Data Processing Policy in the Management of Applications, Selection Processes and Recruitment

1. Data Protection Commitment

Sodecia – Participações Sociais, SGPS, SA, hereinafter referred to as Sodecia, a legal person with the Tax Number PT503437786, complies with the applicable Community and national legal regulations regarding data protection, privacy and security of the candidate’s personal information, in accordance with the general terms of the Data Protection and Privacy Policy which can be accessed at https://www.sodecia.com/  or at any of its service points.

2. Personal Data

Sodecia collects and processes the following candidate’s personal data: name, title, position, company where the candidate works and contacts within the company, as well as business card data and all the data contained in their CV or application form.

3. Data sources

Sodecia collects candidate’s personal data through the submission of personal CVs, the completion of application forms or through various sources of personal information accessible to the public in general (websites, professional networks, the media, etc.), as well as based on personal references.

4. Purpose of the processing

Sodecia processes candidate’s personal data exclusively for the purposes of human resources management and the selection or recruitment of employees.

5. Legitimacy of the processing

Sodecia bases the legitimacy of the processing of candidate’s personal data in accordance with concrete processing activities, whether based on the consent of the candidates, or based on the execution of pre-contractual relationships, or based on the legitimate interest of human resources management to seek selection and recruitment of human resources in the context of carrying out a legitimate economic activity.

6. Data retention period

Sodecia will retain the data for the period necessary to pursue the purposes of the processing, complying with the legal deadlines, with the candidate being allowed to request its deletion or exercise any other right at any time, and with a default retention period of five years for the
CVs and for the candidate’s personal data processed by the human resources management services.

7. Communication of Personal Data

Candidate’s personal data are processed exclusively by Sodecia’s human resources management services, and no data is communicated to third parties.

8. Data processing information forms

Under the terms of the loyalty and transparency principle and to ensure compliance with the duty to inform, Sodecia delivers directly or makes publicly available to all personal data subjects, depending on how their personal data was collected, information forms on the data
processing activities carried out, which are accessible for consultation at any service point or by request to the Data Protection Officer.
The Information Form on Data Processing in Application Management is available at https://sodecia.groupdpo.com/p/information/ .

9. Candidate’s rights

Sodecia facilitates the exercise of candidate’s rights in matters of personal data protection. Besides being always able to submit a complaint to the respective control authority, in order to exercise any type of data protection rights, specifically the rights to withdraw consent,
information, access, rectification, opposition, limitation of processing or erasure, candidates can also contact Sodecia’s Data Protection Officer directly via email at dpo@sodecia.com, describing the subject of the request and indicating an email address, a telephone contact
address or a correspondence address for a reply.

A Form for Exercising the Rights of Personal Data Holders is accessible at https://sodecia.groupdpo.com/p/forms/  or at any Sodecia service point.

10. Reporting of Personal Data Breach Incidents

Sodecia has implemented a data protection and information security incident management system.
If any User, Service Recipient or Subscriber wishes to report the occurrence of any personal data breach, which accidentally or unlawfully leads to unauthorized destruction, loss, alteration, disclosure of or access to personal data transmitted, retained or otherwise processed, they may contact Sodecia’s Data Protection Officer or use Sodecia’s general contacts.

A Personal Data Breach Incident Reporting Form is available at https://sodecia.groupdpo.com/p/forms/ or at any Sodecia service point and can also be sent by email by requesting it from the Data Protection Officer.

11. Permanent Security Contact Point

Sodecia has implemented a Permanent Contact Point for the management of information security and cyberspace security incidents.

If any Candidate, User, Service Recipient or Subscriber wishes to report an information security incident or a cyberspace security incident, they can contact Sodecia’s Permanent Contact Point via the communication channels available at https://sodecia.groupdpo.com/p/security/  .

An Information Security or Cyberspace Security Incident Report Form is available at https://sodecia.groupdpo.com/p/forms/  or at any Sodecia service point and can also be requested to be sent by email, by requesting a Permanent Contact Point.

12. Whistleblower Protection

Sodecia has implemented a Whistleblower Channel, in compliance with the legal regulations in force, guaranteeing the data protection of the personal data subjects, under the terms of the Whistleblower Protection Policy available at https://sodecia.groupdpo.com/p/whistleblowing/ .

The Whistleblower Officer at Sodecia can be contacted via the contact details available at https://sodecia.groupdpo.com/p/whistleblowing/ .
The Sodecia Whistleblowing Platform is accessible via the link available at https://sodecia.groupdpo.com/p/whistleblowing/ .

A Whistleblowing Form can be accessed at https://sodecia.groupdpo.com/p/forms/ or at any Sodecia service point and can also be sent by email on request to the Whistleblower Officer.

13. Corruption prevention

Sodecia has implemented a Regulatory Compliance Program within the scope of Corruption Prevention, in accordance with the legal regulations in force, guaranteeing the data protection of the personal data subjects, under the terms of the Corruption Prevention Policy accessible at https://www.sodecia.com/ .
For the submission of complaints within the scope of the corruption prevention regime, any interested party may use,

14. Data Protection Policies

The Personal Data Processing Policy in Application Management is complemented by Sodecia’s General Data Protection Policy, which can be found at https://www.sodecia.com/ .
Furthermore, it is possible to consult the Data Protection and Privacy Policy in the Employment Context,

  • either by sending a request to the Human Resources Department at the email address sodecia@sodecia.com ;
  • or by contacting any service point in person.

15. Versions of Data Protection and Privacy Policy

This version of the Data Processing Policy within the scope of Application Management has been published under reference Version 202501.
To ensure its updating, development and continuous improvement, Sodecia may, at any time, proceed with any changes deemed appropriate or necessary to its different Personal Data Protection Policies, and the respective publication in the different channels is ensured to guarantee transparency and information to Users, Service Recipients, Customers, Employees, Candidates or Suppliers.
To consult previous versions of the Data Protection and Privacy Policy, please send a request by email to dpo@sodecia.com .

Data: 20250131

SODECIA
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.