GLS Portugal - Data Protection

I. Identity and contact details of the controller and Data Protection Manager of the country

The following information is valid for GLS Portugal, responsible for the collection and processing of personal data at GLS Portugal (Parent Company):

GLS SPAIN S.A
Miguel Angel Sanz Hernansanz.
protecciondatos@gls-spain.es,

If you want to contact the Data Protection Director please use the email address protecciondatos@gls-spain.es. If you wish to contact us via unencrypted email, please note that the confidentiality of the information transmitted cannot be guaranteed. Unencrypted emails can be read by unauthorized third parties.

You can contact GLS by sending a written letter to the Data Protection Manager at GLS Portugal.

Data Protection Manager of GLS Portugal,

Catarina Rebelo

Rua da Bica nº10

2665-608 Venda do Pinheiro

Portugal

II. General information

1. Personal data

Personal data includes information about personal or factual circumstances of a specific or determinable individual. This includes, for example, information such as name, address, telephone number and e-mail address.

Information that cannot be linked to a specific or determinable individual – such as statistical data – is not considered to be personal data.

2. Applicable data protection law and data confidentiality commitment

All GLS entities located within EU countries are subject to the regulations of the General Data Protection Regulation (GDPR) and other relevant national data protection laws.

GLS Portugal provides postal services to the public or contributes to the provision of such services and is required to comply with postal confidentiality regulations. All GLS Portugal employees undertake, by subscription, to adhere to data confidentiality and postal confidentiality.

3. Information security

Through technical and organizational security measures, GLS do the best to protect personal data from loss or misuse. Personal data is processed only on systems that are protected by appropriate security measures, in accordance with GLS Computer Security Policies. GLS will modify security and data protection measures as much as necessary in the light of technological progress.

III. Shipment data and recipients

1. Data categories, data processing purposes and legal basis

For the execution of parcel services and, therefore, to fulfill the contract with your customers (shippers), including volume delivery, payment of services, tax payments, claims management, measuring the quality of deliveries by static, resolving tracking issues of volumes, acknowledgment of receipt, GLS Portugal needs shippers’ data (address details and contact details, payment information and other relevant contractual data according to the services requested by the shipper) as well as recipient data (name, address , postal code, city, country, optionally, phone number and email address).

The data of the recipients transferred to the GLS companies, as well as the interface documentation (“scans” of the volumes in different locations) and the proof of delivery (POD) can be processed and registered by several GLS subsidiaries. GLS uses shipping data and recipient data only to fulfill its contractual obligations. Any other use is not permitted.

In some cases, we may process data with the consent of its processing, necessary for the performance of a contract to which the data subject is a party or to take action at the request of the data subject before entering into a contract; or due to our legitimate interest (in particular with regard to the following purposes: solvency checks, Compliance program).

2. Responsibility

Compliance with applicable statutory data protection regulations is a duty of every GLS company. The transfer of data by a shipper to a GLS company is not data processing on behalf of others.

Additional services such as FlexDeliveryService and ShopDeliveryService require that the recipient’s email address inform you of the status of the delivery of orders. GLS companies receive the telephone number and / or email address of the dispatcher who requested these additional services. The sender is also responsible for the proper collection of this data and, in particular, for the consignee’s consent to the transfer of his e-mail address and / or telephone number to GLS.

If you have questions about this procedure, contact your contractual partner (consignor). You will also be able to express your non-consent to the GLS “Country”. In this case, please use the contact details of the Data Protection Manager of that Portugal. If you intend to contact us via unencrypted email, please note that the confidentiality of the information transmitted cannot be guaranteed. Unencrypted emails can be read by unauthorized third parties.

You can also contact GLS by sending a written letter to the Data Protection Manager at GLS Portugal

3. Sharing of Data and Recipients

Generally, only the shipper and the recipient of an order are entitled to receive information about the order. GLS provides ordering information to third parties (for example, government authorities) only on the basis of statutory regulations.

GLS will not sell or lend personal data to third parties. However, there are certain circumstances in which GLS may share your personal data without further notice. Parties that can receive your data include:

GLS subsidiaries and contractors in other EU countries or outside the EU for the purpose of delivering orders from the shipper to the recipient.

Affiliated or non-affiliated third parties that are under contract to perform services for or on behalf of GLS (Processors), in particular IT service providers, GLS Portugal has concluded appropriate data protection contracts with these parties.

Other persons or organizations, as permitted by applicable law or regulation.

