Personal Data Protection

Privacy Notice

Decsis - Sistemas de Informação, S.A., hereinafter referred to as Decsis, respect your privacy and recognize the importance of protecting your personal data, and are committed on processing it responsibly and in accordance with the principles of personal data protection defined by the General Data Protection Regulation (GDPR).
The purpose of this Privacy Statement is to inform you about how we process personal data that result from your interaction with Decsis, namely if you are our Client, Supplier, Partner, use our Site or if, in any way, you have interaction with Decsis or our facilities. This Statement does not apply to Decsis personnel.
■ 1. Data Controller

This privacy statement applies to the processing of personal data carried out by Decsis, regardless of its status as controller or processor, under the terms of the General Data Protection Regulation (GDPR).

In this context, Decsis assumes the role of processor, namely in situations:

  • Contract with Manufacturer (brand): Authorized Repair Centers;
  • Subcontractor as Service Provider

In any case, DECSIS may collect the data and when it acts as a Processor is bound by the instructions given by the Data Controller and will transfer the data collected to the Data Controller. In this case, Data Subject is advised to consult Data Controller information about personal data protection.

■ 2. Our Commitment

Decsis is committed to ensure protection of all personal data made available to us, to do so, Decsis implemented security measures, of physical, technical and administrative nature, in order to protect personal data against any form of illicit treatment, regardless of the support where it is. These measures will be limited to Decsis' intervention in the process, particularly in cases where it acts as a Processor.

NMinors' data are not intentionally collected, nor are we able to distinguish them without being intrusive. Since the responsibility for monitoring the child in all dimensions of his life belongs to the parental responsible, we will promptly delete the data of minors when the parental responsible notifies us that such data has been collected without their consent.

Decsis has designated a Group responsible for the Protection of Personal Data, to monitor compliance with the policies and rules related to the protection of personal data.

■ 3. Processing of personal data by Decsis

The main areas for the processing of personal data are summarized below; the duty to provide information for other situations is treated on a case-by-case basis.

In cases where DECSIS acts as a processor, it assumes its responsibilities as such. The Data Subject should consult information from manufacturers and / or DECSIS partners regarding personal data protection.

A.1 What personal data is collected?

The personal data collected is limited to the name, address, telephone contact, email, TIN, IMEI or serial number of the equipment. The data are collected and processed in electronic format; in addition it can be kept in paper format.
As a rule, this data is provided directly when you request a service, and it can be provided at our stores or by electronic means, for example by filling out a form on our website or sending an email.
The personal data collected from our website or sent by e-mail is provided voluntarily, and will be processed exclusively for the purpose of each request.
The refusal to provide data may affect the provision of the service, depending on its nature and the requirements of the Data Controller, in cases where DECSIS is a processor. Regarding the use of website forms, some fields are mandatory, and if they are not completed, it will not be possible to complete the functionality in which are requested.

A.2 What is the purpose?

Personal data is collected with the purpose of:
  • Contractual relationship managementl;
  • Provision of services and / or supply of products;
  • Evaluation of service satisfaction, with Client's prior consent.
The personal data collected may also be processed to answer questions, suggestions or complaints from the Client, and may be transmitted to other entities to comply with legal obligations.

A.3 Storage Period

Personal data will be kept for a period of 12 years, in the case of accounting data, and 3 years for operational data necessary and resulting from service accomplishment.

A.4 Lawfulness of processing

Performance of a contract or pre-contractual steps.


B.1 What personal data is collected?

The personal data collected is limited to the name, address, telephone contact, email, TIN, Citizen Card Number, IMEI or serial number of the equipment. The data can be collected in the form of our website, by email or filling in the complaints book (in paper or digital).
The refusal to supply the data may condition the achievement of the purpose, depending on its nature and requirements, for example, of legal entities or manufacturers (brands). In the case of the forms present on the website, some fields are mandatory, and if they are not completed, it will not be possible to complete the functionality where they are requested

B.2 What is the purpose?

Personal data is collected with the purpose of:
  • Management of suggestions and complaints.

B.3 Storage Period

Personal data will be kept for a period of 3 years.

B.4 Lawfulness of processing

Performance of a contract and compliance with legal obligations.


C.1 What personal data is collected?

Data related to the skills and professional background of each Data Subject, as well as identification data that allow further contacts for eventual follow-up of the application. Data Subject provides these data, or other complementary data given by Data Subject, voluntarily.

C.2 What is the purpose??

Personal data is collected with the purpose of:
  • RH Application management (spontaneous or not);
  • Recruitment processes.

C.3 Storage Period

Personal data will be kept for a period of one year, unless the Data Subject is recruited. Otherwise, the storage periods for Employees apply..

C.4 Lawfulness of processing

Consent of the holder with the submission of information, Decsis' legitimate interest in analyzing the applications submitted.


D.1 What personal data is collected?

Data required for accounting treatment, namely those required by AT (Tax Administration) and / or those contained in invoices and / or receipts issued by the Data Subject. Contact details and IBAN of the Data Subject may also be collected.

D.2 What is the purpose?

Personal data is collected with the purpose of:
  • Contractual relationship management;
  • Accounting processing and payments;
  • Tax information, including sending information to the Tax Administration.

D.3 Storage Period

Personal data will be kept for a period of 12 years.

D.4 Lawfulness of processing

Performance of a contract or pre-contractual steps, compliance with legal obligations.


