Moneris Group Data Protection

The Moneris group is now a global organisation, attentive to the reality of companies and institutions, their socio-economic context and the challenges and opportunities they encounter, in the different markets where they operate.

We intend to be recognized for the excellence of the services we provide and seek, at every moment, to create value to our customers and exceed their expectations.

We are determined to contribute decisively to the promotion and development of our clients’ projects and businesses, relying on the determination and commitment of a vast and multidisciplinary team of professionals, who work in the most different management areas.

Gifts from north to south of the country, with more than 20 offices and 300 employees.

We are a leading group in the provision of accounting services, consulting and management support in Portugal, with approximately 4,000 clients.

The multiplicity of National and Community Legislation to which the Moneris Group is subject and the rigour, requirement and responsibility that the activities carried out by the Moneris Group require, justifies from the outset the creation of a Policy on the Protection of Data, not only for strict compliance with the legal standards in force, but also for each Employee to adopt conduct consistent with the high ethical, quality and rigor standards that the Moneris Group requires.

The adoption of Regulation (EU) 2016/679 of the European Parliament and the Council, 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data (General Data Protection Regulation – “Regulation” or “GDPR”), and consequentneed to adapt processes and methodologies applicable to how personal data will be processed, it makes it essential to know the rules which, from 25 May 2018, apply the processing of personal data.

The Moneris Group’s Data Protection Policy (hereinafter “Politics”), is a document directly designed for all our Clients, whose main purpose is to transmit the rules for the processing of personal data, the purpose of its collection and the way they are processed, in the wake of the provisions of personal data protection legislation and the Regulation which will soon enter into force.

This document contains the identification of the set of principles governing the activity of the undertakings that are part of the Moneris Group (hereinafter “Moneris” or “Group”), as well as a set of procedural, ethical and deontological rules to which the Members of the Statutory (hereinafter “MoE”) and all its Employees are linked, always combined with the legal provisions regarding the protection of personal data.

This Policy also intends to convey Moneris’ high standards of action and conduct and also at the level of the relationship between MoE, Employees, Customers, Suppliers, Shareholders, Official Entities and Partners, and Community contributing transparency of its activity, so that it can be seen as a reference policy of excellence, transparency, honesty, commitment and rigour.

This document is subject to periodic reviews in order to ensure its continuous improvement and legal and regulatory compliance.

  • “Personal Data” should be understood information relating to an identified or identifiable natural person (data subject); a natural person who can be identified, directly or indirectly, is considered identifiable, in particular by reference to an identifier, such as a name, identification number, location data, identifiers electronically or to one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Examples of personal data:
    • Name;
    • Identification number (BI, NIF, driver’s license, Passport);
    • Identification and location addresses (Physical such as email address: email address, web page, Facebook page, etc…);
    • Biometrics (Height, weight, various physical connotations, Genetics);
    • Health (Syndromes, diseases, Physical or mental performance, Diagnostic data such as blood pressure or ECG);
    • Economic;
    • Cultural;
    • Religious;
    • Social;
    • Politicians;

In terms of the rights of data subjects, the Regulation gives the holders of personal data subject to processing a set of rights that must be safeguarded by the data controller. In order to have full information on the rights of personal data subjects, we have made a brief exposure about each of them:

