Data Protection Officer
Contacts and procedures sheet of the Borgstena Group Data Protection Officer, designated under Articles 37 to 39 of the GDPR.
The Borgstena Group has designated a Data Protection Officer, demonstrating its commitment to appointing an officer responsible for monitoring the compliance of personal data processing, in fulfilment of the applicable law.
This sheet brings together the identification and contacts of the Data Protection Officer, describes their functions and their position within the organisation and sets out the means and procedures for making contact. The Data Protection Officer is the privileged contact point for all data subjects whose personal data are processed by the Group.
1. Identification and contacts
and Compliance Officer
- Telephone
- (+351) 213 243 750 Call to a national landline. General contact number of the secretariat supporting the Data Protection Officer.
- Personal email
- manuel.melo@dataprotectionofficer.pt Personal email address of the Data Protection Officer.
- Institutional email
- dataprotection@borgstena.com Institutional email address of the Data Protection Officer within the Borgstena Group.
2. Functions of the Data Protection Officer
The functions of the Data Protection Officer are set out in Article 39 of the GDPR. In summary, the Officer is responsible for:
- informing and advising the controller, the processor and the employees of their obligations under the GDPR and the other applicable data protection provisions;
- monitoring compliance of processing with the GDPR, with the applicable legislation and with the Group's policies, including the awareness-raising and training of the staff involved in processing operations;
- providing advice, where requested, regarding the data protection impact assessment and monitoring its performance under Article 35 of the GDPR;
- cooperating with the supervisory authority and acting as the contact point for matters relating to the processing of personal data;
- having due regard to the risks associated with processing operations, taking into account their nature, scope, context and purposes.
The Data Protection Officer also acts as the contact point for data subjects, who may contact the Officer with regard to all matters relating to the processing of their personal data and to the exercise of their rights, as provided for in Article 38(4) of the GDPR.
3. Position and guarantees of independence
Under Article 38 of the GDPR, the Data Protection Officer is involved, properly and in a timely manner, in all issues relating to the protection of personal data. The Borgstena Group ensures that the Officer has the resources necessary to carry out their functions and to access personal data and processing operations, and that the Officer does not receive instructions regarding the exercise of those functions and may not be dismissed or penalised for performing them. In the exercise of their functions, the Data Protection Officer is bound by secrecy or confidentiality.
4. When and how to contact the Data Protection Officer
Any data subject may contact the Data Protection Officer, namely in order to:
- clarify questions about the personal data processing carried out by the companies of the Borgstena Group;
- obtain information or assistance regarding the exercise of their data protection rights;
- report a concern or a possible situation of non-compliance in matters of data protection;
- obtain clarification regarding the policies and information sheets published on the Platform.
Contact should preferably be made by email, as this allows the request to be documented and logged. The communication should identify the requester, indicate a valid contact for the reply and clearly describe the matter raised.
5. Procedure for handling requests
Requests addressed to the Data Protection Officer are handled in accordance with a procedure that ensures accuracy, traceability and respect for the statutory deadlines.
| Stage | Description | Reference timeframe |
|---|---|---|
| Receipt and logging | Logging of the request and assignment of an internal reference, with acknowledgement of receipt to the requester. | [1 business day] |
| Analysis and identity verification | Assessment of the request and, where necessary, a request for additional information to confirm the data subject's identity. | As soon as possible |
| Substantive response | Response to the request or provision of the information requested, with appropriate reasoning. | 1 month (Article 12(3) of the GDPR) |
| Extension | In cases of particular complexity or a high number of requests, the deadline may be extended, with notice to the data subject. | Up to 2 additional months |
The exercise of rights is free of charge. Only in cases of manifestly unfounded or excessive requests, in particular because of their repetitive character, may a reasonable fee be charged or the response refused, under Article 12(5) of the GDPR.
6. Right to lodge a complaint with the supervisory authority
Contacting the Data Protection Officer is without prejudice to the data subject's right to lodge a complaint with a supervisory authority. In Portugal, the competent supervisory authority is the National Data Protection Commission (CNPD). In the other European Union Member States in which the Borgstena Group operates, the respective national supervisory authority is competent. The data subject may, nonetheless, first approach the Data Protection Officer, who will seek to resolve the matter swiftly and appropriately.