Data Protection and Privacy Policy

Data Protection and Privacy Policy

Content

  1. Commitment to Data Protection and Privacy        
  2. Definitions
  3. Entity Responsible for Data Processing
  4. Institutional Contact Details of the Data Protection Officer
  5. Collection and Processing of Personal Data
  6. Categories of Personal Data Processed and Data Subjects
  7. Legal principles
  8. Foundations of legitimacy
  9. Purpose of Processing
  10. Data Processing Information Sheet on Websites
  11. Data Storage Periods
  12. Use of Cookies
  13. Communication of data to other entities
  14. Recipients of Data
  15. International Data Transfers
  16. Security Measures
  17. Exercise of Rights by Data Owners
  18. Complaints or Suggestions
  19. Reporting of Personal Data Breach Incidents
  20. Permanent Security Contact Point
  21. Data Protection Policies and Special Information Files
  22. Information sheet on data processing in relations with users
  23. Data Protection Officer
  24. Express consent and acceptance
  25. Amendments to the data protection policy
  26. Versions of the data protection and privacy policy

 

1.Commitment to Data Protection and Privacy 

“Ascenza" is committed to compliance with all applicable Community and national legal standards in the field of data protection and information security.

"Ascenza" has proceeded to implement a Personal Data Protection System and an Information Security System, in order to ensure regulatory compliance and the demonstration or evidencing of institutional responsibility for data protection and information security, implementing all necessary technical and organizational measures deemed appropriate, both to comply with the legal regime of the General Data Protection Regulation (Regulation EU 2016/679, of 27 April, hereinafter referred to as RGPD), hereinafter referred to as LERGPD), and other applicable complementary legislation.

For any clarification or additional information or to exercise rights in this regard, please contact the Data Protection Officer of "Ascenza" via email at dataprotection@rovensa.com.

 

2.Definitions

Personal Data
"Personal Data" means information relating to an identified or identifiable natural person ("data owner") - an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier. Personal identifiers are, for example, a name, an identification number, location data, electronic identifiers or to one or more specific elements of that natural person's physical, physiological, genetic, mental, economic, cultural, or social identity.
Processing
"Processing" means an operation or set of operations which is performed upon personal data or sets of personal data, by automated or non-automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

"Cookies" (Connection Witnesses)
"Cookies" are small text files containing information considered as relevant that the devices used for access (computers, mobile phones, or portable mobile devices) load, through the internet browser, when an online site is visited by the User.
 

3. Entity Responsible for Data Processing

ASCENZA, Collective Person with Tax No. 503463060, hereinafter referred to as "Ascenza", is the entity responsible for the forms, online sites, systems or IT applications, hereinafter referred to as channels or applications, through which Users, Service Recipients or Users have remote access to the services of "Ascenza” that are presented or provided, at any time, through the same, being the entity deemed responsible for the processing of personal data.

The use of channels, systems or applications by any User, Service Recipient or User may involve the processing of personal data, whose protection, privacy, and security by "Ascenza", as the entity responsible for the respective processing, is ensured in accordance with the terms of this Data Protection Policy.

 

4.Institutional Contact Details of the Data Protection Officer

For the purposes of contacting the Data Protection Officer of "Ascenza", please send an e-mail to dataprotection@rovensa.com or to each of the specific addresses identified on the forms, websites, or applications, describing the subject of the request, and indicating an e-mail address, a telephone contact address, or a mailing address for reply.

For any other purpose, the following general contact details of "Ascenza" may be used in its capacity as Data Controller:

  • Postal Address: Edifício Lumnia, Rua António Mega Ferreira, N.º 61 - 5B
  • 1800-424  Lisboa  – Portugal
  • General E-mail: info@ascenza.rovensa.com
  • General Telephone: +351 213222727
  • Website: ascenza.com

 

5.Collection and processing of personal data

“Ascenza" processes personal data strictly necessary to make information available and to operate its channels, according to the uses made by Users, Service Recipients or Users, whether those provided for the purpose of registering requests or obtaining information, or those provided for the purpose of joining those channels, or those resulting from the use of services provided by "Ascenza" through those channels, such as accesses, consultations, instructions, requests or applications, transactions and other records relating to their use.

In particular, the use or activation of certain features of the channels may involve the processing of various direct or indirect personal identifiers, such as name, home address, personal contacts, device addresses or geographical location, where there is the express consent of the specific User, Service Recipient or User, where this is necessary for the management of the contractual relationship or pursuit of legitimate interests or, finally, for the purposes of compliance with legal obligations.

In all cases, the Users, Service Recipients or Users shall always be informed of the need to access such data for the use of the functionalities of the channels in question, as well as of the respective legitimate grounds for processing such data.

The personal data collected by "Ascenza" are processed manually or, in certain cases, in an automated or computerized manner, including the processing of files or the possible definition of profiles, within the scope of the management of the pre-contractual, contractual, or post-contractual relationship with the Users, Service Recipients or Users, under the terms of the national and EU rules in force.

 

6. Categories of Personal Data Processed and Data Owners

The categories or types of personal data subject to processing are generally as follows:

  • Identification data.
  • Contact data.
  • Professional data.
  • Traffic and access control data.

