_edited.png)
ALLPROPERTY PRIVACY POLICY AND NOTICE
POLÍTICA DE PRIVACIDADE E AVISO DA ALL PROPERTY
A All Property é um controlador e operador de dados nos termos do Regulamento Geral de Proteção de Dados (RGPD) e desenvolveu esta política de privacidade / aviso para cumprir os requisitos do RGPD.
1. DEFINIÇÕES
1.1. “Violação de Dados” significa uma violação de segurança que leve à destruição, perda, alteração, divulgação não autorizada ou acesso acidental ou ilegal a Dados Pessoais sob o controlo ou na posse da All Property;
1.2. “Responsável pelo Tratamento” significa uma pessoa ou entidade que Trata Dados Pessoais por conta de um Responsável pelo Tratamento nos termos de um contrato ou mandato, sem estar sob a autoridade direta desse Responsável pelo Tratamento.
1.3. “Titular dos Dados” significa a pessoa a quem os Dados Pessoais dizem respeito;
1.4. “Marketing Direto” significa abordar uma pessoa, por comunicação eletrónica, com o objetivo de promover ou oferecer o fornecimento, no curso normal dos negócios, de quaisquer bens ou serviços ao Titular dos Dados;
1.5. “Operador de Marketing Direto” significa um fornecedor que utiliza o Marketing Direto como mecanismo de publicidade;
1.6. “Funcionários” significa qualquer funcionário da All Property;
1.7. “RGPD” significa o Regulamento (UE) 2016/679 do Parlamento Europeu relativo à proteção das pessoas singulares no que diz respeito ao tratamento de dados pessoais e à1 livre circulação desses dados (Regulamento Geral de Proteção de Dados);2
1.8. “All Property” significa All Property, um empresário em nome individual que presta serviços de inspeção de imóveis, e inclui os termos “nós”, “nos” e “nosso”;
1.9. “Criança menor” significa qualquer pessoa singular com idade inferior a 16 (dezasseis) anos (se a criança estiver na Europa);
1.10. “Operador” significa uma pessoa ou entidade que Trata Dados Pessoais por conta de um Responsável pelo Tratamento nos termos de um contrato ou mandato, sem estar sob a autoridade direta desse Responsável pelo Tratamento;
1.11. “Dados Pessoais” significa informações relativas a um Titular dos Dados, incluindo, mas não se limitando a (i) opiniões de outro indivíduo sobre o Titular dos Dados; e (ii) informações relativas a tal Titular dos Dados – Raça, sexo, género, orientação sexual, gravidez, estado civil, nacionalidade, origem étnica ou social, cor, idade, saúde física ou mental, bem-estar, deficiência, religião, consciência, crença, afiliação cultural, língua e nascimento; Educação, histórico médico, financeiro, criminal ou profissional;
Nomes, número de identificação e/ou qualquer outro identificador pessoal, incluindo qualquer número(s), que possa(m) identificar exclusivamente um Titular dos Dados, número de conta ou cliente, palavra-passe, código PIN, código ou número de cliente ou Titular dos Dados, designação ou configuração numérica, alfabética ou alfanumérica de qualquer natureza, símbolo, endereço de correio eletrónico, nome de domínio ou endereço IP, endereço físico, número de telemóvel, número de telefone ou outra atribuição específica; tipo sanguíneo, impressão digital ou qualquer outra informação biométrica;
opiniões, pontos de vista ou preferências pessoais; correspondência que seja implícita ou expressamente de natureza pessoal, privada ou confidencial (ou correspondência adicional que revele o conteúdo da correspondência original); e estrutura corporativa, composição e operações comerciais (em circunstâncias em que o Titular dos Dados seja uma pessoa coletiva), independentemente de tais informações serem de domínio público ou não;
1.12 “Política” significa esta Política;
1.13 “RGPD” significa o Regulamento Geral de Proteção de Dados;
1.14 “Tratamento” e/ou “Tratar” significa qualquer operação ou conjunto de operações efetuadas sobre Dados Pessoais ou sobre conjuntos de Dados Pessoais, por meios automatizados ou não, tais como a recolha, o registo, a organização, a estruturação, a conservação,3 a adaptação ou alteração, a recuperação, a consulta, a utilização, a divulgação por transmissão, difusão ou qualquer outra forma de disponibilização, a comparação ou interconexão, a limitação, o apagamento ou a destruição.4
1.15 “Autoridade de Controlo” significa a autoridade de supervisão relevante ao abrigo do RGPD;
1.16 “Responsável pelo Tratamento” significa a pessoa singular ou coletiva, a autoridade pública, a agência ou outro organismo que, individualmente ou em5 conjunto com outras, determina as finalidades e os meios de tratamento de dados pessoais;6
1.17 “Dados Pessoais Especiais” significa Dados Pessoais relativos à origem racial ou étnica, às opiniões políticas, às convicções religiosas ou filosóficas, ou à filiação sindical,7 bem como os dados genéticos, dados biométricos para identificar de forma inequívoca uma pessoa singular, dados relativos à saúde ou dados relativos à vida sexual ou orientação sexual de uma pessoa singular;8
1.18 “Terceiro” significa qualquer contratante independente, agente, consultor, subcontratante ou outro representante da All Property; e
1.19 “Website” significa o website da All Property atualmente acessível em https://www.allpropertyeu.com/
2. FINALIDADE DESTA POLÍTICA
A finalidade desta Política é informar os Titulares dos Dados sobre como a All Property irá tratar os seus Dados Pessoais.
3. APLICAÇÃO DESTA POLÍTICA
3.1. A All Property, na sua qualidade de Responsável pelo Tratamento e/ou Responsável e/ou Operador, esforçar-se-á por observar e cumprir as suas obrigações ao abrigo do RGPD, bem como os princípios, práticas e diretrizes de proteção de informação aceites, quando Tratar Dados Pessoais de ou relativos a um Titular dos Dados.
3.2. Esta Política aplica-se aos Dados Pessoais recolhidos pela All Property e inclui informações recolhidas diretamente de si enquanto Titular dos Dados, bem como informações que recolhemos indiretamente através das nossas campanhas de Marketing Direto e online através dos nossos websites, páginas de marca em plataformas de Terceiros e aplicações acedidas ou utilizadas através de tais websites ou plataformas de Terceiros que são operadas por ou em nome da All Property.
3.3. Esta Política de Privacidade não se aplica às práticas de informação de empresas de Terceiros com as quais podemos interagir em relação às nossas operações comerciais (incluindo, sem limitação, os seus websites, plataformas e/ou aplicações) que não possuímos ou controlamos; ou a indivíduos que a All Property não gere ou emprega. Estes sites de Terceiros podem ter as suas próprias políticas de privacidade e termos e condições, e encorajamo-lo a lê-los antes de os utilizar.
4. COMO OS DADOS PESSOAIS SÃO RECOLHIDOS
4.1. A All Property recolhe Dados Pessoais diretamente dos Titulares dos Dados, a menos que o Titular dos Dados tenha tornado os Dados Pessoais públicos ou os Dados Pessoais estejam contidos ou derivem de um registo público e/ou, em alguns casos, de Terceiros.
4.2. A All Property recolherá sempre os Dados Pessoais de forma justa, legal e razoável para garantir que protege a privacidade do Titular dos Dados e Tratará os Dados Pessoais com base em fundamentos legítimos de uma forma que não afete adversamente o Titular dos Dados em questão.
4.3. Quando a All Property obtiver Dados Pessoais de Terceiros, a All Property garantirá que obtém o consentimento do Titular dos Dados para o fazer ou apenas Tratará os Dados Pessoais sem o consentimento do Titular dos Dados quando a All Property estiver autorizada a fazê-lo nos termos da cláusula 4.1 acima.
4.4. Exemplos de tais Terceiros incluem: (i) os nossos clientes quando a All Property trata Dados Pessoais em seu nome; (ii) agências de referência de crédito; (iii) outras empresas que prestam serviços à All Property; e (iv) quando a All Property utiliza fontes de informação publicamente disponíveis.
5. TRATAMENTO LÍCITO DE DADOS PESSOAIS
5.1. Quando a All Property for o Responsável pelo Tratamento, apenas Tratará os Dados Pessoais de um Titular dos Dados (exceto para Dados Pessoais Especiais) quando –
5.1.1. for obtido o consentimento do Titular dos Dados (ou de uma pessoa competente quando o Titular dos Dados for uma Criança Menor);
5.1.2. o Tratamento for necessário para a execução de diligências pré-contratuais a pedido do Titular dos Dados ou para a execução de um contrato no qual o Titular dos Dados é parte;
5.1.3. o Tratamento for necessário para o cumprimento de uma obrigação jurídica a que a All Property esteja sujeita;
5.1.4. o Tratamento for necessário para a defesa de interesses vitais do Titular dos Dados ou de outra pessoa singular;
5.1.5. o Tratamento for necessário para efeito dos interesses legítimos prosseguidos pela All Property ou por terceiros a quem os dados sejam comunicados; e/ou
5.1.6. o Tratamento for necessário para o desempenho de uma tarefa de interesse público ou para o exercício da autoridade pública de que está investida a All Property.
5.2. A All Property tornará claro para o Titular dos Dados a forma e a razão pela qual os Dados Pessoais serão Tratados.
5.3. Quando a All Property se basear no consentimento de um Titular dos Dados como fundamento jurídico para o Tratamento de Dados Pessoais, o Titular dos Dados pode retirar o seu consentimento ou opor-se ao Tratamento dos Dados Pessoais pela All Property a qualquer momento. No entanto, isto não afetará a licitude de qualquer Tratamento efetuado antes da retirada do consentimento.
5.4. Se o consentimento for retirado ou se houver uma objeção justificada contra a utilização ou o Tratamento de tais Dados Pessoais, a All Property garantirá que os Dados Pessoais deixem de ser Tratados.
6. DADOS PESSOAIS ESPECIAIS E DADOS PESSOAIS DE CRIANÇAS
6.1 A All Property reconhece que geralmente não Tratará Dados Pessoais Especiais a menos que
(i) o tratamento seja efetuado com o consentimento explícito do Titular dos Dados; ou
(ii) a informação tenha sido manifestamente tornada pública pelo Titular dos Dados; ou
(iii) o tratamento seja necessário para o estabelecimento, exercício ou defesa de um direito ou reclamação legal ou obrigação legal; ou (iv) o tratamento seja para fins de arquivo de interesse público, para fins de investigação científica ou histórica ou para fins estatísticos, em conformidade9 com as garantias estipuladas; ou – para efeitos do RGPD –
6.1.1 tenha sido obtida autorização específica nos termos do RGPD –
6.1.2 o tratamento seja necessário para efeitos do cumprimento das obrigações e do exercício de direitos específicos da All Property ou do Titular dos Dados em matéria de direito do trabalho e da segurança social e da proteção social;
6.1.3 o tratamento seja necessário para proteger os interesses vitais do Titular dos Dados ou de outra pessoa singular, caso o Titular dos Dados esteja física ou legalmente incapacitado de dar o seu consentimento;
6.1.4 o tratamento seja necessário para o estabelecimento, exercício ou defesa de ações judiciais ou sempre que os tribunais atuem na sua capacidade jurisdicional;
6.1.5 o tratamento seja necessário por motivos de interesse público relevante;
6.1.6 o tratamento seja necessário para fins de medicina preventiva ou do trabalho; ou
6.1.7 o tratamento seja necessário por motivos de interesse público no domínio da saúde pública.
