Privacy Policy
1. Objective and Context
The purpose of this policy is to define how the data provided by the data subjects, here referred to as interested parties (current, former, and future, namely: Clients, suppliers, partners, employees, the State, and the surrounding community) involved in Ubiquity’s activities are treated and used whenever there is a need to collect and process personal data for commercial, marketing and disclosure, legal, labor, or regulatory purposes.
2. Scope
In accordance with the provisions of the European Union Regulation No. 2016/679 on the Protection of Personal Data and Decree-Law No. 67/98, this policy applies to personal data, meaning “any information, of any nature and regardless of its format, including sound and image, relating to an identified or identifiable natural person.”
3. Policy Operationality
- Data Processing Grounds
The personal data collected may be processed according to the following grounds:
-
- Execution of Contract and Pre-Contractual Diligence
When the processing of personal data is necessary for the conclusion and management of contracts with Ubiquity. Examples include contracts with employees, clients, and service providers/suppliers.
-
- Legitimate Interest of the Company
When the data processing corresponds to a legitimate interest on the part of Ubiquity. An example of using this ground is the CCTV system that ensures the safety of people and property.
-
- Consent
This implies prior consent, freely given and informed, in writing or through digital validation. An example is consent for the use of data for marketing and disclosure purposes.
-
- Compliance with Legal Obligation
When the processing of personal data is necessary to comply with a legal obligation. In this context, examples include compliance with tax obligations.
- Collection and Processing of Personal Data
As part of Ubiquity’s employees’ duties, the collection, recording, organization, storage, use, and consultation of personal data occur. Other operations may also occur, which, under the GDPR, are referred to as “processing of personal data.”
The personal data collected respect not only employees but also suppliers, candidates, and clients.
When collecting Personal Data, Ubiquity provides the data subjects with detailed information about the nature of the data collected and the purpose and processing that will be carried out with respect to the personal data, as well as information regarding the right to access personal data. Ubiquity ensures that the processing of personal data complies with the requirements indicated by the Data Controller, as well as ensures the technical and organizational measures for the protection of personal data.
- Use and Purposes of Personal Data Processing
In general terms, Ubiquity uses the data of the data subject for various purposes, namely billing and collection, for marketing purposes, and for human resources management and recruitment of employees, among others.
The personal data collected by Ubiquity are not shared with third parties without the consent of the data subject, except in the situations referred to in the following paragraph. In cases where the data subject contracts services from Ubiquity that are provided by other entities responsible for the processing of personal data, the data of the data subject may be consulted or accessed by these entities, to the extent that such access is necessary for the provision of the said services.
Under applicable legal terms, Ubiquity may transmit or communicate the data of the data subject to other entities if this transmission or communication is necessary for the execution of the contract established between the data subject and Ubiquity, or for pre-contractual steps at the request of the data subject, if it is necessary for the fulfillment of a legal obligation to which Ubiquity is subject, or if it is necessary for the pursuit of legitimate interests of Ubiquity or a third party.
When a transmission of data of the data subject to third parties occurs, reasonable efforts will be made to ensure that the recipient uses the data in a manner consistent with this Privacy Policy.
- Data Retention Period
The period during which personal data are stored and retained varies according to the purpose for which the information is processed.
Indeed, there are legal requirements that require data to be retained for a minimum period. Therefore, whenever there is no specific legal requirement, the data will be stored and retained only for the minimum period necessary for the purposes that motivated their collection or their subsequent processing, as defined by law.
- Rights of Data Subjects
Under applicable legislation, the data subject is granted the right of access, rectification, erasure, restriction, objection, forgetting, portability, and not being subject to automated data processing. To ensure security in the process, proof of identity is required to ensure confidentiality.
The data subject can, at any time, access the data provided to us, request correction or alteration whenever justified, with the commitment to follow up within 30 days.
They are also granted the right to be forgotten, so personal data will be deleted within the aforementioned period from the date of the request, provided there are no valid grounds for their retention, such as cases where Ubiquity must retain the data to comply with a legal requirement.
They also have the right to lodge a complaint with the National Authority – National Data Protection Commission (CNPD).
- Technical, Organizational, and Security Measures
To ensure the security of the data subject’s data, Ubiquity treats the information provided to us as absolutely confidential, in accordance with its internal security and confidentiality policies and procedures, which are periodically updated as necessary, as well as under the legally provided terms and conditions.
Depending on the nature, scope, context, and purposes of data processing, as well as the risks arising from processing for the rights and freedoms of the data subject, Ubiquity undertakes to apply, both at the time of defining the processing means and at the time of processing itself, the technical and organizational measures necessary and appropriate to data protection and compliance with legal requirements.
It also undertakes to ensure that only the data necessary for each specific processing purpose are processed and that these data are not made available to an indeterminate number of people.
In general terms, Ubiquity adopts the following measures:
- Regular audits to assess the effectiveness of the technical and organizational measures implemented;
- Awareness and training of staff involved in data processing operations;
- Pseudonymization and encryption of personal data, whenever justifiable;
- Mechanisms to ensure the confidentiality and availability of information systems;
- Mechanisms that ensure the restoration of information systems and access to personal data in a timely manner in case of a physical or technical incident.
- Data Controller
The data controller responsible for collecting and processing your personal data is Ubiquity, which decides which data is collected, the means of processing, and the purposes for which the data are used. Ubiquity has a Data Protection Officer whose main responsibilities are:
- Inform and advise the data controller and processors, as well as employees who process the data, about their data protection obligations;
- Monitor compliance with personal data protection regulations, internal policies, and procedures associated with training and audits;
- Respond to requests from data subjects;
- Cooperate with the supervisory authority – CNPD;
- Act as the contact point with the supervisory authority on matters related to personal data processing.
If you wish to exercise your rights, obtain additional information, or clarify any doubts about this policy, you should address your questions to:
Ubiquity Technology, Lda
Attn: Data Protection Officer
Av. da República, 754
4430-190 Vila Nova de Gaia
Tel.: +351 225 400 105
or to the email address: [email protected]
- Changes to the Privacy Policy
Ubiquity reserves the right to make changes or updates to this Privacy Policy at any time, and these changes will be duly updated.
Last Update: July, 29, 2024