(If you prefer, you may visit the Short Version of this Privacy and Data Protection Policy)
By accepting this Privacy and Data Protection Policy, you are authorizing S.D.M. - Sociedade de Desenvolvimento da Madeira, S.A. (hereinafter referred to as "SDM") to process the personal data it receives from you for the purpose of registering information requests, joining our communication channels, or that resulting from the your use of services provided by SDM, online or offline, such as access, consultation, advices, operations and any other record related to the use of such services or data related to your commercial or contractual relationship and its management in accordance with this Privacy and Data Protection Policy.
You further declare:
To allow your data to be transmitted to entities whom SDM may subcontract, for the sole purpose of providing services of information technology or other, to pursue partnerships within the legal framework of the International Business Center of Madeira and to carry out research and analysis on the services provided by SDM;
To have been informed that your data will not be sold, exchanged, transmitted or supplied to any company outside SDM’s group or treated for other purposes not indicated here, except in cases explicitly agreed by you;
To be aware that your data will be stored as long as you want to maintain an open communication channel (business or personal) with SDM;
That, in accordance with the applicable legislation, you may oppose to the processing, limit and correct your data or request that it be erased, in whole or in part, by sending a request to the following e-mail address: firstname.lastname@example.org;
To have been informed of your right to complain to the official authorities, in particular the Portuguese National Data Protection Commission; and
To have an age equal to or greater than 16 years old and provide this consent in a free, informed and voluntary manner.
The protection of the data of our web site users, customers, suppliers and partners is a priority for SDM and a major factor to establish and maintain with them a relationship of trust. It is SDM's policy to treat personal data with the utmost discretion and to protect it with the appropriate means at its disposal.
Through this Privacy and Data Protection Policy, SDM informs about the nature, scope, and purpose of the processing it performs on the personal data it collects, online and offline, from users and also informs the data subjects about their rights in this area and how to exercise them.
Please be advised that this Privacy and Data Protection Policy applies to the processing of information collected directly by SDM or to which it may have indirect and eventual access through other sites or social platforms managed by other entities or organizations.
SDM only deals with the personal data that are strictly necessary for the pursuit of its legitimate interests and contractual obligations as the Concessionaire of the Madeira’s International Business Center, namely those necessary for the administration and promotion of this Business Center.
More specifically, the personal data collected by SDM is processed for the exclusive purpose of contacting its suppliers, partners, customers, institutional relations and community members in order to develop and maintain business and institutional relations in strict compliance with the applicable regulations and laws on privacy and data protection.
SDM implements the adequate technical and organizational measures, both to comply with the general legal framework on data protection and with the special legal regime enforced by Regulation (EU) 2016/679, also known as the General Data Protection Regulation.
For further clarification or additional information or to exercise rights on this matter, data subjects may contact the Data Protection Officer of S.D.M. - Sociedade de Desenvolvimento da Madeira, S.A., through the address email@example.com.
This data protection policy incorporates terms and concepts used by the European legislator on the General Data Protection Regulation(GDPR), so, in order to ensure its transparency and easy understanding, we present hereinafter a brief version of the main concepts used throughout the document.
In this data protection statement we use the following terms:
“Personal data” - any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“Data subject” - an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“Processing” - any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;.
"Restriction of processing " the marking of stored personal data with the aim of limiting their processing in the future;
“Profiling” - any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
"Pseudonymization" - the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
"Controller" - the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
"Processor" - a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
"Recipient" - a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
"Third party" - a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data
"Consent of the data subject" - any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
For the purposes of the General Data Protection Regulation (RGPD) and other data protection laws applicable in the Member States of the European Union and other provisions related to personal data protection the data controller is S.D.M. - Sociedade de Desenvolvimento da Madeira, S.A., with official headquarters at Sítio da Cancela, Caniçal, municipality of Machico, registered in the Private Registry of the Madeira Free Trade Zone under the number 511 025, with a total share capital of € 5,500,000.00, hereinafter referred to as SDM, which owns the websites with the domains www.sdm.pt, www.ibc-madeira.com, www.cin-madeira.com, www.e-madeira.com, www.madeira-shipping.com, www.investinmadeira.com, www.madeira-investment.com and corresponding subdomains through which users have access to its services and products.
To contact SDM’s Data Protection Officer, you may send a message to the email address firstname.lastname@example.org, describing the subject of the request and indicating an email address, a telephone number or a mailing address.