7. FINALIDADE DO TRATAMENTO DE DADOS PESSOAIS
7.1 A All Property apenas Tratará os Dados Pessoais de um Titular dos Dados para uma finalidade (ou finalidades) específica, lícita e clara e garantirá que informa o Titular dos Dados de tal finalidade (ou finalidades) na medida do possível.
7.2 A All Property geralmente utilizará os Dados Pessoais para fins necessários ao funcionamento e gestão das suas operações comerciais normais, e estes fins incluem um ou mais dos seguintes fins não exaustivos –
7.2.1 Para efeitos de prestação dos seus serviços ao Titular dos Dados de tempos a tempos;
7.2.2 Os Dados Pessoais são tratados como parte do processo de “Conheça o Seu Cliente”/“KYC”, conforme os requisitos da Lei nº 38/2001 relativa ao Centro de Inteligência Financeira;
7.2.3 Os Dados Pessoais são tratados para efeitos de realização de processos de due diligence sobre os Clientes da All Property;
7.2.4 Os Dados Pessoais são tratados em relação a fins de auditoria interna (ou seja, garantir que os controlos internos adequados estão em vigor para mitigar os riscos relevantes, bem como realizar quaisquer investigações quando tal for necessário);
7.2.5 Os Dados Pessoais são tratados para fins relacionados com o emprego, tais como a administração da folha de pagamento, a avaliação do histórico de crédito e criminal e a determinação das estatísticas da Lei da Equidade no Emprego nº 55/1998;
7.2.6 Para responder a qualquer correspondência que o Titular dos Dados possa enviar à All Property, incluindo por e-mail, site(s) da All Property ou por telefone;
7.2.7 Em relação à execução de funções de processamento de pagamentos, incluindo o pagamento de faturas de fornecedores da All Property;
7.2.8 Para contactar o Titular dos Dados para fins de marketing direto, sujeito às disposições da cláusula 10 abaixo;
7.2.9 Para outros fins aos quais o Titular dos Dados possa dar o seu consentimento de tempos a tempos; e
7.2.10 Para outros fins autorizados nos termos da lei aplicável.
8. EXATIDÃO DOS DADOS PESSOAIS
8.1 A All Property tomará medidas razoáveis para garantir que todos os Dados Pessoais sejam mantidos tão exatos, completos e atualizados quanto razoavelmente possível, dependendo da finalidade para a qual os Dados Pessoais são recolhidos ou posteriormente tratados.
8.2 A All Property poderá nem sempre solicitar expressamente ao Titular dos Dados que verifique e atualize os seus Dados Pessoais, a menos que este processo seja especificamente necessário.
8.3 A All Property, no entanto, espera que o Titular dos Dados notifique a All Property por escrito, de tempos a tempos, quaisquer atualizações necessárias relativamente aos seus Dados Pessoais.
9. ARMAZENAMENTO E TRATAMENTO DE DADOS PESSOAIS
9.1 A All Property poderá armazenar os seus Dados Pessoais em formato de papel e/ou em formato eletrónico utilizando os seus próprios servidores seguros no local ou outra tecnologia alojada internamente. Os seus Dados Pessoais poderão também ser armazenados por Terceiros, através de serviços de cloud ou outra tecnologia, com os quais a All Property celebrou contratos para apoiar as suas operações comerciais.
9.2 Os prestadores de serviços de Terceiros da All Property, incluindo os prestadores de serviços de armazenamento e tratamento de dados, poderão também ter acesso aos Dados Pessoais de um Titular dos Dados, de tempos a tempos, em relação às finalidades para as quais os Dados Pessoais foram inicialmente recolhidos para serem Tratados.
9.3 A All Property garantirá que tais prestadores de serviços de Terceiros tratarão os Dados Pessoais em conformidade com as disposições desta Política, todas as outras políticas e procedimentos internos relevantes e o RGPD.
9.4 Estes Terceiros não utilizam nem têm acesso aos seus Dados Pessoais para outros fins que não os especificados por nós, e a All Property exige que tais partes empreguem pelo menos o mesmo nível de segurança que a All Property utiliza para proteger os seus dados pessoais.
9.5 Subcontratantes e Acordos de Tratamento de Dados
Quando a All Property contrata prestadores de serviços terceirizados para tratar dados pessoais em nosso nome, essas partes (atuando como subcontratantes) o farão apenas para fins específicos e sob nossas instruções. Celebrarão Acordos de Tratamento de Dados (DPAs) juridicamente vinculativos com esses terceiros, conforme exigido pelo RGPD. Esses DPAs incluirão obrigações do subcontratante de implementar medidas técnicas e organizacionais apropriadas para garantir um nível de segurança adequado ao risco, de tratar dados pessoais apenas sob instruções documentadas da All Property e de nos auxiliar no cumprimento de nossas obrigações sob o RGPD.
9.6 Transferências Internacionais de Dados Pessoais
Seus dados pessoais podem ser tratados na África do Sul ou em outro país onde a All Property, suas afiliadas e seus prestadores de serviços terceirizados mantêm servidores e instalações. Quando transferimos dados pessoais para fora da União Europeia e do Espaço Econômico Europeu (UE/EEE), o faremos em conformidade com os requisitos do RGPD para transferências internacionais. Isso inclui garantir que:
O país destinatário tenha sido considerado pela Comissão Europeia como fornecendo um nível adequado de proteção para dados pessoais.
Salvaguardas apropriadas estejam em vigor, como Cláusulas Contratuais Padrão (SCCs) aprovadas pela Comissão Europeia, Regras Corporativas Vinculativas (BCRs) do importador de dados ou outro mecanismo de transferência válido reconhecido sob o RGPD.
Quando nenhuma das opções acima se aplicar, a transferência será baseada em uma derrogação específica nos termos do Artigo 49 do RGPD (por exemplo, consentimento explícito, necessidade para a execução de um contrato).
A All Property tomará medidas, incluindo por meio de contratos que incorporem salvaguardas aprovadas pelo RGPD, para garantir que seus dados pessoais continu
10. MARKETING DIRETO
10.1 Na medida em que a All Property atue na sua qualidade de Operador de Marketing Direto, envidará esforços para observar e cumprir as suas obrigações ao abrigo do RGPD ao implementar princípios e práticas relacionados com o Marketing Direto.
10.2 A All Property reconhece que só poderá utilizar Dados Pessoais para contactar o Titular dos Dados para fins de Marketing Direto, de tempos a tempos, quando tal for permitido.
10.3 Poderá utilizar Dados Pessoais para contactar qualquer Titular dos Dados e/ou comercializar diretamente os serviços da All Property junto do(s) Titular(es) dos Dados se o Titular dos Dados for um cliente existente da All Property, se o Titular dos Dados tiver solicitado o envio de material de marketing da All Property ou se a All Property tiver o consentimento do Titular dos Dados para comercializar diretamente os seus serviços junto do Titular dos Dados.
10.4 Se o Titular dos Dados for um cliente existente, a All Property apenas utilizará os seus Dados Pessoais se os tiver obtido através da prestação de um serviço ao Titular dos Dados e apenas em relação a serviços semelhantes aos que a All Property prestou anteriormente ao Titular dos Dados.
10.5 A All Property garantirá que é dada uma oportunidade razoável ao Titular dos Dados para se opor à utilização dos seus Dados Pessoais para fins de marketing da All Property aquando da recolha dos Dados Pessoais e por ocasião de cada comunicação ao Titular dos Dados para fins de Marketing Direto.
10.6 A All Property não utilizará os seus Dados Pessoais para lhe enviar material de marketing se tiver solicitado que não o faça. Se solicitar que deixemos de Tratar os seus Dados Pessoais para fins de marketing, a All Property fá-lo-á. Recomendamos que tais pedidos de exclusão de marketing sejam feitos através de formulários e links fornecidos para esse fim nos materiais de marketing que lhe são enviados.
11. CONSERVAÇÃO DE DADOS PESSOAIS
11.1 A All Property poderá manter registos dos Dados Pessoais que recolheu, correspondência ou comentários em formato eletrónico ou em papel.
11.2 A All Property não conservará dados pessoais por um período superior ao necessário para atingir a finalidade para a qual foram recolhidos ou tratados e é obrigada a eliminar, destruir (de forma a que não possam ser reconstruídos) ou anonimizar as informações assim que for razoavelmente praticável após a finalidade ter sido atingida. Esta proibição não se aplicará nas seguintes circunstâncias –
11.2.1 Quando a conservação do registo for exigida ou autorizada por lei;
11.2.2 A All Property necessitar do registo para cumprir as suas funções ou atividades legais;
11.2.3 A conservação do registo for exigida por um contrato entre as partes;
11.2.4 O titular dos dados (ou pessoa competente, quando o titular dos dados for uma criança) tiver consentido numa conservação mais longa; ou
11.2.5 O registo for conservado para fins históricos, de investigação ou estatísticos, desde que sejam implementadas salvaguardas para impedir a utilização para qualquer outra finalidade.
11.2.6 Consequentemente, a All Property, sujeita às exceções aqui referidas, conservará os Dados Pessoais durante o tempo necessário para cumprir as finalidades para as quais esses Dados Pessoais foram recolhidos e/ou conforme permitido ou exigido pela lei aplicável.
11.2.7 Quando a All Property conservar Dados Pessoais por períodos mais longos para fins estatísticos, históricos ou de investigação, a All Property garantirá que foram implementadas salvaguardas adequadas para garantir que todos os Dados Pessoais registados continuarão a ser Tratados em conformidade com esta Política e as leis aplicáveis.
11.2.8 Uma vez que a finalidade para a qual os Dados Pessoais foram inicialmente recolhidos e Tratados deixe de se aplicar ou se tornar obsoleta, a All Property garantirá que os Dados Pessoais sejam eliminados, destruídos ou anonimizados de forma suficientemente adequada para que uma pessoa não possa reidentificar tais Dados Pessoais.
11.2.9 Nos casos em que anonimizarmos os seus Dados Pessoais, a All Property poderá utilizar tais informações anonimizadas indefinidamente.
12. FALHA NA FORNECIMENTO DE DADOS PESSOAIS
12.1 Caso a All Property necessite de recolher Dados Pessoais por lei ou nos termos de um contrato que a All Property possa ter consigo e não forneça os Dados Pessoais quando solicitado, poderemos não conseguir executar o contrato que temos ou estamos a tentar celebrar consigo.
