Privacy Policy

Smart OPS by BERD & FEUP, hereinafter referred to as BERD, is committed to protecting the privacy of all holders of personal data processed in the course of its professional activity, hereinafter referred to simply as data subjects, and for that purpose, has prepared this information.

In order to ensure its commitment to the privacy of the data subjects, BERD has adopted the best practices of security and protection of personal data, in the terms better described below. 

In this regard, and in order to ensure that all personal data is processed and protected in accordance with the new General Regulation on Data Protection (hereinafter referred to as “GDPR”) – Regulation (EU) 2016/679, of the European Parliament and European Council, 27th April 2016 – we ask you to attentively read the following information, which corresponds to our new privacy and data protection policy, aimed to clarify which rules are observed and complied to by BERD regarding data sharing, as well as the rights given to data subjects as a result of GDPR. 

No information that can identify you as a user is collected automatically when you visit the BERD website. However, the use of certain content or services may require you to volunteer personal information.

When you are asked to provide information or answer questions, doing so is optional. Note, however, that not providing the information or not answering questions may prevent you from submitting or hinder processing of your request.

Data processing activities:

  1. Creation and Maintenance of Contact Database
  2. Public Relations
  3. Human Resources 
  4. Client and Supplier Administration 

1. Personal Data

Personal data means any information relating to an identified or identifiable natural person, of any nature and regardless of the type of medium.

An ‘identifiable person’ is one who can be identified, directly or indirectly, in particular by reference to an identifier (v.g. an identification number, location data, identifiers by electronic means or by one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social nature of such natural person).

Depending on the purpose the data collection, as listed above in this document, it can be collected de following data:    

  1. Creation and Maintenance of Contact Database:
    • Full name;
    • Contact number;
    • E-mail address;
    • Physical address;
    • Company / Position. 
  1. Public Relations:
    • Full name;
    • Contact number;
    • E-mail address;
    • Company / Position.
  1. Human Resources
    • Full name;
    • Date of birth;
    • Nationality;
    • Tax identification number;
    • Identification number (ID Card, Passport);
    • Photography;
    • Curriculum Vitae (education and professional backgrounds)
    • Contact number;
    • E-mail address;
    • Physical address;
    • Financial data;
    • Bank details (Bank account number / IBAN).
    • Marital status;
    • Professional category;
    • Social security number;
    • Household composition;
    • Union membership;
    • Driver’s license.
  1. Client and Supplier Administration 
    • Full name;
    • Tax identification number;
    • Nationality;
    • Professional category;
    • Contact number;
    • E-mail address;
    • Physical address;
    • Financial data;
    • Bank details (bank account number / IBAN).

2. Controller 

«BERD – Projecto, Investigação e Engenharia de Pontes, S.A.», with its headquarters in Edifício Olympus I – Av. D. Afonso Henriques, 1462, 2º, 4450-013 Matosinhos, Portugal, a legal person registered under the single registration number of corporate person n.º 507455509, is the controller responsible for the collection and processing of personal data for the purposes indicated.

To obtain any further information and clarification on subjects related with data protection you are encouraged to contact us, via e-mail:

3. Purpose of the Processing of Personal Data and Legal Basis for Processing

The collection and processing of personal data in the context of the abovementioned activity is intended to:

  1. Creation and Maintenance of Contact Database:

Establish and update a Contact Database (of clients, potential clients, commercial partners, others) – Legitimate Interest pursued by the Controller and Data Protection Officer (article 6º, n. º 1, indent f of GDPR).

Data processing related with the maintenance of the contacts of several entities with whom BERD interacts with, namely clients, potential clients, commercial partners, amongst others.

The data collection and processing include, amongst others, the activities of: 

  • Leads management and business opportunities;
  • Client management;
  • Market prospection;
  • Response to requests. 
  1. Public Relations:

Public Relations – generate receptivity and conquer trust amongst costumers and potential customers in commercial relationships. International relationships, conference organization, engineering awards, etc. – Data subject consent (article 6º, n. º 1, indent a of GDPR).

Data treatment related to the sending of communications to clients and potential clients, with the purpose of encouraging BERD activity, as well as to promote public image. 

The treatment includes, amongst other, the activities of:

  • Newsletters distribution;
  • Institutional Events communications and other information related with those events;
  • Communication for marketing or promotional purposes.
  1. Human Resources

Human resources management, salary processing and pursuance of other legal or contractual obligations related to labour matters – Complying with the contractual obligations or preliminary proceedings at the request of the data subject (article 6º, n. º 1, indent b of GRDP). Fulfilment of legal obligation (article 6º, n. º 1, indent c of GDPR).

Data treatment related with managing human resources, salary processing and prosecution of other legal and contractual obligation related to labour matters.

