Escritos e Ditos undertakes to comply with current legislation on personal data protection, in particular the General Data Protection Regulation (EU) 2016/679. All employees of Escritos e Ditos involved in the management of the website and its data are therefore covered by a duty of secrecy and confidentiality.
In this statement, we explain how we collect, use, share and protect your personal information, when you use our services and our website.

1. Customer, supplier and employee data
Visitors to our website are not required to provide personal data. However, any person interested in our services can enter into contact with us using the contact forms provided, on which some personal data should be entered to establish communication with us.
We collect, store and use these personal data in order to issue quotes and to provide the translation, editing or consultancy services that you may require or to comply with applicable legislation.
We do not use and we will not use your personal data for marketing purposes.

CATEGORIES OF PERSONAL DATA
The personal data collected may include your name, postal address, e-mail address, telephone number and ID or tax number, payment terms and delivery terms, as well as financial and bank information.
The data in question will be kept for the entirety of our business relationship or for the time necessary to meet legal and tax obligations.

RETENTION OF PERSONAL DATA
Data concerning quotes will be retained for a period of up to six months and may be retained for longer periods for statistical purposes. When the work is carried out, any personal details will be retained for five years to comply with applicable tax obligations.

ACCESS BY THIRD PARTIES
If we subcontract a third party to provide translation, revision or editing work, your personal data will be eliminated from the document or the person will be asked to sign a confidentiality agreement. All our direct employees or subcontractors will be informed of their legal obligations concerning confidentiality and professional secrecy.

2. Your rights and obligations
We take every step necessary to guarantee the security, integrity and confidentiality of your personal data, under the terms of the European General Data Protection Regulation (EU) 2016/679, with regard to the processing of personal information.

At any time, you may ask us for:
:: Access to information concerning you existing in our systems and/or database;
:: Rectification of information if it is incorrect or incomplete;
:: Elimination of or limitation on the processing of your personal data;
:: Withdrawal of your consent (this action shall not affect the lawfulness of processing based on previously given consent).

3. Security measures
We take all technical and organisational measures necessary to comply with the Regulation, ensuring that the processing of your personal data is lawful, fair, transparent and limited to authorised purposes. We adopt the steps that we consider appropriate to ensure the accuracy, integrity and confidentiality of your personal data, as well as all your other rights.

:: UPDATES TO EQUIPMENT AND DEVICES | The equipment used to file and process personal data is updated as frequently as possible.

:: MALWARE | Anti-virus software is installed on the equipment used to store and process personal data, in order to prevent the theft or destruction of this information. This anti-virus software is regularly updated.

:: FIREWALL | All equipment used for the storage and processing of personal information is protected by a firewall, to prevent access by unauthorised third parties.

:: BACKUP | Personal data are frequently stored on devices intended to store information. The copy is stored in a secure location, separate from the computer that contains the original files, which means that the personal data can be recovered in the event of loss or damage. Since this backup is electronic, encryption is used to guarantee the confidentiality of the personal data in the event of illegal access by a third party.

:: TECHNICAL MEASURES | All the electronic systems used to store or process personal data are protected by a password.

4. Data violation
If there is violation of the security of personal data, due to theft or illegal access, for example, we will notify the National Data Protection Commission within 72 hours from that event. This will include all the information required to clarify the circumstances in which this breach occurred.

This Privacy Notice was updated on 24 May 2018 and will be updated as and when necessary. In case of discrepancies between the different language versions, the Portuguese version will prevail.
If you have any question about the processing of your personal data, please do not hesitate to contact us:

Data controller:
Escritos e Ditos, Serviços de Tradução Unipessoal Lda.
Rua Duarte Barbosa, nº 364, R/C-A
4150-282 Porto
E-mail: escritoseditos@escritoseditos.pt