Request a quote

Track & Trace

Privacy Policy

Confidentiality and Information Use Agreement

The information contained in this document is confidential.
K‑LOG, LOGÍSTICA, S.A. (KLOG) undertakes to use this information solely for its own purposes, maintaining confidentiality and taking the necessary measures to prevent its alteration, loss, misuse, unauthorised access, or theft.

Any amendment to the document that is not carried out by Hardsecure shall be the responsibility of KLOG and will invalidate its content.

The validity of this clause extends beyond the termination and/or cessation of the service provision contract between Hardsecure and KLOG.

MISSION

KLOG is a company operating in the logistics and transport sector, fully national, with a wide international network of agents that enables us to be present in more than 120 countries across five continents.
We guarantee global, integrated and personalised solutions, according to the needs of each client. We operate in various segments: road, sea, air, multimodal (short sea and rail), and contract logistics.

KLOG has in‑depth knowledge of several market segments, including high technology, textiles, footwear, cork, construction materials, automotive, pharmaceuticals, among others.
We continuously develop our business, ensuring a service of high and recognised quality, supported by competitive proposals.

Our mission is to create and develop innovative transport and logistics solutions, with added‑value propositions that actively contribute to the success of our clients.

The purpose of this Privacy Policy is to clarify and ensure compliance with the principles of processing and the rights of data subjects, as privacy and the protection of personal data represent a firm commitment for KLOG, which acts in accordance with its legal obligations, particularly those arising from the application of the General Data Protection Regulation (GDPR), Regulation 2016/679 of 27 April 2016 (“GDPR”), and the Data Protection Law, Law 58/2019 of 8 August.

With this Privacy Policy for the use of the KLOG Website, we aim to explain, among other aspects, the following:

  • the key aspects of the privacy policy and GDPR;
  • records, processing and categories of data;
  • rights, principles and security;
  • which personal data we need and for what purposes;
  • how we process your data;
  • with whom we share your data;
  • how long we retain your data;
  • how you may exercise your rights.

KLOG requests that all users of the digital services of this Website read carefully all terms and conditions of use, as these govern the access to and personal use of each of the websites included (peripheral websites) within the direct context of KLOG’s Website.

Any user who browses, interacts with or accesses any platform or functionality within the KLOG Website accepts the terms and conditions contained in these General Conditions of Use. Nevertheless, interactions that involve the provision of personal data are always carried out with the explicit approval of the user, with the objective consent required for the action involving their acceptance.

If you do not agree with the terms described below, we advise you to report the situation to the email address comite.seguranca@klog.pt, and to refrain from using the addresses and services until you receive clarification regarding the matters raised.

KLOG may change or modify, at any time and without prior notice, the contents and conditions of the websites belonging to the KLOG Website, including services and content. To ensure greater awareness of your rights and obligations as a user, we recommend that you consult these terms and conditions of use whenever you access any web platform of this Website.

Within the scope of the general conditions of use of the services and information contained in the domain www.klog.pt, as well as in all subdomains and digital brands belonging to KLOG, the user assumes responsibility for usage in accordance with the rules set out in these terms and conditions and in compliance with the legislation in force in Portugal. The user also accepts not to use KLOG’s platforms to produce or disseminate offensive, illegal, malicious information, images, products, or materials, or to engage in any action that violates the rights of citizens or companies.

Protecting Your Personal Data

Through this Policy, KLOG recognises the importance of the security of the personal data it processes and ensures the protection of the privacy of the respective data subjects, without compromising the purpose and full execution of the different areas in which it operates.

In this Policy, KLOG also provides information on the rules, principles and good practices it observes in the context of processing the personal data entrusted to it, in accordance with the General Data Protection Regulation (GDPR) and other applicable legislation, as well as on the means available to data subjects to exercise their respective rights.