The treatment includes, amongst others, the activities of:

  • Processing of salaries;
  • Vacations, public holidays and absences management;
  • Organizational management;
  • Performance evaluation;
  • Internal communications;
  • Internal events management;
  • Occupational health management;
  • Insurance (health, work accidents, travel, saving schemes and retirement schemes);
  • Commuting organization;
  • Fulfilment of legal obligations (withholdings of Social Security Tax / IRS; work accidents insurance;
  • Elaboration of proposals;
  • Candidate applications to subsidies/ support;
  • Access to work site;
  • Management of information regarding educational and professional backgrounds (CVs)
  • Formation. 
  1. Client and Supplier Administration 

Client and supplier administration – Complying with the contractual obligations or preliminary proceedings at the request of the data subject (article 6º, n. º 1, indent b of GRDP). Fulfilment of legal obligation (article 6º, n. º 1, indent c and f of GDPR).

Data treatment related with client and supplier administration.

Such treatment includes, amongst other, the activities of:

  • Payments;
  • Leads management and business opportunities 
  • Client management

– Client contacts (including buyers/projecto managers)

– Client history (agreed conditions)

  • Management of orders and product supply / invoicing (Sales) 
  • Complaints management. 
  • Assistance and support service management (contractual warranties relating to sold equipment; agreed upon contractual obligations and audits).

Regarding the above, BERD clarifies that it does not request, nor encourages, in any shape or form, the remission and transmission of personal data concerning philosophical or political beliefs, party or union affiliation, religious faith, private life, racial or ethnic origin, as well as the processing of data related to health and sexual life, including genetic data. Thus, in the event that personal data of this nature is transmitted to BERD, it cannot be, in any case, be held liable for its treatment, as a result of the privacy policy here described. 

4. Conservation of Personal Data

The period of time during which personal data is kept and stored will vary in accordance with the purposes described above.

  1. Creation and Maintenance of Contact Database:

Non defined, as a result of the treatment being related with the legitimate interest of BERD

  1. Public Relations:

Until the data subject withdraws his consent to collect and process his personal data.

  1. Human Resources

For the period of 10 years, counted from the moment of contract termination, without prejudice of the fact that longer periods may be applied whenever the situation justifies (provided the proportionality of the situation), in particular to safeguard BERD rights.

  1. Client and Supplier Administration 

For the period of 20 years, counted from the moment of contract termination, without prejudice of the fact that longer periods may be applied whenever the situation justifies (provided the proportionality of the situation), in particular to safeguard BERD rights.

5. Right of access, rectification, erasure, limitation of treatment and right of portability of Personal Data; Right to be Forgotten. 

The data subject is guaranteed, at any time, the right of access to his/her personal data, as well as its rectification, elimination, portability, limitation and/or opposition to the treatment – to this end, he/she may exercise any of these rights by writing, to BERD, through the headquarters address or through the following email:

In addition, the data subject may always submit any complaints they deem necessary to the competent authority for this purpose. 

You have the right to request that the Data Controller delete your personal data and the latter is obliged to erase said data where one of the following occurs: (i) the data is no longer necessary for the purpose for which it was collected or processed; (ii) the data subject withdraws consent, when consent is the legal basis for processing, or (iii) the data subject objects to the processing of their personal data and there are no existing legitimate interests that warrant storage of such data.

6. Security in the Treatment of Personal Data

Personal data may be processed and stored in informatic format and in paper format.

BERD is committed to ensuring the safety and protection of personal data made available to her, and has taken the appropriate measures necessary for this purpose, namely: 

Physical Security Measures:

The physical access to the treatment operation is only allowed to authorized BERD personnel. 

The facilities are secured by video surveillance system, security services (security company), and conditioned access through automatic lock doors 

Informatic Security Measures:

  • Access to the system requires password authentication;
  • The password is nominative;
  • There is a secure data copy (secure servers);
  • The system has protection against improper access to personal data;
  • The system has the ability to record the executed activities and who executes them (tracing);
  • The system has protection against viruses and Malware, and is used systematically;
  • The Operating systems are not obsolete and are updated systematically so as not to contain known/published vulnerabilities;
  • Use of Firewall;
  • Secure third-party data transmission protocols (https);
  • Encryption of information in mobile equipment;
  • Safe disposal of equipment;
  • Profiles according to the functional typologies;
  • Use of VPN for remote access to the internal infrastructure;
  • Existence of periodic backups

Organizational Measures:

  • The personal data processing is made exclusively in the context of the agreed upon purposes. 

If, for any reason, there is a breach of security that causes accidental or unlawful destruction, loss, alteration, disclosure or unauthorized access to personal data, BERD agrees, under the terms of the applicable legislation, to notify the competent authorities without undue delay and, when possible, within 72 hours of becoming aware of such occurrence.

In addition, and in the terms referred to in the immediately preceding paragraph, BERD agrees to communicate the violation of the personal data to its owner, in accordance with the applicable legislation.

When using the BERD website you are responsible for guaranteeing and ensuring that the computer or device you use to access the website is properly protected, for example, against malicious software and computer viruses.