Alternatively, if you wish to exercise any of your Personal Data Protection rights on your personal data held by SDM, you may also use the form at the following web address: Management of Personal Data Rights.
For any other purposes, please use the following contacts:
SDM only processes the personal data strictly necessary for the pursuit of its legitimate interests and contractual obligations as the Concessionaire of the Madeira’s International Business Center, namely those necessary for the administration and promotion of this Business Center.
SDM, as a service provider in a business-to-business perspective, typically collects business oriented data. However, data such as the name, email address and telephone number of a natural person, even when used in a business perspective may still be considered personal data. As such, SDM requests that all data subjects, when communicating with SDM through any means, to exclusively use business and professional data, avoiding the use of data of an exclusively personal nature.
SDM uses the collected personal data to contact suppliers, partners, community members, legal authorities and customers for the purpose of maintaining good business relationships, responding to requests, delivering, promoting and receiving feedback from its services, establishing working relationships with community institutions, such as schools and training centers, and contacting community members whenever necessary in strict compliance with current privacy and data protection laws and regulations.
The personal data collected by SDM is processed by computer, excluding all processing that may lead to profiling operations, in accordance with the current national and EU rules.
On its websites, SDM does not collect personal data about users and visitors, unless they provide them voluntarily. This means that SDM will not know the name, email address, or other personal information of visitors who just browse through its sites. Only through voluntary interaction with one of the several online forms available on the sites (to contact SDM, request or send information) the personal data of the visitor who started the interaction may be recorded.
The subject related to personal data of job candidates applying for work within the business cluster of Madeira’s International Business Center are covered in a specific section of this policy.
SDM expressly requests all data subjects that send it personal data through any of its communication channels to not include any kind of sensitive personal data in the information transmitted to SDM.
Sensitive data include genetic data, biometrics and all data relating to physical or mental health, race, ethnicity, religion, philosophical beliefs, sexual orientation, political preferences and membership to trade unions or similar organizations of a natural person.
All data sent to SDM containing information of this nature will be immediately destroyed, without any other kind of processing operations being performed on them.
All data processing operations carried out by SDM have a lawful basis, in particular either because the data subject has given consent to the processing of his or her personal data for one or more specific purposes, or because the processing is necessary for the purposes of the legitimate interests pursued by SDM as the concessionaire of the International Business Center of Madeira, either because such processing is necessary in the performance of a contract to which the data subject is party, or for pre-contractual arrangements at the request of the data subject or because it is also necessary for compliance with a legal obligation to which the controller is subject.
All personal data collected through SDM's communication channels is used exclusively for the exchange of information with suppliers, partners, community members, legal authorities and customers for the purpose of maintaining good business relationships, responding to requests, delivering, promoting and receiving feedback from its services, establishing working relationships with community institutions, such as schools and training centers, and contacting community members whenever necessary; as well as the management of the personal information of the Job Candidates considered necessary for the purpose of selection and recruitment within the business cluster formed by companies licensed to operate in the International Business Center of Madeira.
Collected personal data may also be processed for statistical purposes, for sending information about promotional, commercial or marketing activities, in particular to promote events, new functionalities or new products and services, through direct communication, either by correspondence, by electronic mail, messages or telephone calls or any other electronic communications channel.
Data subjects may, under the terms and limitations of the applicable laws and regulations, exercise their right to oppose, at any time, to the use of their personal data, and to do so, they must send a written request to the Data Protection Officer of the SDM, according to the procedures described below.
Personal data will be preserved only for the period necessary to achieve the purposes that led to their collection or subsequent processing, in compliance with all applicable legal and security rules and operational measures on archiving.
SDM-owned web sites contain contact forms that allow quick and direct electronic contact with company officials. When using these forms, information will only be transmitted if the data subject gives his express consent to the use of his personal data. If a data subject contacts SDM via e-mail or through a contact form, the personal data transmitted by the data subject is stored automatically. Such personal data and the correspondent consent for processing is transmitted to SDM voluntarily by data subject and is stored for the purpose of dealing with the request submitted or to contact the data subject and will not be transferred to third parties.
On SDM-owned web sites, visitors have the opportunity to subscribe the newsletter of the International Business Center of Madeira (Madeira’s IBC). The subscription form used for this purpose determines which personal data is transmitted.
