Privacy Policy

Who we are

team.it has the common purpose of bringing together a community around an inclusive technology consultancy project. team.it aims to return to its roots, through a sustainable corporate strategy – work-life balance, remote work, community involvement – ​​and whose ultimate goal is the empowerment and happiness of our people. We believe that success is based on building a team focused on collective well-being, personal and professional development, and based on a work philosophy that promotes the healthy management of our lives.

With headquarters at Rua Sousa Martins nº 10, Lisbon, registered at the Lisbon Commercial Registry Office, under registration and legal entity number 516 437 755, team.it, within the scope of its consultancy and engineering services, needs to collect and process personal data of candidates, employees, customers, suppliers and third parties.

Since the protection of the privacy and personal data of all those who interact with team.it is a concern and a priority for us, this privacy and data protection policy has been drawn up accordingly. This enables us to clearly and transparently communicate the best practices regarding this process.

Any and all personal data provided will be treated with the guarantee of security and confidentiality required by the legal framework regarding the protection of personal data.

Framework

This policy describes a set of guidelines, rules and principles that must be observed by team.it to ensure the protection of the rights of data subjects.

team.it is obliged to comply with this policy in accordance with the obligations of Regulation 2016/679/EU of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”).

In this sense, team.it seeks to ensure that its internal procedures comply with the legal obligations of the GDPR and that the personal data of its employees, customers, suppliers or service providers and any other data subjects whose personal data team.it processes in the course of its activity are processed in accordance with the regulatory and legal standards in force and kept secure.

Data controller

moOngy – team.it S.A., with registered office at Rua Sousa Martins nº 10, Lisbon, registered at the Lisbon Commercial Registry Office, under registration and legal entity number 516 437 755, is the entity responsible for the processing of personal data, committing to apply the necessary technical and organizational measures, taking into account all aspects that may influence compliance with the General Data Protection Regulation (hereinafter referred to as “GDPR”), to safeguard the Fundamental Rights of Data Subjects. To this end, team.it S.A. has several technological measures (“privacy-enhancing technologies”) which we constantly seek to update, having employees specially designated for this purpose, demonstrating our concern and commitment to the Data Subject. In addition, we keep a record of the nature, scope, context and purposes of processing the data collected, which allows us to ensure and prove that the processing is carried out in a way that guarantees the full Protection of Data Subjects as a commitment that attests to our responsibility.

Contacts:

  • Postal address: Rua Sousa Martins 10, 1050-009
  • LisbonTelephone number: 915 210 728
  • E-mail:gdpr@team-it.pt

Application and scope

This Privacy Policy also applies to the respective employees, subcontractors, co-responsible parties, suppliers, customers, users of this website, trainees and candidates who operate within the Universe of this company.

For the purposes of this Privacy Policy, each company with its own taxpayer belonging to the moOngy Business Group has its own independent and autonomous Privacy Policy, therefore, for the purposes of Responsibility for Processing, each Company (and its assets) belonging to this Business Group has its independence, and none of these entities are responsible for the acts or omissions of the other entities of the group with regard to Data Protection.

Global Projects Department

The Global Projects Department (DPG) is part of moOngy S.A., which is the Managing Company of the Moongy Group, which also includes team.it S.A.

The Department is made up of professionals with a background and technical and organizational knowledge in different areas who provide support in various areas, including: Information Security and Data Protection.

The DPG assists team.it S.A. in implementing the GDPR, being fully informed, engaging appropriately and in a timely manner in all matters related to the protection of personal data, taking into account the risks associated with processing operations, such as their nature, scope, context and purposes. It also ensures compliance with all processes established to preserve data confidentiality.

With regard to requests for data subjects' rights, reporting personal data breaches and other communications related to the GDPR, this is the contact point:

  • gdpr@team-it.pt

We guarantee confidentiality in the processing of your data.

Personal data is considered confidential and, as such, is covered by legal confidentiality obligations. Data processing is supervised by the data controller who will ensure that only duly authorized persons can process certain data.

The need-to-know principle has been adopted, whereby employees may only have access to personal data if it is strictly necessary for the performance of their duties. Processing outside this scope is considered prohibited and subject to disciplinary sanctions.

Employees are not permitted to use personal data for private or economic purposes, to transmit it to unauthorized third parties and/or to allow access in any other way.

OUR PERSONAL DATA

What is Personal Data?

Personal Data is information relating to an identified or identifiable natural person (Data Subject), excluding data relating to legal entities. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, etc.