12.2 Em tal caso, a All Property poderá ter de recusar a prestação ou receção dos serviços relevantes, e será notificado caso tal aconteça.
13. SEGURANÇA DOS DADOS PESSOAIS
13.1 A All Property preservará a segurança dos Dados Pessoais e, em particular, impedirá a sua alteração, perda e dano, ou acesso por terceiros não autorizados.
13.2 A All Property garantirá a segurança e a integridade dos Dados Pessoais na sua posse ou sob o seu controlo com medidas técnicas e organizacionais adequadas e razoáveis para impedir a perda, o acesso ilegal e a destruição não autorizada dos Dados Pessoais.
13.3 Tendo em conta o estado da técnica, os custos de implementação e a natureza, o âmbito, o contexto e as finalidades do tratamento, bem como o risco de probabilidade e gravidade variáveis para os direitos e liberdades1 dos Titulares dos Dados, a All Property implementa medidas técnicas e organizacionais adequadas para garantir um nível de segurança adequado ao risco do Tratamento, incluindo medidas que protejam quaisquer Dados Pessoais contra perda ou roubo, e acesso, divulgação, cópia, utilização ou modificação não autorizados, incluindo –
13.3.1 a pseudonimização e a cifragem dos Dados Pessoais;
13.3.2 a capacidade de assegurar a confidencialidade, integridade, disponibilidade e resiliência permanentes dos sistemas e serviços de tratamento;2 a capacidade de restabelecer a disponibilidade e o acesso aos Dados Pessoais de forma atempada em caso de incidente físico ou técnico;3 e
13.3.3 um processo para testar, apreciar e avaliar regularmente a eficácia das medidas técnicas e organizacionais para garantir a segurança do Tratamento.4
13.3.4 Além disso, a All Property mantém e verifica regularmente se as medidas de segurança são eficazes e atualiza-as regularmente em resposta a novos riscos.
14. VIOLAÇÕES DE DADOS PESSOAIS
14.1 Uma Violação de Dados refere-se a qualquer incidente em relação ao qual existam motivos razoáveis para crer que os Dados Pessoais de um Titular dos Dados foram acedidos ou adquiridos por qualquer pessoa não autorizada.
14.2 Uma Violação de Dados pode ocorrer por muitas razões, que incluem:
(a) perda ou roubo de dados ou equipamento no qual os Dados Pessoais estão armazenados;
(b) controlos de acesso inadequados que permitam a utilização não autorizada;
(c) falha de equipamento;
(d) erro humano;
(e) circunstâncias imprevistas, como um incêndio ou uma inundação;
(f) ataques deliberados a sistemas, como hacking, vírus ou esquemas de phishing; e/ou
(g) alteração de Dados Pessoais sem permissão e perda de disponibilidade de Dados Pessoais.
14.3 A All Property tratará qualquer Violação de Dados em conformidade com os termos do RGPD.
14.4 A All Property notificará a Autoridade de Controlo e o Titular dos Dados afetado (a menos que a lei aplicável exija que atrasemos a notificação ao Titular dos Dados) por escrito em caso de Violação de Dados (ou uma crença razoável de uma Violação de Dados) relativamente aos Dados Pessoais desse Titular dos Dados.
14.5 A All Property fornecerá tal notificação assim que for razoavelmente possível e, sempre que viável, o mais tardar 72 (setenta e duas) horas após ter tomado conhecimento de qualquer Violação de Dados relativamente aos Dados Pessoais desse Titular dos Dados.
14.6 Quando a All Property atuar como um “Operador” e qualquer Violação de Dados afetar os dados dos Titulares dos Dados cujas informações a All Property Trata como Operador, a All Property (nos termos do RGPD) notificará imediatamente o Responsável pelo Tratamento relevante sempre que existirem motivos razoáveis para crer que os Dados Pessoais dos Titulares dos Dados relevantes foram acedidos ou adquiridos por qualquer pessoa não autorizada.
15. DIVULGAÇÃO DE DADOS PESSOAIS A PRESTADORES DE SERVIÇOS TERCEIROS
15.1 A All Property poderá divulgar Dados Pessoais a Terceiros e celebrará acordos escritos com tais Terceiros para garantir que Tratam quaisquer Dados Pessoais em conformidade com as disposições desta Política e do RGPD.
15.2 A All Property observa que tais Terceiros poderão auxiliar a All Property com as finalidades enumeradas no parágrafo 7.4 acima – por exemplo, poderão ser utilizados prestadores de serviços, entre outros:
(i) para notificar os Titulares dos Dados de qualquer informação pertinente relativa à All Property,
(ii) ou para armazenamento de dados e/ou
(iii) para auxiliar a All Property com processos de auditoria (auditores externos).
15.3 A All Property divulgará Dados Pessoais com o consentimento do Titular dos Dados ou se a All Property estiver autorizada a fazê-lo sem tal consentimento em conformidade com as leis aplicáveis.
15.4 Subcontratantes e Acordos de Tratamento de Dados
Quando a All Property contrata prestadores de serviços terceirizados para tratar dados pessoais em nosso nome, essas partes (atuando como subcontratantes) o farão apenas para fins específicos e sob nossas instruções. Celebrarão Acordos de Tratamento de Dados (DPAs) juridicamente vinculativos com esses terceiros, conforme exigido pelo RGPD. Esses DPAs incluirão obrigações do subcontratante de implementar medidas técnicas e organizacionais apropriadas para garantir um nível de segurança adequado ao risco, de tratar dados pessoais apenas sob instruções documentadas da All Property e de nos auxiliar no cumprimento de nossas obrigações sob o RGPD.
15.5 Transferências Internacionais de Dados Pessoais
Seus dados pessoais podem ser tratados na África do Sul ou em outro país onde a All Property, suas afiliadas e seus prestadores de serviços terceirizados mantêm servidores e instalações. Quando transferimos dados pessoais para fora da União Europeia e do Espaço Econômico Europeu (UE/EEE), o faremos em conformidade com os requisitos do RGPD para transferências internacionais. Isso inclui garantir que:
O país destinatário tenha sido considerado pela Comissão Europeia como fornecendo um nível adequado de proteção para dados pessoais.
Salvaguardas apropriadas estejam em vigor, como Cláusulas Contratuais Padrão (SCCs) aprovadas pela Comissão Europeia, Regras Corporativas Vinculativas (BCRs) do importador de dados ou outro mecanismo de transferência válido reconhecido sob o RGPD.
Quando nenhuma das opções acima se aplicar, a transferência será baseada em uma derrogação específica nos termos do Artigo 49 do RGPD (por exemplo, consentimento explícito, necessidade para a execução de um contrato).
A All Property tomará medidas, incluindo por meio de contratos que incorporem salvaguardas aprovadas pelo RGPD, para garantir que seus dados pessoais continuem a ser protegidos de acordo com os padrões exigidos pelo RGPD, independentemente de sua localização.
16. ACESSO A DADOS PESSOAIS
16.1 Um Titular dos Dados tem certos direitos ao abrigo do RGPD, incluindo os seguintes:
16.1.1 Direito de acesso: um Titular dos Dados que tenha fornecido prova de identidade adequada tem o direito de:
(i) solicitar a um Responsável pelo Tratamento que confirme se detém quaisquer Dados Pessoais sobre o Titular dos Dados; e/ou
(ii) solicitar a um Responsável pelo Tratamento uma descrição dos Dados Pessoais detidos pelo Responsável pelo Tratamento, incluindo informações sobre Terceiros que tiveram ou têm acesso aos Dados Pessoais. Um Titular dos Dados pode solicitar:
16.1.1.1 Que a All Property confirme, gratuitamente, se detém quaisquer Dados Pessoais sobre ele/ela/o; e
16.1.1.2 Obter da All Property o registo ou descrição dos Dados Pessoais que lhe digam respeito e quaisquer informações sobre os destinatários ou categorias de destinatários que tiveram ou têm acesso aos Dados Pessoais. Tal registo ou descrição deve ser fornecido:
16.1.1.3 Dentro de um prazo razoável; e
16.1.1.4 De forma e formato razoáveis e numa forma que seja geralmente compreensível.
16.1.2 Direito de solicitar a correção ou eliminação: um Titular dos Dados pode também solicitar à All Property que –
16.1.2.1 Corrija ou elimine Dados Pessoais sobre o Titular dos Dados na sua posse ou sob o seu controlo que sejam inexatos, irrelevantes, excessivos, desatualizados, incompletos, enganosos ou obtidos ilegalmente; ou
16.1.2.2 Destrua ou elimine um registo de Dados Pessoais sobre o Titular dos Dados que a All Property já não esteja autorizada a conservar nos termos das disposições do RGPD relativas à conservação e restrição de registos.
16.1.2.3 Após a receção de tal pedido, a All Property é obrigada a, assim que for razoavelmente praticável –
16.1.2.3.1 Corrigir a informação;
16.1.2.3.2 Eliminar ou destruir a informação;
16.1.2.3.3 Fornecer ao Titular dos Dados provas que sustentem a informação; ou
16.1.2.3.4 Caso o Titular dos Dados e o Responsável pelo Tratamento não cheguem a um acordo sobre o pedido e se o Titular dos Dados o solicitar, a All Property tomará medidas razoáveis para anexar à informação uma indicação de que foi solicitada a correção, mas não foi efetuada;
16.1.3 Direito de retirar o consentimento e de se opor ao tratamento: um Titular dos Dados que tenha previamente consentido no Tratamento dos seus Dados Pessoais tem o direito de retirar esse consentimento e poderá fazê-lo notificando a All Property para esse efeito no endereço indicado no parágrafo 21. Além disso, um Titular dos Dados poderá opor-se, por motivos razoáveis, ao Tratamento dos Dados Pessoais que lhe digam respeito.
16.2 Consequentemente, a All Property poderá solicitar ao Titular dos Dados que forneça identificação suficiente para permitir o acesso ou fornecer informações sobre a existência, utilização ou divulgação dos Dados Pessoais do Titular dos Dados.
16.3 Qualquer informação de identificação só será utilizada para facilitar o acesso ou informações sobre os Dados Pessoais.
