Privacy Policy

1. Background

This Privacy Policy establishes a commitment of Surforma, S.A. (Surforma)  with its stakeholders (e.g. clients, employees, suppliers, shareholders and investors) as regarding the protection of the personal data it is responsible for, with the aim of strengthening and consolidating a trustworthy and close relationship, through clear and transparent communication about the use of these data, the rights of the respective owners and how they can exercise such rights.

Surforma strictly complies with the principles described in this policy, Regulation (UE) 2016/679 (General Data Protection Regulation) and the applicable data protection legislation in all activities that involve the processing of personal data under its responsibility.

The Privacy Policy is included in the personal data protection’s framework of Surforma, which outlines the rules and procedures for the management of the safety and privacy of the personal data.

Surforma processes the personal data through the use of multiple operational and technical means to support its business activities.

a. Goals

The Privacy Policy, as a communication tool, has the following goals:

b. Scope of application

The Privacy Policy applies exclusively to the personal data processed by Surforma, within the defined purposes. For the purposes of this policy, personal data is defined as any information relative to an individual who is identified or identifiable (owner of the data). The owner of the data is deemed identifiable if he/she can be identified directly or indirectly, namely through an identification number or through specific characteristics of his/her physical, physiological, genetic, mental, economic, cultural or social identity.

c. Maintenance, communication and application of the policy

The Privacy Policy should be reviewed annually, when circumstances change and whenever legislative changes occur, to ensure it is updated and suitable to the applicable laws and regulations. The proposals to revise the policy and supervision of its application and compliance are under the responsibility of the Surforma competent governing body.

This policy should be known by all the Surforma’s employees and should be disclosed to its stakeholders, in any situation involving the processing of their personal data, through the appropriate channels, namely the Surforma’s website. 

2. Contents of the Privacy Policy

a. Our Privacy Commitment

Surforma carries out its business based on trust and transparency. This commitment is reflected in the daily relationship with our clients, employees and suppliers and other stakeholders. The privacy and safety of the data entrusted to us is a priority for us.

We undertake to collect, store, process, transmit or eliminate personal data with transparency and use only data which are essential to maintain the commercial relationship. We shall inform you how we use your personal data and for what purposes, ensuring that we collect, share and store your personal data in accordance with the best practices as regards the safety and protection of the personal data. 

When your personal data are collected, stored, processed, transmitted or eliminated by other entities, we demand the same level of privacy and safety.

We want you to feel confident that your personal data are safe with us, as we are constantly committed to protect your privacy and we take our responsibility to protect your personal data extremely seriously.

Whenever you have any doubt about how we use your personal data, we are available to help through the following e-mail address: dataprotection@surforma.com. 

b. Who is Responsible for Your Personal Data

Surforma is responsible for processing your personal data under the terms of the General Data Protection Regulations and the complementary legislation concerning protection of personal data in countries where it operates.

Surforma belongs to the SC Industrials Group, meaning that your personal data may be transmitted and processed by any of the Group’s companies. 

c. Personal Data that We May Collect

In this Privacy Policy, the term “Personal Data” means all the information related to you and which allows us to identify you directly or indirectly. Your personal data may include, for example, your name, fiscal number and contact details (physical and/or electronic).

We may also receive your personal data from other companies, namely when they collect, process or store these data in fulfilment of a service provision contract.


d. How and Why Do We Use Your Personal Data?

We use your personal data only when strictly necessary for our relationship. 

e. How Long Do We Retain Your Personal Data? 

We retain your personal data only for the time needed to fulfil the aims defined in our relationship and to comply with law.

Once the maximum retain period is reached, your personal data will be anonymised or securely destroyed/deleted.

f. Who May We Share Your Personal Data With?

In some cases we may disclose your personal data to other entities, as part of the services such entities provide. In these cases, we demand that appropriate security measures are in place to protect your personal data. 

Your personal data may be shared with companies belonging to the Group wich Surforma is a member which will inform you whenever this occurs.

When required by law, we may have to disclose your personal data to the authorities or third parties.

In the case of transfer of or access to your personal data by suppliers or service providers based outside the European Union, we guarantee that your personal data will be processed in accordance with the appropriate security and protection measures, compatible with the ones we implement.

g. How Can You Exercise Your Personal Data Protection Rights?

In certain circumstances, you are entitled to access or request:

i. Additional information about how we use your personal data;
ii. Your personal data;
iii. That we transmit the personal data you supplied to us to another entity;
iv. An update of your personal data;
v. Deletion of your personal data;
vi. The non-processing of your personal data;
vii. Restricting how we use your personal data as we correct or clarify possible doubts about its content or about how we use the data;
viii. The provision of a channel to dispute automated decisions made based on your personal data profiling.

You are also entitled to withdraw or change, at any time, the permission you gave us to use your personal data.

An exception to exercising these rights occurs when your personal data are used to safeguard the public interest, namely in cases of detection and prevention of crimes, or when they are subject to professional confidentiality.

To exercise your personal data protection rights or whenever you have a question about how we use your personal data, please contact us using the e-mail dataprotection@surforma.com.
If you are not satisfied with how we use your personal data or with our response to your request to exercise your rights, you can make a complaint to the competent regulatory authority.

h. Cookies

Surforma uses websites cookies to improve the navigation experience of our site users, leading to quicker and more efficient responses and ending the need to repeatedly input the same information.  

i. How Do We Protect Your Personal Data? 

We have a range of information security measures, in line with the best national and international practices, to protect your personal data, including technological checks, administrative, technical and physical measures and procedures that guarantee the protection of your personal data, preventing them from improper use, and non-authorised access and disclosure, loss and improper or inadvertent alteration, or their non-authorised destruction. With regard to information security, we make the same commitment to continuous improvement as we do in our day-to-day business.

Among others measures, we highlight the following:

i. Access to your personal data is restricted to those who need them for the specific purposes outlined above;
ii. Storage and transfer of personal data using safe means only;
iii. Protection of the information systems using devices that prevent non-authorised access to your personal data;
iv. Implementation of mechanisms that ensure the complete safety and quality of your personal data;
v. Permanent monitoring of the information systems, to prevent, detect and avoid the improper use of your personal data;
vi. Redundancy in the storage equipment, processing and communication of personal data, to avoid unavailability.

When required by law, we may have to disclose your personal data to the authorities or third parties, and in these cases our control over how your personal data is protected is limited.

j. Updates to this Privacy Policy

This Privacy Policy may be updated whenever necessary, being the information released through the appropriate channels, namely the Surforma’s website.

3. Legal Information

Company: Surforma, S.A.

Headquarters: Lugar do Espido Via Norte, Maia 

Commercial Registration of Maia Tax number 501 645 900

Share Capital: 6.000.000€