Privacy Policy

VORTAL – COMÉRCIO ELECTRÓNICO, CONSULTADORIA E MULTIMÉDIA, S.A., NIPC 505141019 (hereinafter referred to as “VORTAL”) is committed to the protection of personal data entrusted to it and to information security, offering maximum guarantees of quality, security and integrity in all its services.

VORTAL is a subsidiary of VORTAL, SGPS, S.A., which in turn is owned by VTBD, S.A.
The VORTAL Group of Companies also includes the following companies, as shown in Chart 1 below:

Chart 1 – Organizational chart VORTAL Group of Companies

privacy policy chart
Code Country Description
VOR Portugal Vortal, SGPS, S.A.
VPT Portugal Vortal – Comércio Electrónico, Consultadoria e Multimédia, S.A.
VAC Portugal Academia Vortal – Formação E Inovação, Unipessoal, Lda.
VES Spain Vortal Connecting Business, S.L.
VDE German Vortal Connecting Business DE GmbH
VUK UK Vortal Connecting Business UK LTD
VAR Spain Spain Armilar Business Services, S.L.
VIT Italy Italy Vortal Connecting Business, s.r.l.
VTB Portugal Vtbd, S.A
CDA Spain Internet Construdata 21, SAU
NEX Spain Nexus IT

In fact, the Vortal Group Companies provide similar information services, through access to business opportunities or information on the respective market, such as Lead Generation Services, Marketing Intelligence, eTendering, Project Information, as well as complementary services such as electronic invoicing, digital certification and time stamps.

The aforementioned Vortal Group of Companies is, in turn, part of the Byggfakta Group.

VORTAL has been guided by the development of information and communication systems and technologies, pursuing a policy of modernization and ensuring compliance with the legislation in force.

In this context, information technologies support the organization’s mission and objectives, to the extent that they are the basis of its activity, through the existence of physical infrastructure (hardware) and applications (software), where information corresponding to the activities carried out and the services provided is stored, transacted and made available.

VORTAL acts, as the Controller of the personal data collected or obtained, in accordance with the need-to-know principle, namely for the purposes of providing the services made available, verifying and maintaining quality, testing and operating current systems and those that may be developed, for the period of time strictly necessary to ensure the purpose for which they are intended, or for the duration of the contractual relationship, or for proof thereof, or during which, under the terms of the applicable legislation, it is mandatory to keep them.

For this reason, all information of a personal nature is treated and protected with the utmost diligence, and always in accordance with the applicable law: Personal Data Protection Act and Regulation 2016/679 of the European Parliament and of the Council of 27.04.2016 (GDPR).

This PRIVACY POLICY explains who we are, for what purposes we may process your personal data, how we process it, to whom we may disclose it, such as customers and/or other Vortal Group Companies, where it may be transferred or where you may access it and what your rights are.

The use of the Services existing in the Vortal Group Companies implies acceptance of the clauses of the respective PRIVACY POLICY, and each Vortal Group Company is a data controller.

Whenever you have any doubts, you should contact the Personal Data Controller of the respective Vortal Group Company by the following means:

  • VTBD, S.A
    Email: privacidade@vortal.biz
    Postal mail: Green Park, R. Gen. Firmino Miguel nº 6B, piso -2, 1600-300 Lisboa, Portugal.
  • Vortal, SGPS, S.A.
    Email: privacidade@vortal.biz
    Postal mail: Green Park, R. Gen. Firmino Miguel nº 6B, piso -2, 1600-300 Lisboa, Portugal.
  • Vortal – Comércio Electrónico, Consultadoria e Multimédia, S.A.
    Email: privacidade@vortal.biz
    Postal mail: Green Park, R. Gen. Firmino Miguel nº 6B, piso -2, 1600-300 Lisboa, Portugal.
  • Academia Vortal – Formação E Inovação, Unipessoal, Lda.
    Email: privacidade@vortal.biz
    Postal mail: Green Park, R. Gen. Firmino Miguel nº 6B, piso -2, 1600-300 Lisboa, Portugal.
  • Armilar Business Services, S.L.
    Email: privacidad@armilar.biz
    Postal mail: C/ José Echegaray 8 – Edificio 3, Planta Baja, Parque empresarial Alvia
    Rozas de Madrid (LAS) 28232-Madrid, Espanha.
  • VORTAL CONNECTING BUSINESS SA
    Email: protecciondatos@vortal.biz
    Postal mail: C/ José Echegaray 8 – Edificio 3, Planta Baja, Parque empresarial Alvia
    Rozas de Madrid (LAS) 28232-Madrid, Espanha.
  • Internet Construdata 21, SAU
    Email: privacidad@construdata21.com
    Postal mail: C/López de Neira 3, Oficina 310-311-312, 36202 – Vigo (Pontevedra – España).
  • Nexus IT
    Email: privacidad@nexus-it.es
    Postal mail: C/ José Echegaray 8 – Edificio 3, Planta Baja, Parque empresarial Alvia
    Rozas de Madrid (LAS) 28232-Madrid, Espanha.

FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA?

1. Communication of Products, Services and Sales (Communication or sale of new products or services; updates on your Services; Guides and Tips on using the Platform and contracted Services; Alerts on opportunities relevant to your business; Training offers and other special offers; Analysis and definition of consumer profiles; Adaptation and development of new products or services; Research and processing of analytical information (Big Data Analytics); as well as communication of events and webinars).

2. Customer Management and Service Provision (Filling in registration forms for VORTAL services on the respective websites; Managing contacts, information or requests; Managing installation, activation or deactivation; Managing complaints or faults; Managing invoicing, collection and payments; Managing the customer experience; Assessing customer satisfaction by carrying out surveys; Recording calls to prove commercial transactions and communications within the scope of the contractual relationship; Recording calls to monitor the quality of service).

3. Accounting, tax and administrative management (accounting, invoicing; tax information, including sending information to the Tax Authority)

4. Litigation Management (Judicial and extrajudicial collection)

5. Network and systems management (Support and improvement of networks and applications that support the service; Monitoring, improvement and support of the service; verification and maintenance of quality, testing and operation of current systems and those that may be developed)

6. Compliance with legal obligations (Includes the processing of personal data necessary to comply with Vortal’s legal obligations, such as accounting, tax or document retention obligations)

7. Information security control (Access and log management; Backup management; Security incident management)

8. Human resources management and recruitment and selection of employees (via email to recruitment@vortal.biz; application forms; CV processing; salary processing, etc.)

Your personal data will not be used for purposes other than those described in this Policy without your prior information or, where appropriate, consent.

THE DATA WE COLLECT

VORTAL collects, stores and uses personal data for the provision of its services, which are mainly promoted on the electronic platforms and other Services under its management.

VORTAL will only collect and request data that is strictly necessary for the provision of the services in question, in accordance with the explicit information on the platform and the User’s options.

VORTAL only collects data that is appropriate, relevant and limited to what is strictly necessary in relation to the purposes for which it is processed, namely:

a) Clients, Client Employees, Counterparties, Suppliers, Partners, Employees: identification data, professional data, professional activity or accounting data, of the individual, in the case of natural persons, or of their representatives, in the case of legal persons, such as the name of the representative and respective User(s), e-mail address, telephone contact, position and functions, as well as any other personal data whose processing is strictly necessary for the performance of the contract or for compliance with legal obligations;
b) Contact requests: identification data such as name, email address and telephone contact;
c) Newsletter subscription: email address;
There is the possibility of choosing not to be a recipient of newsletters, commercial campaigns or any other communication related to the Products, Services and Sales of VORTAL or Vortal Group Companies, which you can always exercise through the available email marketing tools used by VORTAL.
d) Applications: identification data such as name, email address and any data contained in the Curriculum Vitae.

We collect personal data about natural persons who, (i) in the course of their professional activity, use our services and website (Users), (ii) submit applications for recruitment vacancies (Applicants), (iii) our Employees, (iv) as well as representatives of our Clients (including potential Clients).

Most of this data is provided to us directly by the User/individual when they contact us, submit an application, attend an event in person, participate in telephone conversations or contact us about our Services.

We may also obtain your personal data through other means and sources, such as professional social networks like LinkedIn.

All VORTAL employees, regardless of the type of existing relationship, who process personal data are legally and contractually obliged to keep it confidential, in particular by not being able to disclose or use it, unless there is a legal obligation or court order.