16.4 O Titular dos Dados pode solicitar por escrito a revisão de quaisquer Dados Pessoais sobre o Titular dos Dados que a All Property detém, incluindo Dados Pessoais que a All Property recolheu, utilizou ou divulgou, bem como as seguintes informações:
(i) as finalidades do Tratamento;
(ii) as categorias de Dados Pessoais em causa;
(iii) se possível, o período previsto de conservação dos Dados Pessoais ou, se não for possível, os critérios utilizados para determinar esse período;5
(iv) a existência do direito de solicitar à All Property a retificação ou o apagamento dos Dados Pessoais ou a limitação do Tratamento dos Dados Pessoais que digam respeito ao Titular dos Dados ou de se opor a esse tratamento;
(v) o direito de apresentar uma reclamação à Autoridade de Controlo;
(vi) se os Dados Pessoais não forem recolhidos junto do Titular dos Dados, quaisquer informações disponíveis sobre a sua origem; e (vii) a existência de decisões automatizadas, incluindo a definição de perfis, e, pelo menos nesses casos, informações significativas sobre a lógica6 subjacente, bem como a importância e as consequências previstas de tal tratamento para o Titular dos Dados.7 A All Property responderá a estes pedidos em conformidade com o RGPD e fornecerá ao Titular dos Dados quaisquer Dados Pessoais na medida exigida por lei e por quaisquer políticas e procedimentos da All Property que se apliquem nos termos do Regulamento Geral de Proteção de Dados (RGPD).
16.5 O Titular dos Dados pode contestar a exatidão ou integridade dos seus Dados Pessoais nos registos da All Property a qualquer momento, em conformidade com o processo estabelecido no manual da All Property elaborado nos termos do RGPD para acesso a informações.
16.6 Se um Titular dos Dados demonstrar com sucesso que os seus Dados Pessoais nos registos da All Property estão inexatos ou incompletos, a All Property garantirá que tais Dados Pessoais sejam alterados ou eliminados conforme necessário (incluindo por quaisquer Terceiros).
17. PRAZOS
17.1 A All Property responderá a cada pedido escrito de um Titular dos Dados o mais tardar 30 (trinta) dias após a receção de tais pedidos. Em certas circunstâncias, a All Property poderá, no entanto, prorrogar o prazo original de 30 (trinta) dias uma vez por um período adicional não superior a 30 (trinta) dias.
17.2 O Titular dos Dados tem o direito de apresentar uma reclamação à All Property relativamente a este prazo, contactando a All Property através dos contactos fornecidos no parágrafo 21 abaixo.
18. CUSTOS DE ACESSO A DADOS PESSOAIS
As taxas prescritas a pagar pelas cópias dos Dados Pessoais do Titular dos Dados estão listadas no Manual
19. UTILIZAÇÃO DE COOKIES NO WEBSITE
19.1 O nosso Website utiliza cookies, que são pequenos ficheiros de texto enviados por um servidor web para armazenar num navegador web. São utilizados para garantir que os websites funcionam corretamente, armazenar as preferências do utilizador quando necessário e recolher estatísticas anónimas sobre a utilização do website. 19.2 Pode recusar a aceitar cookies ativando a definição no seu navegador que lhe permite recusar a configuração de cookies. No entanto, se selecionar esta definição, poderá não conseguir aceder a certas partes do nosso website. A menos que tenha ajustado a configuração do seu navegador 1 para que recuse cookies, o nosso sistema emitirá cookies quando iniciar sessão no website. Se aceitar um “cookie” ou não negar a utilização de “cookies”, concorda que podemos utilizar as suas informações pessoais recolhidas através de “cookies” (sujeito às disposições desta Política). Caso rejeite ou recuse cookies, é informado de que poderá não conseguir usufruir plenamente das funcionalidades interativas do nosso Website.
20. ALTERAÇÕES À POLÍTICA
20.1 A All Property reserva-se o direito de efetuar alterações a esta Política de tempos a tempos e envidará esforços razoáveis para notificar os Titulares dos Dados de tais alterações. 20.2 A versão atual desta Política regerá os respetivos direitos e obrigações entre si e a All Property cada vez que aceder e utilizar o nosso Website.
21. CONTACTOS DA ALL PROPERTY MORADA FÍSICA E POSTAL
Morada Física:
Av. Gaspar Corte Real 198,
Cascais,
Lisboa,
Portugal.
Morada Postal:
RESPONSÁVEL PELA INFORMAÇÃO: Jeffrey Zive : jdzive@gmail.com
RESPONSÁVEL ADJUNTO PELA INFORMAÇÃO: Carlene le Roux: connect@alchemy.co.za
Se um Titular dos Dados estiver insatisfeito com a forma como a All Property trata qualquer reclamação relativa ao Tratamento de Dados Pessoais pela All Property, o Titular dos Dados pode contactar o gabinete da Autoridade de Controlo relevante.
ALL PROPERTY PRIVACY POLICY AND NOTICE
All Property is a data controller and operator in terms of the General Data Protection Regulation (GDPR) and has developed this privacy policy / notice in order to comply with the requirements of GDPR.
1. DEFINITIONS
1.1. “Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Information under the control of or in the possession of All Property;
1.2. “Data Controller” means a person or entity who Processes Personal Information for a Responsible Party in terms of a contract or mandate, without coming under the direct authority of that Responsible Party.
1.3. “Data Subject” means the person to whom Personal Information relates;
1.4. “Direct Marketing” means to approach a person, by electronic communication, for the purpose of promoting or offering to supply, in the ordinary course of business, any goods or services to the Data Subject;
1.5. “Direct Marketer” means a supplier who employs Direct Marketing as an advertising mechanism;
1.6. “Employees” means any employee of All Property;
1.7. “GDPR” means Regulation (EU) 2016/679 of the European Parliament on the protection of natural persons with regard to the processing of personal data and free movement of such data (General Data Protection Regulation);
1.8. “All Property” means All Property, a sole proprietor who renders property inspection services, and includes the terms “we”, “us”, and “our”;
1.9. “Minor child” means any natural person under the age of 16 (sixteen) years (if the child is in Europe);
1.10. “Operator” means a person or entity who Processes Personal Information for a Responsible Party in terms of a contract or mandate, without coming under the direct authority of that Responsible Party;
1.11. “Personal Information” means information relating to a Data Subject including but not limited to (i) views or opinions of another individual about the Data Subject; and (ii) information relating to such Data Subject’s – Race, sex, gender, sexual orientation, pregnancy, marital status, nationality, ethnic or social origin, colour, age, physical or mental health, well-being, disability, religion, conscience, belief, cultural affiliation, language and birth; Education, medical, financial, criminal or employment history;
Names, identity number and/or any other personal identifier, including any number(s), which may uniquely identify a Data Subject, account or client number, password, pin code, customer or Data Subject code or number, numeric, alpha, or alpha-numeric design or configuration of any nature, symbol, email address, domain name or IP address, physical address, cellular phone number, telephone number or other particular assignment; blood type, fingerprint or any other biometric information;
personal opinions, views or preferences; correspondence that is implicitly or expressly of a personal, private or confidential nature (or further correspondence that would reveal the contents of the original correspondence); and corporate structure, composition and business operations (in circumstances where the Data Subject is a juristic person) irrespective of whether such information is in the public domain or not;
1.12 “Policy” means this Policy;
1.13 “GDPR” means the General Data Protection Regulation;
1.14 “Processing” and/or “Process” means any operation or activity or any set of operations,
whether or not by automatic means, concerning Personal Information, including –
1.14.1 the collection, receipt, recording, organisation, collation, storage, updating or
modification, retrieval, alteration, consultation or use;
1.14.2 dissemination by means of transmission,distribution or making available in
any other form by electronic communications or other means; or
1.14.3 merging, linking, blocking, degradation, erasure or destruction.
1.15 “Regulator” means the relevant supervisory authority under the GDPR;
1.16 “Responsible Party” means a public or private body or any other person which alone or
in conjunction with others, determines the purpose of and means for Processing Personal Information;
1.17 “Special Personal Information” means Personal Information concerning a Data Subject’s religious or philosophical beliefs, race or ethnic origin, trade union membership, political opinions, health, sexual life, sexual orientation, genetic information, biometric information or criminal behaviour;
1.18 “Third Party” means any independent contractor, agent, consultant, sub-contractor or
other representative of All Property; and
1.19 “Website” means the All Property website currently accessible at https://www.allpropertyeu.com/
2. PURPOSE OF THIS POLICY
The purpose of this Policy is to inform Data Subjects about how All Property will processes their Personal Information.
3. APPLICATION OF THIS POLICY
3.1. All Property, in its capacity as Data Controller and/or Responsible
Party and/or Operator, shall strive to observe and comply with its obligations under
the GDPR, as well as accepted information protection principles, practices and guidelines, when it Processes Personal Information from or in respect of a Data Subject.
3.2. This Policy applies to Personal Information collected by All Property and includes
information collected directly from you as a Data Subject, as well as information we collect indirectly through our Direct Marketing campaigns and online through our websites, branded pages on Third Party platforms and applications accessed or used through such websites or Third Party platforms which are operated by or on behalf of All Property.
3.3. This Privacy Policy does not apply to the information practices of Third Party companies who we may engage with in relation to our business operations (including, without limitation, their websites, platforms and/or applications) which we do not own or control; or individuals that All Property does not manage or employ. These Third Party sites may have their own privacy policies and terms and conditions and we encourage you to read them before using them.
4. HOW PERSONAL INFORMATION IS COLLECTED
4.1. All Property collects Personal Information directly from Data Subjects, unless the Data Subject has made the Personal Information public or the Personal Information is contained in or derived from a public record and/or in some cases, from Third Parties.
4.2. All Property will always collect Personal Information in a fair, lawful and reasonable manner to ensure that it protects the Data Subject’s privacy and will Process the Personal Information based on legitimate grounds in a manner that does not adversely affect the Data Subject in question.
4.3. Where All Property obtains Personal Information from Third Parties, All Property will ensure that it obtains the consent of the Data Subject to do so or will only Process the Personal Information without the Data Subject’s consent where All Property is permitted to do so in terms of clause 4.1 above.
4.4. An example of such Third Parties include: (i) our clients when All Property handles Personal Information on t heir behalf; (ii) credit reference agencies; (iii) other companies providing services to All Property; and (iv) where All Property makes use of publicly available sources of information
5. LAWFUL PROCESSING OF PERSONAL INFORMATION
5.1. Where All Property is the Responsible Party, it will only Process a Data Subject’s Personal Information (other than for Special Personal Information) where –
5.1.1. consent of the Data Subject (or a competent person where the Data Subject is a Minor Child) is obtained;
5.1.2. Processing is necessary to carry out the actions for conclusion of a contract to which a Data Subject is party;
5.1.3. Processing complies with an obligation imposed by law on All Property
5.1.4. Processing protects a legitimate interest of the Data Subject;
5.1.5. Processing is necessary for pursuing the legitimate interests of All Property or of a third party to whom the information is supplied;and/or
5.1.6. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in All Property
5.2. All Property will make the manner and reason for which the Personal Information will be Processed clear to the Data Subject.
5.3. Where All Property is relying on a Data Subject’s consent as the legal basis for Processing Personal Information, the Data Subject may withdraw his/ her/its consent or may object to All Property Processing of the Personal Information at any time. However, this will not affect the lawfulness of any Processing carried out prior to the withdrawal of consent.
5.4. If the consent is withdrawn or if there is otherwise a justified objection against the use or the Processing of such Personal Information, All Property will ensure that the Personal Information is no longer Processed.