Any specific element of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

What data do we need to collect?

The personal data collected are strictly necessary and are limited to the purposes for which they are intended, which are determined, explicit, legitimate and kept for the strict period of time in which they may be necessary for their purpose. Personal data must be processed lawfully, fairly and transparently in relation to the data subject.

In order to carry out its business activity and as the data collection manager, team.it S.A. needs to collect and process the following data:

Data category
Information to be Collected
Candidate Data - Recruitment

Name; date of birth or age; gender; nationality/citizenship/place of birth; residential address; telephone and fax number; email address, native language; details and copy of identification document; immigration status (if you require a work permit); educational qualifications; academic record; professional record; photograph; marital status; household and details of any dependents.

Candidate Data - Contract Process (Admission)

Name; date of birth or age; gender; nationality/citizenship/place of birth; residential address; telephone and fax number; email address, native language; details and copy of identification document (citizen card or passport), including social security number (or equivalent in your country) and NIF; details and copy of your driving license and/or other proof of address; financial information (country of bank domicile, account holder, domicile (name of bank), IBAN, BIC (or SWIFT)); other tax information; immigration status (if you require a work permit); educational qualifications, proof of qualifications, academic record; professional history, photograph, emergency contacts; marital status, household and details of any dependents.

Customer Data - Contractual Process

Name, telephone number and email address of employees of the client company.

Supplier Data - Contractual Process

Name, telephone number and email address of employees of the client company, as well as financial information (country of bank domiciliation, account holder, domiciliation (name of bank), IBAN, BIC (or SWIFT)).

External Trainee Data

Full name; residential address; email address; work telephone number; Citizen Card number and validity; NIF; nationality; place of birth; date of birth.

Website User Data

Cookies collect generic information, namely: i) IP address; ii) date, time, duration and frequency with which you access the website; iii) how you arrive at and use the website; ii) information related to your authorizations; iii) the area of ​​the country through which you access the website.

What is the purpose of the treatment?
Data category
Purpose of Processing
Candidate Data

They are used for recruitment:

  • Fit the candidate into the respective business opportunities;
  • Conducting interviews;
  • Forward the candidate for client qualification;
  • Presentation of pre-proposal.
Employee Data

They are used to:

  • Human resource Management;
  • Personnel selection and recruitment;
  • Processing of salaries, benefits and allowances, including salary garnishments and expense reimbursement;
  • Occupational health and safety;
  • Management of disciplinary sanctions;
  • Professional qualification;
  • Video surveillance;
  • Time/attendance control.
Employee Data

The data collected from our Clients is quite limited, the main reason for this collection being to ensure that the contractual provisions established are duly applied, so that the relationship can unfold without constraints. The use of this data is based on the main purposes:

  • Provide a consultancy service;
  • If the service we provide to you is carried out in association with any of our partners, we will have to share your data in order to provide you with the best possible service;
  • Provide training services.
Supplier Data

We use the data only to ensure that the contractual provisions comply with legal obligations, that our relationship and communication proceeds without any constraints, as well as to ensure payment processing.

External Trainee Data

They are used to:

  • Effect of management and implementation of training sessions;
  • Issuance of certificates;
  • History effects;
  • To help us improve the training experience and content.
Website User Data

They are used to:

  • Improve the user experience of our website.

What is the Legal Purpose of the Processing?

The purposes of processing personal data are determined by the execution of the various types of formalized legal contracts that become necessary to continue all of the company's activities, including:

  • the execution of service provision contracts that we have with our clients;
  • employment contracts that we have with our employees;
  • management of internal processes for clients and employees;
  • accounting, tax and administrative management;
  • litigation management;
  • control of physical security and compliance with legal obligations.

Under the terms of the GDPR, we are duly legitimized by the following lawful grounds for processing:

1 – Execution of contracts or pre-contractual steps – Processing is necessary for the conclusion, execution and management of contracts to which the data subject is a party, or at the request of the data subject.

2 – Compliance with a Legal Obligation – To comply with a legal obligation to which the company is subject. For example, communication of tax data.

3 – Pursuit of a legitimate interest, such as the security of people and property, improving the quality of a service, to promote transparency within the scope of Social Responsibility. team.it, S.A. performs a duly registered weighting test that allows us to safeguard the legitimacy of the processing.

4 – Consent – ​​Whenever the lawful grounds listed above are not applicable, team.it, S.A. requests the Consent of the Data Subject. Consent is a free, specific, informed and explicit manifestation of will through an unequivocal (and written) statement or act in which the Data Subject authorizes the Processing.

