive data.
SirFire reserves the right to amend this Privacy Policy at any time. Changes will be communicated and published on the company website.
For questions or complaints regarding this Privacy Policy, contact SirFire via the designated GDPR email or the company address.
Complaints may be submitted to the Portuguese Data Protection Authority (CNPD).
This Privacy Policy entered into force on May 25, 2018.