The VORTAL Group of Companies is committed to protecting the personal data entrusted to it and to information security, offering maximum guarantees of quality, security and integrity in all its services.

The VORTAL Group of Companies also includes the following companies, as shown in Table 1 below:

Chart 1 – Organizational chart VORTAL Group of Companies

In fact, the Vortal Group Companies provide similar information services, through access to business opportunities or information on the respective market, such as Lead Generation Services, Market Intelligence, eTendering, Project Information, as well as complementary services such as electronic invoicing, digital certification and time stamps.

The Vortal Group of Companies is in turn part of the Byggfakta Group.

The VORTAL Group of companies has been guided by the development of information and communication systems and technologies, pursuing a policy of modernization and ensuring mandatory compliance with the legislation in force.

In this context, information technologies support the mission and objectives of the organization, insofar as they are the basis of its activity, through the existence of physical infrastructure (hardware) and applications (software), where information corresponding to the activities carried out and the services provided is stored, transacted and made available.

Each of the companies that make up the VORTAL Group of Companies acts, as the Controller of the personal data collected or obtained, in accordance with the need-to-know principle, namely for the purposes of providing the services made available, verifying and maintaining quality, testing and operating current systems and those that may be developed, for the period of time strictly necessary to ensure the purpose for which they are intended, or for the duration of the contractual relationship, or for proof thereof, or during which, under the terms of the applicable legislation, it is mandatory to keep them.

For this reason, all information of a personal nature is treated and protected with the utmost diligence, and always in accordance with the law applicable to the country in question and the Regulation 2016/679 of the European Parliament and of the Council of 27.04.2016.

This PRIVACY POLICY explains who we are, for what purposes we may process your personal data, how we process it, to whom we may disclose it, such as customers and/or other Vortal Group Companies, where it may be transferred or where you may access it and what your rights are.

Use of the services provided by the VORTAL Group Companies implies acceptance of the clauses of the respective PRIVACY POLICY, and each VORTAL Group Company is responsible for data processing.

Whenever you have any doubts, you should contact the Data Controller of the respective VORTAL Group Company by the following means:

• VTBD, S.A
  Email: privacidade@vortal.biz
  Postal address: Green Park, R. Gen. Firmino Miguel nº 6B, piso -2, 1600-300 Lisboa, Portugal.
• Vortal, SGPS, S.A.
  Email: privacidade@vortal.biz
  Postal address: Green Park, R. Gen. Firmino Miguel nº 6B, piso -2, 1600-300 Lisboa, Portugal.
• Vortal – Comércio Electrónico, Consultadoria e Multimédia, S.A.
  Email: privacidade@vortal.biz
  Postal address: Green Park, R. Gen. Firmino Miguel nº 6B, piso -2, 1600-300 Lisboa, Portugal.
• Academia Vortal – Formação e Inovação, Unipessoal, Lda.
  Email: privacidade@vortal.biz
  Postal address: Green Park, R. Gen. Firmino Miguel nº 6B, piso -2, 1600-300 Lisboa, Portugal.
• Armilar Business Services, S.L.
  Email: privacidad@armilar.biz
  Postal address: C/ José Echegaray 8 – Edificio 3, Planta Baja, Parque empresarial Alvia
  Rozas de Madrid (LAS) 28232-Madrid, Spain.
• Vortal Connecting Business S.A.
  Email: protecciondatos@vortal.biz
  Postal address: C/ José Echegaray 8 – Edificio 3, Planta Baja, Parque empresarial Alvia
  Rozas de Madrid (LAS) 28232-Madrid, Spain.
• Internet Construdata 21, SAU
  Email: privacidad@construdata21.com
  Postal address: C/López de Neira 3, Oficina 310-311-312, 36202 – Vigo (Pontevedra – España).
• Nexus Information Tecnology S.A.
  Email: privacidad@nexus-it.es
  Postal address: C/ José Echegaray 8 – Edificio 3, Planta Baja, Parque empresarial Alvia
  Rozas de Madrid (LAS) 28232-Madrid, Spain.

FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA?

1. Communication of Products, Services and Sales (Communications or sale of new products or services; updates on your Services; Guides and Tips on using the Platform and contracted Services; Alerts on opportunities relevant to your business; Training offers and other special offers; Analysis and definition of consumer profiles; Adaptation and development of new products or services; Research and processing of analytical information (Big Data Analytics); as well as communication of events and webinars)

2. Customer Management and Service Provision (Completion of service registration forms on the respective websites; Management of contacts, information or requests; Management of installation, activation or deactivation; Management of complaints or faults; Management of invoicing, collection and payments; Management of customer experience; Evaluation of customer satisfaction through surveys; Recording of calls for proof of commercial transactions and communications within the scope of the contractual relationship; Recording of calls for monitoring the quality of service)

3. Accounting, tax and administrative management (accounting, invoicing; tax information, including sending information to the Tax Authority)

4. Litigation Management (judicial and extrajudicial collection)

5. Network and systems management (support and improvement of networks and applications that support the service; monitoring, improvement and support of the service; verification and maintenance of quality, testing and operation of current systems and those that may be developed)

6. Compliance with legal obligations (Includes the processing of personal data necessary to comply with legal obligations, such as accounting, tax or document retention obligations)

7. Information security control (Access and log management; Backup management; Security incident management)

8. Human resources management and recruitment and selection of employees (via email to recruitment@vortal.biz; application forms; CV processing; salary processing, etc.)

Your personal data will not be used for purposes other than those described in this Policy without your prior information or, where appropriate, consent.

DATA WE COLLECT

Each of the companies that make up the VORTAL Group of Companies collects, stores and uses personal data for the provision of its services, which are mainly promoted on the electronic platforms and other Services under its management.

Only the data strictly necessary for the provision of the services in question will be collected and requested by each of the Companies that make up the VORTAL Group of Companies, in accordance with the explicit information on the platform and the User’s options.

Each of the companies that make up the VORTAL Group of Companies only collects data that is appropriate, relevant and limited to what is strictly necessary in relation to the purposes for which it is processed, namely:

a) Clients, Client Employees, Counterparties, Suppliers, Partners, Employees: identification data, professional data, professional activity or accounting data, of the individual, in the case of natural persons, or of their representatives, in the case of legal persons, such as the name of the representative and respective User(s), e-mail address, telephone contact, position and functions, as well as any other personal data whose processing is strictly necessary for the performance of the contract or for compliance with legal obligations;
b) Contact requests: identification data such as name, email address and telephone contact;
c) Newsletter subscription: email address;
You can choose not to receive newsletters, commercial campaigns or any other communication related to the Products, Services and Sales of each of the Companies that are part of the VORTAL Group of Companies, which you can always exercise through the available email marketing tools used by the respective Company that is part of the VORTAL Group of Companies.
d) Applications: identification data such as name, email address and any data contained in the Curriculum Vitae.

We collect personal data about natural persons who, (i) in the context of their professional activity, use our services and website (Users), (ii) submit applications for recruitment vacancies (Candidates), (iii) our Employees, (iv) as well as our Clients’ representatives (including potential Clients).

Most of this data is provided to us directly by the User/individual when they contact us, submit an application, attend an event in person, participate in telephone conversations or contact us about our Services.

We may also obtain your personal data through other means and sources, such as professional social networks like LinkedIn. 

All employees of each of the companies that make up the VORTAL Group of Companies, regardless of the type of existing relationship, who process personal data are legally and contractually obliged to keep it confidential, namely not being able to disclose or use it, unless there is a legal obligation or court order.

The VORTAL Group of Companies may also process personal data provided by the Customer and/or service user when they use services using Artificial Intelligence Solutions.

The Customer and/or User of the Services of the VORTAL Group of Companies who chooses to use artificial intelligence solutions shall be responsible for all information and/or data transmitted and shared, and shall undertake to make responsible and prudent use of said Solutions, (i) refraining from providing any personal data other than that which is strictly necessary for the use of said tools, (ii) not using or disclosing Confidential Information or information that is protected by Copyright and Intellectual Property.

