Scotturb – Transportes Urbanos Lda., hereinafter referred to as Scotturb, is a public road passenger transport company operating in the municipalities of Sintra, Cascais and Oeiras.
3. Definition of personal data
Any reference to personal data means any information about an identified or identifiable natural person.
An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or one or more features specific to the physical, physiological, genetic, mental, economic or social identity of that natural person.
4. Who is the Controller?
The entity in charge of collecting and processing personal data on digital platforms is Scotturb, who decides which data are collected, the means of processing personal data, and the purpose thereof.
At Scotturb’s points of sale and GAC, the collection and processing of personal data is done by Scotturb employees. If a Lisboa Viva card is issued, the data, collected in an appropriate form, are sent to a digital platform managed by OTLIS (*), as Controller, an accredited entity of public interest.
5. What type of data do we collect?
The data collected on digital platforms are those strictly necessary for the intended purposes, including: the issue of invoices requested by clients, subscription of functionalities and products, and applications sent online involving data such as name, address, tax identification number, telephone number, and e-mail address.
The data collected at the points of sale and GAC are those necessary for Scotturb to provide the public service, including name, address, telephone number, personal and tax identification numbers, and e-mail address.
Without prejudice to compliance with legal regulations on the storage and transmission of data for purposes as provided by law, Scotturb only processes data as strictly necessary, retaining them for the mandatory legal length of time or if required for reasons of public service.
6. When and how do we collect your data?
Your data are collected via telephone, in writing, on the site or the app, with your consent.
Personal data are only collected and processed when the Client subscribes one of our products and services, in person or on digital platforms, and only those strictly necessary for using the services provided by Scotturb.
Personal data collected are solely used for the purpose for which the data subject gave his or her consent.
7. What is the purpose of processing data?
Personal data collected are used in the management of the contractual relationship, that is, the provision of contracted services.
8. How long will we keep your data?
The period of time during which data are stored and kept varies according to the purpose for which the information is processed and to legal requirements.
There are, however, legal requirements that specify the period during which data must be kept. As such, where there is no specific legal requirements, data are stored and kept for the time strictly necessary for the purposes for which they were collected or provided, or for the time authorised by the National Data Protection Authority (CNPD).
9. How can I access, rectify or oppose to the processing of my personal data?
Pursuant to the Data Protection Law, data subjects may access, update, rectify or delete their personal data, through the contacts provided by Scotturb. Please take note that the deletion of data invalidates active contracts.
10. What measures has Scotturb implemented to ensure the security of my personal data?
Scotturb undertakes to protect the security of personal data provided to us, within the limits of its responsibility, and has implemented policies to that end.
Scotturb has done everything in its power to ensure the implementation of measures to protect the personal data in its possession against any unlawful form of processing.
In this sense, the data collection forms available on the site and app require encrypted browser sessions and all personal data you have provided us will be safely stored in Scotturb’s systems, covered by physical and logical access security measures, which we believe are essential to protect your personal data.
Despite all the security measures implemented by Scotturb, please be warned that when you access the Internet make sure you have additional security measures in place, in particular that you use a security-enhanced computer and browser, with an active firewall , antivirus and anti-spyware installed. You should also make that the websites you visit are authentic, avoid those whose reputation you do not trust, be careful when using shared computers and when accessing your personal client accounts, and do not disclose your sign-in details with third parties.
11. Are my data communicated to other entities?
In the performance of its activity, Scotturb uses other entities to provide certain services. This service provision may eventually require that these entities access the personal data of our clients and users. Where this is the case, Scotturb takes the appropriate measures to ensure that such entities have good standing and offer the highest guarantees at this level.
As such, any processing entity hired by Scotturb will process the personal data of our clients and users, on behalf and for the account of Scotturb, with the strict duty to adopt the technical and organisational measures necessary to protect such data against accidental or unlawful destruction, accidental loss, alteration, dissemination or unauthorised access, and against any other form of unlawful processing.
The personal data of our clients or users may have to be stored and communicated for the use of the competent authorities if Scotturb is notified by these entities to provide them, always in strict compliance with the Portuguese law.
(*) Otlis -Operadores de Transportes da Região de Lisboa, A.C.E.”, with registered office at Rua 1.º de Maio, número 103, Lisbon, and main office at Rua Xavier de Araújo – Edifício Laranjeiras, Lisbon, TIN 503 673 242, registered at the Lisbon Companies Office under the same number, responsible for the VIVA System and for issuing the Card, which it owns and shall continue to own, and also responsible for processing the personal data of Card Holders.