Privacy Commitment
The Jerónimo Martins Group is committed to ensuring the privacy of the personal data of all those who interact with the different Companies of the Jerónimo Martins Group (“JM Companies”), whether they are customers, employees, suppliers, or partners, seeking to adopt all the necessary measures and procedures to protect their personal data.
This Personal Data Protection Policy of the Jerónimo Martins Group (“Policy”) aims to present the general principles and guidelines that are transversally ensured by the several JM Companies in all the geographies where the Group operates, reinforcing the commitment to comply with data protection legislation.
Organization
The Jerónimo Martins Group has a dedicated Team for the development, implementation, and internal verification of the personal data protection procedures to be adopted by the various Companies of the Group (Privacy Team).
Simultaneously, Data Protection Officers (dpo.portugal@jeronimo-martins.com; dpo.polska@jeronimo-martins.com; JMS.DPO@jeronimo-martins.com and protecciondedatos@mscol.co), have been appointed to monitor and advise the JM Companies in each geography, where there is such legal requirement, ensuring that the Group complies with all applicable data protection standards and regulations.
General principles of personal data processing
In pursuing its activities, JM Companies have specific Personal Data Protection Policies for the various processes carried out and based on the respective data subjects, grounding the processing of personal data in a set of values and principles, in which compliance will be ensured and proven by the respective data controller.
Lawfulness, fairness and transparency
Personal data is processed in accordance with the law, in a balanced and graspable way for the data subjects to understand.
The data is only processed for legitimate purposes that are clearly defined, and the terms are properly communicated to the respective data subjects.
As a rule, data is necessary for the execution of a contract or to fulfill legal obligations to which JM Companies are subject.
There are, however, situations in which the processing is necessary for the pursuit of legitimate interests of JM Companies, always ensuring the fundamental rights and interests of the data subjects.
In cases where the processing of data requires the prior consent of the data subject, it is always collected in a free and informed manner.
In the event of a data breach, and if it entails risk, it will be communicated to the competent authorities and to the affected data subjects, whenever the law requires so. At the same time, every effort to repair or minimize damages will be conducted.
Purpose limitation
Personal data is only processed for the determined, explicit and legitimate purposes for which it was collected and will not be further processed in a way that is incompatible with these purposes.
Storage limitation
Personal data is kept for the period necessary for the execution of the purposes or to comply with legal deadlines, after which it will be deleted or anonymized.
Data minimisation
All personal data are adequate, relevant and limited to what is strictly necessary in relation to the purposes for which they are processed, both in terms of quantity, extent of processing, storage period and accessibility.
Accuracy
Procedures have been established to ensure, as far as possible, that the personal data collected and processed are accurate, complete, and up-to-date while retained in the information systems of the Jerónimo Martins Group, with inaccurate data being deleted or corrected without delay.
Integrity and confidentiality
Throughout the lifecycle of personal data processing operations, technical and organizational measures deemed necessary to ensure the appropriate security of the processed personal data are in place (including protection against unauthorized or unlawful processing, loss, destruction, or accidental damage), as well as its confidentiality, integrity, and availability.
Therefore, over the last few years, Jerónimo Martins Group has invested in robust information security systems, which requires continuous effort and adaptation in response to the risks that technological evolution poses to the protection of personal data.
Moreover, we are demanding in selecting partners, who must guarantee all necessary and adequate measures to also ensure the security, confidentiality, integrity and availability of the personal data processed.
Data protection by design and by default
Strategies and procedures are defined and implemented to ensure the efficient integration of data protection principles and other legal obligations in new projects or in the launch of new services. In this way, an analysis and mitigation of potential risks is guaranteed from the beginning of each project, always involving the Privacy Team.
Control of data by the holders
Always keeping in mind that the personal data of each one belongs, first and foremost, to the respective data subject, is guaranteed to each data subject the control over their own personal data.
To this end, the rights of access, rectification, opposition, portability, limitation, and erasure of data are guaranteed, within the limitation foreseen in the legislation, through channels created for this purpose that seek to ensure a response in the shortest time possible.
Contacts
For specific questions related to the different data processing activities carried out by JM Companies, we invite you to consult the respective privacy policies available on the websites and
The Jerónimo Martins Group may change this Personal Data Protection Policy at any time, and any changes will be updated on this website.
Version of October 2024