In the Solutions that it develops using Artificial Intelligence, the VORTAL Group of Companies will ensure their responsible use and compliance with the regulations on artificial intelligence, with a view to building an ethical and trustworthy artificial intelligence, keeping the information, in particular, for the purposes of providing the services made available, verifying and maintaining the quality, testing, operation and interconnection of the systems, creation of queries and procedures, research, analysis and improvement of the models of the available Solutions.

Protecting data privacy in the age of artificial intelligence is a priority for the VORTAL Group of Companies, in order to guard against any lack of regulatory compliance and/or cybersecurity attacks, to which end it will take proactive measures to protect data privacy, such as, the implementation of strong data quality and security protocols, ensuring that the data in question is only used for the intended and authorized purpose, and the development of transparent, impartial and fair systems that allow for the explanation, inspection and reproduction of decisions and the use of the data in question with respect for fundamental rights.

HOW WILL MY INFORMATION BE USED? (Legitimacy for the processing of your data)

Your data will only be processed if one of the following situations applies:  

1) The processing of personal data of Customers, Suppliers, Partners and Employees, the legal basis will be the performance of a contract and the fulfillment of legal obligations, as provided for in Article 6(1)(b) and (c) of the GDPR.

The processing of the personal data of Clients, Client Employees, Counterparts, Suppliers, Partners and Employees is intended for any purpose directly related to the execution of the respective contracts or the fulfillment of legal obligations, namely recruitment, hiring, contract management, job management, accounting, commercial activity, client management, communication, presentation of proposals.

2) The processing of personal data for purposes other than those mentioned above, namely personal data collected through the website of the respective VORTAL Group Company or following the sending of emails with contact requests, depends on the consent of the data subjects, as provided for in Article 6(a) of the GDPR.

3) Data that are necessary for the purposes of the legitimate interests pursued by the respective VORTAL Group Company, provided that they do not prevail over the interests or rights, freedoms and guarantees of the data subject.

It should be noted that, with regard to electronic communications to Customers and/or Users, it is important to clarify the distinction that will be made depending on whether or not there is a previous contractual service relationship with the Customer in question or use of the Services. This will be the case:

A. If there is already a contractual service relationship with the Customer or use of the Services, the basis for processing their personal data will be different depending on the promotional content; Thus,

(i) If the marketing communications concern products or services similar to those previously purchased by you as a Customer and/or User, your consent is not required.

In the context of the contractual relationship of services or use of the Services, it is permitted to use the contact details of its Customers (obtained in the context of the transaction or use of a particular product or service) for direct marketing purposes, when it concerns products or services similar to those transacted by Vortal Group Companies. In this case, the basis for processing personal data is the legitimate interest of the Data Controller.

(ii) If the marketing communications concern products or services other than those previously purchased by you as a Customer and/or User of the Services, the respective VORTAL Group Company must obtain your prior express consent;

B. If there is no prior legal relationship between you and the VORTAL Group of Companies – contractual relationship or use of the Services – marketing communications will only be possible with your prior express consent.

Your personal data will not be used for purposes other than those described in this PRIVACY POLICY without your prior information or, where appropriate, consent.

Your data will be processed by the VORTAL Group of Companies applying appropriate technical and organizational measures to ensure a high level of security, under the terms of the GDPR.

HOW LONG WILL YOU KEEP MY INFORMATION?

Your personal data will be kept for the minimum period of time necessary and proportionate for the purposes described above.

In the case of employees, their data will be kept for the purposes of complying with the legal obligations of the VORTAL Group of Companies.

As for legal representatives and contact persons, their data will be kept for the duration of the contract or any of its obligations and, thereafter, for the period necessary to comply with legal obligations or if necessary for the declaration, exercise or defense of a right in legal proceedings.