In specific cases, in particular, HR outsourcing or service providers, it may be necessary to collect data from the third party's employees. In these cases, this data may be sent to external entities to whom Decsis provides services.

E.1 What personal data is collected?

The data will be appropriate to the situation and requested in writing, usually by email or other means to be agreed with the supplier / service provider. Typically included in the data collected are the name, unambiguous identification of the resource (Data Subject) and means of contact. In specific cases, it may be necessary to collect data on skills and fitness for the job to be performed.

E.2 What is the purpose?

Personal data is collected with the purpose of:
  • Provision of services (proof of skills and fitness; access to infrastructure);;
  • Compliance with legal obligations.

E.3 Storage Period

Personal data will be kept for as long as necessary to fulfill Decsis obligations.

E.4 Lawfulness of processing

Performance of a contract or pre-contractual steps, compliance with legal obligations.


F.1 What personal data is collected?

The data will be appropriate to each situation and determined by the process itself.

F.2 What is the purpose?

Personal data is collected with the purpose of:
  • Judicial and extrajudicial collection;
  • Management of other conflicts;
  • Response and reporting to judicial authorities.

F.3 Storage Period

Personal data will be kept for as long as necessary to fulfill Decsis obligations.

F.4 Lawfulness of processing

Compliance with legal obligations, Decsis' legitimate interest in defending their rights.


G.1 What personal data is collected?

Our facilities are protected with video surveillance systems, with image collection (CCTV). The images are collected at the receptions, common circulation areas, access points, car parks and warehouses, with images being viewed in real time. Image collection is signposted at each location.

G.2 What is the purpose?

Personal data is collected with the purpose of:
  • Protection of people and property.

G.3 Storage Period

Personal data will be kept for a period of 30 days.

G.4 Lawfulness of processing

Decsis' legitimate interest in ensuring the safety of people and property within our facilities.


Access to Decsis infrastructures that are not open to the public is subject to rules and identification of the Data Subject.

H.1 What personal data is collected?

Data Subject identification.
For areas classified as sensitive, the identification of the Data Subject will be unambiguous and complemented with his direct contacts.

H.2 What is the purpose?

Personal data is collected with the purpose of:
  • Protection of people, property and information.

H.3 Storage Period

Personal data will be kept only for the period necessary to carry out the purposes for which they are intended, namely, during the execution of the contract and underlying legal obligations.

H.4 Lawfulness of processing

Decsis' legitimate interest in ensuring the safety of people and property within our facilities and guarantee network and information security of our computer systems.


When you visit our website, cookies are used which, however, do not collect any information that would directly identify you as a Data subject.
For further details about how our website use cookies see our: Cookies Notice.


■ 4. Service Providers

Service providers may be involved in carrying out some services. DECSIS is committed to ensuring that these entities present sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of Decsis, GDPR and ensure the protection of the rights of the data subject. Processing by a service Provider will be formalized in written in compliance with GDPR.

■ 5. Storage Period

Personal data will be kept for the period identified in each treatment above mentioned or for the time necessary for Decsis comply with its legal obligations. In particular, in cases of litigation, the data will be kept until the final judicial decision.

■ 6. Communications and Transfers

According to the purpose of collection, Decsis may have to share personal data of customers and suppliers with other entities, namely:

  • Entities with legal legitimacy for data processing (AT, SS, INE, Courts, ASAE, etc.);
  • Manufacturers and Business Partners;
  • Suppliers and Service Providers;
  • Customers;
  • Communications between Decsis, Decsis II Iberia, Decunify, Expandiserve e Deccare, considering the existing relationship between these companies, which share the same policies and conduct regarding personal data protection.

Decsis, when acting as the controller, will process your personal data entirely within the European Economic Area.

■ 7. Rights of the data subjects

Data subject has at his disposal a set of rights that can request from DECSIS at any time. Thus, if Data Subject wants to consult his data, he can request access to them, if he understands that some data is wrong or out of date, he can and must request its rectification. Data Subject also has the right to data portability as well as right to be forgotten / erasure.

However, be aware that legal and/ or regulatory framework may prevents DECSIS from fulfilling your request. In these cases, DECSIS will communicate to the Data Subject, within a maximum period of one month from the date of receipt of the request, the reasons why it cannot be satisfied.

In cases where the processing of personal data depends on consent, Data Subject is free to provide and withdraw it at any time.

To exercise his rights, Data Subject must send the request in writing to the contacts below. Decsis reserves the right to take reasonable steps to verify your identity before granting access to data.

The response to requests must be provided within a maximum period of 30 days, unless it is a particularly complex request. The exercise of the rights is free of charge, unless it is a manifestly unfounded or excessive, in which case a reasonable fee may be charged taking into account the costs.

The Data Subject is also entitled to lodge a complaint with the National Data Protection Commission (CNPD) or other competent supervisory authority under the terms of the legislation in force.

■ 8. Contacts

For additional information or exercise of your rights under the General Data Protection Regulation, write to:

Letter to address:
A/C GEP
Decsis – Sistemas de Informação, SA
Rua das Artes Gráficas, 162
4100-091 Porto
■ 9. Disclosure and Update of this Information:

Decsis reserves the right to modify this Privacy Notice at any time. Any such changes to this Privacy Notice will be reflected on this page.

Last updated: March 2023

DSI02/03-03.23