Plataformas

Compliance Platform

Whistleblowing

Ethics and Conduct

Platform Documentation · Borgstena Group

Platform Data Protection Policy

Policy governing the processing of personal data of the users of the Data Protection Platform itself, distinct from the Group's general Data Protection and Privacy Policy.

Home › Platform Documentation › Platform Data Protection Policy
Reference#PEPD-0850-20260526
Version202605
Date26 May 2026
NaturePlatform policy

This Policy governs the processing of personal data carried out by the Borgstena Group Data Protection Platform as a digital resource. It is distinct from the Group's general Personal Data Protection and Privacy Policy, which governs the processing of personal data in the exercise of the economic activity of the Group's companies.

1.Object and scope

This Policy is intended to describe the processing of personal data carried out in the context of the operation of the Data Protection Platform, accessible at borgstena.dataprotectionofficer.help. Its scope covers the data collected from visitors of the Platform — namely through forms, the Support service and the technical operation logs — and excludes the processing of personal data carried out by the Group's companies in the exercise of their activity, which is governed by the general Personal Data Protection and Privacy Policy.

2.Controller

Company nameDual Borgstena Textile Portugal, Unipessoal, Lda.
Identification number502355409
Registered officeEN 234 — km 87.7 (Chão do Pisco), Apartado 35, 3521-909 Nelas
Telephone(+351) 232 427 660
Emailinfo@borgstena.com

Dual Borgstena Textile Portugal, Unipessoal, Lda., as the entity behind the Platform project, is the controller of the personal data collected in the context of the Platform's operation. The Platform is technically operated with the support of processors, under point 7 of this Policy.

3.Data Protection Officer

The Borgstena Group's Data Protection Officer also oversees the compliance of the processing of data carried out by the Platform itself. The Officer may be contacted at dataprotection@borgstena.com.

4.Personal data processed by the Platform

The Platform processes, to the extent strictly necessary for its operation and for the provision of the services it makes available, the following categories of personal data:

  • identification and contact data provided by the data subject in the forms for the exercise of rights, for the reporting of incidents or in requests to the Support service;
  • content of communications addressed to the Platform, namely to the Support service and to the Data Protection Officer;
  • online identifiers of the visitor's device, namely IP address, browser identification and technical access logs;
  • data collected through cookies used on the Platform, under the Platform Cookies Policy.

5.Purposes of processing

Personal data are processed exclusively for the following purposes:

  • technical operation of the Platform and provision of its content and functionalities;
  • routing and response to requests submitted through the forms and the Support channels;
  • routing of communications addressed to the Data Protection Officer;
  • security of the Platform, namely protection against unauthorised access, automated attacks and abusive use;
  • compliance with legal obligations applicable to the entity behind the Platform.

6.Lawful bases

The processing of personal data by the Platform is based on the lawful bases provided for in Article 6 of the GDPR, namely: the legitimate interest in the operation and security of the Platform; the performance of pre-contractual or contractual steps, where the submitted request so requires; compliance with legal obligations to which the controller is subject; and the consent of the data subject, where applicable, namely as regards cookies that are not strictly necessary.

7.Recipients and processors

The personal data processed by the Platform are accessed by the competent services of the controller, namely the Data Protection Officer, the Support service and the Permanent Security Contact Point. For technical operation, the Platform may engage processors for hosting, IT maintenance and communication delivery services, concluding with each of them the contracts provided for in Article 28 of the GDPR. Outside these cases, data are not communicated to third parties, save in compliance with legal obligations.

8.Retention periods

Personal data are retained for the period necessary for the purposes for which they were collected, namely:

  • requests submitted by form: for the period necessary to respond and archive the case, in compliance with the applicable legal periods;
  • communications to the Support service and to the Data Protection Officer: for the period necessary to respond and follow up, in compliance with the applicable legal periods;
  • technical access logs: for the period [to be confirmed depending on the technical configuration of the Platform, as a rule no longer than twelve months];
  • cookies: for the period defined in each cookie, under the Platform Cookies Policy.

9.International transfers

The operation of the Platform and the use of any third-party services may imply the transfer of personal data outside the European Economic Area. Such transfers, where they occur, observe the requirements of Chapter V of the GDPR, namely the applicable adequacy decisions or the appropriate safeguards in place, including standard contractual clauses.

10.Platform security

The Platform adopts technical and organisational measures appropriate to the protection of personal data, in accordance with Article 32 of the GDPR, namely the use of encrypted communication protocols, access control to systems, monitoring of technical logs and protection against automated attacks. The management of incidents on the Platform observes the procedures described on the Information Security page.

11.Rights of data subjects

The user of the Platform may, at any time and free of charge, exercise the rights provided for in the GDPR — namely access, rectification, erasure, restriction, portability, objection and withdrawal of consent — through the Rights Exercise Form or by contacting the Data Protection Officer. A response is provided within one month, extendable by two months in justified cases, under Article 12(3) of the GDPR. Without prejudice to direct contact with the Data Protection Officer, the data subject has the right to lodge a complaint with the National Data Protection Commission, through the contacts available at www.cnpd.pt.

12.Relationship with the general Policy

This Policy does not replace or affect the application of the Borgstena Group's general Personal Data Protection and Privacy Policy, to which it refers for the definition of the principles, rights and substantive guarantees applicable to all processing of personal data by the Group. The Data Processing Information Sheets detail each category of processing and remain applicable as a complement to this Policy.

13.Versions of the Policy

Version of this Policy: 202605. Date: 26 May 2026. To consult previous versions, the data subject may send a request by email to dataprotection@borgstena.com.

Data Protection Officer (DPO)
Borgstena Group
Document prepared by the Data Protection Officer in the exercise of the functions provided for in Articles 38 and 39 of the GDPR. The legal references have been confirmed against official sources; content marked in square brackets and italics requires further verification. This Policy does not replace consultation of the general Personal Data Protection and Privacy Policy.
Ref. #PEPD-0850-20260526 · DPP Platform · Platform Documentation · Data Protection Policy · Version 202605 · English version
Borgstena Group
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.