Controller

The controller of your data is the entity that determines the purposes and the means of processing personal data. For the purposes of this Privacy Policy, the controller is KLOG, LOGÍSTICA, S.A. (Rua do Pinhal, no. 250, 4470‑640 Maia).

You may contact our Data Protection Officer through the following email address: comite.seguranca@klog.pt

Legal Basis for the Processing of Personal Data

KLOG only processes personal data whenever at least one of the following situations applies:

  1. Consent of the data subject: when the data subject has given their consent for the processing of their personal data for one or more specific purposes, through explicit consent indicating a freely given, specific, informed and unambiguous expression of will by which the data subject agrees to the processing of their personal data. Consent may be obtained by any means (including electronic means), and KLOG shall keep a record of such consent as a way of demonstrating that the data subject has given consent for the processing of their personal data.
    The data subject has the right to withdraw their consent at any time, and the withdrawal of consent does not compromise the lawfulness of the processing carried out on the basis of the consent previously given.
  2. Performance of a contract or pre‑contractual steps: when the processing is necessary for the performance of a contract to which the data subject is party, or for pre‑contractual steps at the request of the data subject. This situation includes, for example, the processing of personal data of KLOG’s employees within the scope of the management of the established employment relationship.
  3. Compliance with a legal obligation: when the processing is necessary for compliance with a legal or statutory obligation. This includes, for example, the processing of personal data to comply with identification and due‑diligence duties to which KLOG is legally subject.
  4. Legitimate interest: when the processing is necessary for the purposes of the legitimate interests pursued by KLOG or by third parties, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject that require the protection of personal data.

What Are Personal Data

Personal Data are any information, of any nature and in any format (e.g., sound or image), relating to an identified or identifiable natural person (referred to as the “data subject”).
A natural person is considered identifiable if they can be identified, directly or indirectly, in particular through a name, an identification number, location data, an electronic identifier, or other elements specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Sensitive data are all personal data that are subject to specific processing conditions and that in some way reveal genetic, biometric, religious, political, or ethnic characteristics.

Categories of Personal Data Processed

KLOG processes personal data of different natures and levels of sensitivity, as well as according to the purpose associated with the processing of such data, including, for example:

  • Identification personal data: name, date of birth, place of birth, sex, nationality, address, telephone number, professional qualifications, email address, civil identification number and/or passport, taxpayer number, driving licence number and social security number;
  • Family situation: marital status, name of spouse, children or dependants and/or any other information required to determine salary supplements;
  • Professional activity: working hours, workplace, date of admission, position, professional category and duration of experience in that category, salary level, type of contractual relationship, and professional qualification certificate(s);
  • Financial information: remuneration, supplementary remuneration, variable or fixed amounts, allowances, holidays, attendance, leave, or other information related to supplementary remuneration, amount or rates of mandatory or voluntary contributions, payment methods, name of the bank and bank account number (NIB or IBAN);
  • Special categories of personal data: degree of disability of the employee and/or any member of their household, possible temporary incapacity as a result of occupational accidents or occupational diseases, and sick leave.

Record of Data Processing Activities

KLOG maintains a record of data processing activities, in which the following are identified:

  • The name and contact details of the controller and, where applicable, of any joint controller, the controller’s representative, and the Data Protection Officer; the purposes of the data processing;
  • The description of the categories of data subjects and of the categories of personal data;
  • The envisaged time limits for the erasure of the different categories of data;
  • The technical and organisational security measures implemented to ensure the pseudonymisation and encryption of personal data, and the ability to ensure the ongoing confidentiality, integrity, availability and resilience of the processing systems and services.

Purposes of the Processing of Personal Data

Considering the diversity of its areas of activity, KLOG processes personal data for the following purposes:

  • Financial data: Management of collections/invoicing; management of payments; receipt and handling of proposals submitted in procurement procedures; performance of contracts established with suppliers;
  • Human Resources area: Recruitment and selection of human resources; human resources management (attendance and working time management); payroll processing; performance evaluation; promotion of occupational safety, hygiene and health; allocation of social benefits to employees;
  • Provision of data in KLOG’s communication: Disclosure of internal and external communications; management of social media; organisation of official events.

