This Privacy and Personal Data Protection Policy, hereinafter referred to as the “PRIVACY POLICY” or simply as the “POLICY”, applies generally to the collection and processing of personal data provided by clients, potential clients, users and users – hereinafter referred to as the “DATA SUBJECT” – of the services provided, both offline and online, by Mediador de Seguros Paulo Silva Gomes – Agência de Seguros, Unipessoal, Lda, registered with the Insurance and Pension Funds Supervisory Authority (ASF) under no. No. 410339576/3, NIF 509587305, with office at Rua Patriarca D. José, 94 2260-039 Atalaia VNB, hereafter abbreviated to “SUBMITTER”, namely those collected through forms, websites, simulators, proposals, documents or other means (hereafter only “DOCUMENTS”), in paper or electronic format, destined to allow the contact with the SUBMITTER, also applying to the exercise of rights, by the DATA SUBJECT in relation to the same, under the terms of the applicable legislation, in particular, but not limited to, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR). This POLICY is of a general and abstract nature, and the information provided herein may be supplemented or waived, in whole or in part, by other policies, notices or information of a more specific nature that may have been or will be made available by the MEDIATOR in the context of certain types of processing of personal data.

Article 1

Person responsible for processing personal data

The above-identified INTERMEDIATOR, whose activity is regulated by the legal regime for insurance distribution (RJDS) approved in annex to Law no. 7/2019 and corresponding regulations published by the ASF and, depending on the respective category of insurance intermediary, under the terms of the contracts, protocols, agreements or conventions established with the “Insurance Companies”. No. 7/2019, of January 16, and corresponding regulations published by the ASF and, depending on the respective category of insurance intermediary, under the terms of the contracts, protocols, agreements or conventions established with the “INSURANCE COMPANIES” – companies that have received an authorization to carry on insurance business from the competent authority of one of the Member States of the European Union -, hereinafter referred to as the “INSURANCE COMPANIES”, may have the most varied forms and modes of relationship, business models and actions in relation to the INSURANCE COMPANIES, which are reflected in the purposes and means of processing the personal data of the DATA SUBJECT, and for this reason, may act, as far as data protection legislation is concerned as “controller”, “processor” or as “joint controller” of the personal data, hereinafter just “PERSONAL DATA”, provided by the respective DATA SUBJECT when filling out the DOCUMENTS, regardless of their support, directly or through a third party, or that have been generated by the IMPRESSOR whether in the scope of previous contacts, or during the conclusion, execution, renewal or termination, through the mediator, of the contract or insurance operation or that have resulted from the same and that concern the DATA OWNER, whether in his/her capacity of policyholder, insured, beneficiary or his/her representative and, also, the claimants or third parties and their representatives. The provision to the ADVERTISER of the PERSONAL DATA collected in the scope of pre-contractual diligences or in the contracting process, apart from the cases in which corresponds to the necessary information for compliance with legal and contractual obligations of the ADVERTISER, constitutes a necessary requirement for pre-contractual diligence and, as well as, for the conclusion of the insurance contract and its execution through the ADVERTISER, and therefore, in the event that the same are not provided to the ADVERTISER, the contract may not be accepted by the INSURANCE COMPANIES, with the intervention of the ADVERTISER. The PERSONAL DATA will be processed by the ADVERTISER, depending on the case, either as “controller”, “processor” or as “joint controller”, for the purposes listed in Article 4 below, in strict compliance with the provisions of current legislation regarding the protection of personal data.

Article 2

Data Protection Contact

Contact for matters relating to the protection of PERSONAL DATA can be made in writing to the following addresses:

Post mail:
Paulo Silva Gomes – Agência de Seguros, Unipessoal, Lda
Rua Dissay, 12, RC Dto
2260-400 Vila Nova da Barquinha

Personal Data Protection Contact
Paulo José da Silva Gomes;


Article 3

Handling of personal data

The PERSONAL DATA provided in the relationship established with the MEDIATOR are treated in accordance with the applicable legal precepts, namely:
– treated in a lawful, fair, and transparent manner;
– collected for specified, explicit and legitimate purposes and will not be further processed in a way incompatible with those purposes;
– adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
– accurate and, where necessary, kept up to date, with appropriate steps being taken to ensure that any such inaccurate or incomplete data are erased or rectified, having regard to the purposes for which they were collected or for which they are further processed;
– kept in a way that allows the identification of its holders only for the period strictly necessary and within the legally permitted period to pursue the purposes of collection or further processing;