VORTAL may also process personal data provided by the Customer and/or User of VORTAL Services, when the Customer and/or User of VORTAL Services uses Artificial Intelligence Solutions.
The Customer and/or User of VORTAL’s Services who chooses to use artificial intelligence solutions shall be responsible for all information and/or data transmitted and shared, and shall be obliged to make responsible and prudent use of said Solutions, (i) refraining from providing any personal data other than that which is strictly necessary for the use of said tools, (ii) not using or disclosing Confidential Information or information that is protected by Copyright and Intellectual Property.

In the Solutions that it develops using Artificial Intelligence, VORTAL will ensure their responsible use and compliance with the regulations on artificial intelligence, with a view to building an ethical and reliable artificial intelligence, keeping the information, in particular, for the purposes of providing the services made available, verifying and maintaining the quality, testing, operation and interconnection of the systems, creation of queries and procedures, research, analysis and improvement of the models of the available Solutions.

Protecting data privacy in the age of artificial intelligence is a priority for VORTAL, in order to guard against any lack of regulatory compliance and/or cybersecurity attacks, to which end it will take proactive measures to protect data privacy, such as implementing strong data quality and security protocols, ensuring that the data in question is only used for the intended and authorized purpose, and developing transparent, impartial and fair systems that allow for the explanation, inspection and reproduction of decisions and the use of the data in question with respect for fundamental rights.

HOW WILL MY INFORMATION BE USED? (Legitimacy for the processing of your data)

Your data will only be processed if one of the following situations applies:

1) The processing of personal data of Customers, Suppliers, Partners and Employees, the legal basis will be the performance of a contract and the fulfillment of legal obligations, as provided for in Article 6(1)(b) and (c) of the GDPR.
The processing of the personal data of Customers, Customer Employees, Counterparts, Suppliers, Partners and Employees is intended for any purpose directly related to the execution of the respective contracts or the fulfillment of legal obligations, namely recruitment, hiring, contract management, job management, accounting, commercial activity, customer management, communication, submission of proposals.

2) The processing of personal data for purposes other than those referred to above, namely personal data collected through the VORTAL website or following the sending of emails with contact requests, depends on the consent of the data subjects, as provided for in Article 6(a) of the GDPR.

3) Data that is necessary for the purposes of the legitimate interests pursued by VORTAL, provided that they do not prevail over the interests or rights, freedoms and guarantees of the data subject.

It should be noted that, with regard to electronic communications to Customers and/or Users, it is important to clarify the distinction that will be made depending on whether or not there is a previous contractual service relationship with the Customer in question or use of VORTAL Services. This will be the case:

A. If there is already a contractual service relationship with the Customer or use of VORTAL Services, the basis for processing your personal data will be different depending on the promotional content; Thus,(i) If the marketing communications concern products or services similar to those previously purchased by you as a Customer and/or User, your consent is not required.
In the context of the contractual relationship of services or use of VORTAL Services, the use of the contact details of its Customers (obtained in the context of the transaction or use of a particular product or service) is permitted for direct marketing purposes, when it concerns products or services similar to those transacted by VORTAL and/or Vortal Group Companies. In this case, the basis for processing personal data is the legitimate interest of the Data Controller. (ii) If the marketing communications concern products or services other than those previously purchased by you as a Customer and/or User of VORTAL Services, VORTAL will have to obtain your prior and express consent;

B. If there is no prior legal relationship between you and VORTAL – contractual relationship or use of the Services – marketing communications will only be possible with your prior express consent.

Your personal data will not be used for purposes other than those described in this PRIVACY POLICY without your prior information or, where appropriate, consent.

Your data will be processed by VORTAL using appropriate technical and organizational measures to ensure a high level of security, in accordance with the GDPR.

HOW LONG WILL YOU KEEP MY INFORMATION?

Your personal data will be kept for the minimum period of time necessary and proportionate for the purposes described above.

In the case of employees, your data will be kept for the purposes of complying with VORTAL’s legal obligations.
In relation to recruitment processes, and under the terms of labor legislation, your data will be kept for a period of 5 (five) years.

As for legal representatives and contact persons, their data will be kept for the duration of the contract or any of its obligations and, thereafter, for the period necessary to comply with legal obligations or if necessary for the declaration, exercise or defense of a right in legal proceedings.