How Are Personal Data Collected

KLOG may collect data directly (i.e., directly from the data subject) or indirectly (i.e., through third parties). Data may be collected through the following channels:

  • Direct collection: in person, by telephone, by email, through its website and through the training area;
  • Indirect collection: through its associates and/or third parties.

Is My Information Shared with Third Parties?

Your personal data may also be accessed by companies subcontracted by KLOG for the management and maintenance of systems and/or content management, namely services related to the maintenance of IT systems and auditing.

Subcontractors:

  • KLOG may use other entities contracted by it (subcontractors) to process the data of the data subject on behalf of KLOG and in accordance with the instructions given by KLOG, in strict compliance with the provisions of the GDPR, national legislation on personal data protection, and this Policy;
  • Subcontractors may not transfer the data subject’s data to other entities without KLOG having given prior written authorisation to do so, and they are also prohibited from engaging other entities without KLOG’s prior authorisation;
  • KLOG undertakes to ensure that these subcontractors are only entities that provide sufficient guarantees regarding the implementation of appropriate technical and organisational measures to ensure the privacy of the data subjects’ data and the protection of their rights;
  • All subcontractors are bound to KLOG by means of a written contract which regulates, among other aspects, the object and duration of the processing, the nature and purpose of the processing, the type of personal data, the categories of data subjects, the rights and obligations of the parties, including the duty of confidentiality, and the security measures to be implemented.

Third parties:

  • KLOG may also transfer data to third parties, namely entities to which the data must be communicated in accordance with applicable legislation, such as the Tax Authority, Social Security, insurance companies, among others.

What Are My Rights and How Can I Exercise Them?

At any time, you may exercise your rights, namely the right to information, the right of access to the personal data concerning you, the right to their rectification, erasure (deletion) or restriction of processing, the right to data portability, or to object to their processing, by submitting a written request to one of the contacts indicated at the end of this document.

Likewise, you have the right to the minimisation of personal data requested/requested of you, the right not to be subject to automated individual decisions, as well as the right to withdraw the consent given at any time, without affecting the lawfulness/validity of the processing carried out on the basis of the consent previously provided.

If the processing depends on your consent or agreement and is carried out by automated means, you have the right to receive the personal data previously provided, in a structured, commonly used and machine‑readable format.

Requests will be handled with special care so that we can ensure the effective exercise of the rights of data subjects.

You may be asked to provide proof of identity in order to ensure that personal data is only shared with its rightful holder.

You also have the right to lodge a complaint with the National Data Protection Commission (Comissão Nacional de Proteção de Dados) or another competent supervisory authority under the law, should you believe that the processing of your data by KLOG violates the legal regime in force at any given moment.

You should be aware that, in certain cases (for example: legal requirements), your request may not be satisfied immediately. However, you will always be informed of the measures taken, within a maximum period of one (1) month from the date of the request.

Accordingly, under the terms provided by law, the data subject may, at any time, exercise their rights regarding the personal data concerning them:

  • Right to be informed – allows you to be informed about:
    • Which data are to be processed;
    • Who the controller is and their contact details;
    • The purposes and retention period;
    • The rights available and how they may be exercised.

This information must be provided at the time the data are collected from the data subject.

  • Right of access to the information that KLOG holds about you

You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, whether the data have been transmitted to another entity, and the destination given to them.

  • Right to rectification of information if it is inaccurate or incomplete

You have the right to have KLOG, without undue delay, rectify outdated, inaccurate or incomplete data.