PERSONAL DATA SECURITY

The VORTAL Group of Companies, in the pursuit of its activities, uses a set of physical and logical security technologies and procedures, suitable for the protection of your personal data, protecting unauthorized access or disclosure, namely: 

• Access control (logical and physical)
• Authentication and access management
• Data encryption
• Segregation of profiles
• MF Authentication
• Daily and incremental backups
• 3 levels of Firewall
• Clear screen policies and acceptable use of assets
• Segregation of productive and non-productive environments
• Malicious code control
• Malicious software precautions
• Vulnerability management
• Incident Management
• Alerts and monitoring of events and incidents
• Pentesting
• Disaster Recovery
• Secure Development Policy
• Cryptographic policies
• Collection, maintenance and protection of logs and audit evidence on the platform
• Infrastructure monitoring
• VPN (site to site)
• TSA services
• 95% high availability infrastructure
• Patches update
• Risk Management
• Data masking.

WILL MY INFORMATION BE SHARED WITH OTHERS?

Your information may be disclosed:

Within the Vortal Group of Companies and Byggfakta Group – The VORTAL Group of Companies is part of a multinational business group. Therefore, your personal data, including the processing of personal data of customers or employees, may be processed for internal administrative purposes by other companies in the group, provided that the respective legitimacy is observed, in the context of shared services between Vortal Group Companies and for internal reporting purposes. In addition, the sharing and processing of personal data may also be necessary to improve the offer of services, carry out satisfaction surveys of Services and offer similar or complementary services to its Customers and/or Users of Services. Personal data may also be shared and processed between Vortal Group Companies, if this is necessary and assumed when the Customer contracts a certain Service, and the Customer is informed that the Service in question presupposes the sharing and processing of personal data with a certain Vortal Group Company.

• To third party service providers of the VORTAL Group of Companies – When necessary, third parties will be used to provide services, which may have access to your data.
• To Public Authorities – Under the terms of the applicable law, the Vortal Group of Companies is obliged, in particular, to disclose data to the Finance, Social Security and judicial authorities.

In accordance with this PRIVACY POLICY, the processing of your personal data may involve the transfer of such data to other countries. However, the transfer of personal data by the Vortal Group of Companies will always be within the terms of the Personal Data Protection Regulation and the adoption of the standard data protection clauses adopted by the European Commission.

WHAT ARE MY RIGHTS?

We inform you that you can exercise the following rights:

• The right of access to your personal data in order to know which data is being processed and the processing operations carried out on it;
• The right to rectify any inaccurate personal data;
• The right to have your personal data deleted, where possible;
• The right to request the restriction of the processing of your personal data when the accuracy, legality or necessity of the processing of the data is doubtful, in which case we may retain it for the exercise or defense of claims;
• The right to the portability of your personal data, when the legal basis that enables us to process it is the contractual relationship or consent;
• The right to object to the processing of your personal data, when the legal basis for processing is legitimate interest. For these purposes, we will stop processing your data unless we have a compelling legitimate interest, or for the establishment, exercise or defense of claims.
• The right to revoke their consent at any time.

The Customer and/or User undertakes to keep their data up to date and the VORTAL Group of Companies undertakes to fully comply with its obligations under the law in force with regard to the protection of personal data and the rights that derive from this for its holders.

To exercise your rights, please contact the respective Personal Data Controller, through the privacy contacts of each of the VORTAL Group Companies mentioned above, indicating the right you wish to exercise and your identifying data, as well as the respective grounds. You may be asked to provide proof of your identity in order to ensure that personal data is only shared with its owner.

Your requests will be treated with special care so that we can ensure that your rights are upheld. You should be aware that in certain cases, under the terms of the applicable law, your request may not be met immediately or in full. In any case, you will be informed of the measures taken within 30 (thirty) days of your request being made.

You also have the right to lodge a complaint with the national supervisory authority of the country in question.

AMENDMENT TO THE SECURITY AND PRIVACY POLICY

This policy, which you should read carefully, may be altered from time to time, with the alterations taking effect from the date on which they are published on this website, with express reference to the date on which they are updated.

Version 5.0. Updated on 1/04/2024.