6. SPECIAL PERSONAL INFORMATION AND PERSONAL INFORMATION OF CHILDREN
6.1 All Property acknowledges that it will generally not Process Special Personal Information unless
(i) processing is carried out in accordance with the Data Subject’s explicit consent; or
(ii) information has been deliberately made public by the Data Subject; or
(iii) processing is necessary for the establishment, exercise or defence of a right or legal claim or obligation in law); or (iv) processing is for historical, statistical or research purposes, subject to stipulated safeguards; or – for purposes of GDPR –
6.1.1 specific authorisation has been obtained in terms of GDPR –
6.1.2 Processing is necessary for the purposes of carrying out the obligations and exercising specific rights of All Property or of the Data Subject in the field of employment and social security and social protection law;
6.1.3 Processing is necessary to protect the vital interests of the data subject or of another natural person where the Data Subject is physically or legally incapable of giving consent;
6.1.4 processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity;
6.1.5 Processing is necessary for reasons of substantial public interest;
6.1.6 Processing is necessary for the purposes of preventative or occupational medicine; or
6.1.7 Processing is necessary for reasons of public interest in the area of public health.
7. PURPOSE FOR PROCESSING PERSONAL INFORMATION
7.1 All Property will only Process a Data Subject’s Personal Information for a specific, lawful and clear purpose (or purposes) and will ensure that it makes the Data Subject aware of such purpose(s) as far as possible.
7.2 All Property will generally use Personal Information for purposes required to operate and manage its normal business operations and these purposes include one or more of the following non-exhaustive purposes –
7.2.1 For the purposes of providing its services to the Data Subject from time to time;
7.2.2 Personal Information is processed as part of the “Know Your Customer”/“KYC” process as per the requirements of the Financial Intelligence Centre Act 38 of 2001;
7.2.3 Personal Information is processed in order to conduct due diligence processes on All Property Clients;
7.2.4 Personal Information is processed in connection with internal audit purposes ( i.e. ensuring that the appropriate internal controls are in place in order to mitigate the relevant risks, as well as to carry out any investigations where this is required);
7.2.5 Personal Information is processed for employment-related purposes such as administering payroll, assessing credit and criminal history and determining Employment Equity Act 55 of 1998 statistics;
7.2.6 To respond to any correspondence that the Data Subject may send to All Property, including via email, All Property site(s) or by telephone;
7.2.7 In connection with the execution of payment processing functions, including payment of All Property suppliers’ invoices;
7.2.8 To contact the Data Subject for direct marketing purposes subject to the provisions of clause 10 below;
7.2.9 For such other purposes to which the Data Subject may consent from time to time; and
7.2.10 For such other purposes as authorised in terms of applicable law.
8. ACCURACY OF PERSONAL INFORMATION
8.1 All Property will take reasonable steps to ensure that all Personal Information is kept as accurate, complete and up to date as reasonably possible depending on the purpose for which Personal Information is collected or further processed.
8.2 All Property may not always expressly request the Data Subject to verify and update his/her/its Personal Information, unless this process is specifically necessary.
8.3 All Property, however, expects that the Data Subject will notify All Property from time to time in writing of any updates required in respect of his/her/its Personal Information.
9. STORAGE AND PROCESSING OF PERSONAL INFORMATION
9.1 may store your Personal Information in hardcopy format and/or in electronic format using All Property own secure on-site servers or other internally hosted technology. Your Personal Information may also be stored by Third Parties, via cloud services or other technology, with whom All Property has contracted with, to support All Property business operations.
9.2 All Property Third Party service providers, including data storage and processing providers, may from time to time also have access to a Data Subject’s Personal Information in connection with purposes for which the Personal Information was initially collected to be Processed.
9.3 All Property will ensure that such Third Party service providers will process the Personal Information in accordance with the provisions of this Policy, all other relevant internal policies and procedures and the GDPR.
9.4 These Third Parties do not use or have access to your Personal Information other than for purposes specified by us, and All Property requires such parties to employ at least the same level of security that All Property uses to protect your personal data.
9.5 Third-Party Processors and Data Processing Agreements
When All Property engages third-party service providers to process personal data on our behalf, these parties (acting as data processors) will do so only for specified purposes and under our instructions. We will enter into legally binding Data Processing Agreements (DPAs) with these third parties, as required by the GDPR. These DPAs will include obligations on the processor to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, to process personal data only on documented instructions from All Property, and to assist us in meeting our obligations under the GDPR.
9.6 International Transfers of Personal Data
Your personal data may be processed in South Africa or in another country where All Property, its affiliates, and their third-party service providers maintain servers and facilities. When we transfer personal data outside the European Union and the European Economic Area (EU/EEA), we will do so in compliance with the GDPR's requirements for international transfers. This includes ensuring that:
The recipient country has been deemed by the European Commission to provide an adequate level of protection for personal data.
Appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, Binding Corporate Rules (BCRs) of the data importer, or another valid transfer mechanism recognized under the GDPR.
Where none of the above apply, the transfer is based on a specific derogation under Article 49 of the GDPR (e.g., explicit consent, necessity for the performance of a contract).
All property will take steps, including by way of contracts incorporating GDPR-approved safeguards, to ensure that your personal data continues to be protected to the standards required by the GDPR, regardless of its location.
10. DIRECT MARKETING
10.1 To the extent that All Property acts in its capacity as a Direct Marketer, it shall strive to observe, and comply with its obligations under the GDPR when implementing principles and practices in relation to Direct Marketing.
10.2 All Property acknowledges that it may only use Personal Information to contact the Data Subject for purposes of Direct Marketing from time to time where it is permissible to do so.
10.3 It may use Personal Information to contact any Data Subject and/or market All Property
’ services directly to the Data Subject(s) if the Data Subject is one of All Property’s existing clients, the Data Subject has requested to receive marketing material from All Property or All Property has the Data Subject’s consent to market its services directly to the Data Subject.
10.4 If the Data Subject is an existing client, All Property will only use his/ her/its Personal Information if it has obtained the Personal Information through the provision of a service to the Data Subject and only in relation to similar services to the ones All Property previously provided to the Data Subject.
10.5 All Property will ensure that a reasonable opportunity is given to the Data Subject to object to the use of their Personal Information for All Property’s marketing purposes when collecting the Personal Information and on the occasion of each communication to the Data Subject for purposes of Direct Marketing.
10.6 All Property will not use your Personal Information to send you marketing materials if you have requested not to receive them. If you request that we stop Processing your Personal Information for marketing purposes, All Property shall do so. We encourage that such requests to opt-out of marketing be made via forms and links provided for that purpose in the marketing materials sent to you.
11. RETENTION OF PERSONAL INFORMATION
11.1 All Property may keep records of the Personal Information it has collected, correspondence, or comments in an electronic or hard copy file format.
11.2 All Property will not retain personal information for a period longer than is necessary to achieve the purpose for which it was collected or processed and is required to delete, destroy (in such a way that it cannot be reconstructed) or de-identify the information as soon as is reasonably practicable once the purpose has been achieved. This prohibition will not apply in the following circumstances –
11.2.1 Where the retention of the record is required or authorised by law;
11.2.2 All Property requires the record to fulfil its lawful functions or activities;
11.2.3 Retention of the record is required by a contract between the parties thereto;
11.2.4 The data subject (or competent person, where the data subject is a child) has consented to such longer retention; or
11.2.5 the record is retained for historical, research or statistical purposes provided safeguards are put in place to prevent use for any other purpose.
11.2.6 Accordingly, All Property will, subject to the exceptions noted herein, retain Personal Information for as long as necessary to fulfil the purposes for which that Personal Information was collected and/or as permitted or required by applicable law.
11.2.7 Where All Property retains Personal Information for longer periods for statistical, historical or research purposes All Property will ensure that appropriate safeguards have been put in place to ensure that all recorded Personal Information will continue to be Processed in accordance with this Policy and the applicable laws.
11.2.8 Once the purpose for which the Personal Information was initially collected and Processed no longer applies or becomes obsolete, All Property will ensure that the Personal Information is deleted, destroyed or de- identified sufficiently so that a person cannot re-identify such Personal Information.
11.2.9 In instances where we de-identify your Personal Information, All Property may use such de-identified information indefinitely.
12. FAILURE TO PROVIDE PERSONAL INFORMATION
12.1 Should All Property need to collect Personal Information by law or under the terms of a contract that All Property may have with you and you fail to provide the Personal Information when requested, we may be unable to perform the contract we have or are attempting to enter into with you.
12.2 In such a case, All Property may have to decline to provide or receive the relevant services, and you will be notified where this is the case.
13. SAFE-KEEPINGOFPERSONAL INFORMATION
13.1 All Property shall preserve the security of Personal Information and, in particular, prevent its alteration, loss and damage, or access by non-authorised third parties.
13.2 All Property will ensure the security and integrity of Personal Information in its possession or under its control with appropriate, reasonable technical and organisational measures to prevent loss, unlawful access and unauthorised destruction of Personal Information.
13.3 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of Data Subjects, All Property implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk of Processing, including measures protecting any Personal Information from loss or theft, and unauthorised access, disclosure, copying, use or modification, including –
13.3.1 the pseudonymization and encryption of Personal Information;
13.3.2 the ability to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and services; the ability to restore the availability and access to Personal Information in a timely manner in the event of a physical or technical incident; and
13.3.3 a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of Processing.
13.3.4 Further, All Property maintains and regularly verifies that the security measures are effective and regularly updates same in response to new risks.
14. BREACHES OF PERSONAL INFORMATION
14.1 A Data Breach refers to any incident in terms of which reasonable grounds exist to believe that the Personal Information of a Data Subject has been accessed or acquired by any unauthorised person.
14.2 A Data Breach can happen for many reasons, which include:
(a) loss or theft of data or equipment on which Personal Information is stored;
(b) inappropriate access controls allowing unauthorised use;
(c) equipment failure;
(d) human error;
(e) unforeseen circumstances, such as a fire or flood;
(f) deliberate attacks on systems, such as hacking, viruses or phishing scams; and/ or
(g) alteration of Personal Information without permission and loss of availability of Personal Information.
14.3 All Property will address any Data Breach in accordance with the terms of the GDPR.
14.4 All Property will notify the Regulator and the affected Data Subject (unless the applicable law requires that we delay notification to the Data Subject) in writing in the event of a Data Breach (or a reasonable belief of a Data Breach) in respect of that Data Subject’s Personal Information.
14.5 All Property will provide such notification as soon as reasonably possible and, where feasible, not later than 72 (seventy two) hours after having become aware of any Data Breach in respect of such Data Subject’s Personal Information.
14.6 Where All Property acts as an ‘Operator’ and should any Data Breach affect the data of Data Subjects whose information All Property Processes as an Operator, All Property shall (in terms of the GDPR) notify the relevant Responsible Party immediately where there are reasonable grounds to believe that the Personal Information of relevant Data Subjects has been accessed or acquired by any unauthorised person.