Madeira’s IBC newsletter can only be received by the data subject if (1) he/she has a valid email address, and (2) he/she subscribes to receive it. For legal reasons, in addition to obtaining the explicit consent of the data subject when performing the initial subscription, a confirmation email will also be sent to the email address registered for the first time by the data subject as the recipient of the newsletters, in a procedure commonly known as "double confirmation". This confirmation email is used to verify that the owner of the email address - as the data subject – really wishes to receive the newsletter.
Personal data collected as part of a newsletter subscription will be used for this sole purpose. Subscribers to the newsletter may also be contacted by e-mail, as long as it is necessary for its operation or any technical or operational changes to this service. There will be no transfer of personal data collected by the newsletter service to third parties. The subscription of our newsletter can be terminated by the data subject at any time.
The consent for personal data storage, given when subscribing to the newsletter, may be revoked by the data subject at any time. For the purpose of revoking consent, a web address is included in the footer of every Madeira’s IBC newsletter. The data subject may also cancel his/her subscription to the newsletter by communicating his/her wish through the email: email@example.com.
SDM’s newsletter’s usually contain tracking pixels. A tracking pixel is a thumbnail picture embedded in email messages sent in HTML to enable statistical analysis about the success or failure of online marketing campaigns. Based on the built-in tracking pixel, SDM can verify if and when an email was opened by a data subject.
Personal data collected through tracking pixels contained in newsletters is stored and analysed by the controller in order to optimize the production and distribution of its newsletters as well as to adapt the content of future newsletters to the interests of the data owner. In no case will this personal data be transmitted to third parties. The data subject has, at any moment, the right to revoke the consent given through the double registration procedure. After a revocation, this personal data will be erased by the controller. SDM automatically considers as a revocation all subscription cancellations.
SDM may collect and process through its web sites the personal data of job candidates with exclusive purpose of facilitating their placement in companies operating within the business cluster of Madeira’s International Business Center. This processing will be carried out electronically whenever the candidates submit applications by email or through the corresponding online form on a SDM web site.
By submitting his/her Curriculum Vitae via email or an online form, the data subject gives his/her express consent to authorize SDM to share it with its trusted business partners, such as companies operating within the business cluster of Madeira’s International Business Center or recruitment agencies, with the sole purpose of facilitating contacts between candidate and employer.
Personal data of job candidates will never be retained or stored for more than 2 (two) years, and data that exceeds this retention period will be permanently and irreversibly deleted from our database.
On its web sites SDM uses "cookies" for the exclusive purposes of web analytics (with anonymization of internet addresses, "IPs" as set by Google in "Anonymizing IPs in Analytics") and setting the default language for the site. Cookies created and placed by SDM’s sites are of anonymous nature, used for exclusive functional purposes and for collecting web site statistics (on information processed by bulk), without collecting or archiving any personal information on its users .
By visiting and using any site owned by SDM, visitors will be required to explicitly consent or reject the use of "cookies" by the sites under the terms set forth in this Privacy and Data Protection Policy. Alternatively, they may at any time deactivate part or all cookies functionality in their own web browsers (for further information on this method the user must follow the instructions provided by each browser).
You may allow, delete or block cookies on your computer by changing the setting of your Internet browser. In some cases, specific services provided by the web sites may be disabled if the cookies they require are not allowed to operate correctly or when they are blocked by the user.
Below you may find some links to information on how to enable or block cookies for general web browsing, based on the browser in use.
Smartphones and Tablets
All other browsers
The user should look for the "help" item in their internet browser or contact the browser vendor.
To learn more about advertising cookies that capture behavioural profiles (used by some sites but not those of SDM), users in the European Union can visit: http://www.youronlinechoices.eu, and US users should visit http://www.aboutads.info/choices/ to learn how to disable such third-party cookies.
SDM-owned web sites integrate the Google Analytics service (with anonymization of IPs as set by Google in "Anonymizing IPs in Analytics").
Google Analytics is a web analytics service which collects, aggregates and analyses data about visitor behaviour on web sites. A web analytics service collects data about the originating web site (the so-called referrer), which pages are visited, or how often and how long a page has been viewed. Web analytics are mainly used to optimize a web site and to assess its effectiveness.
The Google Analytics processor is Google Inc., 1600 Anphitheater Parkway, Mountain View, CA 94043-1351, United States of America.
SDM installed Google Analytics on its sites activating the "anonymize IP" feature (see " IP Anonymization in Analytics"). This feature anonymizes the IP address of the data subject's Internet connection before any processing is performed.
