The Privacy Policy provides a framework for the processing of personal data collected by RHmais – Organização e Gestão de Recursos Humanos, S.A., with registered office at Praça de Alvalade, 6 – 12º, 1700-036 Lisbon, Tax Identification Number (NIPC) 501 859 764.
This Policy applies to:
RHmais employees (permanent staff, interns and service providers)
Job applicants participating in recruitment processes
Clients and partners
Suppliers
External users accessing our website and digital platforms.
The processing of personal data by RHmais is based on the following legal grounds provided for in the GDPR:
Performance of a contract: when processing is necessary for the performance of employment or service provision contracts.
Compliance with a legal obligation: when processing is required by law or regulation.
Legitimate interest: for purposes related to the management of the company, provided that the fundamental rights and freedoms of the data subjects do not prevail.
Consent: when the data subject expressly authorises the processing for specific purposes.
RHmais undertakes to:
Transparency: provide clear and accessible information about data processing.
Security: implement appropriate technical and organisational measures to protect data against loss, destruction, alteration or unauthorised access.
Data minimisation: collect only the data strictly necessary for the stated purposes.
Accountability: keep records of processing activities and demonstrate compliance with the GDPR.
Breach notification: notify the competent authorities and data subjects of any relevant personal data breach within the time limits established by the GDPR.
Guarantee of rights: ensure the exercise of data subjects’ rights, without undue costs or unjustified delays.
Under the GDPR, data subjects have the right to:
Access: obtain confirmation as to whether their data are being processed and access the relevant information.
Rectification: correct inaccurate or incomplete data.
Erasure (“right to be forgotten”): request the deletion of their personal data, where applicable.
Restriction of processing: restrict processing in certain circumstances.
Portability: receive their data in a structured and interoperable format, and transmit them to another controller.
Objection: object to the processing of their data in specific cases.
Personal data collected and processed by the company is retained only for the period strictly necessary to fulfill the purposes for which it was collected, as well as to comply with applicable legal obligations. Where it is not possible to indicate a specific retention period, objective criteria are applied to determine such period.
In general, the following retention periods apply:
Deletion or Anonymization
RHmais uses automated CV screening systems to streamline and improve the efficiency of the recruitment process. These systems analyze information provided by candidates, such as professional experience, education, skills, and keywords relevant to the position.
Automated screening does not produce legal effects or decisions based solely on automated processing that have a significant impact on candidates. Final decisions regarding selection, exclusion, or progression in the process are always reviewed and validated by a recruitment specialist.
The data subject has the right to:
The company ensures that the algorithms used are periodically evaluated to guarantee non-discrimination, proportionality, and adequacy to the purposes of processing.
Certain personal data processing activities are carried out based on the company’s legitimate interest, namely to ensure the security of facilities and systems, optimize recruitment processes, perform preliminary screening of applications, improve service quality, and ensure efficient internal operations management. These interests have been duly balanced against the rights and freedoms of data subjects, ensuring that they do not prevail over them. The data subject may, at any time, object to processing based on legitimate interest.
RHmais does not transfer personal data outside the European Economic Area. Should such a need arise, the company will ensure that transfers comply with GDPR requirements, namely through the use of standard contractual clauses or other appropriate safeguards.
The company uses cookies and similar technologies on its digital platforms to:
Users may manage their cookie preferences through browser settings or the options available on the company’s website. Consent for non-essential cookies will always be requested clearly and may be withdrawn at any time.
To exercise their rights or for any questions related to data protection, data subjects may contact the Company’s Data Protection Officer (DPO) through the following contacts:
© Copyright RHmais. All rights reserved | Privacy Policy