15. DISCLOSURE OF PERSONAL INFORMATION TO THIRD PARTY SERVICE PROVIDERS
15.1 All Property may disclose Personal Information to Third Parties and will enter into written agreements with such Third Parties to ensure that they Process any Personal Information in accordance with the provisions of this Policy, and the GDPR.
15.2 All Property notes that such Third Parties may assist All Property with the purposes listed in paragraph 7.4 above – for example, service providers may be used, inter alia:
(i) to notify the Data Subjects of any pertinent information concerning All Property,
(ii) or data storage and/or
(iii) to assist All Property with auditing processes (external auditors).
15.3 All Property will disclose Personal Information with the consent of the Data Subject or if All Property is permitted to do so without such consent in accordance with the applicable laws.
15.4 Third-Party Processors and Data Processing Agreements
When All Property engages third-party service providers to process personal data on our behalf, these parties (acting as data processors) will do so only for specified purposes and under our instructions. We will enter into legally binding Data Processing Agreements (DPAs) with these third parties, as required by the GDPR. These DPAs will include obligations on the processor to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, to process personal data only on documented instructions from All Property, and to assist us in meeting our obligations under the GDPR.
15.5 International Transfers of Personal Data
Your personal data may be processed in South Africa or in another country where All Property, its affiliates, and their third-party service providers maintain servers and facilities. When we transfer personal data outside the European Union and the European Economic Area (EU/EEA), we will do so in compliance with the GDPR's requirements for international transfers. This includes ensuring that:
The recipient country has been deemed by the European Commission to provide an adequate level of protection for personal data.
Appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, Binding Corporate Rules (BCRs) of the data importer, or another valid transfer mechanism recognized under the GDPR.
Where none of the above apply, the transfer is based on a specific derogation under Article 49 of the GDPR (e.g., explicit consent, necessity for the performance of a contract).
All property will take steps, including by way of contracts incorporating GDPR-approved safeguards, to ensure that your personal data continues to be protected to the standards required by the GDPR, regardless of its location.
16. ACCESS TO PERSONAL INFORMATION
16.1 A Data Subject has certain rights under the GDPR, including the following:
16.1.1 a right of access:a Data Subject having provided adequate proof of identity has the right to:
(i) request a Responsible Party to confirm whether any Personal Information is held about the Data Subject; and/or
(ii) request from a Responsible Party a description of the Personal Information held by the Responsible Party including information about Third Parties who have or have had access to the Personal Information. A Data Subject may request:
16.1.1.1 All Property to confirm, free of charge, whether it holds any Personal Information about him/ her/it; and
16.1.1.2 to obtain from All Property the record or description of Personal Information concerning him/her/it and any information regarding the recipients or categories of recipients who have or had access to the Personal Information. Such record or description is to be provided:
16.1.1.3 within a reasonable time; and
16.1.1.4 in a reasonable manner and format and in a form that is generally understandable.
16.1.2 a right to request correction or deletion:a Data Subject may also request All Property to –
16.1.2.1 correct or delete Personal Information about the Data Subject in its possession or under its control that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully; or
16.1.2.2 destroy or delete a record of Personal Information about the Data Subject that All Property is no longer authorised to retain records in terms of the GDPR’s retention and restriction of records provisions.
16.1.2.3 On receipt of such a request, All Property is required to, as soon as is reasonably practicable –
16.1.2.3.1 correct the information;
16.1.2.3.2 delete or destroy the information;
16.1.2.3.3 provide the Data Subject with evidence in support of the information; or
16.1.2.3.4 where the Data Subject and Responsible Party cannot reach agreement on the request and if the Data Subject requests this, All Property will take reasonable steps to attach to the information an indication that correction has been requested but has not been made;
16.1.3 a right to withdraw consent and to object to processing: a Data Subject that has previously consented to the Processing of his/her/its Personal Information has the right to withdraw such consent and may do so by providing All Property with notice to such effect at the address set out in paragraph 21. Further, a Data Subject may object, on reasonable grounds, to the Processing of Personal Information relating to him/her/it.
16.2 Accordingly, All Property may request the Data Subject to provide sufficient identification to permit access to, or provide information regarding the existence, use or disclosure of the Data Subject’s Personal Information.
16.3 Any such identifying information shall only be used for the purpose of facilitating access to or information regarding the Personal Information.
16.4 The Data Subject can request in writing to review any Personal Information about the Data Subject that All Property holds including Personal Information that All Property has collected, utilised or disclosed, as well as the following information:
(i) the purposes of Processing;
(ii) the categories of Personal Information concerned;
(iii) where possible, the envisaged period for which the Personal Information will be stored or, if not possible, the criteria used to determine that period;
(iv) the existence of the right to request from All Property rectification or erasure of Personal Information or restriction of Processing of Personal Information concerning the Data Subject or to object to such processing;
(v) the right to lodge a complaint with the Regulator;
(vi) where the Personal Information is not collected from the Data Subject, any available information as to their source; and (vii) the existence of automated Processing, including profiling and, at least in those cases, meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the Data Subject. All Property shall respond to these requests in accordance with the GDPR and will provide the Data Subject with any such Personal Information to the extent required by law and any of All Property policies and procedures which apply in terms of the General Data Protection Regulation (GDPR).
16.5 The Data Subject can challenge the accuracy or completeness of his/her/its Personal Information in All Property records at any time in accordance with the process set out in All Property’s manual developed in terms of GDPR for accessing information.
16.6 If a Data Subject successfully demonstrates that their Personal Information in All Property’s records is inaccurate or incomplete, All Property will ensure that such Personal Information is amended or deleted as required (including by any Third Parties).
17. TIME PERIODS
17.1 All Property will respond to each written request of a Data Subject not later than 30 (thirty) days after receipt of such requests. Under certain circumstances, All Property may, however, extend the original period of 30 (thirty) days once for a further period of not more than 30 (thirty) days.
17.2 A Data Subject has the right to make a complaint to All Property in respect of this time limit by contacting All Property using the contact details provided in paragraph 21 below.
18. COSTS TO ACCESS TO PERSONAL INFORMATION
The prescribed fees to be paid for copies of the Data Subject’s Personal Information are listed in the GDPR Manual.
19. USE OF WEBSITE COOKIES
19.1 Our Website uses cookies, which are small text files sent by a web server to store on a web browser. They are used to ensure websites function properly, store user preferences when needed and collect anonymous statistics on website usage.
19.2 You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to the website. If you accept a “cookie” or fail to deny the use of “cookies”, you agree that we may use your personal information collected using “cookies” (subject to the provisions of this Policy). Where you either reject or decline cookies, you are informed that you may not be able to fully experience the interactive features of our Website.
20. CHANGES TO POLICY
20.1 All Property reserves the right to make amendments to this Policy from time to time and will use reasonable efforts to notify Data Subjects of such amendments.
20.2 The current version of this Policy will govern the respective rights and obligations between you and All Property each time that you access and use our Website.
21. All Property CONTACT DETAILS PHYSICAL & POSTAL ADDRESS
Physical Address: Av. Gaspar Corte Real 198,
Cascais,
Lisboa
Portugal.
Postal Address:
INFORMATION OFFICER: Jeffrey Zive : jdzive@gmail.com
DEPUTY INFORMATION OFFICER: Carlene le Roux connect@alchemy.co.za
If a Data Subject is unsatisfied with the manner in which All Property addresses any complaint with regard to All Property Processing of Personal Information, the Data Subject can contact the office of the relevant Regulator.
ALL PROPERTY PRIVACY POLICY AND NOTICE
All Property is a data controller and operator in terms of the General Data Protection Regulation (GDPR) and has developed this privacy policy / notice in order to comply with the requirements of GDPR.
1. DEFINITIONS
1.1. “Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Information under the control of or in the possession of All Property;
1.2. “Data Controller” means a person or entity who Processes Personal Information for a Responsible Party in terms of a contract or mandate, without coming under the direct authority of that Responsible Party.
1.3. “Data Subject” means the person to whom Personal Information relates;
1.4. “Direct Marketing” means to approach a person, by electronic communication, for the purpose of promoting or offering to supply, in the ordinary course of business, any goods or services to the Data Subject;
1.5. “Direct Marketer” means a supplier who employs Direct Marketing as an advertising mechanism;
1.6. “Employees” means any employee of All Property;
1.7. “GDPR” means Regulation (EU) 2016/679 of the European Parliament on the protection of natural persons with regard to the processing of personal data and free movement of such data (General Data Protection Regulation);
1.8. “All Property” means All Property, a sole proprietor who renders property inspection services, and includes the terms “we”, “us”, and “our”;
1.9. “Minor child” means any natural person under the age of 16 (sixteen) years (if the child is in Europe);
1.10. “Operator” means a person or entity who Processes Personal Information for a Responsible Party in terms of a contract or mandate, without coming under the direct authority of that Responsible Party;
1.11. “Personal Information” means information relating to a Data Subject including but not limited to (i) views or opinions of another individual about the Data Subject; and (ii) information relating to such Data Subject’s – Race, sex, gender, sexual orientation, pregnancy, marital status, nationality, ethnic or social origin, colour, age, physical or mental health, well-being, disability, religion, conscience, belief, cultural affiliation, language and birth; Education, medical, financial, criminal or employment history;
Names, identity number and/or any other personal identifier, including any number(s), which may uniquely identify a Data Subject, account or client number, password, pin code, customer or Data Subject code or number, numeric, alpha, or alpha-numeric design or configuration of any nature, symbol, email address, domain name or IP address, physical address, cellular phone number, telephone number or other particular assignment; blood type, fingerprint or any other biometric information;
personal opinions, views or preferences; correspondence that is implicitly or expressly of a personal, private or confidential nature (or further correspondence that would reveal the contents of the original correspondence); and corporate structure, composition and business operations (in circumstances where the Data Subject is a juristic person) irrespective of whether such information is in the public domain or not;
1.12 “Policy” means this Policy;
1.13 “GDPR” means the General Data Protection Regulation;
1.14 “Processing” and/or “Process” means any operation or activity or any set of operations,
whether or not by automatic means, concerning Personal Information, including –
1.14.1 the collection, receipt, recording, organisation, collation, storage, updating or
modification, retrieval, alteration, consultation or use;
1.14.2 dissemination by means of transmission,distribution or making available in
any other form by electronic communications or other means; or
1.14.3 merging, linking, blocking, degradation, erasure or destruction.
1.15 “Regulator” means the relevant supervisory authority under the GDPR;
1.16 “Responsible Party” means a public or private body or any other person which alone or
in conjunction with others, determines the purpose of and means for Processing Personal Information;
1.17 “Special Personal Information” means Personal Information concerning a Data Subject’s religious or philosophical beliefs, race or ethnic origin, trade union membership, political opinions, health, sexual life, sexual orientation, genetic information, biometric information or criminal behaviour;
1.18 “Third Party” means any independent contractor, agent, consultant, sub-contractor or
other representative of All Property; and
1.19 “Website” means the All Property website currently accessible at https://www.allpropertyeu.com/
2. PURPOSE OF THIS POLICY
The purpose of this Policy is to inform Data Subjects about how All Property will processes their Personal Information.