The removal/withdrawal of consent can be requested at any time by sending a simple request to the email address: gdpr@team-it.pt. The personal data collected by us will be processed and stored in accordance with the purposes and for the minimum period legally necessary.

To whom can we disclose the data?

team.it, S.A. may, within the scope of its core activities, disclose the data collected to fulfil the purposes indicated in this policy, with only the data strictly necessary for the execution of the service being provided to the entities of the team.it, S.A. network, based on compliance with a legal obligation (for example, salary processing or any tax obligation that requires it), and may also, to the extent necessary, be communicated to official entities whenever this is legally required and may be processed by entities subcontracted by the company (for example, internal and external auditors that allow us to preserve and improve the quality of the service).

In this sense, the entire scope of this policy extends to the processing of third parties and subcontractors, taking into account:

  • Compliance of processing with the GDPR, this privacy policy and legal, fair and transparent processing;
  • The data collected is merely instrumental to our activity, intended to pursue a specific, specific and legitimate purpose, and there may be no subsequent processing incompatible with the specific purposes;
  • The data collected will be strictly necessary for the purpose, being adequate, relevant and necessary for the purposes and collections of processing, taking into account the principle of data minimization;
  • The data will be kept accurate and up to date in order to guarantee the principle of accuracy and guaranteeing their integrity and confidentiality;
  • Also with regard to integrity and confidentiality, there may be no illegal or unauthorized processing to prevent any loss, destruction or damage to the data, adopting all appropriate technical and organizational measures;
  • The retention of the Data Subject's data is a concern for team.it, S.A., therefore, the data will remain identifiable solely and exclusively for the period necessary for the purposes for which the data is processed.

How we design new products

Whenever a new product is developed, it is ensured in its design (as a primary aspect) that it has the most advanced technical and organizational measures available to team.it, S.A. (taking into account the risks arising from the processing to the rights and freedoms of data subjects, as well as the risks arising from the processing to the rights and freedoms of individuals, being aware of the variability of probability and severity), while maintaining privacy as a pillar throughout the processing process. In this way, the application of all the Principles determined by the GDPR is guaranteed from the design stage, protecting Data Subjects and ensuring the rights of data subjects.

In short, team.it, S.A. undertakes to implement and keep privacy present in the product development phase and throughout the processing in order to ensure data protection from the very design of the product (“Privacy by Design”).

What is the data retention period?

The data will be kept for: the period necessary for the purposes for which they are intended and for which they are processed within the scope of our activity; for the maximum period of 5 years for staff selection and recruitment; for the periods required by the legal obligations to which we are subject.

YOUR RIGHTS

Data subject rights

The Data Subject has the following rights, which can be exercised easily and free of charge, via the following email address: gdpr@team-it.pt

A fee may only be charged for the exercise of these rights in the case of manifestly unfounded or excessive requests (in accordance with article 15, paragraph 3 of the GDPR).

Right of access

The data subject has the right to question whether or not the data is being processed and, if so, the right to access his/her personal data and to be provided with the following information:

  1. Purpose of the processing;
  2. Categories of data to be processed;
  3. Recipients to whom the data will be disclosed;
  4. Expected retention periods or, if this is not possible, the criteria used to determine this period;
  5. Existence of the right to request rectification, erasure, restriction of processing or opposition to processing;Security and destination measures affecting the transfer of data to third countries;
  6. Right to lodge a complaint with the supervisory authority.

The data subject also has the right to obtain a copy of the personal data being processed.

Right of rectification

The data subject has the right to request and obtain the rectification of inaccurate data and to request that incomplete personal data be completed without undue delay.

Right to erasure/to be forgotten

The data subject has the right to request the erasure of his/her personal data without undue delay, whenever it is no longer necessary for the purpose for which it was collected or processed. He/she may also decide to withdraw consent to the processing of his/her personal data whenever he/she wishes to exercise his/her right to object to it.

There are some exceptions to this right, such as if the data are contrary to the exercise of freedom of expression and information, if they are necessary for compliance with legal obligations, if they are necessary for reasons of public interest or public health, if they are necessary for archiving purposes in the public interest, scientific or historical research, for statistical purposes or for the exercise or defence of rights in legal proceedings. In these cases, the data subject must be informed of the reason why it is not possible to respond to his/her request.

