Privacy Policy

1. Commitment

The protection of users’ privacy and their personal data is a fundamental commitment of all companies within the jp.group. For the purposes of this Privacy Policy, jp.group companies refer to JP Holding Services S.A. and all companies in Portugal owned by it. jp.group advises reading this Privacy Policy, as well as the Terms and Conditions of use for each of the jp.group companies’ websites. This Privacy Policy has been written clearly and simply to facilitate understanding and to allow you to decide freely and voluntarily whether to provide your personal data. It explains what personal data jp.group companies collect through interactions with you and how those data are used.

2.Scope, Data Controller, and Data Protection Officer

This Privacy Policy applies to the personal data of our users, clients, suppliers, candidates, and other stakeholders. The data controller responsible for collecting and processing your personal data are the jp.group companies that provide you with products and/or services and, in this context, decide which data are collected, the means of processing, and the purposes for which the data are used. jp.group has appointed a Data Protection Officer (DPO), who monitors compliance with applicable data protection regulations, serves as a point of contact for users regarding data processing issues, cooperates with supervisory authorities, and provides information and advice to the data controller or processor on their privacy and data protection obligations.

3. Personal Data, Data Subjects, and Categories of Personal Data

“Personal Data” refers to information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. “Data Subject” is the natural person to whom the data pertains. This Policy allows you to understand how jp.group companies collect and use your Personal Data, how you can control its use, and describes our practices regarding information collected across all sites (including but not limited to software applications, social networks, and electronic messages) of jp.group companies, as well as offline marketing and sales activities (collectively, “Communication Channels”). Communication Channels may provide links to other platforms not owned by jp.group. We encourage you to review the privacy policies of those websites, services, social networks, or applications before providing your Personal Data, as we are not responsible for the processing of personal data that may be provided and/or collected on them. We rely on you to provide accurate and complete information about your personal data and to update it regarding any changes to the information provided.

3.1. When and what information do we collect about you?

We collect your personal data, with your consent, when you register on our website or place an order for products or services. We also collect your personal data when you voluntarily fill out questionnaires, forms, or use chat tools. We ask that you do not send or share any sensitive personal information with jp.group, such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning your sex life or sexual orientation. Website usage information is collected using cookies, but it does not specifically identify you. The following data may be collected:

  • IP address.
  • Geographical location.
  • Information about the device accessing the website, including browser type and version, operating system, screen resolution, preferred language, information contained in HTTP headers, and agent version.
  • The search engine used to locate and access the website.

Date and time of activity on the website, as well as web pages and content visited and clicked.

It is important to note that this usage information does not deliberately identify you, and if it does exceptionally identify you, it will be anonymized immediately. By providing information, you are giving your informed and unequivocal consent for the processing of data concerning you in an automated manner. This prior and express consent of the data subject will be given in writing or through the validation of an option.

3.2.How do we use the information about you?

The data collected is used to process your request, manage your account, and, if you agree, send you information about other products and services by email. We use the information collected from the website to personalize your future visits to our website. If you agree, we will send your personal information to various jp.group companies so they can offer you their products and services. jp.group companies do not share your information for marketing campaigns with companies outside the group, nor do they transfer your Personal Data to a third country. Although the information provided is generally treated as private within jp.group, the data collected will be used in accordance with personal data protection regulations throughout the processing; however, it may be necessary to transfer Personal Data privately to other entities, such as judicial authorities, and/or use information from credit agencies/insurers or similar entities. You have the right to file a complaint with a National and/or European Union Supervisory Authority regarding any violation of your Personal Data. jp.group will cooperate with the Supervisory Authority by providing all information requested by it in the exercise of its powers. jp.group only accepts user registrations from individuals who are at least 16 years old. jp.group Communication Channels are not directed at underage users. If you become aware of any registration made by a minor, please alert us so we can immediately remove the registration. The recipients or categories of recipients of your Personal Data, depending on the contact tool you use, are the departments involved in the commercial relationship, the Marketing departments, the People Management, and other departments of the various jp.group companies. Whenever you transfer or download a software package from any jp.group company website, you may be contacted to follow up on the usage experience and to present the software in question and/or other similar products.

Automated Decisions:

The information collected on jp.group websites does not involve automated decision-making, including profiling. Your data may circulate on an open network and run the risk of being seen and used by unauthorized third parties. No comparisons, interconnections, or any other form of interrelation of the recorded information are made on jp.group websites.

3.4. General Supply Conditions

The general supply conditions of jp.group are available on the websites of jp.group companies.