Law enforcement agents and agencies for the purpose of meeting national security requirements or as part of a legal process to protect our property or to investigate a violation of GLS rules and policies, unauthorized access or use of GLS equipment or any other illegal activity

4. Retention and Elimination

GLS Portugal processes personal data as long as it is necessary for the purpose for which we use it. We will determine how long to keep the data based on the following requirements:

Operational requirements: the time that the information is needed to provide the services.
Legal requirements: for example, where GLS Portugal needs to keep records for a certain period of time to comply with the law.

Archived data is recorded on storage media accessible only to authorized personnel. After the statutory retention period has expired, the data is deleted.

IV. Rights of Data Subjects, Withdrawal of Consent, Exercise of Their Rights, Complaint with the Data Protection Authority

1. Data subjects’ rights

Você tem o direito de:

be informed and have access to your processed personal data (Right to be informed and Right of access in accordance with Article 15 GDPR)
obtain correction of inaccurate personal data (Right to rectification in accordance with Art. 16 of the GDPR)
obtain the deletion of your personal data (Right to delete in accordance with Art. 17 of the GDPR)
restrict processing (Right to processing restriction in accordance with Article 18 GDPR)
receive your personal data provided to us (Right to data portability in accordance with Article 20 GDPR)
objection to the processing of data for reasons related to your particular situation based on legitimate interests or the performance of a task of public interest (Right of objection in accordance with Art. 21), as long as the necessary legal requirements are met.

2. Withdrawal of the Consent Form

If you have been asked for your consent for the processing of your personal data, please note that you have the right to withdraw that consent at any time in the future, without affecting the legality of processing based on the consent prior to its withdrawal.

3. Exercise of your rights

If you intend to exercise the rights of your data subjects or withdraw an explicit consent, send a message to the Data Protection Manager of GLS Portugal explaining the right you want to exercise so that GLS Portugal can take the additional measures necessary to respect your rights.

If you wish to contact us via unencrypted email, please note that the confidentiality of the information transmitted cannot be guaranteed. Unencrypted emails can be read by unauthorized third parties. You can also contact GLS by sending a written letter to the Data Protection Manager at GLS Portugal.

Please be aware that we may ask for proof of identification in order to protect your information from unauthorized access.

4. Right to file a complaint

You have the right to file a complaint with your country’s data protection authority if you believe your rights have been violated ( https://www.cnpd.pt/ ).

Name	Provider	Purpose	Expiration	Type
rc::a	Google	This cookie is used to distinguish between humans and bots. This is beneficial for the web in order to produce valid reports on the use of its web.	Persistent	HTML
rc::b	Google	This cookie is used to distinguish between humans and bots.	Session	HTML
rc::c	Google	This cookie is used to distinguish between humans and bots.	Session	HTML
_grecaptcha	https://www.gls-portugal.pt/	This cookie is used to distinguish between humans and bots. This is beneficial for the web in order to produce valid reports on the use of its web.	Persistent	HTML

Name	Provider	Purpose	Expiration	Type
_ga	https://www.gls-portugal.pt/	Registers a unique identification that is used to generate statistical data about how the visitor uses the website.	2 years	HTTP
_gat	https://www.gls-portugal.pt/	Used by Google Analytics to control the request rate	1 day	HTTP
_gid	https://www.gls-portugal.pt/	Registers a unique identification that is used to generate statistical data about how the visitor uses the website.	1 day	HTTP
pll_language	https://www.gls-portugal.pt/	This cookie is used to determine the visitor's preferred language and sets the language accordingly on the website, if possible.	1 year	HTTP

Name	Provider	Purpose	Expiration	Type
IDE	Google	Used by Google DoubleClick to record and report on user actions on the website after viewing or clicking on one of the advertiser's ads for the purpose of measuring effectiveness of an ad and present user-specific ads. de un anuncio y presentar anuncios específicos para el usuario.	1 year	HTTP
test_cookie	Google	Used to check if the user's browser supports cookies.	1 day	HTTP
_GRECAPTCHA	Google	This cookie is used to distinguish between humans and bots. This is beneficial for the web in order to produce valid reports on the use of its web.	179 days	HTTP
ads/ga-audiences	Google	Used by Google AdWords to reconnect with visitors who have the potential to become customers, it is based on the customer's online behavior across the web.	Session	Pixel

Data Protection

I. Identity and contact details of the controller and Data Protection Manager of the country

II. General information

III. Shipment data and recipients

IV. Rights of Data Subjects, Withdrawal of Consent, Exercise of Their Rights, Complaint with the Data Protection Authority

Contacts