  • Right to the erasure of your personal data

You have the right to request that KLOG erase your data, and KLOG is obliged to erase them within the limitations established by law, namely when:

  1. The data are no longer necessary for the purpose that justified their collection or processing;
  2. You withdraw your consent for the processing of the data (in cases where processing is based on consent) and no other legal basis for processing exists;
  3. You object to processing and there are no overriding legitimate interests that justify it;
  4. The personal data have been processed unlawfully.
  5. Right to restriction of processing of your personal data

You have the right to request that KLOG restrict the processing of your data when one of the following situations applies:

  1. You contest the accuracy of your personal data, for a period enabling KLOG to verify their accuracy;
  2. The processing was lawful, but the data subject opposes the erasure of the personal data and requests, instead, the restriction of their use;
  3. KLOG no longer needs the personal data for processing purposes, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  4. You have objected to processing and verification is pending as to whether the legitimate grounds of the controller override those of the data subject.
  5. Right to data portability

You have the right to request from KLOG your personal data in a commonly used format, as well as their transfer to another controller. However, you may only require that the data be transferred to another controller when this is technically possible for KLOG.

This right is limited to cases in which processing is carried out by automated means and depends on the data subject’s consent or the performance of a contract.

In cases where processing depends on your consent, you have the right to withdraw it. If consent is legally required for the processing of personal data, you have the right to withdraw consent at any time, although such withdrawal does not affect the lawfulness of the processing carried out based on the consent previously given, nor the subsequent processing of the same data.

For How Long Are My Data Stored in KLOG’s Database?

Personal data are retained only for the period of time necessary to fulfil the purposes for which they are processed.

KLOG will comply with the maximum retention periods legally established; however, data may be kept for longer periods in order to fulfil distinct purposes that may still apply, such as the exercise of a right in judicial proceedings, archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, with KLOG applying the appropriate technical and organisational measures.

Data Breach

In the event of a personal data breach, and insofar as such a breach is likely to result in a high risk to the rights and freedoms of the data subject, KLOG’s Data Protection Officer shall notify the national supervisory authority of this breach, as well as communicate the breach to the data subject, within 72 hours after becoming aware of it.

Under the terms of the GDPR, communication to the data subject is not required in the following cases:

  • If KLOG has applied appropriate protection measures, both technical and organisational, and these measures were applied to the personal data affected by the personal data breach, particularly measures that render the personal data unintelligible to any person who is not authorised to access such data, such as encryption;
  • If KLOG has taken subsequent measures ensuring that the high risk to the rights and freedoms of the data subject is no longer likely to materialise;
  • If communication to the data subject would involve a disproportionate effort for KLOG, in which case KLOG shall make a public communication or take a similar measure through which the data subject will be informed.

Any personal data breach for which KLOG is responsible may be reported to the following email address: comite.seguranca@klog.pt

Can I Withdraw My Consents?

The data subject always has the right to withdraw the consent previously given.

Nevertheless, if the data subject to consent is legally required for the procedural processing of data by KLOG, the procedural legitimacy of the handling of the submitted data cannot be compromised.

If you wish to withdraw your consent, you may contact us by letter, by telephone, or via the following email address: comite.seguranca@klog.pt

Security Measures

Taking into account the principle of proportionality and adequacy, security, the costs of implementation, and the nature, scope, context and purposes of the processing, as well as the risks and probability levels, KLOG applies appropriate technical and organisational security measures to ensure a level of security of personal data appropriate to the risk, such as, for example:

  • Use of firewalls and intrusion detection systems in its information systems;
  • Implementation of access control procedures, using differentiated access profiles and based on the need‑to‑know principle;
  • Logging of actions performed on information systems that contain personal data (login);
  • Execution of a backup plan;
  • Anti‑spam protection for the reception and sending of corporate emails;
  • Installation, maintenance and management of antivirus and firewall systems on KLOG computers;
  • Pseudonymisation of personal data;
  • Access control to the physical facilities housing KLOG’s equipment;
  • Automatic fire detection and intrusion detection systems;
  • Implementation of training and/or awareness‑raising activities on information security and data protection.