Article 4

Purposes, grounds for processing and time limits for storing personal data

PERSONAL DATA is processed for the following purposes based, in each case, on the grounds indicated in the table below and is kept for the time strictly necessary to fulfil the same purposes, according to the deadlines (or criteria used to define them) indicated in the same table:

Purpose Basis of Lawfulness Shelf life
Treatment necessary for the execution and management of the insurance contract and insurance mediation, or for pre-contractual diligences, with the intervention of the MEDIATOR.
Presentation, proposition, celebration and execution of the insurance contract, pre-contractual diligences and support its management, especially in case of a claim, with the MEDIATOR's intervention. Legitimate interest of the controller or a third party in identifying, assessing risks, informing, clarifying and advising on solutions and products. Consent of the DATA SUBJECT. Fulfilment of legal and statutory obligations.
Until expiry of the legal limitation period for all obligations arising from the insurance contract and the insurance mediation activity related thereto.
Prospecting and commercial action.
Consent of the DATA SUBJECT. Legitimate interests of developing and growing the business of the controller or third parties.
Until one year after the end of the contractual and legal relationship.
Compliance with legal obligations, namely with supervisory, tax, and fiscal or judicial authorities, among others.
Compliance with legal and judicial obligations. Legitimate interests of controlling the activity of the controller or a third party. For the declaration, exercise or defense of rights in legal proceedings.
Legal deadline applicable at each moment for each legal and judicial obligation to be fulfilled. Until the expiration of the period of prescription or forfeiture for the exercise of rights.

Article 5

Telephone call recording

In the telephone contacts established between the DATA OWNER and the ADSER, in the scope of its activity, the latter may proceed, if necessary, to record the calls, with prior information to the DATA OWNER and with his/her consent, to manage the pre-contractual and contractual relationship, through the ADSER, and to comply with legal and juridical obligations, namely as a means of proof of information or instructions transmitted, as well as for the improvement of the services offered or contracted and also to control the quality of the same. The call recordings will be kept for the periods indicated in the deliberations of the National Commission for Data Protection (CNPD) that define the principles applicable to the treatment of call recording data, namely, Deliberation No. 1039/2017.

Article 6

Health data

In the case of some coverage of risks to be transferred from the sphere of the DATA OWNER (namely in health insurance, personal accident insurance or others), which fall into the category of special and sensitive data, the presentation, proposal, conclusion or execution of the insurance contract, with the intervention, legal and/or contractual, of the IMPRESSOR, involves or may involve the processing of data relating to the health of the DATA SUBJECT, whether in the scope of the pre-contractual relationship, for identification, analysis of the proposed risk and establishment of the contractual conditions, or in the scope of the management of the contractual relationship, use of the coverage, management of claims and, as well as, in processes of renewal and contractual alterations. The MAIN will process the data in question, either as “controller”, “processor” or as “joint controller”, for the purposes indicated above, with the consent of the DATA SUBJECT or his/her representative, without prejudice to cases in which the processing is based on another lawful ground (such as for the purposes of fulfilling obligations and exercising specific rights of the INSURERS, the INSURERS, third parties or the DATA SUBJECT, in matters of employment law, social security and social protection to the extent that such processing is permitted under European Union or Member State law or a collective agreement providing adequate safeguards for the fundamental rights and interests of the DATA SUBJECT. In these cases, the acceptance by the INSURERS, with the intervention of the INTERMEDIATOR, of the insurance contract in question depends on the possibility to process the health data of the DATA SUBJECT, without which it is impossible to carry out the analysis of the proposed risk, conclude the insurance contract, transfer the risk, place and accept the intended coverage or even maintain the contract in force with the INSURERS.

Article 7

Data Communication

The PERSONAL DATA may be communicated, under commitment of confidentiality, to other companies that are in a control or dominance relationship (Group), already established or to be established, that the MEDIATOR is or will be part of, whose identification and contact information may be requested at any time from the Contact Person for Personal Data Protection, as identified in Article 2 above, above, and may be processed by other entities for which the MEDIATOR acts, if applicable, as a “subcontractor” or “joint controller”, as well as to whom the MEDIATOR has subcontracted its processing, as well as by its insurance co-brokers or Persons Directly Involved in the Activity of Distribution of Insurance (PDEADS). The PERSONAL DATA may also be processed by other INSURERS or co-mediators within the framework of the settlement of claims.