In the different establishments of the Data Controller, biometric data may also be processed, processed through video surveillance systems or other biometric systems that are installed.

The categories or types of personal data subjects to be processed are generally Users, Service Recipients or Users and, in special processing situations, visitors to the Controller's premises may also be included.

The detailed listing of personal data categories and data subject categories are provided in the Data Processing Information Sheets for each specific processing activity.

 

7.Legal Principles

All data processing operations comply with the fundamental legal principles in data protection and privacy, namely regarding their circulation, lawfulness, loyalty, transparency, purpose, minimisation, conservation, accuracy, integrity, and confidentiality, with "Ascenza EN" being available to demonstrate its responsibility towards the data subject, the authorities or any other third party having a legitimate interest in this matter.

 

8. Foundations of Legitimacy

All data processing operations carried out by "Ascenza" have a basis of legitimacy, in particular, either because the data subject has given his/her consent to the processing of his/her personal data for one or more specific purposes, or because the processing is considered necessary for the performance of a contract to which the data subject is a party or for pre-contractual steps at the request of the data subject or because the processing is necessary for compliance with a legal obligation to which the controller is subject, either in the public interest or because the processing is deemed necessary for the purposes of pursuing legitimate interests pursued by "Ascenza" or a third party - the specific grounds being referenced in the specific data processing activities.

 

9.Purpose of Processing

All personal data processed within the scope of "Ascenza" channels are intended exclusively to provide information to Users, to manage the personal information of the Service Recipients deemed necessary for purposes of relationship management or communication, as well as to provide services to Users and, in general, to manage the pre-contractual, contractual, or post-contractual relationship with Users, Service Recipients or Users.

The personal data collected may also and eventually be subject to processing for statistical purposes, for actions to disseminate information or promotional and for communication actions, namely, to promote actions to disseminate new features or new services, through direct communication, whether by correspondence, email, messages or telephone calls or any other electronic communications service.

As prior information and collection of express consent for these latter purposes is always ensured, Users, Service Recipients or Users may, at any time, exercise their right to withdraw consent or their right to object or limit the use of their personal data for other purposes that go beyond the management of the relationship with the Person Responsible for Treatment, namely for purposes of pursuing legitimate interests, for sending informative communications or for inclusion in lists or information services, by sending a written request addressed to the Data Protection Officer of "Ascenza", in accordance with the procedures indicated below.

 

10. Data Processing Information Sheet on Websites

Pursuant to the principle of loyalty and transparency and to ensure compliance with the duty of information, "Ascenza" delivers directly or makes publicly available to all owners of personal data, depending on how their personal data is collected, the information sheets on the data processing activities performed, and these sheets are accessible for consultation at any customer service unit or by request to the Data Protection Officer.

Regarding Websites and On-line Services, please refer to the Personal Data Processing Information Sheet, accessible on this link.

 

11. Data Storage Periods

Personal data shall be kept only for the period necessary for the purposes for which they were collected or subsequently processed, in compliance with all applicable legal provisions regarding storage and with the specific storage period specified in each of the Data Processing Information Sheets.

 

12.Use of Cookies

Regarding the use of Cookies or Connection Witnesses by "Ascenza", please consult the Cookies Policy in this link.

 

13.Communication of Data to Other Entities

The provision of information or provision of services by "Ascenza" to its Users, Service Recipients or Users through the channels may eventually involve recourse to the services of subcontracted third parties, Joint Controllers, or other autonomous Controllers, including entities with headquarters outside the European Union, for the provision of certain services, and such situation may involve access, by these entities, to such personal data.

In these circumstances and whenever necessary, "Ascenza” shall only use entities presenting sufficient guarantees to carry out adequate technical and organizational measures so that the processing meets the requirements of the applicable rules, such guarantees being formalized in a contract signed between "Ascenza" and each of these third parties.

 

14.Data Recipients

Except for the fulfilment of legal obligations, execution of contracts or pursuit of legitimate interests, in no case shall there be any communication of personal data of Users, Service Recipients or Users to third parties which are not subcontracted entities or legitimate recipients, nor shall any other communication be made for purposes other than those referred to above without the prior express consent of the data subject.

 

15. International Data Transfers

Any transfer of personal data to a third country or an international organisation shall only take place in compliance with legal obligations or to ensure compliance with applicable EU and national legal rules.

 

16. Security Measures

Considering the most advanced techniques, the costs of implementation and the nature, scope, context, and purposes of the processing, as well as the risks, of varying probability and severity, to Users, Service Recipients or Users, "Ascenza" and all its subcontractors apply appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

To this end, various security measures are adopted to protect personal data against disclosure, loss, misuse, alteration, unauthorised processing, or access, as well as against any other form of unlawful processing.

It is the exclusive responsibility of the Users, Service Recipients or Users to keep the access codes secret and not share them with third parties, and, furthermore, in the particular case of the computer applications used to access the channels, to maintain and keep the access devices in safe conditions and follow the security practices advised by the manufacturers and/or operators, namely as regards the installation and updating of the necessary security applications, namely, among others, antivirus applications.