I. Right of Access
Data subjects have the right to know whether or not personal data concern them are being processed, whether the data has been transmitted to another entity, as well as accessing their data and all information relating to processing processes. In other way, data subjects are entitled to obtain information about personal data that is processed and information about them, such as the purposes of the processing and what time limits for the retention of personal data are. In principle, the right of access must be free, however, fees may be created to allow such access in the case of unfounded or excessive requests;
Ii. Right of Rectification
Data subjects are guaranteed the right to obtain rectification of their personal data that is outdated, incorrect or incomplete.
Iii. Right of Erasure
Also referred to as “the right to be forgotten”, gives data subjects the right to request the data controller to erase their data. Data subjects, within the limitations established by law, are guaranteed the right to obtain the deletion of their personal data provided that:
• The data prove unnecessary for the purposes for which they were collected or processed;
• The holder withdraws consent when the processing is necessarily based on it and there is no other legal basis for the processing of the data;
• The holder opposes the processing of personal data used for automated and/or profiling purposes;
• When personal data has been unlawfully processed. It should be noted that there are limitations on the right to erasure, in particular those relating to data retention periods for reasons of public interest, national security, billing, commercial, tax and others.
Iv. Right to Limitation of Treatment
In parallel with the right of deletion, the right to limitation of the processing arises, i.e. the data subject has the right to require the limitation of the processing dose of his personal data in the following situations: • Contest the accuracy of personal data, during a period enabling the controller to verify its accuracy; • The processing is unlawful and the data subject opposes the deletion of personal data and request, on the other hand, the limitation of its use; • The controller fails to specify personal data for processing purposes, but such data is required by the holder for the purpose of declaring, exercising or defending a right in judicial proceedings; • If you have opposed the processing until it is found that the legitimate reasons of the controller prevail over those of the data subject.
v. Data Portability Right
The right of portability gives the holders of personal data the right to request the person responsible for their processing, their personal data, in a common use format and even their transfer to another controller, provided that this is technically possible.
Saw. Right of Opposition and Automated Individual Decisions
The data subject has the right to object at any time, for reasons relating to his particular situation, to the processing of personal data concerning him, which is based on legitimate interests or public interest, including the definition of profiles based on these provisions.

The processing of personal data consists of an operation or set of operations carried out on personal data or personal data sets, through automated means or not, in particular the collection, registration, organisation, structuring, conservation, adaptation, recovery, consultation, use, dissemination, dissemination, comparison, interconnection, limitation, erasure or destruction.
The Regulation lays down stricter rules on the processing of special categories of personal data – e.g. racial or ethnic origin, political opinions, religious or philosophical convictions, trade union membership, health data or data related to sexual life or sexual orientation – maintaining law and consent as sources of legitimacy.
The principles of legitimacy, loyalty, transparency, purpose and accuracy are expressly referred to. In terms of the rights of data subjects, the rights of information, access, rectification, opposition are in force, establishing the general principle of interdiction of automated individual decisions.

There are situations that legitimize the processing of personal data. Moneris will process personal data exclusively in the following situations:

Legitimate interest
There is a situation of legitimate interest where data processing is necessary for the purpose of the legitimate interests pursued by Moneris or third parties, unless the interests or fundamental rights and freedoms of the holder require the protection of personal data, in particular if the holder is a child, such as the processing of data to ensure the maintenance of contracted services, for the improvement of the quality of services, for fraud detection;

Hiring and Pre-Contracting
Where the processing is necessary for the performance of a contract in which the data subject is a party, or for pre-contractual proceedings at the request of the data subject.

Consent arises as a legitimising of the processing of personal data, however, there are requirements for it so that it can be taken into account. In order to make it valid, consent must be a free, specific, informed and explicit manifestation of will, whereby the data subject accepts, by means of a statement or unequivocal positive act, that the personal data concerning him be treatment object. Consent may be provided through validation when visiting moneris’s website by selecting the technical parameters for the services of the information society or by another statement or conduct that clearly indicates in that context that accepts the proposed processing of your personal data. Silence, pre-validated options or omission shall not constitute a form of consent;

Compliance with a legal obligation
The processing of data shall also be lawful, where it is necessary for the fulfilment of a legal obligation to which Moneris is subject;

Purpose Example of Purposes
Marketing Your personal data will only be processed for this purpose by providing consent in the context of a newsletter and dissemination of new products and services. If you consent, you will receive information via email.
Accounting and Tax Advisory In this sector in particular, Moneris will process your personal data for the sole purpose of preparing your accounting and providing you with tax advice, whether under the organized accounting regime or under the simplified regime. Economic and accounting management, tax management, administrative management, billing management and the completion and delivery of VAT statements are some examples of purposes for which your personal data will be processed.
Training Moneris will process your data for
the following purposes: -Management
of Trainees and Trainers; -Attendance Control;
-Certification and Accreditation.
Pre-Litigation and Litigation Management If there is a litigation or pre-litigation situation, Moneris will process your data for judicial and extrajudicial claims and management of other conflicts that may arise.
Human Resources As one of Moneris’s main sectors of activity, in human resources services your personal data will be processed for the purposes of wage processing, vocational training, human resources management and personnel selection and recruitment.
Compliance with legal obligations Where this proves necessary your personal data will be processed for compliance with court orders, responses to judicial entities, regulatory entities and supervisory entities.

