Privacy Policy and Personal Data Processing
1. Us and Our Commitment:
Our Business Group, or group of companies involved in joint business activity, as defined under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “GDPR”), in particular Articles 4(19) and 4(20), is composed of three commercial companies: Mundifios – Comércio de Fios, S.A., Inovafil Fiação, S.A., and Filopa – Agenciamento, Importação e Exportação de Produtos Têxteis, S.A., hereinafter collectively referred to as the Mundifios Group.
The Mundifios Group is dedicated to the preparation and spinning of cotton-type fibers and to the wholesale trade of textile products.
Taking into account the principles of proportionality and appropriateness, and considering the technical and organizational resources available, the Mundifios Group is deeply and genuinely committed to ensuring the protection of its customers and employees, whether permanent or occasional, as well as users of its physical and digital platforms and support systems. This includes paper files, digital records, and websites currently in use or to be implemented, with particular regard to privacy and the processing and circulation of personal data.
2. Personal and Material Scope of This Privacy Policy:
This Privacy Policy applies exclusively to the Mundifios Group with respect to the personal data it collects, processes, and circulates.
The same or an equivalent policy will also be contractually imposed on entities that process personal data on behalf of the Mundifios Group.
3. Purpose and Disclosure of This Privacy Policy
In addition to implementing this policy within its organizational processes, the Mundifios Group has prepared this Privacy Policy to inform, clarify, and publicize the general rules governing the privacy and processing of personal data that it collects, always in strict compliance with applicable legislation.
This Privacy Policy will be made available in paper format, displayed in a visible location, and in digital format on the Group’s institutional website at www.mundifios.pt.
We kindly request that you read this Privacy Policy carefully. The provision of your personal data, whether in person or through access to the aforementioned website, implies that you acknowledge and accept the terms set forth herein, as well as the processing of your data for lawful and legitimate purposes.
The Mundifios Group expressly reserves the right to amend this Privacy Policy at any time. Any such changes will be duly publicized through the same means.
4. Concept of Personal Data:
Personal data refers to any information or record, of any nature and regardless of format or medium, including sound, image, writing, handwriting, or other characteristics, relating to an identified or identifiable natural person.
An identifiable person is one who can be identified, directly or indirectly, by reference to one or more elements of personal data, whether considered individually or in combination, particularly with respect to physical, physiological, psychological, economic, ethnic, cultural, geographical, or social identity, or location.
5. Entity Responsible for the Processing of Personal Data:
The entity responsible for the collection and processing of personal data is the Mundifios Group. Within the context of its relationships with data subjects, the Group determines, on lawful and legitimate grounds, which data is collected, the methods of processing, and the purposes of such collection and processing.
6. Types of Personal Data Collected and Processed:
In the context of its activities, the Mundifios Group collects and processes, in particular:
1. Customer data necessary for the supply of products, including name, tax identification number, address, telephone number, email address, and other strictly necessary, proportional, and lawful data.
2. Employee data necessary for the execution of employment contracts or service agreements, including name, identification document details, tax identification number, household composition, social security number, address, telephone numbers, email address, health data, access credentials, location data, and other strictly necessary, proportional, and lawful data.
3. Data required for compliance with legal obligations, including obligations towards public or private entities, such as name, identification document details, tax identification number, household composition, social security number, address(es), telephone numbers, email address, health data, and other strictly necessary, proportional, and lawful data.
4. Customer and supplier management data, used for contracting and managing business relationships, sending suggestions, information and marketing communications, promoting campaigns, promotions, advertising, and product news, and handling complaints, including address(es), telephone numbers, email address, and other strictly necessary, proportional, and lawful data.
5. Data necessary for the exercise of the Mundifios Group’s rights and legitimate interests, including accounting, tax and administrative management, litigation management, legal evidence, fraud detection, revenue protection and auditing, network and system management, information and physical security control, and facility security.
Subject to compliance with legal obligations or lawful orders from competent authorities, the Mundifios Group processes only the personal data strictly necessary for the pursuit of its activities, in proportion to the nature of the contractual or other relationship established with the data subject, or based on the data subject’s prior, lawful, informed, and explicit consent, where applicable.
7. Timing and Method of Personal Data Collection:
.
The Mundifios Group collects personal data in person, in writing, by telephone,cor through its websites. As a general rule, personal data is collected at the beginning of a contractual orcother necessary relationship required for the pursuit of the Group’s activities.
Our websites may receive spontaneous job applications, which are transmitted through an encrypted connection and stored on our email server. Access is limited to human resources managers and, when necessary, relevant department managers, under HR supervision.
Certain personal data is mandatory and essential for the initiation and lawful continuation of the relationship. If such data is missing or insufficient, the relationship may not commence or continue, and the data subject will be informed accordingly.
Except for mandatory data, publicly available data, or data processed under the legitimate interests of the Mundifios Group, personal data will only be collected and processed with the data subject’s prior, free, informed, specific, and unequivocal consent, particularly for newsletters or marketing communications. Consent may be withdrawn at any time.
Collected data is processed in paper or digital format in strict compliance with applicable data protection legislation and stored in restricted-access files or databases, accessible only to authorized employees. Under no circumstances will data be used for purposes other than those for which consent was granted or for lawful and legitimate purposes.
8. Purposes of the Collection and Processing of Personal Data:
Personal data is collected primarily for customer, supplier, and employee management; contractual relationship management; supply fulfilment; tailoring services to customer needs; information and marketing activities; campaigns, promotions, and advertising; market studies and satisfaction surveys; complaint management; accounting, tax, and administrative purposes; litigation management; legal compliance; fraud detection; revenue protection; auditing; network and system management; physical and information security; and fulfilment of legal obligations or other legitimate interests recognized by law.
Further information regarding specific processing activities will be provided at the time of data collection or upon request.
9. Retention Period of Personal Data:
Where a specific legal obligation requires data to be retained for a minimum period, such obligation will be respected.
Otherwise, personal data will be retained only for the minimum period necessary to fulfill the purpose for which it was collected and will then be
deleted.
10. Rights of the Data Subject:
The Mundifios Group guarantees data subjects the right of access, rectification, objection, erasure, restriction of processing, and data portability.
These rights may be exercised by contacting the Mundifios Group at its headquarters:
Rua 25 de Abril, 4805-369 Guimarães, or by email at mundifios@mundifios.pt.
If deemed appropriate, a complaint may also be lodged with the National Data Protection Commission (CNPD) via email at geral@cnpd.pt.
11. Security Measures:
The Mundifios Group adopts best practices and appropriate technical and organizational measures to manage risks related to personal data security. A rigorous compliance plan has been implemented to ensure the protection of personal data against unauthorized access, disclosure, alteration, loss, misuse, or unlawful processing.
12. Communication of Data to Third Parties:
The Mundifios Group may engage subcontractors to process personal data strictly for predefined purposes. Such entities are contractually bound to ensure confidentiality, security, integrity, and compliance with data protection requirements.
Personal data may also be transmitted to public authorities, such as tax authorities, courts, or law enforcement agencies, where required by law.
All third parties processing data on behalf of the Mundifios Group must implement measures appropriate to the associated risks.
13. Transfer of Personal Data:
The Mundifios Group’s activities may involve the transfer of personal data outside Portugal. In such cases, all applicable legal requirements will be strictly
observed, including ensuring adequate levels of data protection in the destination country.
14. Cookies:
Cookies are small software files stored on your device through your browser. They typically retain only information related to user preferences and do not
include personal data.
Whenever cookies involve personal data, the user’s prior consent will be requested in accordance with applicable legal requirements.