Data Protection Policy

Data Protection and Privacy Commitment

Audiqcer complies with all applicable EU and national legal standards regarding data protection, privacy, and information security.

Audiqcer has implemented a Personal Data Protection System and an Information Security System to ensure regulatory compliance and demonstrate institutional responsibility regarding data protection and information security, implementing all necessary technical and organizational measures deemed appropriate, both to comply with the general legal regime of the current Data Protection Law and to comply with the special legal regime of the General Data Protection Regulation, applicable since May 25, 2018.

For any clarification or additional information, or to exercise your rights in this regard, please contact the Audiqcer Data Protection Officer via email at protecaodedados@audiqcer.com.

Definitions

«Personal data»

«Personal data» means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier. Personal identifiers include, for example, a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

«Personal Data Processing»

«Processing» means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

«Cookies»

«Cookies» are small text files containing relevant information that devices used for access (computers, cell phones, or portable mobile devices) load through the internet browser when a website is visited by the Client or User.

Data Officer

Audiqcer – Prestação de Serviços a Empresas, Lda, a legal entity with tax identification number PT515234583, hereinafter referred to as Audiqcer, is the entity responsible for the online sites, systems or computerized applications, hereinafter referred to as channels or applications, through which Users, Service Recipients or Clients have remote access to Audiqcer’s services that are presented or provided, at any time, through them, and is considered the entity responsible for the processing of personal data.

The use of channels, systems or applications by any User, Service Recipient or Client may involve the processing of personal data, whose protection, privacy and security by Audiqcer, as the entity responsible for the respective processing, is ensured, in accordance with the terms of this Data Protection Policy.

Data Officer Contacts

For contact with the Audiqcer Data Protection Officer, please send an email to protecaodedados@audiqcer.com or to each of the specific addresses identified on the websites, describing the subject of the request and indicating an email address, a telephone contact number or a postal address for reply.

For any other purpose, the following general Audiqcer contact details can be used:

– Postal Address: Apartado 45, Entre as Águas, Estrada Nacional 255, s/n, 7860-909 Moura, Portugal;

– General Email: info@audiqcer.com;

– General Telephone: +351 213 243 750;

– General Fax: +351 213 243 759;

– Website: www.audiqcer.com.

Collection and Processing of Personal Data

Audiqcer processes personal data strictly necessary for providing information and operating its channels, according to the uses made by Users, Service Recipients or Clients, whether those provided for the purpose of registering requests or obtaining information, those provided for the purpose of subscribing to those channels, or those resulting from the use of services provided by Audiqcer through them, such as accesses, queries, instructions, transactions and other records relating to their use.

In particular, the use or activation of certain channel functionalities may involve the processing of various direct or indirect personal identifiers, such as name, home address, contact details, device addresses, or geographic location, provided that the User, Service Recipient, or Client expressly consents to this, whenever it is necessary for managing the contractual relationship or pursuing legitimate interests, or finally, for the purpose of complying with legal obligations.

In all cases, Users, Service Recipients, or Clients will always be informed of the need to access such data in order to use the functionalities of the channels in question.

The personal data collected by Audiqcer is processed electronically, in certain cases in an automated manner, including file processing or profiling, and within the scope of managing the pre-contractual, contractual or post-contractual relationship with Users, Service Recipients or Clients, in accordance with current national and community regulations.

Categories of Personal Data Processed and Data Subjects

The categories or types of personal data that are processed are generally the following:

– Identification data;

– Contact data;

– Professional data;

– Billing data;

– Traffic and access control data.

In the Data Officer’s various establishments, biometric data may also be processed, collected through video surveillance systems or other biometric systems that may be installed.

A detailed list of personal data categories and data subject categories can be found in the Data Processing Information Sheets.

Legal Principles

All data processing operations comply with the fundamental legal principles of data protection and privacy, particularly regarding data circulation, lawfulness, fairness, transparency, purpose limitation, data minimization, data retention, accuracy, integrity, and confidentiality. Audiqcer is available to demonstrate its accountability to the data subject or any other third party with a legitimate interest in this matter.

Foundations of Legitimacy

All data processing operations carried out by Audiqcer have a legitimate basis, namely, either because the data subject has given their consent to the processing of their personal data for one or more specific purposes, or because the processing is considered necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract, or because the processing is necessary for compliance with a legal obligation to which the controller is subject, or for the purposes of the public interest, or because the processing is considered necessary for the purposes of pursuing the legitimate interests pursued by Audiqcer or by third parties.

Purpose of Treatment

All personal data processed within Audiqcer’s channels is intended exclusively for providing information to Users, managing the personal information of Service Recipients deemed necessary for relationship management or communication purposes, as well as providing services to Clients and, in general, managing the pre-contractual, contractual or post-contractual relationship with Users, Service Recipients or Clients.

