I. INTRODUCTION
Our website, accessible at www.cleocare.pt, is developed, operated, and maintained by Glooma Lda., which acts as the Data Controller.
Glooma is fully committed to protecting your privacy and personal data while offering you the best possible user experience. We strictly comply with the GDPR, which governs the protection of individuals regarding personal data processing and its free movement.
This document explains how we process your data to manage the website, contractual relationships, information requests, and our daily operations, including compliance with legal obligations and service improvement.
II. KEY PRINCIPLES
Our Privacy Policy is based on the following principles:
- Only authorized individuals access personal data for authorized purposes.
- Your privacy is essential in everything we do.
- We consider data security a top priority, regularly reviewing it based on technological advancements.
III. DEFINITIONS AND DATA SUBJECT INFORMATION
Who is the Data Controller?
Glooma Lda., located at Edifício Genaration, Praça Conde de Agrolongo nº 123, 4700-312 Braga, NIPC 516497782. Contact: rgpd@cleocare.pt.
What is Personal Data?
According to the GDPR, personal data is any information relating to an identified or identifiable individual, such as a name, ID number, location data, online identifier, or other personal attributes.
How do we collect your data?
We collect personal data via phone, email, our website, or in writing—usually in contractual or pre-contractual contexts. We only collect the data strictly necessary to deliver our services.
Types of data collected:
- Identification data (name, date of birth, nationality)
- Contact details (address, phone number)
- Professional details (job title, company)
- Academic and work experience
- Billing information (e.g., tax ID)
- Visual/audio records (e.g., meeting footage)
Data is stored securely and only processed for the stated and lawful purposes.
IV. DATA PROCESSING PRINCIPLES
We follow these principles:
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimization
- Accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
V. PURPOSES OF PROCESSING
We process data to:
- Identify you as a client
- Provide requested services/information
- Invoice and manage accounts
- Notify you of service changes
- Comply with legal obligations
- Send promotional materials (with consent)
- Improve user experience
- Manage contractual relationships
- Tailor services to your needs
VI. DATA RETENTION
We retain data only as long as necessary for processing purposes and legal archiving requirements.
VII. DATA SUBJECT RIGHTS
You have the right to:
- Confirm whether data is being processed
- Access, rectify, or delete your data
- Restrict or object to processing
- Port your data
- Withdraw consent
- File a complaint with CNPD (www.cnpd.pt)
Contact: rgpd@cleocare.pt
VIII. DATA SECURITY MEASURES
We implement appropriate technical and organizational measures to ensure data security, prevent unauthorized access, and safeguard confidentiality and integrity.
IX. PERSONAL DATA BREACH
If a breach occurs, we will:
- Notify CNPD if there's a risk to individuals’ rights
- Inform affected users when there’s a high risk
- Document all breaches, impacts, and mitigation steps
X. DATA PROTECTION IMPACT ASSESSMENTS
We conduct assessments when processing poses high risks and consult CNPD if necessary.
XI. DATA SHARING AND INTERNATIONAL TRANSFERS
We may share data with third-party processors under strict contractual safeguards. International data transfers will only occur with entities offering GDPR-level protection.
XII. POLICY UPDATES
We reserve the right to change this policy without notice. Updates will be posted on our website. The Regulatory Affairs Officer is responsible for ensuring GDPR-compliant updates.