The period of time during which your personal data may be stored and stored varies depending on the purpose for which personal data has been provided and will be processed. It should be borne in mind that there are legal rules requiring you to retain personal data for a certain period of time. Thus, where there is no legal requirement for the retention of your personal data, they will be stored and retained only for the period necessary for the pursuit of the purposes that motivated their collection or subsequent treatment, in the defined by law or until your consent is revoked. Here are some examples of storage period and storage of your personal data:
• The maximum period for the retention of data with tax relevance is 10 (ten) years from the date of termination of the Contract, as stipulated in Article 123(4) of the IRC Code (Drafting of Law No 7-A/2016 of 30 March, applying to periods of taxation starting from 1 January 2017);
• The maximum period for the retention of documentation with relevance in the field of work shall be 10 (ten) years counted since the date of termination of the Contract, also as stipulated in Article 123(4) of the IRC Code.
• The maximum period of retention of personal data contained in correspondence, bookkeeping and documents relating to it is 10 (ten) years, in accordance with Article 40 of the Commercial Code, with the wording given by Decree-Law No. 76-A/2006 of 29 March.
• The retention period of personal data relating to records of working times and work records provided to compensate for periods of absence from work, is 5 (five) years, as stipulated in Article 202 of the Labour Code.
• The retention period of personal data relating to Occupational Accident Insurance and occupational diseases (payrolls to The Worker from which the name is contained, profession, days and hours of work, retributions and other benefits which review the character of regularity or copies of sheets and retributions referred to Social Security), is 5 (five) years, according to Article 16(b) of Rule No 12/99 R of 8 November, with the amendments introduced by Standards No 11/2000 R of 13 November 16/ 16/ 2000 R of 21 December and 13/2005 R of 18 November (uniform occupational accident insurance policy for employees)
• The maximum retention period of the other personal data is 18 (eighteen) months from the date of termination of the Contract.

Your personal data is collected upon the provision of your consent, as a rule, at a pre-contractual stage designed to obtain our services. The collection of your personal data will always be done in writing upon prior provision of consent. Some personal data are indispensable for the performance of the contract and, in the event of lack or failure thereof, either by default or by refusal to make them available, Moneris does not guarantee the provision of the service that is concerned nor may it be subject to any accountability. The personal data collected may be processed electronically and in an automated or non-automated manner, ensuring in all cases strict compliance with personal data protection legislation, being stored in specific databases, created for this purpose and, in no situation, the data collected will be used for a purpose other than that for which the data subject was collected or given consent.

The person responsible for the collection and processing of your personal data will be Moneris – Management Services, S.A. (or other belonging to the Moneris Group), which provides you with the contracted service and within the scope of the data collected, determines the purposes and means of processing personal data. The measures to be implemented shall take into account the nature, scope, context and purposes of data processing, as well as the risk it may entail for the rights and freedoms of natural persons.
The Data Protection Officer
The Data Protection Officer, also referred to as the “Data Protection Officer” (“DPO”), plays a key role in that it is responsible for ensuring that Moneris fulfils all legal obligations under the GDPR, being the point of contact of the Moneris with the CNPD and acting as a mediator with the personal data subject. As far as Moneris concerns, the DPO checks compliance with this Policy and defines clear rules for the processing of personal data. The Moneris Data Protection Officer performs the following functions:
(a) informs and advises the controller or processor, as well as workers and other employees who treat the data, regarding their legal obligations;
(b) controls compliance with the GDPR and other applicable data protection provisions;
(c) advise so, where requested, with regard to the impact assessment on data protection and controls its implementation;
d) Cooperates with the CNPD;
e) It is the point of contact for the CNPD on data processing issues.
For questions related to the processing of your personal data you should contact us through the following means:
Phone: 210 316 400
Address: Rua Dr. António Loureiro Borges, no. 1 – 2, 1495- 131 Algés
Email: privacy@moneris.pt

Scroll to Top