3. APPLICATION OF THIS POLICY
3.1. All Property, in its capacity as Data Controller and/or Responsible
Party and/or Operator, shall strive to observe and comply with its obligations under
the GDPR, as well as accepted information protection principles, practices and guidelines, when it Processes Personal Information from or in respect of a Data Subject.
3.2. This Policy applies to Personal Information collected by All Property and includes
information collected directly from you as a Data Subject, as well as information we collect indirectly through our Direct Marketing campaigns and online through our websites, branded pages on Third Party platforms and applications accessed or used through such websites or Third Party platforms which are operated by or on behalf of All Property.
3.3. This Privacy Policy does not apply to the information practices of Third Party companies who we may engage with in relation to our business operations (including, without limitation, their websites, platforms and/or applications) which we do not own or control; or individuals that All Property does not manage or employ. These Third Party sites may have their own privacy policies and terms and conditions and we encourage you to read them before using them.
4. HOW PERSONAL INFORMATION IS COLLECTED
4.1. All Property collects Personal Information directly from Data Subjects, unless the Data Subject has made the Personal Information public or the Personal Information is contained in or derived from a public record and/or in some cases, from Third Parties.
4.2. All Property will always collect Personal Information in a fair, lawful and reasonable manner to ensure that it protects the Data Subject’s privacy and will Process the Personal Information based on legitimate grounds in a manner that does not adversely affect the Data Subject in question.
4.3. Where All Property obtains Personal Information from Third Parties, All Property will ensure that it obtains the consent of the Data Subject to do so or will only Process the Personal Information without the Data Subject’s consent where All Property is permitted to do so in terms of clause 4.1 above.
4.4. An example of such Third Parties include: (i) our clients when All Property handles Personal Information on t heir behalf; (ii) credit reference agencies; (iii) other companies providing services to All Property; and (iv) where All Property makes use of publicly available sources of information
5. LAWFUL PROCESSING OF PERSONAL INFORMATION
5.1. Where All Property is the Responsible Party, it will only Process a Data Subject’s Personal Information (other than for Special Personal Information) where –
5.1.1. consent of the Data Subject (or a competent person where the Data Subject is a Minor Child) is obtained;
5.1.2. Processing is necessary to carry out the actions for conclusion of a contract to which a Data Subject is party;
5.1.3. Processing complies with an obligation imposed by law on All Property
5.1.4. Processing protects a legitimate interest of the Data Subject;
5.1.5. Processing is necessary for pursuing the legitimate interests of All Property or of a third party to whom the information is supplied;and/or
5.1.6. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in All Property
5.2. All Property will make the manner and reason for which the Personal Information will be Processed clear to the Data Subject.
5.3. Where All Property is relying on a Data Subject’s consent as the legal basis for Processing Personal Information, the Data Subject may withdraw his/ her/its consent or may object to All Property Processing of the Personal Information at any time. However, this will not affect the lawfulness of any Processing carried out prior to the withdrawal of consent.
5.4. If the consent is withdrawn or if there is otherwise a justified objection against the use or the Processing of such Personal Information, All Property will ensure that the Personal Information is no longer Processed.
6. SPECIAL PERSONAL INFORMATION AND PERSONAL INFORMATION OF CHILDREN
6.1 All Property acknowledges that it will generally not Process Special Personal Information unless
(i) processing is carried out in accordance with the Data Subject’s explicit consent; or
(ii) information has been deliberately made public by the Data Subject; or
(iii) processing is necessary for the establishment, exercise or defence of a right or legal claim or obligation in law); or (iv) processing is for historical, statistical or research purposes, subject to stipulated safeguards; or – for purposes of GDPR –
6.1.1 specific authorisation has been obtained in terms of GDPR –
6.1.2 Processing is necessary for the purposes of carrying out the obligations and exercising specific rights of All Property or of the Data Subject in the field of employment and social security and social protection law;
6.1.3 Processing is necessary to protect the vital interests of the data subject or of another natural person where the Data Subject is physically or legally incapable of giving consent;
6.1.4 processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity;
6.1.5 Processing is necessary for reasons of substantial public interest;
6.1.6 Processing is necessary for the purposes of preventative or occupational medicine; or
6.1.7 Processing is necessary for reasons of public interest in the area of public health.
7. PURPOSE FOR PROCESSING PERSONAL INFORMATION
7.1 All Property will only Process a Data Subject’s Personal Information for a specific, lawful and clear purpose (or purposes) and will ensure that it makes the Data Subject aware of such purpose(s) as far as possible.
7.2 All Property will generally use Personal Information for purposes required to operate and manage its normal business operations and these purposes include one or more of the following non-exhaustive purposes –
7.2.1 For the purposes of providing its services to the Data Subject from time to time;
7.2.2 Personal Information is processed as part of the “Know Your Customer”/“KYC” process as per the requirements of the Financial Intelligence Centre Act 38 of 2001;
7.2.3 Personal Information is processed in order to conduct due diligence processes on All Property Clients;
7.2.4 Personal Information is processed in connection with internal audit purposes ( i.e. ensuring that the appropriate internal controls are in place in order to mitigate the relevant risks, as well as to carry out any investigations where this is required);
7.2.5 Personal Information is processed for employment-related purposes such as administering payroll, assessing credit and criminal history and determining Employment Equity Act 55 of 1998 statistics;
7.2.6 To respond to any correspondence that the Data Subject may send to All Property, including via email, All Property site(s) or by telephone;
7.2.7 In connection with the execution of payment processing functions, including payment of All Property suppliers’ invoices;
7.2.8 To contact the Data Subject for direct marketing purposes subject to the provisions of clause 10 below;
7.2.9 For such other purposes to which the Data Subject may consent from time to time; and
7.2.10 For such other purposes as authorised in terms of applicable law.
8. ACCURACY OF PERSONAL INFORMATION
8.1 All Property will take reasonable steps to ensure that all Personal Information is kept as accurate, complete and up to date as reasonably possible depending on the purpose for which Personal Information is collected or further processed.
8.2 All Property may not always expressly request the Data Subject to verify and update his/her/its Personal Information, unless this process is specifically necessary.
8.3 All Property, however, expects that the Data Subject will notify All Property from time to time in writing of any updates required in respect of his/her/its Personal Information.
9. STORAGE AND PROCESSING OF PERSONAL INFORMATION
9.1 may store your Personal Information in hardcopy format and/or in electronic format using All Property own secure on-site servers or other internally hosted technology. Your Personal Information may also be stored by Third Parties, via cloud services or other technology, with whom All Property has contracted with, to support All Property business operations.
9.2 All Property Third Party service providers, including data storage and processing providers, may from time to time also have access to a Data Subject’s Personal Information in connection with purposes for which the Personal Information was initially collected to be Processed.
9.3 All Property will ensure that such Third Party service providers will process the Personal Information in accordance with the provisions of this Policy, all other relevant internal policies and procedures and the GDPR.
9.4 These Third Parties do not use or have access to your Personal Information other than for purposes specified by us, and All Property requires such parties to employ at least the same level of security that All Property uses to protect your personal data.
9.5 Third-Party Processors and Data Processing Agreements
When All Property engages third-party service providers to process personal data on our behalf, these parties (acting as data processors) will do so only for specified purposes and under our instructions. We will enter into legally binding Data Processing Agreements (DPAs) with these third parties, as required by the GDPR. These DPAs will include obligations on the processor to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, to process personal data only on documented instructions from All Property, and to assist us in meeting our obligations under the GDPR.
9.6 International Transfers of Personal Data
Your personal data may be processed in South Africa or in another country where All Property, its affiliates, and their third-party service providers maintain servers and facilities. When we transfer personal data outside the European Union and the European Economic Area (EU/EEA), we will do so in compliance with the GDPR's requirements for international transfers. This includes ensuring that:
The recipient country has been deemed by the European Commission to provide an adequate level of protection for personal data.
Appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, Binding Corporate Rules (BCRs) of the data importer, or another valid transfer mechanism recognized under the GDPR.
Where none of the above apply, the transfer is based on a specific derogation under Article 49 of the GDPR (e.g., explicit consent, necessity for the performance of a contract).
All property will take steps, including by way of contracts incorporating GDPR-approved safeguards, to ensure that your personal data continues to be protected to the standards required by the GDPR, regardless of its location.
10. DIRECT MARKETING
10.1 To the extent that All Property acts in its capacity as a Direct Marketer, it shall strive to observe, and comply with its obligations under the GDPR when implementing principles and practices in relation to Direct Marketing.
10.2 All Property acknowledges that it may only use Personal Information to contact the Data Subject for purposes of Direct Marketing from time to time where it is permissible to do so.
10.3 It may use Personal Information to contact any Data Subject and/or market All Property
’ services directly to the Data Subject(s) if the Data Subject is one of All Property’s existing clients, the Data Subject has requested to receive marketing material from All Property or All Property has the Data Subject’s consent to market its services directly to the Data Subject.
10.4 If the Data Subject is an existing client, All Property will only use his/ her/its Personal Information if it has obtained the Personal Information through the provision of a service to the Data Subject and only in relation to similar services to the ones All Property previously provided to the Data Subject.
10.5 All Property will ensure that a reasonable opportunity is given to the Data Subject to object to the use of their Personal Information for All Property’s marketing purposes when collecting the Personal Information and on the occasion of each communication to the Data Subject for purposes of Direct Marketing.
10.6 All Property will not use your Personal Information to send you marketing materials if you have requested not to receive them. If you request that we stop Processing your Personal Information for marketing purposes, All Property shall do so. We encourage that such requests to opt-out of marketing be made via forms and links provided for that purpose in the marketing materials sent to you.
11. RETENTION OF PERSONAL INFORMATION
11.1 All Property may keep records of the Personal Information it has collected, correspondence, or comments in an electronic or hard copy file format.
11.2 All Property will not retain personal information for a period longer than is necessary to achieve the purpose for which it was collected or processed and is required to delete, destroy (in such a way that it cannot be reconstructed) or de-identify the information as soon as is reasonably practicable once the purpose has been achieved. This prohibition will not apply in the following circumstances –
11.2.1 Where the retention of the record is required or authorised by law;
11.2.2 All Property requires the record to fulfil its lawful functions or activities;
11.2.3 Retention of the record is required by a contract between the parties thereto;
11.2.4 The data subject (or competent person, where the data subject is a child) has consented to such longer retention; or
11.2.5 the record is retained for historical, research or statistical purposes provided safeguards are put in place to prevent use for any other purpose.
