This version of the Privacy Policy applies to the use (as defined below) of the MyAscendum Portal from and including the date indicated above. If you wish to consult previous versions of these policy, please contact us at: myportal@ascendummaquinas.pt.
The controller of the personal data processed within the scope, in connection, and/or for the purposes of the management of MyAscendum Portal shall be:
In either case, the controller or joint controllers shall be referred, hereinafter, as "Ascendum".
The purposes of the processing of personal data carried out within the scope and for the purposes of management of the MyAscendum Portugal include:
(a) Management of the Clients’ authorized users (“Users”)’ access and use of MyAscendum Portal, including in connection with registration, access or use of the Portal thereof, and/or, for purposes of confirming User’s identity or the powers, authorizations and permissions granted to them in relation to access, use and management of the Client’s account on MyAscendum.
(b) Management of contracts entered or to be entered by Ascendum with its clients, including for preparation and delivery of proposals or quotations requested by an authorized User of the Client.
(c) Responding to queries and handling complaints received from Clients, and/or representatives, employees, or authorized Users thereof.
(d) The creation, development, launch and management of products, services and solutions aimed at improving the quality or efficiency of Ascendum’s business, products and services, and or of the Portal.
(e) Advertise or promote Ascendum’s business, products or services, including, by means of direct marketing actions, the sending of commercial communications, and the carrying out of quality or satisfaction surveys, inquiries, or market studies.
(f) Compliance with any legal, regulatory and/or contractual obligations, and/or the implementation of judicial or regulatory decisions.
Considering the purposes set out above, the processing of personal data by Ascendum shall be based, depending on the specific purposes, on either of the legal conditions below:
(a) Consent of the data subjects.
(b) Performance of a contract or of any preparatory steps requested by the data subject prior to the execution of a contract.
(c) Compliance with a legal obligation.
(d) Pursuit of the controller’s legitimate interests
The personal data processed within the scope of this policy includes:
(a) Identification data, including full name, date of birth, and personal identifiers (such as, e.g., the number and expiration date of the citizen card, and/or tax identification number).
(b) Contact details such as postal address, email address, and/or mobile telephone number.
(c) Professional details, including position or role, and/or the identification and address of the employer.
(d) Financial details of individual Clients, including, for example: account number and bank details.
(e) Order history, products and services purchased or requested, and orders placed.
(f) Other information provided by the data subject and/or related to his/her access and use of the Portal.
(g) IP addresses and other information registered on access and use logs.
The personal data shall be kept only as long it is strictly necessary for the purposes of managing the Client’s relationship and/or the period for which Users can access and/or use the Portal. Once the data are no longer necessary, and their retention is no longer required by law, data shall be either eliminated or irreversible anonymized.
Controller of the personal data adopts and regularly updates technical and organizational security measures designed to ensure the confidentiality and integrity of the personal data processed. Such measures include, among other, the implementation of:
(a) Access control measures to data centers. Data centers and data access control are classified according to the required security level, with control measures being implemented depending on the risk.
(b) Control of access to systems. Access to systems and applications is controlled through access control, registration and data traceability according to the type of data processed, enabling Ascendum to identify Users and/or create and manage access and permissions assigned thereto.
(c) Password policy, setting out the requirements applicable to the creation, change and/or management of passwords, (including, for example, the number and type of special or alphanumeric characters used, the length and composition of passwords, and the maximum periods for updating or changing them).
(d) Control of access to customers’ data. Systems have been implemented to prevent activities that are not covered by the specific access rights for each User
(e) Control of disclosure of customer data. The applicable security framework establishes that international and local legislation must be followed, regardless of where operations are carried out. The rules relating to personal integrity are based on the General Data Protection Regulation and other legislation or standards that implement, complement or clarify such legislation and standards.
(f) Control of data entry. Actions carried out by third parties in the Portal are registered by proprietary systems and applications.
(g) Control and availability of systems. Protection measures are adopted to safeguard the content and security of hard drives and servers, the supply of energy in the event of an interruption in the public network, and to ensure the backup of the data and the sorting of backup copies on third-party data centers, among others.
(h) Antivirus policy. An advanced policy of anti-virus measures has been logically and physically implemented, based on the IT (Information Systems) Directive Rules.
(i) Data segregation. Personal data collected for different purposes are segregated and processed separately in accordance with applicable legal rules and Ascendum's security policy./p>
(j) Other measures. Access to servers is protected by firewall(s) (LAN(s) access protection and control systems). Vulnerability control, hardware security updates/corrections, operating systems, operating systems and applications, has also been implemented to prevent, detect and minimize system and application failures.
In addition to the transfer of personal data to authorities and public entities in accordance with the applicable law, personal data shall be shared only with the Ascendum Group companies acting as joint-controllers or processors of Ascendum, and, if necessary, with suppliers and providers of products and services purchased, subscribed, requested or selected by a Client, for the sole purpose of ensuring the supply or provision thereof to said Client.
Personal data is only shared when required by law or indispensable for the purposes of the processing, being, in any case, limited to the persons or entities who have an actual need to know such data, and complemented by appropriate security measures aimed at ensuring the data are kept secured and shall be used exclusively for the purposes for which they are intended.
Data subjects are granted certain rights in respect of their data, notably the rights to:
(a) Access their personal data and request a copy of it.
(b) Request the update, correction or change of their data.
(c) Request the elimination or personal data and/or the limitation of its processing.
(d) Withdraw the consent given to the processing of the data (to the extent that such processing was consented to).
(e) Obtain a copy of the data in a structured format, when applicable, and to ensure the portability of the same to a third-party supplier or provided (when the processing is consented or contracted).
(f) Oppose the processing of his/her data.
Additionally, the exercise of either of the above rights shall not prevent the data subjects from lodging a complaint with the local data protection supervisory authority competent (such as the National Personal Data Protection Commission, in Portugal).
If you wish to exercise any of your rights as a data subject, including withdrawing the consent previously given to the processing of your data, or request any clarification regarding the processing of your personal data, please contact us at: apoioaocliente@ascendumportugal.pt
Ascendum shall inform Users and data subjects whose data are processed in connection with, and/or for the purposes of this Portal, of any changes to this Privacy Policy, disclosing them, if appropriate, on the Portal, and, when necessary, requesting Users to review and confirm their agreement to the modified Privacy Policy.