Please note that whenever data is collected in open networks such as the Internet data circulation may be unsecure and data may be seen by unauthorised third parties.

You are prohibited from sharing your password with third parties or any other access data related to your user account, where applicable.

7. Communication of Personal Data to Third Parties

In the scope of its activity, BERD may use third parties to provide certain services (located inside or outside the European Union), which may in some cases entail the access by such entities to the personal data of the data subject.

In such a scenario, BERD undertakes to take the necessary and appropriate measures, in order to ensure that entities that have access to such personal data are reputed and offer high guarantees at this level, which will be duly enshrined and safeguarded in a written agreement between BERD and the third party(ies).

Any entity hired to process data by BERD will treat the personal data of the data subject, on their behalf in an undertaking to take the necessary technical and organizational measures to protect personal data against accidental or unlawful destruction, accidental loss, alteration, dissemination or unauthorized access and against any other form of illicit treatment.

In any case, BERD remains responsible for the processing of personal data.

Whenever necessary, and in connection with the hire of third parties by BERD, personal data may be transferred outside the European Union, under the terms and conditions permitted by the applicable legislation.

9. Alterations

BERD reserves the right to review or amend this policy at any time.

The version hereby communicated is the one that currently is in effect.

20th February, 2019


This Cookie Policy is an integral part of the Privacy Policy of the website (hereinafter referred to as ‘website’).

What are cookies?

Cookies are text files containing small amounts of information that your browser downloads and stores on your device when you visit a website.

Cookies are classified according to the purpose they serve. Strictly necessary cookies are required to ensure the operation of the website. Other cookies collect statistical information in order to analyse the use and performance of the website, while others are used to ensure the availability of additional features or to store user preferences when the same device is used. Cookies are also used to measure the success of an app and the effectiveness of third-party advertising.

Cookies are an essential part of the Internet. They do not damage your computer or device and, when enabled in your browser’s settings, help to identify and solve potential errors in the operation of the website.

Why use cookies?

Cookies make browsing simpler and improve your website experience. They enable our website to recognise you whenever you access the site so that you don’t have to repeatedly enter the same information, making your browsing experience better, faster and more efficient. The information collected by the cookies also help BERD improve the website.

Cookies used and respective purpose

BERD uses cookies for the purposes identified below. Should BERD use other cookies for the purpose of providing more and better services you will be duly informed.

Cookie nameOwnerDurationType of cookiePurpose
Preference cookiesBERDConfigurable (currently 365 days)NecessaryTechnical cookie required to identify and store user cookie preferences regarding the site. This is where your consent of cookies is stored.
Session cookiesBERD14 daysNecessaryTechnical cookie required to store an active session (admins)
Language cookiesBERD1 yearNecessaryTechnical cookie required to store the language a user selects
Content and Vimeo cookiesVariableDepends of the managing entityOptionalThe BERD site may contain references to third-party platforms which may use cookies and also need to be accepted. For example: You might not be able to view Vimeo videos without accepting cookies and its terms and conditions.
Statistics/Performance CookiesGoogle AnalyticsSet by GoogleOptionalCookie used to keep a record of how you use the website and used by Google Analytics.

Follow the link below to learn how to opt-out of having your website activity monitored or of tracking by Google Analytics:  

Should I accept the use of cookies?

Cookies are essential to ensuring the entire website functions properly. As such, we recommend that you accept the use of cookies.

How can I change my cookie preferences?

You can withdraw consent or change your cookie preferences at any time on the website’s cookie page.

Most browsers also allow you to control the cookies stored on your computer or device and to delete them immediately should you no longer want cookies to be stored locally. More information is available at or

You can also set your device and browser cookie settings to accept all or some cookies, to alert you when a cookie is used or to block cookies. 

Follow the links below for more specific information on how to manage your preferences regarding the cookies used by the most popular browsers:

Visit the provider’s website for information on how to manage cookies used by other browsers.

‘Do not track’ feature

‘Do not track’ is a feature that allows you to opt-out of being tracked by the websites you visit and is available on most browsers, including Firefox, Internet Explorer, Chrome, Safari and Opera.

Social media cookies

BERD shares content about its business activities on major social media platforms such as Facebook, Vimeo and LinkedIn.

  • The BERD website does not set cookies by displaying links to our social media pages when you browse our website.
  • You may watch BERD videos, which are also available on our Vimeo channel. You can follow the links on our website to Facebook, Vimeo and LinkedIn.
  • By clicking the LinkedIn button you will be redirected to the LinkedIn website, which has its own privacy and cookie policies.
  • By clicking on the Facebook icon you will be redirected to the Facebook website, which has its own privacy and cookie policies, which BERD has no control over.

In case of dispute the consumer can resort to an Alternative Dispute Resolution Body:

CICAP – Tribunal Arbitral de Consumo
Rua Damião de Góis, 31, Loja 6, 4050-225, Porto
+351 22 550 83 49 / +351 22 502 97 91

More information at Portal do Consumidor