top of page

Privacy Policy
LEGAL INFORMATION ON DATA PROTECTION

Anti-Corruption and Bribery Policy
At AMG SERVICES, S.A., hereinafter referred to as AMG, we handle your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and Council, dated April 27, 2016, also known as the General Data Protection Regulation (“GDPR”) and other applicable legislation, to ensure your trust. We adhere to the highest standards of privacy and will only use your personal data for clearly identified purposes, in accordance with your data protection rights. The confidentiality and integrity of your personal data is one of our main concerns and forms the foundation of our actions.

This document contains general rules on privacy and personal data processing, as well as more detailed information about the personal data, the purposes, the legal grounds for processing, and the rights granted by the General Data Protection Regulation (“GDPR”) to the data subjects regarding their personal data in relation to AMG.

​

Definitions:

  • Personal Data – Any information related to an identified or identifiable natural person (“data subject”); a natural person is considered identifiable if they can be identified, directly or indirectly, by means such as a name, identification number, location data, electronic identifiers, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

  • Processing – Any operation or set of operations performed on personal data or sets of personal data, by automated or non-automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or any other form of availability, comparison, or interconnection, restriction, erasure, or destruction.

  • Data Controller – The natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of processing personal data; where the purposes and means of processing are determined by Union or Member State law, the controller or specific criteria for its appointment may be provided by Union or Member State law.

  • Personal Data Breach – A security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access to personal data transmitted, stored, or otherwise processed.

  • Processor – A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

  • Third Party – A natural or legal person, public authority, agency, or body that is not the data subject, the controller, the processor, or persons authorized under the direct authority of the controller or processor.

Privacy Policy

This Privacy Policy outlines how AMG processes the personal data of its clients, potential clients, subcontractors, third parties, employees, and potential employees in relation to the negotiation and contractual relationship, contact through the website and social media platforms of the organization.

​

I. Personal Data Subject to Processing

To comply with the obligations established under contractual relationships with clients, potential clients, subcontractors, and third parties, AMG processes the following general personal data: name, date of birth, age, taxpayer identification number (NIF), social security number (NISS), citizen card number, passport and/or residence permit, marital status, address, phone number, email address, and IBAN. AMG does not process sensitive personal data.

In the relationship with employees and potential employees, AMG processes the following general personal data: name, date of birth, age, NIF, NISS, citizen card number, passport and/or residence permit, marital status, address, phone number, email address, IBAN, family status, academic qualifications, photograph, employee number, date of admission, job title or role. AMG processes sensitive personal data, including fingerprints for attendance control.

AMG also collects personal and anonymized data through its website and social media platforms, which is either directly provided by the data subject or collected during their access to these platforms. Personal data is collected when the user contacts AMG directly for inquiries, to purchase products or services, or to request support. Anonymized data is collected when a data subject visits our digital platforms.

II. Purposes of Processing

The personal data processed by AMG is requested for specific purposes related to employment, commercial, or contractual relationships.

  • Client, potential client, subcontractor, and third-party data is processed for the execution and management of commercial contracts, invoicing, budget requests, contract awards, and access authorization requests to client facilities.

  • Employee data (often provided through a job application or CV submission) is processed for recruitment, contract execution, salary processing, attendance management, insurance contracts, and other related purposes.

III. Legal Grounds for Processing

The personal data processed by AMG is handled in a lawful, fair, and transparent manner. The GDPR stipulates that processing is lawful only if one of the following conditions is met:
i) Consent
ii) Execution of a contract or pre-contractual steps
iii) Compliance with a legal obligation to which the controller is subject
iv) Protection of vital interests of the data subject or another person
v) Performance of tasks carried out in the public interest or in the exercise of official authority
vi) Legitimate interests pursued by the controller.

AMG primarily bases its data processing on three legal grounds: the execution of a contract, compliance with legal obligations, and/or consent given by the data subject. Less frequently, the processing may be based on legitimate interests, where such interests outweigh the rights and freedoms of the data subject.

IV. General Principles of Data Processing

AMG commits to ensuring that the data it processes is:
a) Processed lawfully, fairly, and transparently in relation to the data subject;
b) Collected for specified, legitimate, and clear purposes, and not processed in a manner incompatible with those purposes;
c) Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed;
d) Accurate and up to date, with reasonable measures taken to correct or erase inaccurate data without delay;
e) Retained in a form which permits identification of data subjects only for as long as necessary for the purposes of processing;
f) Processed in a way that ensures its security, including protection against unauthorized or unlawful processing, and against accidental loss, destruction, or damage, through appropriate technical and organizational measures.

Data retention periods vary based on the purposes for which the information is processed. When no specific legal requirement exists, data will be stored only for the minimum period necessary for the purposes for which it was collected or subsequently processed.

V. Technical, Organizational, and Security Measures

AMG ensures the security and confidentiality of personal data by treating the information collected with the highest level of confidentiality, following internal security and confidentiality policies that are periodically updated. This includes protection against unauthorized or unlawful processing, accidental loss, destruction, or damage.

VI. Subcontracted Entities

AMG may use third-party entities (subcontractors) to process personal data on its behalf. These subcontractors are required to comply with applicable legislation and this Privacy Policy. AMG only subcontractors that provide sufficient guarantees of implementing appropriate technical and organizational measures to safeguard the data subject's rights.

VII. Data Subject Rights

The data subject has the right to request confirmation regarding whether their personal data is being processed and to receive clear, transparent information about how AMG processes their data. If any of the following rights are exercised, AMG will respond within one month.

  1. Right of Access

  2. Right to Rectification

  3. Right to Erasure

  4. Right to Restriction of Processing

  5. Right to Data Portability

  6. Right to Object

  7. Right to File a Complaint with the CNPD

​

VIII. Changes to Privacy Policy

AMG reserves the right to modify this Privacy Policy at any time. Any changes will be reflected in the updated Privacy Policy published on the website.

​

IX. Applicable Law and Jurisdiction

This Privacy Policy and the collection, processing, or transmission of data are governed by Regulation (EU) 2016/679 and the applicable legislation in Portugal, including Law No. 58/2019 of August 8th.

© 2024 AMG Services. All rights reserved 
bottom of page