Privacy Policy

A Transparent Compromise

Last updated: 2019-08-05

At Theros Digital (hereafter Theros) the satisfaction and trust of our employees, customers and other stakeholders is one of the main critical factors of our success and, therefore, we want to ensure the security of their Personal Data, as well as the enforcement of all your rights.

This Privacy Policy is intended to be fully transparent in all matters relating to privacy and data protection, including what data processing, what purposes and which rights are inherent and how to exercise them through the implementation of technical and appropriate for this purpose, in compliance with the applicable legislation, in particular the General Data Protection Regulation (RGPD – 2016/679 of the European Parliament).

Scope of application

This Privacy Policy applies to all Theros external stakeholders. Theros provides services to multiple individual and collective entities around the world, and details of our services can be found in our external communications, notably on our website ( 
This policy then applies to our customers, suppliers, candidates, interested in our products, services and events and other parties who have applied to receive information about our services or any of our marketing and communication materials.

Data Processing

In our relationship with Theros stakeholders, we treat different Personal Data collected through various forms and at different times, such as:

  • In the context of business management : through our website, when you fill out and submit our forms or use an email address provided by us for a contact request, download of materials provided or registration for our events, training and other initiatives, through from public websites and social networks, third party and partner databases and directly from the Data Holder himself, typically collecting: name / surname, company, title, email address and telephone contact;
  • In the context of service management and contractual relationship : through the contract, our website, e-mail, in person and by telephone, when requesting information or following the contracting of services, purchase of products, clarification of questions or performance of satisfaction surveys and evaluation of the services provided, being typically collected: name / surname, company, position, telephone contact and email address;
  • In the context of recruitment and selection processes : through our website and recruitment management platform, when you fill out, you submit an application, typically collecting: name, surname, email address, address, telephone contact.

Purposes and Lawfulness of Data Processing

The processing of Personal Data is essential for us to add value to stakeholders, so we will use Personal Data in strict compliance with the provisions of the RGPD and for the following purposes and legality:

  • Performing Marketing and Business Actions – We will use Personal Data based on consent to: share news; send invitations; conduct questionnaires and market studies; present products and services related to Theros and its business group; share studies and research; and disseminate market trends within our industry;
  • Recruitment and Selection – We will use Personal Data, based on consent, to: integrate into recruitment processes; sharing information on ongoing recruitment processes; data sharing with Theros clients; sending communication of opportunities and gauging professional interests;
  • Contractual Customer Management – We will use Personal Data, based on the need to perform the contract, for electronic contact and telephone contact, in order to improve our service and enhance the partnership relationship, sharing news, new products and complementary services, invitations, conducting questionnaires and market studies and satisfaction surveys and evaluation of the services provided.

Data Conservation

The Personal Data processed will be kept and processed only for the minimum period necessary and proportional to the purposes that motivated its collection. Retention periods which are unequivocally clear from applicable law will be strictly adhered to.

In the case of recruitment processes, and in accordance with Labor Law and Labor Code, data will be retained for a period of 2 (two years).

Subcontracting and Data Sharing

In order for us to add value to our stakeholders, Theros may need to share Personal Data with other external entities that help us with different products and services related objects. Thus, Theros may disclose information in the following cases:

  • Authorities and Public Bodies – Under applicable law, Theros is required to disclose Personal Data to public authorities or bodies so that they may perform their duties, such as: Tax Administration, Social Security, Working Conditions Authority , and to judicial authorities within the framework of judicial mandates;
  • To JOYN Group – Theros is part of a multinational business group – JOYN Group, and its data may be disclosed to other group companies in the context of the provision of shared services between group companies, joint disclosure and commercial actions and for the purpose of internal management;
  • To Theros Clients – Strictly within the scope of the recruitment, selection and integration processes of human resources, where only the Personal Data that prove necessary for the purpose will be communicated and transferred and trying to do so with the pseudonymized data;
  • To third party service providers of Theros – Entities that assist us in pursuing our mission. We ensure technical and organisational measures so that third party service providers may have access to Personal Data confidentially and in strict compliance with the law, formalising with us specific agreements governing the use of Personal Data.

Data Subject Rights

In compliance with the provisions of the RGPD, Theros facilitates the exercise by the Data Subject of the rights granted to him / her, subject to proof of identity, including procedures for requesting and, where appropriate, obtaining free access in particular to Data. Personnel, their rectification or deletion and the exercise of the right of opposition.

Thus, the Data Subject is granted the following rights:

  • Right of access – The Data Subject has the right to obtain from Theros confirmation as to whether or not they are processed and, if appropriate, the right to access their Personal Data and information about how we are use them, the entities with which they are shared, the period during which your data is stored, among other issues;
  • Right of rectification – The Personal Data Holder has the right to request Theros to rectify inaccurate data concerning him;
  • Right to delete data (“right to be forgotten”) – The holder has the right to obtain from Theros the deletion of his Personal Data, being the Theros obliged to delete them, whenever: the data is not necessary for the purpose for which they are used; the Data Subject withdraws his consent; the Data Subject has objected to the processing of Personal Data and there are no prevailing legitimate interests that justify the processing; fulfilment of a legal obligation under Union or Member State law;
  • Right to Limit Treatment – The Personal Data Holder has the right to request Theros to temporarily use its Personal Data when it considers that it is inaccurate until it is verified or updated; when they are no longer needed to accomplish the purposes; when you oppose the use of your data for any purpose; while assessing whether Theros’s legitimate interest prevails over its right to oppose its use;
  • Right of Opposition – The Personal Data Holder has the right to object to the use of his data for any of the stated purposes;
  • Right to Portability – The Personal Data Holder has the right to receive the Data Personal data concerning you, in a structured format, commonly used and of automatic reading;
  • Automated Individual Decisions, including Profiling – The data subject has the right not to be subject to any decision made solely on the basis of automated processing, including profiling, which has effects on his or her legal sphere or significantly affects him or her. similar way.

The listed rights may be exercised with the Theros for your Data Protection Officer, contacts below.

Any complaints should be addressed to the Portuguese National Data Protection Commission (CNPD), which is the competent data protection supervisory authority.

Security of Personal Information

Theros is committed to the protection and security of personal information by implementing appropriate technical and organisational measures to ensure a risk-appropriate level of security and confidentiality and to protect personal data and information from unauthorised access, use or disclosure. Technical and organisational measures include, for example: We store Personal Data in databases with encryption of information; Physical and logical access to restricted servers and equipment located in controlled facilities. When transmitting data, we protect it through encryption, such as Secure Socket Layer (SSL) protocol.

Data Protection Officer

It is the responsibility of the data protection officer to ensure, among other things, that data processing complies with current legislation. Theros has appointed a Data Protection Officer, so you may be contacted directly, using the means provided below, on all matters relating to the processing of your Personal Data and the exercise of Data Subject’s rights.

Theros Digital – Sistemas de Informação SA 
Ed. Atlas II, Av. José Gomes Ferreira 11, 2nd Floor – 1495-139 Algés

Changes to this statement

Theros may update this Privacy Policy at any time. When this is done, the date of the “last update” will be reviewed and the notification of such changes will be disseminated.