Privacy Policy

This privacy policy sets out the terms and conditions applicable to the collection and processing of data gathered through this website or via any interaction with it, in accordance with Regulation (EU) 2016/679 (GDPR) and applicable Portuguese law on data protection and privacy.

This notice covers data collected on this website and also on related platforms (forms, documents, microsites and social networks that refer to this policy). Links to third-party websites or platforms are not covered.

We may update this policy at any time.

Who is responsible for the processing?

A Filstone, Comércio de Rochas, S.A., com sede na Estrada da Pedra Alva, 499,
is the responsible for data handling.

What data are collected?

Only data voluntarily submitted on the website are collected.

Who may be covered by this policy?

a) Website users/visitors;
b) Clients;
c) Candidatos a emprego;
d) Suppliers/partners.

For what purposes do we process data?

a) Communication with clients;
b) Processing requests for information and quotations;
c) Administrative and contractual management;
d) Selection and recruitment of candidates;
e) Newsletter subscription;
f) Distribution of newsletters and commercial communications;
g) Management of events and communications;
Information on services, products, campaigns and other communications.

What are the lawful bases?

a) Consent of the data subject;
b) Legal obligations and legitimate interests of Filstone, balanced against the rights and expectations of data subjects.

How do we collect and store data?

Data are collected via website forms available on the site.

All information in transit is encrypted (TLS/SSL). Certified encryption is used in all site communications.

With whom do we share data?

Filstone does not share personal data except:

a) With public authorities where required by law;
b) With service providers acting for Filstone, under written processor agreements compliant with the GDPR, solely for the stated purposes and with appropriate safeguards.

Where are data stored?

Data are stored on secure servers located in the European Union/EEA, protected and maintained to high security standards and in compliance with data-protection law.

Security: technical and organisational measures

We adopt measures appropriate to risk to protect against unauthorised access, alteration or disclosure,
including:

a) TLS/SSL on all website communications; Logical access controls and least-privilege principles;
b) Procedures to prevent accidental loss or unauthorised alteration; Staff training and confidentiality undertakings;
c) Physical and logical safeguards to ensure integrity and availability; Incident-response procedures.

If a personal-data breach is likely to result in a high risk to rights and freedoms, Filstone will notify the
data subject and the Comissão Nacional de Proteção de Dados (CNPD), as required.

Filstone takes reasonable precautions to ensure that team members with access to personal data receive appropriate training on its proper handling,
in compliance with legal data-protection obligations.
Whenever there is a personal data breach that is likely to result in a high risk to the rights and freedoms of users, Filstone will:

a) Notify the Comissão Nacional de Proteção de Dados (CNPD) within 72 hours of becoming aware of the incident; and
b) Promptly inform the data subject(s) affected.

Retention periods

Data are kept only for as long as necessary for the purposes for which they were collected or to meet legal obligations.

Marketing contact details used solely for electronic communications are retained only for as long as the subscription remains active.

In this case, users may unsubscribe from alerts at any time using the unsubscribe option provided in our newsletters.

Data subjects’ rights

a) Right of access and data portability;
b) Right to rectification, objection and restriction of processing;
c) Right to erasure;
d) Right to lodge a complaint.

Exercising your rights
To exercise the above rights, data subjects must submit a written request to: geral@filstone.com .

We use Cloudflare Turnstile as an anti-abuse mechanism on our forms. This service verifies legitimate interactions without presenting challenges to the user and may process minimal technical data (e.g., IP address and browser information) solely for spam prevention, in line with Cloudflare’s Privacy Policy.

Newsletter

The data provided are treated confidentially and used for email marketing (technical communications, event information, newsletters, service/product offers, promotions/campaigns and other communications). Under the law, subscribers retain the rights of access, rectification, erasure, objection and destruction.

Unsubscribing from the newsletter

Todas as newsletters por nós enviadas por correio eletrónico contêm instruções sobre como pode cancelar a sua subscrição.