Direito à limitação do tratamento

The data subject has the right to limit/restrict the processing of his/her personal data whenever one of the following situations occurs:

  1. If the data are inaccurate and they are contested during the period in which their accuracy can be verified;
  2. If the processing is unlawful, but the data subject opposes the end of the processing and only wishes to limit its use;
  3. If the controller no longer needs the data for processing, but such data are required by the data subject for the purposes of establishing, exercising or defending a right in legal proceedings;
  4. If at any time you have objected to the respective processing and the same has not ceased (i) for compelling legitimate reasons presented to the controller or (ii) for the purposes of establishing, exercising or defending a right in legal proceedings.

In the situations listed above, you may be asked to suspend processing or limit the scope of processing to certain categories of data (e.g. only providing full name and address) or even to specific processing purposes.

Direct to notification

Whenever the data subject requests the rectification, erasure or restriction of processing of data, the controller shall notify the data subject that it has done so in accordance with the request, unless such communication proves impossible or involves a disproportionate effort. If the data subject so requests, the controller shall provide the data subject with information about the recipients in question.

Right to data portability

The data subject has the right to receive personal data concerning him/her in a structured, commonly used and machine-readable format without team.it S.A. being able to object under the terms of article 20 no. 1 of the GDPR:

  • If the processing is based on a contract;
  • The data subject has given consent;
  • The processing is carried out by automated means.

How can I exercise my rights?

To exercise any of these rights or to address any questions regarding the processing of your personal data, the data subject must send a request to the entity's manager via the email address gdpr@team-it.pt.

Although these rights are explained to the data subject when their personal data is collected, if they have any questions, they may contact the manager via the email address gdpr@team-it.pt.

RESPONSIBILITIES

How do we protect your information?

team.it, S.A. has been working to maintain and preserve personal data with a high level of security. In compliance with the principle of security, confidentiality and privacy, we guarantee that your data is only processed by authorized persons, and that only those who have the legitimacy to do so will access and process your data, always doing so in an absolutely confidential manner. We have adopted the “need-to-know” principle, whereby employees may only have access to personal data if it is strictly necessary for the performance of their duties. Processing outside this scope is considered prohibited and subject to disciplinary sanctions, in accordance with our internal security and confidentiality policies and procedures, which are updated periodically according to needs.

Depending on the nature, scope, context and purposes of the data processing, as well as the risks arising from the processing for the rights and freedoms of the data subject, we apply, both when defining the means of processing and at the time of the processing itself, the necessary and appropriate technical and organizational measures to protect the data.

Employees are not permitted to use personal data for private or economic purposes, transmit it to unauthorized third parties and/or allow access in any other way.

team.it, S.A. also undertakes to ensure that, by default, only relevant, necessary and appropriate data will be processed for each specific purpose of processing and that such data will not be made available without human intervention to an indeterminate number of people.

Although not provided for, if personal data is transferred to countries outside the European Union, the applicable legal provisions will be observed, in particular regarding the determination of the suitability of such country with regard to data protection and the requirements applicable to such transfers.

Security measures have also been defined, ranging from good practices to the prevention of external threats. These are described in the security policy. If you wish to have access to it, you can request it to be sent to the email address gdpr@team-it.pt.

Global Projects Department (DPG)

team.it S.A, assisted by DPG, is responsible for:

  1. Act as data controller with respect to all duties and obligations set out in the GDPR;
  2. Monitor and control compliance of processes with the GDPR and with policies implemented in an appropriate and timely manner;
  3. Ensure that it has all the necessary resources to perform its functions;
  4. Act as a point of contact for requests from data subjects regarding the processing of their personal data and the exercise of their rights;
  5. Carry out data protection impact assessments if a certain type of processing so requires.

Personal Data Breach

A personal data breach is considered to be any act that compromises the security of personal data, whether accidentally or unlawfully, and that results in the destruction, loss, alteration, disclosure or unauthorized access to personal data transmitted, stored or subject to any other type of processing.

We reiterate that team.it, S.A. has been working to maintain and preserve personal data with a high level of security, having technical staff dedicated solely to this mission in the company. However, small deviations from the expected may always occur. If any of our candidates, employees, clients, subcontractors, or even third parties detect or suspect a possible data breach, they should immediately send an email to gdpr@team-it.pt, indicating what has happened, as well as identifying the data that may be at stake. In this way, the responsible department will be able to act quickly and appropriately in accordance with the standards established in the GDPR.