3.5. Transmission of Personal Data 

Your data may be transmitted to subcontracted companies to process them on behalf of jp.group companies. Subcontracted entities, as well as service providers or licensors to jp.group companies, including those based outside the European Union, may have access to data collected and recorded by jp.group companies when and to the extent necessary to offer the Client products or services marketed by jp.group companies, or to fulfill contractual obligations established between jp.group companies and the Client.

3.6. Recruitment and Selection

By submitting a spontaneous application or applying for an opportunity, you authorize that your collected personal data be processed and stored electronically by jp.group for the purpose of contacting you for open recruitment and selection processes, or those that may arise in the future, for jp.group companies. Your personal data is retained for 2 years, after which it is deleted. You should submit a new application after this period if you wish to remain in jp.group’s database. If you are included in a recruitment and selection process, that process will be maintained for 5 years. The recipients or categories of recipients of your personal data are the People Management, Administration, and other relevant departments or functions for analyzing the application. Your personal data may also be shared with other entities when required by law or to respond to a legal process, and in situations involving the protection of clients, the protection of lives, the security of services, the protection of property rights, or jp.group companies. Recruitment processes do not involve automated decision-making, including profiling. No comparisons, interconnections, or any other form of interrelation of the recorded information are made. Further processing of personal data for a purpose other than that for which the data was collected requires consent. jp.group only accepts applications from individuals who are at least 16 years old, have completed compulsory education, and have the physical and mental capabilities appropriate for the job.

3.7. Ethics

The jp.group Code of Ethics and Conduct outlines our values and ethical principles of action and how they should translate into our relationships with different stakeholders.

We provide an anonymous and confidential whistleblowing channel, which is provided by an external partner, to ensure complete confidentiality and/or anonymity. jp.group guarantees the confidentiality of received communications and the protection of personal data of the whistleblower and the suspect of the infraction, in accordance with applicable legislation. The anonymity of the whistleblower, the confidentiality of the whistleblower’s identity, and the details of the report are respected and protected. The data of the whistleblower and/or data subjects involved in investigations are duly recorded and/or maintained and destroyed in accordance with applicable laws, regulations, policies, and procedures. For more information about jp.group’s Ethics and Conduct, please consult here.

4. Periods and Grounds for Processing and Retention of Personal Data

Without prejudice to legal or regulatory provisions to the contrary, Personal Data will be retained/processed only for the minimum period necessary for the purposes that motivated its collection or subsequent processing. Further processing of Personal Data for a purpose other than that for which the data was collected requires consent. Before such processing, jp.group companies will request the respective consent and provide the Client with information about that purpose and any other pertinent information. jp.group will retain your personal data for the duration of the contractual relationship established with the data subject. There are cases where the law requires the processing and retention of data for a minimum period. In the absence of specific legal obligations, data will be processed/retained only for the period necessary to fulfill the purposes that motivated its collection and preservation or, as applicable, until you exercise your right to object, right to be forgotten, or withdraw consent, always in accordance with the law, guidelines, and decisions of supervisory authorities. The Client is assured, under legal terms, the right to withdraw consent at any time without compromising the lawfulness of the processing carried out based on the previously given consent and the right to request access to Personal Data concerning them, as well as its rectification or erasure, and the limitation of processing concerning the Client, or the right to object to processing, as well as the right to data portability by written communication addressed to jp.group, by clicking here. Personal Data necessary for the execution of the contract to which the Client is a party, for compliance with legal obligations to which the Data Controller is subject, and those necessary for the legitimate interests pursued by jp.group companies are not included in the previous point. After the retention/processing period, jp.group will delete or, if it is in the interest of jp.group companies, anonymize (so that the Client is not or can no longer be identified) the data whenever they should not be retained for a different purpose that may subsist.

4.1. Grounds for Processing Personal Data

Consent: when there is prior and express consent from the data subject – in writing, orally, or through the validation of an option – and if that consent is free, informed, specific, and unequivocal.

  • Special case of minors: In the case of processing personal data of minors, which may be subject to prior consent, such consent must be provided by the holders of parental responsibilities. Contract execution: when the processing of personal data is necessary for the conclusion, execution, and management of the contract concluded with any of the jp.group companies. Legal obligation compliance: when the processing of personal data is necessary to comply with a legal obligation to which jp.group is subject. Legitimate interest: when the processing of personal data corresponds to a legitimate interest of jp.group or third parties.

5. Cookies jp.group uses cookies on all our websites to improve performance and your user experience. The use of cookies by jp.group aims to analyze website usage and allow you to have a seamless browsing experience; at no time do we collect Personal Data through cookies. Cookies will not be used for any purpose other than those mentioned above. Cookies are small text files that a website, when visited by the user, places on their computer or mobile device through the internet browser. This information is used to record the number of visits and compile statistical information about website activity. We use the term cookies in this Policy to refer to all files that collect information in this way. Types of Cookies according to the entity that manages them:

  • First-party cookies: a cookie managed by this domain/website.
  • Third-party cookies: a cookie managed by another domain/website.
  • Persistent cookies: the information of the cookie is stored permanently on your device.

