Data Protection Platform · Borgstena Group

Frequently Asked Questions

Structured answers to the main questions on personal data protection, whistleblower protection, information security and regulatory compliance at the Borgstena Group.

Home › Borgstena › Frequently Asked Questions
Reference#PEPD-0849-20260526
Version202605
Date26 May 2026
NatureInstitutional page

This page brings together the answers to the most frequent questions on personal data protection, whistleblower protection, information security and regulatory compliance at the Borgstena Group. For additional questions, the data subject may contact the Data Protection Officer or use the Platform's Support service.

A.About the Platform and the Group

What is the Borgstena Group Data Protection Platform?

The Data Protection Platform is the institutional space, available at borgstena.dataprotectionofficer.help, through which the Borgstena Group fulfils its duties of transparency and accountability in matters of personal data processing. It brings together the policies, information sheets, forms and the contacts of the Data Protection Officer, in Portuguese and in English versions.

Who is the Platform for?

The Platform is intended for all data subjects whose personal data are processed by the Borgstena Group — namely customers, users, job applicants, workers, representatives and employees of suppliers — as well as for the supervisory authorities and for any interested party wishing to know the rules and procedures of the Group in matters of data protection.

Which companies of the Borgstena Group are covered by the Platform?

The Platform serves on a cross-cutting basis the companies of the Borgstena Group, namely Dual Borgstena Textile Portugal, Unipessoal, Lda., and the other companies established in Brazil, China, the Czech Republic, Romania and Sweden. The full list, with the country and the capacity as controller, is set out on the Group Companies page.

B.Regulatory framework

Where can I consult the regulations applicable to Personal Data Protection?

The reference regulation is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), complemented in Portugal by Law No. 58/2019 of 8 August. Both instruments are available from official sources, namely the Diário da República and the website of the National Data Protection Commission (www.cnpd.pt).

Where can I consult the regulations applicable to whistleblower protection?

The applicable regulation is Law No. 93/2021 of 20 December, which establishes the General Regime for the Protection of Whistleblowers of Infringements, transposing Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019. The instrument is accessible through the Diário da República.

Where can I consult the regulations applicable to information security and cybersecurity?

At European Union level, the main reference is Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 (NIS 2 Directive). The corresponding national transposition is set out in [national act to be confirmed and referenced here after verification in the Diário da República]. In the processing of personal data, security is also governed by Article 32 of the GDPR.

Where can I find a glossary of the main data protection concepts?

The Borgstena Group will provide a consolidated glossary on the Platform. The essential definitions — namely personal data, processing, controller and processor — are already included in section 2 (Definitions) of the general Personal Data Protection and Privacy Policy and correspond to the definitions in Article 4 of the GDPR.

C.Policies and Information Sheets

Where can I consult the Data Protection Policies in force?

The policies in force — the general Policy and the special policies on Applications, Employment Context, Procurement and Cookies — are available at borgstena.dataprotectionofficer.help/borgstena/policies.

Where can I consult the Data Processing Information Sheets in force?

The Information Sheets — the General Sheet and the Special Sheets for Applicants, Suppliers, Workers, Cookies and Website — are available at borgstena.dataprotectionofficer.help/borgstena/information.

What is the difference between a Policy and an Information Sheet?

The Policy is normative in nature: it sets out general principles and rules governing the processing of personal data. The Information Sheet is informative in nature: it describes, in detail, the processing activities, categories of data, lawful bases, recipients and retention periods, fulfilling the duty to inform set out in Articles 12 to 14 of the GDPR.

D.Rights of data subjects

What are my rights as a data subject?

The GDPR recognises the data subject's rights of access, rectification, erasure, restriction of processing, portability and objection, as well as the right to withdraw consent where the processing is based on that ground, and the right not to be subject to automated individual decisions, including profiling, under Article 22.

How can I exercise my data protection rights?

Rights are exercised through the Rights Exercise Form available at borgstena.dataprotectionofficer.help/borgstena/forms, or by email to the Data Protection Officer at dataprotection@borgstena.com, describing the subject of the request and indicating a valid contact for reply.

How long does Borgstena take to respond to my request?

The response is provided within one month from receipt of the request, under Article 12(3) of the GDPR. In cases of particular complexity or of a high number of requests, the deadline may be extended by two further months, with notice to the data subject of the reasons for the extension.

Is there any cost to exercise rights?

The exercise of rights is free of charge. Only in cases of manifestly unfounded or excessive requests, in particular because of their repetitive character, may a reasonable fee be charged or the response refused, under Article 12(5) of the GDPR.

Can I withdraw the consent I gave?

Yes. Where the processing is based on consent, this may be withdrawn at any time, without affecting the lawfulness of the processing carried out up to that point. The withdrawal of consent may be communicated through the Rights Exercise Form or directly to the Data Protection Officer.

E.Job applicants

What personal data does Borgstena process about applicants?

Borgstena processes the data strictly necessary to assess the application: name, role sought, contacts and the elements contained in the curriculum vitae or in the application form. Special categories of data are not requested, save in cases legally admissible and duly justified.

For how long is my CV retained by Borgstena?

The default retention period for the curricula and personal data of applicants processed by the human resources management services is two years. The applicant may, at any time, request their erasure or exercise any other right.

Can I request the deletion of my application?

Yes. The deletion of the application may be requested at any time, through the Rights Exercise Form or by email to the Data Protection Officer, without prejudice to the retention of data strictly necessary to comply with legal obligations.