The personal data collected may also, and eventually, be processed for statistical purposes, for disseminating information or promotional actions, and for communication actions, especially to promote the dissemination of new features or new services, through direct communication, whether by mail, email, messages or telephone calls or any other electronic communication service.

Provided that prior information and express authorization are always obtained for these latter purposes, Users, Service Recipients or Clients may, at any time, exercise their right to withdraw consent or their right to object to the use of their personal data for purposes other than managing the relationship with the Data Controller, namely for the pursuit of legitimate interests, for sending informational communications or for inclusion in informational lists or services, and must, for this purpose, send a written request addressed to the Audiqcer Data Protection Office, in accordance with the procedures indicated below.

Data Processing Information Sheets

In accordance with the principles of loyalty and transparency, and to guarantee compliance with the duty to inform, Audiqcer directly delivers or makes publicly available to all holders of personal data, depending on the method of collection of their personal data, information sheets on the data processing operations carried out. These sheets are accessible for consultation at any customer service unit or with the Data Protection Officer.

Data Retention Periods

Personal data will only be kept for the period necessary for the purposes that motivated its collection or subsequent processing, ensuring compliance with all applicable legal standards regarding archiving, and specifying the concrete retention period in each of the Data Processing Information Sheets.

Use of Cookies

Audiqcer may eventually use two main categories of «cookies»: «cookies» within the scope of online sites and «cookies» within the scope of direct electronic communication channels, with the option to disable them always guaranteed for Users or Clients in either category.

Audiqcer uses «cookies» on its online sites to improve the performance and browsing experience of Users and Customers, increasing, on the one hand, the speed and efficiency of response and, on the other hand, eliminating the need to repeatedly enter the same information.

The use of «cookies» helps websites recognize users’ and customers’ devices the next time they visit, and in some cases, it is essential for their operation.

The «cookies» used by Audiqcer, across all its channels, do not collect personal information that allows the identification of Users or Customers, only storing generic information, such as the form or geographical location of access and how they use the channels, among other things. The cookies only retain information related to User and Customer preferences, and no personal identifiers are recorded.

Users, Service Recipients, and Clients may, at any time, through the computer application they use to browse the internet («browser»), decide to be notified about the receipt of «cookies», as well as block their entry into their system.

Regarding the intended purposes, Audiqcer may, whenever justified, use three different types of «cookies», according to the following specifications:

(i) Essential «cookies» – some «cookies» are essential to access specific areas of online channels, allowing navigation and use of their applications, such as access to secure areas of the sites, through user registration – without these «cookies», the services that require them cannot be provided;

(ii) Functionality «cookies» – Functionality «cookies» allow us to remember user preferences regarding browsing online sites, thus eliminating the need to reconfigure and personalize them each time you visit;

(iii) analytical «cookies» – these «cookies» are used to analyze how users use online sites, allowing us to highlight articles or services that may be of interest to users, monitoring site performance, as well as knowing which pages are most popular, which method of linking between pages is most effective or to determine why some pages are receiving error messages – these «cookies» are used only for statistical creation and analysis purposes, never collecting personal information.

For these purposes, Audiqcer can provide a high-quality experience to Users, Service Recipients, or Clients by personalizing information and offers and identifying or correcting any problems that may arise in the context of their use.

Regarding the type of validity, there are two types of «cookies»:

(i) Permanent «cookies» – these are «cookies» that are stored on the devices used to access the channels (computers, mobile phones, etc.), at the level of the computer application used to browse the internet («browser»), and are used whenever Users or Customers visit any channel again – in general, they are used to direct navigation according to the User’s or Customer’s interests, allowing Audiqcer to provide a more personalized service;

(ii) Session «cookies» – these are temporary «cookies», which are generated and available only until you end the session, as the next time the Client/User accesses their internet browser the cookies will no longer be stored – the information obtained allows managing sessions, identifying problems and providing a better browsing experience.

Users, Service Recipients or Clients may disable some or all of the «cookies» at any time – to do so, they must follow the instructions available in each of the computer applications used to browse the internet («browser»), however, disabling them may result in losing access to some website functionalities.

Audiqcer, within the scope of direct electronic communication channels, may also use «cookies» when opening different electronic communications sent, such as «newsletters» and email, for statistical purposes – allowing it to know if these communications are opened and to track clicks through links or advertisements within these communications.

Also in this category of «cookies», Users, Service Recipients, or Clients always have the option to disable the sending of electronic communications through the specific option in the footer of those communications.

Data Communication to Other Entities

The provision of information or the offering of services by Audiqcer to its Users, Service Recipients or Clients through its channels may eventually involve the use of third-party services, including entities located outside the European Union, for the provision of certain services, which may imply access to this personal data by these entities.