In the event of a data breach and to the extent that such breach is likely to entail a high risk to the rights and freedoms of customers, employees and other collaborators and/or partners, team.it, S.A. undertakes to communicate such breach to the National Data Protection Commission, within 72 hours of becoming aware of the incident and to the holders of personal data whenever such breach is likely to entail a high risk to their rights.

COOKIES

What are cookies?

Cookies are small text files that are stored on your computer or mobile device via your internet browser. As you navigate, they record your preferences and allow the website to identify your device the next time you access it.

At any time, you can decide to be notified about the receipt of cookies, view or change the type of cookies, and block their entry into your system, through your internet browser settings.

Why are they used?

Cookies are an essential part of the functioning of our website and to facilitate your navigation on the Platform, and their main purpose is to improve the user's browsing experience. For example, they are used to help determine the usefulness, interest and number of uses of the website, allow for faster and more efficient navigation, and also eliminate the need to repeatedly enter the same information.

The information collected by Cookies also allows us to improve the website through estimates and usage patterns, and to adapt it to the individual interests of users.

As described below, the website uses technical or strictly necessary cookies, performance cookies, functionality cookies and advertising cookies. Each of these cookies may be installed by team.it websites (first-party cookies) or by websites external to team.it (third-party cookies), and may be removed as soon as the user leaves the website (session cookies) or remain on the terminal equipment after the user leaves the website (persistent cookies).

The cookies currently used by the website are the following:

Technical or strictly necessary cookies

Technical or strictly necessary cookies are cookies installed to enable navigation on the website, allowing a correct user experience, namely website security or consent management. For this reason, these cookies do not require your consent.

Cookie
Cookie designation
Goal
Cookie nature
Duration
Cookiebot
CookieConsent
Stores the user's consent state cookie for the current domain.
Third part
1 year
www.team-it.pt
RequestVerificationToken
Helps prevent Cross-Site Request Forgery (CSRF) attacks.
Own
Session
www.team-it.pt
ARRAffinity
Used to distribute traffic to the website across multiple servers in order to optimize response times.
Own
Session
www.team-it.pt
ARRAffinitySameSite
Used to distribute traffic to the website across multiple servers in order to optimize response times.
Own
Session
Google
rc::a
Allows you to distinguish between humans and bots. This is necessary for reliable website usage reports.
Third part
Persistent
Google
rc::c
Allows you to distinguish between humans and bots.
Third part
Session

Performance Cookies

Performance cookies allow us to count visits and traffic sources, so team.it can measure and improve the performance of the website. These cookies help us to know which pages are most popular and how visitors use the website. All information these cookies collect is anonymous.

Cookie
Cookie designation
Goal
Cookie nature
Duration
Google_ga
_ga
Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
Third part
2 years
Google_gaGoogle_ga_#
_ga_#
Used by Google Analytics to collect data on the number of times a user has visited the site as well as the dates of the first and most recent visit.
Third part
2 years

Revocation and management of consents

The user may, at any time, revoke or change the preferences of previously granted consents. To do so, simply access the tool cookie management.

The use of cookies can also be defined in your browser preferences, in particular in the privacy options. To do this, we recommend that you consult the help section/menu of your browser or visit the websites of the respective provider.

Complaint to the supervisory authorities

Notwithstanding the existence of team.it, S.A.'s commitment to resolving any type of situation, the Data Subject has the right to file a complaint with the competent Authorities (CNPD) if any of their rights are denied.

From the competent authority:

National Data Protection Commission

Av. D. Carlos I, 134 - 1.º1200-651 Lisbon / Portugal

Tel: +351 213928400 / Fax: +351 213976832

www.cnpd.pt

Changes to the Privacy Policy

team.it, S.A. reserves the right to change this Privacy Policy at any time, and such change will be duly published here.

In any case, we suggest that you review this Policy regularly so that, if changes occur or updates are introduced, you can always be properly informed about them.

Applicable Law and Jurisdiction

The privacy policy as well as the collection, processing or transmission of data from customers, collaborators and partners are governed by the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and by the legislation and regulations applicable in Portugal, namely Law No. 58/2019 of 8 August.

Any disputes arising from the validity, interpretation or execution of the Privacy Policy, or which are related to the collection, processing or transmission of Customer data, must be submitted exclusively to the jurisdiction of the judicial courts of the District of Lisbon, without prejudice to the applicable mandatory legal rules.

Contact

If you have any questions, wish to exercise your rights, make suggestions or complaints regarding Data Protection and this Privacy Policy, you can contact us at our email address: gdpr@team-it.pt.