F.Workers

What personal data does Borgstena process while I am a worker?

Borgstena processes the data necessary for the performance of the employment contract and for compliance with related legal obligations, namely civil, tax, social security and health user identification, contacts, professional data, training data and performance assessment data. In certain contexts, and on the basis of Article 9 of the GDPR, it also processes special categories of data — trade union membership, biometric data and health data.

For how long are my data retained after the end of the employment relationship?

Data are retained, by default, for two years from the termination of the contract, under Article 337(1) of the Labour Code, without prejudice to longer legal periods, namely in tax, contributory and occupational safety and health matters.

Does Borgstena use biometric data? For what purpose?

Yes. Borgstena processes biometric data for the purposes of access control to facilities and attendance control and for the protection of persons and property. The processing observes the conditions set out in Article 9 of the GDPR and the applicable provisions of the Labour Code, with the adoption of enhanced security measures.

G.Suppliers and the supply chain

I am an employee of a Borgstena supplier. What data of mine does Borgstena process?

Borgstena processes identification data, contacts, professional data and certifications, as well as traffic and premises access control data, exclusively for the purposes of verifying the legitimacy of representatives, access control, occupational safety and health and the provision of the contracted services.

What data protection and cybersecurity documentation does Borgstena apply to its suppliers?

The Borgstena Group has an integrated set of documents for the supply chain, including General Conditions and Instructions for Processing, Supply Chain Security Policy, Risk Assessment and Incident Management Procedures, Standard Contractual Clauses, Audits and Continuity and Digital Security Requirements. The full index is available at borgstena.dataprotectionofficer.help/borgstena/suppliers.

H.Cookies and the website

Does www.borgstena.com use cookies? Which ones?

Yes. Currently, the site uses the necessary cookie _GRECAPTCHA, set by Google's reCAPTCHA service, with the purpose of identifying bots and protecting the site against spam attacks. The detailed and updated list is set out in the Special Data Processing Information Sheet — Cookies.

How can I manage my cookie consent?

The user may manage consent through the privacy settings panel made available on the site, changing or withdrawing the consent previously given. The browser settings additionally allow cookies to be blocked or deleted, with the caveat that disabling strictly necessary cookies may affect the operation of the site.

I.Incidents and security

How can I report a personal data breach incident?

The report may be made through the Personal Data Breach Incident Reporting Form, available at borgstena.dataprotectionofficer.help/borgstena/forms, or by email to the Data Protection Officer at dataprotection@borgstena.com.

How can I report an information security or cybersecurity incident?

The report is made to the Permanent Security Contact Point, through the email address cyber.security@borgstena.com, the telephone (+351) 213 243 750 or the Form available at borgstena.dataprotectionofficer.help/borgstena/forms.

What Permanent Security Contact Points are available?

The Permanent Security Contact Point is described on the Information Security page, with the email address, telephone and dedicated Form. The Point operates in conjunction with the Data Protection Officer.

J.Data Protection Officer and supervisory authority

How can I contact the Data Protection Officer?

The Data Protection Officer may be contacted by email at dataprotection@borgstena.com. Full contacts and the handling procedures are set out on the Data Protection Officer page.

Can I lodge a complaint with a supervisory authority?

Yes. The data subject has the right to lodge a complaint with the competent supervisory authority, which, in Portugal, is the National Data Protection Commission (CNPD), through the contacts available at www.cnpd.pt. In the other European Union Member States in which the Borgstena Group operates, the respective national authority is competent.

K.Whistleblowing and corruption prevention

How can I file a whistleblowing report?

The report may be made through the Borgstena Group Whistleblowing Platform, accessible at whistleblowingofficer.com/borgstena, under the regime of Law No. 93/2021 of 20 December, with guarantees of confidentiality and protection of the whistleblower against acts of retaliation.

How can I file a whistleblowing report anonymously?

The Whistleblowing Platform allows reports to be submitted with the anonymity option selected, by using the dedicated form at whistleblowingofficer.com/borgstena.

What Whistleblowing channels are available in the Borgstena Group?

In addition to the Whistleblowing Platform, the email address compliance@borgstena.com and the telephone (+351) 911 879 229 are available. The full description of the channels is set out on the Whistleblowing page.

Where can I find the Group's Corruption Prevention Platform?

The Platform dedicated to the prevention of corruption, within the framework of Decree-Law No. 109-E/2021 of 9 December, is accessible at anticorrupcao.pt/borgstena.

L.Support and contact

How can I obtain help or support on the use of the Platform?

The Permanent Support and Contact service of the Platform is accessible through the email servicedesk@dataprotectionofficer.pt and the telephone (+351) 213 243 750, as indicated at borgstena.dataprotectionofficer.help/support.

Which channel should I use depending on the type of question?

For matters of personal data protection and exercise of rights, the Rights Exercise Form or the contact of the Data Protection Officer should be used. For security incidents, the Permanent Security Contact Point. For whistleblowing reports, the Whistleblowing Platform. For technical, procedural or orientation support in the use of the Platform, the Support service.

My question is not in this list. What can I do?

The Support service and the Data Protection Officer are available to answer any question on the Platform and on the processing of personal data by the Borgstena Group. This list of Frequently Asked Questions is subject to periodic review and your suggestion is welcome.

Data Protection Officer (DPO)
Borgstena Group
Ref. #PEPD-0849-20260526 · DPP Platform · FAQs · Version 202605 · English version
Borgstena Group
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.