Privacy Statement

On 27 April 2016, the European Parliament published a new regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data, called the General Data Protection Regulation (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL). This Regulation came into force on 25 May 2018, repealing Directive 95/46/EC for the protection of personal data.

Gres Panaria Portugal, SA, hereinafter referred to as GPP, SA, undertakes to comply with the General Data Protection Regulation and with all applicable national and European Data Protection and Privacy regulations.

GPP, SA is committed to protecting the rights, freedoms and guarantees of those visiting its websites and users of the services offered here (hereinafter referred to as Data Subjects), processing their personal data safely, in accordance with all their legal obligations.


GPP, SA’s Privacy Policy is based on the terms used by the European legislator in the General Data Protection Regulation. This Policy must be readable and understandable by all Data Subjects visiting this website. Here are the most common definitions used in our Policy:

  • Personal data.

    Any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

  • Data Subject.

    Is an identified or identifiable natural person whose personal data are processed by a controller;

  • Processing of personal data.

    Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

  • Controller.

    The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;

  • Processor.

    A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

  • Supervisory authority.

    An independent public authority which is established by a Member State of the European Union pursuant to Article 51; it is the authority responsible for controlling and supervising the processing of personal data, in strict respect for human rights and fundamental freedoms and guarantees enshrined in the Constitution and in the law.

  • Cookies.

    Cookies are small text files that are stored on the Data Subject’s device (computer, mobile phone/smartphone and tablet) through their browser when they visit websites. These cookies help websites recognise the device the next time the Data Subject visits them and in some cases are essential for their operation.

Controller and Data Protection Officer

GPP, SA is the entity responsible for the website and for all the services provided here to the Data Subjects.
The use of this website and the services provided by Data Subjects may imply the performance of personal data processing activities. As part of its commitment to Privacy, GPP, SA ensures the Privacy and Protection of the personal data of Data Subjects.

GPP, SA contact details:

Chousa Nova
3830-133 Ílhavo - Portugal.
Tel: +351 234 303 030(1)

Contact details of the Data Protection Officer:

José António Pinto

To exercise any right related to the protection of data or privacy or for any other matter related thereto, namely to report incidents or file complaints, Data Subjects may contact the Controller or the Data Protection Officer at the above contact details, describing the reason for the contact and indicating the possible contact points for the required response (telephone number, email address or other).

(1) PT National landline call costs;

Collection and Processing of Personal Data

On the website, personal data are collected when Data Subjects use or enable certain services or features. This personal data may be provided by the Data Subjects so that they can use these services or features or will result from their use, namely access, consultations or other transactions.

As part of the above-mentioned services and features, personal data of various categories, such as name, address, email, telephone number or other personal identifiers may be collected and processed. Before or during the collection and processing of personal data, the Data Subject will always be informed of the collection purpose of the personal data, of their retention period, of how they will be processed and of who will be the recipients. The explicit consent of the Data Subject will always be required for the collection and processing of their personal data.

The personal data collected by GPP, SA within the scope of the website are manually processed by computer means, and, if applicable, in an automated manner, as a way of managing the relationship with the Data Subjects, always in accordance with the General Data Protection Regulation and other applicable national and EU legislation.

Registration for access to the reserved area

The Data Subject has the possibility to register on the reserved area of the website by providing the personal data required according to the applicable forms available. After obtaining the Data Subject’s explicit consent, the personal data provided by the Data Subject will be collected and stored for the exclusive use of GPP, SA and for the purposes indicated by it. GPP, SA may request the Data Subject’s consent to transfer personal data to one or more processors under its responsibility, indicating the purpose or purposes thereof.

The Data Subject’s registration on the website has the purpose of allowing GPP, SA to provide services or content that, owing to their nature, can only be offered to registered users. Registered users can change their data during registration or at any later time and, if they wish, request their data to be deleted.

GPP, SA undertakes to provide, at any time, at the request of the Data Subject, the information on what personal data it retains about them. In addition, GPP, SA shall correct or erase the personal data upon the request or instruction of the Data Subject. For this purpose, the Data Subject must contact GPP, SA using the contact details provided herein.

Newsletter subscription form

GPP, SA gives Data Subjects the opportunity to subscribe to the newsletters for the dissemination of its products and activities. The form used for this purpose informs subscribers of the personal data collected, for what purpose and what rights the Data Subjects have in relation to their personal data. When subscribing to the newsletter, Data Subjects are required to give their explicit consent to receive the newsletter.

The newsletter can only be received by the Data Subject if they have a valid email address and have explicitly requested it to be sent. After the subscription request, a confirmation email will be sent to the Data Subject to support the double opt-in procedure, thus confirming if the Data Subject owns the email address used in the subscription process, thus confirming their explicit consent to receive the newsletter.

The personal data collected under the newsletter subscription will only be used for the purpose of sending the newsletter. The Data Subject may be informed by email of any changes to the newsletter service or other related changes that are relevant to the Data Subject and to the exercise of their rights. No personal data collected by the newsletter service shall be transferred to third parties. The Data Subject may unsubscribe from our newsletter at any time. The consent for the storage of personal data, which the Data Owner has given to receive the newsletter, may be withdrawn at any time. Consent can be withdrawn by clicking on the relevant link in each newsletter or via the, website, using the link provided for this purpose. This consent withdrawal request may also be made to any of the contacts provided herein.