Google Analytics places a cookie on the data subject's internet browser (SDM's cookie usage policy is defined above) that allows Google to perform statistical analyses on SDM’s website. This cookie is used to store anonymized information about visitors, such as the access time, the location from which the site was accessed and the frequency of visits to the site by the data subject.
The data subject has also the possibility to oppose the collection of data generated by Google Analytics about his use of SDM’s website, as well as the handling of such data by Google. To do this, the data subject must download a browser add-on at tools.google.com/dlpage/gaoptout and install it on his/her system.
Installation of this browser plug-in is considered by Google as an objection to the use of Google Analytics, therefore, disabling the service on all systems on which it is installed.
More information and the applicable Google data protection provisions can be found atwww.google.com/intl/en/policies/privacy and at www.google.com/analytics/terms/us.html. Google Analytics is explained in more detail at www.google.com/analytics.
Providing information or services by SDM may involve the use of services of third party data processors, including entities with head offices outside the European Union, which may entail access by those entities to personal data held by SDM.
In such circumstances and where necessary, SDM shall only use data processors which provide sufficient guarantees and appropriate technical and organizational data protection measures meeting the requirements of all applicable laws and regulations, guarantees which will be formally documented by each third party.
Except in cases where it has to comply with legal obligations, in no case will SDM communicate personal data to third parties that are not subcontracted entities or legitimate recipients of personal data obtained by SDM in its role as the Concessionaire of the International Business Center of Madeira, except in those situations where such communication is necessary to respond to requests expressed by the data subjects themselves or when they authorize SDM to do so.
Any transfer of personal data to a third country or an international organization shall be carried out within the legal framework and strict compliance with the relevant European and national laws and regulations, including those laid down in Chapter V of Regulation (EU) 2016/679.
SDM will abstain from all processing involving automated decision making or profiling of personal data subjects.
Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, SDM and all its processors shall implement appropriate physical, electronic and organisational measures to ensure a level of risk-adjusted safety for the processing of personal data.
To that end, a number of security measures have been adopted to protect personal data against unauthorized disclosure, loss, misuse, alteration, processing or access, as well as against any other form of illegal processing. However, despite all efforts, it is not possible for SDM to ensure the full and absolute inviolability of the data it receives, taking into account the unsafe and open nature of networks such as the Internet.
Every time SDM needs to subcontract the services of a third party that may have access to personal data, those processors will be required to adopt the organization-wide security measures, protocols and technical procedures necessary to protect the confidentiality and security of the personal data, as well as to prevent its unauthorized access, loss or destruction.
Data subjects of personal data held by SDM may at any time, exercise their rights of data protection and privacy, in particular the rights of access, rectification, erasure, portability, limitation or opposition to the processing, under the terms and with the limitations provided by the applicable laws and regulations. For this purpose, SDM reserves the right to request access to an official identification document in order to prove their identity.
Any request for the exercise of data protection and privacy rights must be addressed in writing by the data subject to the Data Protection Officer in accordance with the procedures and contacts specified in the section "Data Protection Officer" or through the use of the web form at the following address: Management of Personal Data Rights.
Data subjects of personal data held by SDM have the right to complain to the competent national authorities and in particular to the Comissão Nacional de Proteção de Dados (Portuguese Data Protection Authority). These data subjects may also send their complaints or suggestions through e-mail to the Data Protection Officer.
SDM has implemented an incident management and reporting system for data protection, privacy and information security.
If a data subject of personal data held by SDM discovers evidence of a personal data breach that has caused, accidentally or unlawfully, the unauthorized destruction, loss, alteration, disclosure or access, to personal data transmitted, stored or subject to any other processing operation, he/her must immediately contact SDM’s Data Protection Officer.
In order to keep this Privacy and Data Protection Policy updated and continuously improved, SDM may, at any time, make the changes deemed appropriate or necessary. SDM will publish the updated version in the adequate communication channels to ensure its transparency and information to users, customers and other stakeholders and obtaining the consent of the respective data subjects.
This Privacy and Data Protection Policy is intended to allow the free, specific and informed consent of the personal data subjects and implies, therefore, his/her knowledge and acceptance of the conditions contained herein. By using SDM’s communication channels or making their personal data available, the data subjects are expressly authorizing its processing, in accordance with the rules defined herein.