PERSONAL DATA SECURITY

VORTAL, in the pursuit of its activities, uses a set of technologies and physical and logical security procedures, suitable for the protection of your personal data, protecting unauthorized access or disclosure, namely:

  • Access control (logical and physical)
  • Authentication and access management
  • Data encryption
  • Profile segregation
  • MF Authentication
  • Daily and incremental backups
  • 3-level firewall
  • Clear Screen Policies and Acceptable Use of Assets
  • Segregation of productive and non-productive environments
  • Malware control
  • Malicious software precautions
  • Vulnerability management
  • Incident Management
  • Alerts and monitoring of events and incidents
  • Pentesting
  • Disaster Recovery
  • Safe Development Policy
  • Cryptographic policies
  • Collection, maintenance and protection of logs and audit evidence on the platform
  • Infrastructure monitoring
  • VPN (site to site)
  • TSA
  • High availability infrastructure 99.5%
  • Patches update
  • Risk Management
  • Data masking.

WILL MY DATA BE SHARED WITH OTHERS?

Your information may be disclosed:

  • Within the Vortal and Byggfakta Group of Companies – VORTAL is part of a multinational business group. Therefore, your personal data, including the processing of personal data of customers or employees, may be processed for internal administrative purposes by other companies in the group, provided that the respective legitimacy is observed, in the context of shared services between Vortal Group Companies and for internal reporting purposes. In addition, the sharing and processing of personal data may also be necessary to improve the offer of services, carry out satisfaction surveys of Services and offer similar or complementary services to its Customers and/or Users of Services.
    Personal data may also be shared and processed between Vortal Group Companies, if this is necessary and assumed when the Customer contracts a certain Service with VORTAL, and the Customer is informed that the Service in question presupposes the sharing and processing of personal data with a certain Vortal Group Company.
  • To third party service providers of VORTAL – When necessary, VORTAL uses third parties to provide services, which may have access to your data.
  • To Public Authorities – Under the terms of the applicable law, VORTAL is obliged to disclose data to the Tax Administration, Social Security, the Working Conditions Authority and, following orders or notifications, to the judicial authorities.
    In accordance with this PRIVACY POLICY, the processing of your personal data may involve its transfer to other countries. However, the transfer of personal data by VORTAL will always be within the terms of the Personal Data Protection Regulation and the adoption of the standard data protection clauses adopted by the European Commission.

WHAT RIGHTS DO I HAVE?

We inform you that you can exercise the following rights:

  • right of access to your personal data in order to know which data is being processed and the processing operations carried out on it;
  • right to rectify any inaccurate personal data;
  • right to erasure of your personal data, where possible;
  • right to request the restriction of the processing of your personal data when the accuracy, lawfulness or necessity of the processing of the data is doubtful, in which case we may retain them for the exercise or defense of claims;
  • right to the portability of your personal data, when the legal basis that enables us to process it is the contractual relationship or consent;
  • right to object to the processing of your personal data, when the legal basis for processing is legitimate interest. For these purposes, we will stop processing your data, unless we have a compelling legitimate interest, or for the establishment, exercise or defense of claims.
  • right to revoke your consent at any time.

The Customer and/or User undertakes to keep their data up to date and VORTAL undertakes to fully comply with its obligations under the law in force with regard to the protection of personal data and the rights that derive from this for its holders.

To exercise your rights, please contact our Personal Data Controller at the following address: privacidade@vortal.biz, indicating the right you wish to exercise and your identifying data, as well as the respective grounds. You may be asked to provide proof of your identity to ensure that personal data is only shared with its owner.

Your requests will be treated with special care so that we can ensure the effectiveness of your rights.
You should be aware that in certain cases, in accordance with applicable law, your request may not be immediately or fully satisfied. In any case, you will be informed of the measures taken within 30 (thirty) days of your request being made.

You also have the right to lodge a complaint with the national supervisory authority: www.cnpd.pt.

AMENDMENT TO THE SECURITY AND PRIVACY POLICY

This policy, which you should read carefully, may be amended from time to time, with the amendments taking effect from the date they are published on this website, with express reference to the date of the update.

Version 4.0. Updated March 6, 2024