Contact form

On the website, there is a contact form that provides a point of direct communication with GPP, SA. If a Data Subject contacts GPP, SA using the contact form, their personal data will be stored automatically and will only be used by GPP, SA to contact the Data Subject in order to reply to their enquiry. Personal data will only be processed and retained for as long as necessary for the purposes of the contact initiated by the Data Subject. Personal data will not be used for other purposes or transferred to third parties.

Rights of Data Subjects

In the context of the use of the website and the services and features offered therein, Data Subjects may at any time exercise their privacy and data protection rights, namely: to access their personal data; to rectify inaccurate or incomplete data; to request the erasure of their personal data, if permitted by law; to withdraw consent for data collection and processing; to request the portability of their data; and to restrict or object to the processing of their personal data, under the terms and conditions of the General Data Protection Regulation and other applicable legislation.

All requests for the exercise of privacy and data protection rights by Data Subjects must be written by them and sent to GPP, SA or its Data Protection Officer, using the relevant contact details provided herein.

Data processing principles

In accordance with this Policy and with its Responsibility to protect the data and privacy of Data Subjects, GPP, SA complies with all the basic principles of the processing of personal data, as set out in Article 5 of the General Data Protection Regulation, which are lawfulness, fairness, transparency, purposes limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality and availability.

GPP, SA ensures compliance with all of the above-mentioned principles, highlighting them in the context of the collection and processing of personal data made through the services and features available on the website. Any entity that is legally entitled to do so may request GPP, SA to provide evidence of compliance with the personal data processing principles.

Lawfulness of data processing

In the context of the use of the website and the services and features offered there, GPP, SA processes personal data based on a legal basis, either due to the fact that the Data Subject has given consent for the collection and processing of their personal data, or because the collection and processing is necessary for the performance of a contract held by the Data Subject or for pre-contractual activities and upon request of the Data Subjects. Where applicable and after informing the Data Subjects, personal data may be processed on a legal basis or in compliance with a legal obligation to which GPP, SA is bound or for the fact that the processing of personal data is necessary for the pursuit of its legitimate interests.

Purpose of data processing

All personal data collected through the services and features offered on the website are exclusively intended for the purposes reported to the Data Subject in the context of each data collection activity, namely for sending newsletters to disseminate products and services, collecting data for any job application, registering the Data Owner to access the private area and contact request.

The Data Subject is always informed about the purposes of the collection and processing of their Personal Data and must give their consent for collection and processing activities. The Data Subject may always exercise his/her right to object or restrict the processing of his/her personal data if he/she believes that the processing in progress exceeds the purposes initially reported and explicitly consented. To exercise such rights, the Data Subject must send a written request to GPP, SA and its Data Protection Officer, using the relevant contacts provided herein.

Data retention period

At the time of initial collection, the Data subject is informed of the retention period for the personal data collected by GPP, SA as part of the services and features offered on the website. In general, personal data will be kept only for the period of time required for processing purposes that were reported to the Data Subject as a basis for the collection and subsequent processing or until the Data Subject requests their erasure.

When the agreed retention period ends, the personal data will be restricted and erased.

Disclosure of data to third parties

The provision of the services and features on the website may imply the use of third party processors subcontracted by GPP, SA. These third party processors may have their head office in or outside the European Union. The service provided to GPP, SA by these third party processors may imply their access to the personal data of the Data Subjects. If this access is required, the Data Subjects will be informed in advance and their consent for this data sharing will be requested.

GPP, SA will only use third party processors providing the necessary and sufficient guarantees for the implementation of the appropriate technical and organisational measures to ensure compliance with the General Data Protection Regulation and applicable legislation concerning the privacy and protection of the personal data of Data Subjects.

Data recipients

As part of the services and features available on the website and the collection and processing of the personal data of Data Subjects, GPP, SA does not transfer personal data to third parties that are not processors, unless it is necessary for compliance with a legal obligation. Similarly, no data will be transferred to third parties for purposes other than those that were initially reported to the Data Subjects and for which they gave their consent.

International transfers of data

As part of the services provided on the website, whenever cross-border transfers of Personal Data outside the European Union or European Economic Area are necessary and justified, appropriate protection measures shall be taken in advance and ensured. This transfer of personal data will only be carried out if there are guarantees of compliance with the General Data Protection Regulation and national and EU legislation applicable to cross-border transfers of data. GPP, SA’s Data Protection Officer is responsible for validating and authorising the necessary cross-border transfer of data.

Data protection security measures

With the technical support of its processors, GPP, SA applies the necessary and appropriate technical measures on its website to ensure the integrity and confidentiality of the personal data of Data Subjects, in order to protect their collected and stored personal data against negligent or fraudulent use. The technical measures implemented protect personal data against loss, destruction, misuse, alteration, unauthorized access or unlawful processing.

Data Subjects are responsible for following good security practices in accessing the services and features provided by the, website, mainly by keeping the credentials to access private areas safe, updating and maintaining their operating systems and personal computers according to the manufacturers' instructions, and by installing and using security applications such as antivirus, among others.

Privacy Policy Update

In order to comply with the General Data Protection Regulation and applicable Data Protection and Privacy legislation, GPP, SA may make adjustments or changes to this Privacy Policy at any time, and such changes shall be duly notified by GPP, SA. GPP, SA is aware of its responsibility to continuously improve and develop its data protection processes and practices.

Last updated: 15 May 2018

Are you sure?

Yes No


* Required fields

Forgotten your password?

Password Recovery

* Required fields


* Required fields