Data Processing Policy in the Relationship with Suppliers

1. Data Protection Commitment

Sodecia – Participações Sociais, SGPS, SA., hereinafter referred to as Sodecia, a legal person with the Tax Number PT503437786, complies with the applicable Community and national legal regulations regarding the protection of personal data, privacy and information security of data subjects, within the scope of the data processing operations carried out in the relationship with suppliers – whether the data subjects are the suppliers themselves as natural persons, or the data subjects are the suppliers’ employees – in accordance with:

  • the general terms of the Data Protection and Privacy Policy which is available at https://www.sodecia.com/ or at any of the service points and
  • the special terms of this Personal Data Processing Policy in the Relationship with Suppliers.

2. Personal Data

Sodecia collects and processes the following categories of personal data from suppliers or suppliers’ employees:

  • Identification data;
  • Contact details;
  • Professional data and certifications;
  • Traffic data and access control on the premises.

3. Data Sources

Sodecia collects personal data from suppliers or suppliers’ employees by collecting it directly from them or indirectly from their employer, by filling in information registration forms.

4. Purpose of processing

Sodecia processes the personal data of suppliers or suppliers’ employees exclusively for the purposes of verifying the legitimacy of legal representatives, access control, safety, hygiene and occupational health and the provision of contracted services in the exercise of economic
activity.

5. Processing Legitimacy

Sodecia bases the legitimacy of the processing of suppliers or supplier’s employees personal data in accordance with the concrete processing activity carried out, whether based on the management of the contractual relationship, the fulfilment of legal obligations or the legitimate interests of the pursuance of economic activity.

6. Data retention period

Sodecia will keep the data for the period necessary to pursue the purposes of the processing, complying with the applicable legal deadlines, with suppliers or suppliers’ employees being allowed to request its deletion or exercise any other right at any time, subject to the conditions and limitations provided for by law, and the default period for keeping personal data of suppliers or suppliers’ employees being one year.

7. Communication of Personal Data

The personal data of suppliers or supplier’s employee’s is processed exclusively by Sodecia’s contracting and provisioning, human resources management and occupational safety, hygiene and health services, and there is no communication of data to third parties, except for situations legally provided for the mandatory communication of personal data to third parties.

8. Data Processing Information Forms

Under the terms of the loyalty and transparency principle and to ensure compliance with the duty to inform, Sodecia delivers directly or makes publicly available to all personal data subjects, depending on how their personal data was collected, information forms on the data
processing activities carried out, which are accessible for consultation at any service point or by request to the Data Protection Officer.
The Information Form on Data Processing in the Relationship with Suppliers is available at https://sodecia.groupdpo.com/p/information/ .

9. Rights of Suppliers or their Employees

Sodecia facilitates the exercise of suppliers or supplier’s employee’s rights in matters of personal data protection.
Sodecia facilitates the exercise of candidate’s rights in matters of personal data protection.
Besides being always able to submit a complaint to the respective control authority, in order to exercise any type of data protection rights, specifically the rights to withdraw consent, information, access, rectification, opposition, limitation of processing or erasure, suppliers or
their employees can also contact Sodecia’s Data Protection Officer directly via email at dpo@sodecia.com, describing the subject of the request and indicating an email address, a telephone contact address or a correspondence address for a reply.
A Form for Exercising the Rights of the Personal Data subjects is accessible at https://sodecia.groupdpo.com/p/forms/  or at any Sodecia service point.

10. Reporting of Personal Data Breach Incidents

Sodecia has implemented a data protection and information security incident management system.
If any Supplier or Employee of a Sodecia Supplier wishes to report the occurrence of any personal data breach, which accidentally or unlawfully causes the unauthorized destruction, loss, alteration, disclosure of or access to personal data transmitted, retained or otherwise processed, they may contact Sodecia’s Data Protection Officer or use Sodecia’s general contacts.
A Personal Data Breach Incident Reporting Form is available at https://sodecia.groupdpo.com/p/forms/  or at any Sodecia service point and
can also be sent by email by requesting it from the Data Protection Officer.

11. Permanent Security Contact Point

Sodecia has implemented a Permanent Contact Point for the management of information security and cyberspace security incidents.
If any Suppliers or their Employees wishes to report an information security incident or a cyberspace security incident, they can contact Sodecia’s Permanent Contact Point via the communication channels available at https://sodecia.groupdpo.com/p/security/ .
An Information Security or Cyberspace Security Incident Report Form is available at https://sodecia.groupdpo.com/p/forms/ or at any Sodecia service point and can also be requested to be sent by email, by requesting a Permanent Contact Point.

12. Whistleblower Protection

Sodecia has implemented a Whistleblower Channel, in compliance with the legal regulations in force, guaranteeing the data protection of the personal data subjects, under the terms of the Whistleblower Protection Policy available at https://whistleblowing.sodecia.com/ .
The Whistleblower Officer at Sodecia can be contacted via the contact details available at https://whistleblowing.sodecia.com/ .
The Sodecia Whistleblowing Platform is accessible via the link available at https://whistleblowing.sodecia.com/ .
A Whistleblowing Form can be accessed at https://sodecia.groupdpo.com/p/forms/  or at any Sodecia service point and can also be sent by email on request to the Whistleblower Officer.

13. Corruption Prevention

Sodecia has implemented a Regulatory Compliance Program within the scope of Corruption Prevention, in accordance with the legal regulations in force, guaranteeing the data protection of the personal data subjects, under the terms of the Corruption Prevention Policy accessible
at https://www.sodecia.com/ .
For the submission of complaints within the scope of the corruption prevention regime, any interested party may use,

14. Data Protection Policies

The Personal Data Processing Policy in the Relationship with Suppliers or their Employees is complemented by Sodecia’s General Data Protection Policy, which can be found at https://www.sodecia.com/ . It is also possible to consult the other specific Data Protection and Privacy Policies,

  • either through a request addressed to the Data Protection Officer, via the email address dpo@sodecia.com ;
  • either through face-to-face contact with any service point.

15. Policy Versions

This version of the Data Processing Policy within the scope of Supplier Management was published with the reference Version 202501.

This version of the Data Processing Policy within the scope of Application Management has been published under reference Version 202501.

To ensure its updating, development and continuous improvement, Sodecia may, at any time, proceed with any changes deemed appropriate or necessary to its different Personal Data Protection Policies, and the respective publication in the different channels is ensured to guarantee transparency and information to Users, Service Recipients, Customers, Employees, Candidates or Suppliers.

To consult previous versions of the Data Protection and Privacy Policy, please send a request by email to dpo@sodecia.com .

Data: 20250131

SODECIA
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.