11.2.6 Accordingly, All Property will, subject to the exceptions noted herein, retain Personal Information for as long as necessary to fulfil the purposes for which that Personal Information was collected and/or as permitted or required by applicable law.
11.2.7 Where All Property retains Personal Information for longer periods for statistical, historical or research purposes All Property will ensure that appropriate safeguards have been put in place to ensure that all recorded Personal Information will continue to be Processed in accordance with this Policy and the applicable laws.
11.2.8 Once the purpose for which the Personal Information was initially collected and Processed no longer applies or becomes obsolete, All Property will ensure that the Personal Information is deleted, destroyed or de- identified sufficiently so that a person cannot re-identify such Personal Information.
11.2.9 In instances where we de-identify your Personal Information, All Property may use such de-identified information indefinitely.
12. FAILURE TO PROVIDE PERSONAL INFORMATION
12.1 Should All Property need to collect Personal Information by law or under the terms of a contract that All Property may have with you and you fail to provide the Personal Information when requested, we may be unable to perform the contract we have or are attempting to enter into with you.
12.2 In such a case, All Property may have to decline to provide or receive the relevant services, and you will be notified where this is the case.
13. SAFE-KEEPINGOFPERSONAL INFORMATION
13.1 All Property shall preserve the security of Personal Information and, in particular, prevent its alteration, loss and damage, or access by non-authorised third parties.
13.2 All Property will ensure the security and integrity of Personal Information in its possession or under its control with appropriate, reasonable technical and organisational measures to prevent loss, unlawful access and unauthorised destruction of Personal Information.
13.3 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of Data Subjects, All Property implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk of Processing, including measures protecting any Personal Information from loss or theft, and unauthorised access, disclosure, copying, use or modification, including –
13.3.1 the pseudonymization and encryption of Personal Information;
13.3.2 the ability to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and services; the ability to restore the availability and access to Personal Information in a timely manner in the event of a physical or technical incident; and
13.3.3 a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of Processing.
13.3.4 Further, All Property maintains and regularly verifies that the security measures are effective and regularly updates same in response to new risks.
14. BREACHES OF PERSONAL INFORMATION
14.1 A Data Breach refers to any incident in terms of which reasonable grounds exist to believe that the Personal Information of a Data Subject has been accessed or acquired by any unauthorised person.
14.2 A Data Breach can happen for many reasons, which include:
(a) loss or theft of data or equipment on which Personal Information is stored;
(b) inappropriate access controls allowing unauthorised use;
(c) equipment failure;
(d) human error;
(e) unforeseen circumstances, such as a fire or flood;
(f) deliberate attacks on systems, such as hacking, viruses or phishing scams; and/ or
(g) alteration of Personal Information without permission and loss of availability of Personal Information.
14.3 All Property will address any Data Breach in accordance with the terms of the GDPR.
14.4 All Property will notify the Regulator and the affected Data Subject (unless the applicable law requires that we delay notification to the Data Subject) in writing in the event of a Data Breach (or a reasonable belief of a Data Breach) in respect of that Data Subject’s Personal Information.
14.5 All Property will provide such notification as soon as reasonably possible and, where feasible, not later than 72 (seventy two) hours after having become aware of any Data Breach in respect of such Data Subject’s Personal Information.
14.6 Where All Property acts as an ‘Operator’ and should any Data Breach affect the data of Data Subjects whose information All Property Processes as an Operator, All Property shall (in terms of the GDPR) notify the relevant Responsible Party immediately where there are reasonable grounds to believe that the Personal Information of relevant Data Subjects has been accessed or acquired by any unauthorised person.
15. DISCLOSURE OF PERSONAL INFORMATION TO THIRD PARTY SERVICE PROVIDERS
15.1 All Property may disclose Personal Information to Third Parties and will enter into written agreements with such Third Parties to ensure that they Process any Personal Information in accordance with the provisions of this Policy, and the GDPR.
15.2 All Property notes that such Third Parties may assist All Property with the purposes listed in paragraph 7.4 above – for example, service providers may be used, inter alia:
(i) to notify the Data Subjects of any pertinent information concerning All Property,
(ii) or data storage and/or
(iii) to assist All Property with auditing processes (external auditors).
15.3 All Property will disclose Personal Information with the consent of the Data Subject or if All Property is permitted to do so without such consent in accordance with the applicable laws.
15.4 Third-Party Processors and Data Processing Agreements
When All Property engages third-party service providers to process personal data on our behalf, these parties (acting as data processors) will do so only for specified purposes and under our instructions. We will enter into legally binding Data Processing Agreements (DPAs) with these third parties, as required by the GDPR. These DPAs will include obligations on the processor to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, to process personal data only on documented instructions from All Property, and to assist us in meeting our obligations under the GDPR.
15.5 International Transfers of Personal Data
Your personal data may be processed in South Africa or in another country where All Property, its affiliates, and their third-party service providers maintain servers and facilities. When we transfer personal data outside the European Union and the European Economic Area (EU/EEA), we will do so in compliance with the GDPR's requirements for international transfers. This includes ensuring that:
The recipient country has been deemed by the European Commission to provide an adequate level of protection for personal data.
Appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, Binding Corporate Rules (BCRs) of the data importer, or another valid transfer mechanism recognized under the GDPR.
Where none of the above apply, the transfer is based on a specific derogation under Article 49 of the GDPR (e.g., explicit consent, necessity for the performance of a contract).
All property will take steps, including by way of contracts incorporating GDPR-approved safeguards, to ensure that your personal data continues to be protected to the standards required by the GDPR, regardless of its location.
16. ACCESS TO PERSONAL INFORMATION
16.1 A Data Subject has certain rights under the GDPR, including the following:
16.1.1 a right of access:a Data Subject having provided adequate proof of identity has the right to:
(i) request a Responsible Party to confirm whether any Personal Information is held about the Data Subject; and/or
(ii) request from a Responsible Party a description of the Personal Information held by the Responsible Party including information about Third Parties who have or have had access to the Personal Information. A Data Subject may request:
16.1.1.1 All Property to confirm, free of charge, whether it holds any Personal Information about him/ her/it; and
16.1.1.2 to obtain from All Property the record or description of Personal Information concerning him/her/it and any information regarding the recipients or categories of recipients who have or had access to the Personal Information. Such record or description is to be provided:
16.1.1.3 within a reasonable time; and
16.1.1.4 in a reasonable manner and format and in a form that is generally understandable.
16.1.2 a right to request correction or deletion:a Data Subject may also request All Property to –
16.1.2.1 correct or delete Personal Information about the Data Subject in its possession or under its control that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully; or
16.1.2.2 destroy or delete a record of Personal Information about the Data Subject that All Property is no longer authorised to retain records in terms of the GDPR’s retention and restriction of records provisions.
16.1.2.3 On receipt of such a request, All Property is required to, as soon as is reasonably practicable –
16.1.2.3.1 correct the information;
16.1.2.3.2 delete or destroy the information;
16.1.2.3.3 provide the Data Subject with evidence in support of the information; or
16.1.2.3.4 where the Data Subject and Responsible Party cannot reach agreement on the request and if the Data Subject requests this, All Property will take reasonable steps to attach to the information an indication that correction has been requested but has not been made;
16.1.3 a right to withdraw consent and to object to processing: a Data Subject that has previously consented to the Processing of his/her/its Personal Information has the right to withdraw such consent and may do so by providing All Property with notice to such effect at the address set out in paragraph 21. Further, a Data Subject may object, on reasonable grounds, to the Processing of Personal Information relating to him/her/it.
16.2 Accordingly, All Property may request the Data Subject to provide sufficient identification to permit access to, or provide information regarding the existence, use or disclosure of the Data Subject’s Personal Information.
16.3 Any such identifying information shall only be used for the purpose of facilitating access to or information regarding the Personal Information.
16.4 The Data Subject can request in writing to review any Personal Information about the Data Subject that All Property holds including Personal Information that All Property has collected, utilised or disclosed, as well as the following information:
(i) the purposes of Processing;
(ii) the categories of Personal Information concerned;
(iii) where possible, the envisaged period for which the Personal Information will be stored or, if not possible, the criteria used to determine that period;
(iv) the existence of the right to request from All Property rectification or erasure of Personal Information or restriction of Processing of Personal Information concerning the Data Subject or to object to such processing;
(v) the right to lodge a complaint with the Regulator;
(vi) where the Personal Information is not collected from the Data Subject, any available information as to their source; and (vii) the existence of automated Processing, including profiling and, at least in those cases, meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the Data Subject. All Property shall respond to these requests in accordance with the GDPR and will provide the Data Subject with any such Personal Information to the extent required by law and any of All Property policies and procedures which apply in terms of the General Data Protection Regulation (GDPR).
16.5 The Data Subject can challenge the accuracy or completeness of his/her/its Personal Information in All Property records at any time in accordance with the process set out in All Property’s manual developed in terms of GDPR for accessing information.
16.6 If a Data Subject successfully demonstrates that their Personal Information in All Property’s records is inaccurate or incomplete, All Property will ensure that such Personal Information is amended or deleted as required (including by any Third Parties).
17. TIME PERIODS
17.1 All Property will respond to each written request of a Data Subject not later than 30 (thirty) days after receipt of such requests. Under certain circumstances, All Property may, however, extend the original period of 30 (thirty) days once for a further period of not more than 30 (thirty) days.
17.2 A Data Subject has the right to make a complaint to All Property in respect of this time limit by contacting All Property using the contact details provided in paragraph 21 below.
18. COSTS TO ACCESS TO PERSONAL INFORMATION
The prescribed fees to be paid for copies of the Data Subject’s Personal Information are listed in the GDPR Manual.
19. USE OF WEBSITE COOKIES
19.1 Our Website uses cookies, which are small text files sent by a web server to store on a web browser. They are used to ensure websites function properly, store user preferences when needed and collect anonymous statistics on website usage.
19.2 You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to the website. If you accept a “cookie” or fail to deny the use of “cookies”, you agree that we may use your personal information collected using “cookies” (subject to the provisions of this Policy). Where you either reject or decline cookies, you are informed that you may not be able to fully experience the interactive features of our Website.
20. CHANGES TO POLICY
20.1 All Property reserves the right to make amendments to this Policy from time to time and will use reasonable efforts to notify Data Subjects of such amendments.
20.2 The current version of this Policy will govern the respective rights and obligations between you and All Property each time that you access and use our Website.
21. All Property CONTACT DETAILS PHYSICAL & POSTAL ADDRESS
Physical Address: Av. Gaspar Corte Real 198,
Cascais,
Lisboa
Portugal.
Postal Address:
INFORMATION OFFICER: Jeffrey Zive : jdzive@gmail.com
DEPUTY INFORMATION OFFICER: Carlene le Roux connect@alchemy.co.za
If a Data Subject is unsatisfied with the manner in which All Property addresses any complaint with regard to All Property Processing of Personal Information, the Data Subject can contact the office of the relevant Regulator.