Under these circumstances, and whenever necessary, Audiqcer will only use subcontractors that provide sufficient guarantees of implementing appropriate technical and organizational measures in a way that ensures the processing meets the requirements of applicable regulations. These guarantees will be formalized in a contract signed between Audiqcer and each of these third-party entities.

Data Recipients

Except in the context of fulfilling legal obligations, executing contracts, or pursuing legitimate interests, under no circumstances will personal data of Users, Service Recipients, or Clients be communicated to third-party entities that are not subcontracted entities or legitimate recipients, nor will any other communication be made for purposes other than those mentioned above.

International Data Transfers

Any transfer of personal data to a third country or international organization will only be carried out in compliance with legal obligations or with the guarantee of conformity with applicable Community and national legal standards in this matter.

Security Measures

Taking into account the most advanced techniques, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risks, of varying likelihood and severity, for Users, Service Recipients or Clients, Audiqcer and all entities subcontracted by it apply appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

To this end, various security measures are adopted in order to protect personal data against its dissemination, loss, misuse, alteration, unauthorized processing or access, as well as against any other form of unlawful processing.

It is the sole responsibility of Users, Service Recipients, or Clients to keep their access codes secret, not sharing them with third parties. Furthermore, in the specific case of computer applications used to access the channels, they must maintain and keep the access devices in secure conditions and follow the security practices advised by manufacturers and/or operators, especially regarding the installation and updating of necessary security applications, including, among others, antivirus applications.

Should it become necessary to subcontract services to third-party entities that may have access to the personal data of Users, Service Recipients, or Clients, Audiqcer’s subcontractors will be obliged to adopt the security measures and protocols at the organizational level and the technical measures necessary to protect the confidentiality and security of personal data, as well as to prevent unauthorized access, loss, or destruction of personal data.

Exercising the Rights of Personal Data Holders

Users, Service Recipients, or Audiqcer Clients, as holders of personal data, may at any time exercise their data protection and privacy rights, especially the rights of access, rectification, erasure, portability, restriction, or objection to processing, under the terms and with the limitations provided for in the applicable regulations.

Any request to exercise data protection and privacy rights must be addressed in writing by the respective data subject to the Data Protection Officer, in accordance with the procedure and contact information described below.

Complaints or Suggestions

Users, Service Recipients or Clients have the right to file a complaint, either by registering the complaint in the Complaints Book, or by filing a complaint with the regulatory authorities – in the latter case, they may submit a petition or complaint directly to the National Data Protection Commission through the contacts available at www.cnpd.pt.

Users, Service Recipients or Clients may also submit suggestions by sending an email to the Data Protection Officer at protecaodedados@audiqcer.com.

Incident Reporting

Audiqcer has implemented an incident management system focused on data protection, privacy, and information security.

If any User, Service Recipient or Client wishes to report any personal data breach that accidentally or unlawfully results in the destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed, they may contact the Data Protection Officer or use Audiqcer’s general contact information.

Modification of the Data Protection Policy

To ensure its updating, development and continuous improvement, Audiqcer may, at any time, make changes to this Data Protection Policy that it deems appropriate or necessary, ensuring its publication through various channels to guarantee transparency and information to Users, Service Recipients and Clients.

Express Consent and Acceptance

The terms of the Data Protection Policy are complementary to the terms and provisions regarding personal data set forth in the Specific Terms of Use for each of Audiqcer’s channels.

The free, specific, and informed provision of personal data by the respective owner implies knowledge and acceptance of the conditions contained in this Policy, considering that, by using the channels or by providing their personal data, Users, Service Recipients, and Clients are expressly authorizing its processing, in accordance with the rules defined in each of the applicable collection channels or instruments.

Special Data Protection Policies

With a commitment to transparency and information, and to ensure the adequacy of the Data Protection Policy to the different data processing operations carried out and, above all, to the different categories of data subjects, Audiqcer may develop special Data Protection Policies, such as, for example:

– Data Protection Policy in the Workplace;

– Data Protection Policy for Application Management; and

– Data Protection Policy for Supplier Employees.

These special policies are made available directly to the respective categories of data subjects and are available for consultation upon request to the Data Protection Officer.

Data Protection Officer

To exercise any type of data protection and privacy rights, or for any matter relating to data protection, privacy, and information security, Users, Service Recipients, and Clients who interact with Audiqcer may contact the Data Protection Manager via email at protecaodedados@audiqcer.com, describing the subject of the request and providing an email address, a telephone contact address, or a mailing address for a response.

Versions of the Data Protection Policy

Version of this Policy: Version 3.0.

Date: 20210425.

To consult previous versions of the Data Protection Policy, please send a request by email to protecaodedados@audiqcer.com.