Should there be the need to subcontract services to third parties that may have access to the personal data of Users, Service Recipients or Users, Ascenza subcontractors shall be obliged to adopt the security measures and protocols at organizational level and the measures of a technical nature required to protect the confidentiality and security of personal data, as well as to prevent unauthorized access, loss, or destruction of personal data.

 

17. Exercise of the Rights of the Personal Data owners

The Users, Service Recipients or Users of "Ascenza" may, as owners of personal data, at any time exercise their data protection and privacy rights, namely the rights to withdraw consent, access, rectification, erasure, portability, limitation, or opposition to processing, under the terms and with the limitations provided for in applicable rules.

Any request for the exercise of data protection and privacy rights must be addressed in writing by the data subject to the Data Protection Officer, in accordance with the procedure and contact details described below.

A Form for the Exercise of Rights of the Holders of Personal Data is accessible at any service point of "Ascenza” and may also be requested to be sent by email, by request to the Data Protection Officer, by email dataprotection@rovensa.com.

 

18.Complaints or Suggestions

The Users, Service Recipients or Users have the right to lodge complaints, either by registering the complaint in the Complaints Book, or by filing a complaint with the regulatory authorities - in the latter case, they may file a petition or complaint directly to the Supervisory Authority through the contacts available at CNPD.

The Users, Service Recipients or Users may also make suggestions by sending an e-mail to the Data Protection Officer at dataprotection@rovensa.com.

 

19.Communication of Incidents of Personal Data Breach

“Ascenza" has implemented an incident management system in the scope of data protection and information security.

Should any User, Service Recipient or User wish to report the occurrence of any situation of personal data breach, which causes, in an accidental or unlawful manner, the destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or subject to any other type of processing, they may contact the Data Protection Officer of "Ascenza" or use the general contacts of "Ascenza".

A Personal Data Breach Incident Reporting Form is accessible at any service point of "Ascenza” and may also be requested to be sent by email, by requesting the Data Protection Officer at dataprotection@rovensa.com.

 

20. Permanent Security Contact Point

«Ascenza» has implemented a Permanent Contact Point for the purposes of managing information security and cyberspace security incidents.
If any User, Recipient of the Service or User wishes to report the occurrence of an information security incident or a cyberspace security incident, they may contact the Permanent Contact Point of «Ascenza» through the following communication channels:

  • Telephone: (+351) 265 710 444;
  • E-mail: itsecurity@rovensa.com.

An Information Security or Cyberspace Security Incident Reporting Form is accessible at any «Ascenza» service point, and it may also be requested to be sent by email, by requesting it to the Permanent Contact Point.

 

21. Data Protection Policies and Special Information Files

With a commitment to transparency and information and to ensure the adequacy of the Data Protection Policy to the different data processing operations carried out and, above all, to the different categories of data holders, «Ascenza» can develop Data Protection Policies Data of a special nature, such as, for example:

  • The Data Protection Policy in the Employment Context.
  • The Data Protection Policy in the Management of Applications.
  • The Data Protection Policy for Employees of Suppliers or
  • The «Cookies» or Connection Testimonials Policy.

These special policies are made available directly to the respective categories of holders or in the context of the corresponding processing activities and are available for consultation by request to the Data Protection Officer, by email dataprotection@rovensa.com.

The Data Protection Policies are also complemented with Information Files on Data Processing, reinforcing transparency and information on specific data processing activities at «Ascenza» and these sheets are made available at the time of data collection, at any time. service point or by contacting the Data Protection Officer.

 

22. Information Sheet on Data Processing in Relation with Users

The Information Sheet on Data Processing in Relation with Users, Recipients of Services or Users can be accessed at this link.

 

23. Data Protection Officer

For any information, complaint, reporting of incidents or the exercise of any type of data protection and privacy rights or for any matter relating to data protection and information security, Users, Recipients of Services and Users who interact with the "Ascenza", can

  • Contact the Data Protection Officer directly via email dataprotection@rovensa.com, describing the subject of the request and indicating an email address, a telephone contact address, or a mailing address for reply, or, if you prefer,
  •  Contact any «Ascenza» unit or service point, requesting communication with the Data Protection Officer.

 

24. Express Consent and Acceptance

The terms of the Data Protection Policy are complementary to the terms and provisions, in terms of personal data, provided for in the Specific Conditions of Use of each of the communication channels of «Ascenza».

The free, specific, and informed availability of personal data by the respective holder implies knowledge and acceptance of the conditions contained in this Policy, considering that, by using the channels or by making their personal data available, Users, Recipients of Services and Users are expressly authorizing their treatment, in accordance with the rules defined in each of the applicable collection channels or instruments.

 

25. Amendments to the data protection policy

To guarantee the respective updating, development, and continuous improvement, «Ascenza” may, at any time, make the changes, which are considered appropriate or necessary, to this Data Protection Policy, ensuring its publication in the different channels to guarantee transparency and information to Users, Service Recipients and Users.

 

26.Versions of the Data Protection and Privacy Policy

Version of this Policy: "VersionPPDP".

Date: 202305.

To access previous versions of the Data Protection Policy, please send your request by email to dataprotection@rovensa.com.