For the purposes described above and in compliance with legal obligations, the PERSONAL DATA may be transmitted to judicial, administrative, supervisory, or regulatory authorities, and also to entities that compile or lawfully carry out data compilation actions, actions to prevent and combat fraud, market studies, or statistical or technical-actuarial studies.

Article 8

Collecting data from other sources

The INSURERS may proceed to collect information regarding the OWNER of the DATA that is considered relevant for the evaluation of the risk to be insured and the establishment, by the INSURANCE COMPANIES, with the intervention of the INSURER, of the contractual conditions of the insurance, from sources accessible to the public, public organisms, sector associations, existing IT platforms or specialized companies, in order to complement or confirm the information provided by the OWNER of the DATA, within the scope of the purpose of the management of the pre-contractual and contractual insurance relationship, through the INTERMEDIATOR, including the exercise the activity of insurance distribution under the terms of the specifically applicable legislation, in compliance with the duties of information, clarification, transmission, advice, assistance and registration imposed on it by said legislation.

Article 9

Data subject rights

The holder of the PERSONAL DATA has the right to request the MEDIATOR, and through him/her, the INSURERS, by means of a written request addressed to the Personal Data Protection contact:
– Access, under the terms and conditions provided for by law, to the PERSONAL DATA concerning you that is being processed;
– The correction or updating of inaccurate or outdated
– The treatment of missing PERSONAL DATA when it proves to be incomplete;
– The erasure, in the cases specifically provided for by law, of PERSONAL DATA concerning you;
– The limitation, subject to the conditions provided by law, of the processing of PERSONAL DATA concerning you. Upon written request, addressed to the Personal Data Protection contact, the DATA SUBJECT is also entitled to:
– Withdraw the consent given, when the data processing is based only on consent;
– To object to processing for reasons relating to your particular situation where the data processing is based on the legitimate interest of the “controller” or a third party.
– To receive from the “controller”, “processor” or “joint controller”, in machine-readable digital form, the personal data concerning you which have been provided by you and processed by automated means on a justified basis:
          a) in consent provided by the DATA SUBJECT or,
          b) em contrato celebrado, may request, in writing, the respective transmission directly to another person in charge, whenever this is technically possible.

The holder of PERSONAL DATA may also request more detailed information from the contact for Personal Data Protection, particularly about the purposes, grounds for lawfulness and retention periods, as well as lodge complaints about the way in which his/her PERSONAL DATA is handled, notwithstanding the fact that he/she may also do so with the National Commission for Data Protection (CNPD).

Article 10

Security of personal data

The MEDIATOR adopts appropriate technical and organizational measures to protect the PERSONAL DATA against accidental or illicit loss, destruction or damage, as well as to ensure that the data provided is protected against access or use by unauthorized third parties. The MEDIATOR guarantees the privacy and security in the transmission of data from its clients and visitors to its website and other computer platforms, if available.

Article 11

Automated decisions

Within the scope of the subscription and renewal processes for insurance contracts or operations, the INSURANCE COMPANIES may use automated decision-making solutions that are necessary for the conclusion and execution of the respective insurance contract or operation, with the intervention of the INTERMEDIATOR, using information regarding the policyholder or insured, obtained within the framework of the management of the contractual or pre-contractual relationship, which may lead to decisions being made regarding the contractual conditions applicable in the subscription or renewal. The holder of the PERSONAL DATA may also request from the CONTACT for Personal Data Protection more detailed information about the logic behind the processes in question, within the framework of the subscription and renewal of contracts, through the MEDIATOR, namely about the information taken into account for the taking of exclusively automated decisions and the way in which this information is integrated into the INSURANCE decision making process. In all cases where the INSURERS make decisions based exclusively on automated data processing, the processes shall, as a minimum, incorporate mechanisms to give the data subject the possibility:
     (i) express their point of view;
     (ii) challenge the decision; and
     (iii) request and obtain from the INSURED, directly or through the MEDIATOR, human intervention in the decision making review process.

Article 12


The MEDIATOR may use cookies on its website, if available, to improve the user experience and to allow certain operations to be carried out securely.

Article 13

Privacy Policy Changes

This PRIVACY POLICY may be amended periodically by publication on the MEDIATOR’s website, if available, or by disclosure by any means on which a written record is kept, including electronic or postal mail, without the need for prior express consent of the DATA SUBJECT. Any significant changes will be communicated with the degree of publicity corresponding to their relevance, either by highlighting them in the online publication or, if the relevance justifies it, by individual communication to the DATA HOLDERS.