Session cookies: the information of the cookie is not stored permanently on your device.

jp.group uses session cookies and first-party cookies as well as persistent cookies and third-party cookies. Types of cookies according to their purpose:

  • Technical cookies: these allow navigation through a domain/website, using different options or services such as, for example, identifying the session, accessing restricted areas, and processing a purchase order.
  • Personalization cookies: these allow access to the domain/website with some predefined characteristics based on a set of decisions taken, such as the language used.
  • Analysis cookies: these allow the monitoring and analysis of user behavior on websites to which they are linked. The information collected through such cookies is used, for example, to measure website activity and create browsing profiles.
  • Advertising cookies: these allow the most efficient management of advertising spaces based on criteria such as edited content or the frequency at which ads are displayed.
  • Behavioral advertising cookies: these allow the most efficient management of advertising spaces. These cookies store information about the user’s behavior, obtained through continuous observation of their browsing habits, allowing the development of a specific profile to display ads based on it.

jp.group uses technical cookies, personalization cookies, and analysis cookies; it does not use advertising cookies or behavioral advertising cookies.

The information related to cookies is controlled and accessed by the respective identified owner.

5.1 Cookies used by jp.group

According to the information provided above, as a user, you expressly consent to the use of the mentioned cookies for the purposes specified for each of them. The prior and express consent of the data subject will be given in writing, orally, or through the validation of an option.

We are not responsible for the content and accuracy of the terms and conditions of use, privacy policies, and cookie policies of third parties mentioned above.

You can obtain more information by visiting www.aboutcookies.org or www.allaboutcookies.org.

6. Rights of the data subject. Access and correction of your data

We want to ensure the accuracy and reliability of the information we hold about you. We rely on you to provide accurate and complete information and to update the data regarding any changes to the information provided. What are your rights?

  • Right of Access
  • Right to obtain confirmation of which personal data is being processed and information about them.
  • Right to rectification
  • Right to request the rectification of your personal data that is incorrect or to request that incomplete personal data be completed.
  • Right to erasure or “right to be forgotten.”
  • Right to the erasure of your personal data, provided there are no valid reasons for their retention.
  • Right to portability
  • Right to receive the data you provided to us in a commonly used and machine-readable digital format or to request the direct transmission of your data to another entity that will then become the new data controller.
  • Right to Withdraw Consent or Right to Object
  • Right to object or withdraw your consent at any time to data processing, provided there are no legitimate interests that override your interests, rights, and freedoms.
  • Right to restriction or opposition to data processing
  • Right to request the restriction of the processing of your personal data, through the suspension of processing or the limitation of the scope of processing to certain categories of data or processing purposes.
  • Right to complain
  • Right to file a complaint internally with the group companies or the DPO, as well as the right to file a complaint with a National and/or European Union Supervisory Authority regarding the violation of your personal data. jp.group will cooperate with the Supervisory Authority, providing all information requested by it in the exercise of its powers.

You have the right to request a copy of the information we hold about you. If you want a partial or complete copy of the information stored by jp.group, please contact us as indicated below.

If the requests made by the User are manifestly unfounded or excessive, particularly due to their repetitive nature, under the existing legal framework, jp.group may charge a reasonable fee considering the administrative costs to provide the information or communication, or to take the requested measures, or even to refuse to comply with the request.

7. Security

jp.group has implemented appropriate, necessary, and sufficient logical, physical, organizational, and security measures to protect your personal data during transmission and storage and processing, against destruction, loss, alteration, unauthorized access, or any other form of accidental or unlawful processing, including but not limited to the use of secure servers, firewalls, data encryption of applications and communications. jp.group has an information system capable of supporting, at a certain level of confidence, accidental events or illegal or malicious actions that compromise the availability, authenticity, integrity, and confidentiality of Personal Data stored or transmitted, as well as the security of related services offered by, or accessible through, these networks and systems.

8. Contacts

If you have any questions or concerns about this Privacy Policy, about how jp.group companies collect and process your personal data, or if you believe that any of the companies have not adhered to this policy, you can contact us via email at dpo@groupjp.com or by letter addressed to the Data Protection Officer (DPO), Rua da Guarda, no. 675, Perafita – 4455-466 Matosinhos – Portugal.

Changes to this Privacy Policy Our privacy policies are reviewed regularly, and all changes will be published on this website.