GDPR Compliance

    Compliance with the General Data Protection Regulation

    GDPR Compliance & Data Protection

    GDPR COMPLIANCE

    This page contains comprehensive technical and legal details about GDPR compliance. For a more user-friendly overview, see our Privacy Policy.

    TEKSOMA Holding Lda., as brand owner of insuranceportugal.pt, takes the protection of personal data very seriously and acts in full compliance with the General Data Protection Regulation (GDPR - EU 2016/679) and Portuguese Law No. 58/2019.

    LEGAL STRUCTURE & DATA PROCESSING ROLES

    TEKSOMA Holding Lda.

    Role: Data Controller and Data Processor (depending on context)

    As data controller:

    • For website activities, analytics, and marketing communications
    • For management of digital platforms and IT infrastructure
    • For general business communications

    As data processor:

    • For client data related to insurance and credit intermediation
    • Acting on behalf of Carlos Manuel Soares and DS SEGUROS
    • Under contractual obligations for data protection

    Carlos Manuel Soares (PDEADS under DS SEGUROS)

    Role: Data Controller for intermediation activities

    All regulated insurance and credit intermediation services are performed by Carlos Manuel Soares, a connected consultant (PDEADS) operating under DS SEGUROS.

    DS SEGUROS

    Role: Licensed intermediary and regulatory framework

    A DS SEGUROS – GRUPO DS, national registered trademark under no. 650438, is owned by DECISÕES E SOLUÇÕES – INTERMEDIÁRIOS DE CRÉDITO, LDA, registered with the Portuguese Insurance and Pension Funds Supervisory Authority (ASF) as an Insurance Agent under no. 409311648/3, authorized for Life and Non-Life insurance branches, verifiable at https://www.asf.com.pt.

    LEGAL BASIS FOR PROCESSING

    We process personal data based on the following legal grounds:

    1. Performance of a contract (Art. 6(1)(b) GDPR)

    • Providing insurance quotes
    • Managing insurance policies
    • Customer service and contract management

    2. Legal obligations (Art. 6(1)(c) GDPR)

    • Compliance with Portuguese insurance legislation
    • Tax obligations
    • Anti-money laundering regulations (AML/CFT)
    • Reporting to supervisory authorities

    3. Consent (Art. 6(1)(a) GDPR)

    • Marketing and promotional communications
    • Newsletters and updates
    • Non-essential cookies and tracking
    • Market research

    4. Legitimate interest (Art. 6(1)(f) GDPR)

    • Improvement of services and user experience
    • Fraud prevention and security
    • Internal administration

    SPECIAL CATEGORIES OF DATA

    Health Data (Art. 9 GDPR)

    For health insurance, we may process health data. This only occurs:

    • With your explicit consent (Art. 9(2)(a) GDPR)
    • When necessary for insurance purposes (Art. 9(2)(h) GDPR)
    • In accordance with Portuguese legislation (Lei n.º 58/2019)

    You have the right to withdraw your consent at any time.

    INTERNATIONAL DATA TRANSFER

    Within the EEA

    Most data processing takes place within the European Economic Area (EEA), where GDPR fully applies.

    Outside the EEA

    If data is transferred to countries outside the EEA, we ensure appropriate safeguards such as:

    • EU Standard Contractual Clauses (SCCs)
    • Adequacy decision by the European Commission
    • Binding Corporate Rules (if applicable)

    YOUR GDPR RIGHTS

    Right of access (Art. 15)

    You can request a copy of your personal data.

    Right to rectification (Art. 16)

    You can have incorrect or incomplete data corrected.

    Right to erasure (Art. 17)

    You can request deletion of your data (unless legal retention obligation applies).

    Right to restriction of processing (Art. 18)

    You can request temporary restriction of processing.

    Right to data portability (Art. 20)

    You can receive your data in a structured, machine-readable format.

    Right to object (Art. 21)

    You can object to processing based on legitimate interest or for direct marketing.

    Right not to be subject to automated decision-making (Art. 22)

    We do not use automated decision-making with legal effects.

    Right to withdraw consent (Art. 7(3))

    You can withdraw previously given consent at any time.

    HOW TO EXERCISE YOUR RIGHTS

    For all GDPR requests:

    Email: Email:dpo@teksoma.com
    Mail: Address:A/C Data Protection Officer, TEKSOMA Holding Lda., Cascalheira 539A, 8125-018 Quarteira, Algarve, Portugal

    We respond within 30 days to your request, as required by Art. 12(3) GDPR.

    DATA PROTECTION OFFICER (DPO)

    In accordance with Art. 37-39 GDPR, we have appointed a Data Protection Officer.

    DPO Contact:
    Email: Email:dpo@teksoma.com
    Mail: Address:A/C Data Protection Officer, TEKSOMA Holding Lda., Cascalheira 539A, 8125-018 Quarteira, Algarve, Portugal

    DATA SECURITY

    Technical measures

    • SSL/TLS encryption for all data transmissions
    • Secure servers within the EEA
    • Regular security audits
    • Firewalls and intrusion detection

    Organizational measures

    • Strict access control (need-to-know principle)
    • Confidentiality agreements for staff
    • Data breach incident response plan
    • Regular data protection training

    DATA BREACHES (Art. 33-34 GDPR)

    In case of a data breach:

    • We report this within 72 hours to CNPD (Portuguese supervisory authority)
    • We inform affected individuals directly if there is a high risk
    • We fully document the incident
    • We take immediate measures to limit damage

    RETENTION PERIODS

    We do not retain personal data longer than necessary:

    Data CategoryRetention PeriodLegal Basis
    Quote data (not accepted)1 yearLegitimate interest
    Active policy dataDuration + 5 yearsLegal obligation
    Financial administration10 yearsTax legislation
    Marketing consentUntil withdrawalConsent
    Website logs6 monthsLegitimate interest

    FILING COMPLAINTS

    You have the right to file a complaint with the supervisory authority:

    CNPD - Comissão Nacional de Proteção de Dados
    Address: Av. D. Carlos I, 134, 1º, 1200-651 Lisboa, Portugal
    Phone: +351 213 928 400
    Email: geral@cnpd.pt
    Website: https://www.cnpd.pt

    PRIVACY BY DESIGN & BY DEFAULT

    We adhere to the principles of privacy by design and by default (Art. 25 GDPR):

    • Minimal data collection
    • Pseudonymization where possible
    • Privacy-friendly default settings
    • Regular privacy impact assessments

    PROCESSOR AGREEMENTS

    All external service providers (processors) are contractually obligated to:

    • Comply with GDPR
    • Implement appropriate security measures
    • Process data only according to our instructions
    • Engage sub-processors only with our consent

    TRANSPARENCY & ACCOUNTABILITY

    In accordance with Art. 5(2) GDPR (accountability principle), we document:

    • All processing activities (register of processing activities)
    • Data Protection Impact Assessments (DPIAs) where required
    • Security measures and incidents
    • Training and awareness programs

    CONTACT & MORE INFORMATION

    For questions about GDPR compliance or data protection:

    TEKSOMA Holding Lda.
    Email: Email:info@verzekering.pt
    Privacy contact: Email:dpo@teksoma.com
    Phone: Phone:+351 289 142 164
    Address: Address:Cascalheira 539A, 8125-018 Quarteira, Algarve, Portugal

    Relevant links:

    Last updated: January 2025
    This page complies with the transparency requirements of Art. 12-14 GDPR