Homepage   >   Privacy and Personal Data Protection Policy


1. Introduction

The present Privacy and Personal Data Protection Policy ("Privacy Policy") aims to inform all those who interact with us through this platform regarding the processing of their personal data and has been drawn up in compliance with and pursuant to the General Data Protection Regulation of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), (in the version currently in force) and Law 58/2019 of 8 August.


2. Purpose of collection and processing

Personal data is collected as part of the recruitment and selection process and/or spontaneous applications and is used for that exclusive purpose.


3. Personal data collected

The personal data we collect is limited to the information necessary to assess you for employment opportunities. Where appropriate and in accordance with the law, we may also collect information relating to your health and any criminal convictions.

Categories of data collected and processed in connection with recruitment and selection and/or spontaneous application processes

  • Personal Data
  • Academic Data
  • Professional Data
  • CV Photo


4. Sharing of collected personal data

The personal data collected may be shared with our group companies and with our human resources employees and/or our recruitment service providers when necessary. 


5. Conservation of collected personal data

Personal data is kept for as long as is strictly necessary. If we have had no relevant contact with you within a period of five years, we will delete your personal data from our systems, unless we are required to retain it by law (e.g. for tax reasons or in connection with anticipated litigation).


6. Security of collected personal data

We adopt the necessary and appropriate technical and organisational measures to protect the personal data collected, with the aim of protecting such data against accidental destruction, loss or modification, as well as against improper access and other unauthorised processes, among which we highlight the following: 

  • Control of access to DataCenters

All DataCenters used in the provision of services are divided into various zones with security levels, with the DataCenters receiving the highest security classification. 

  • Access to systems

Access to systems and applications consists of the identification and authentication of individual users and should be personal and non-transferable, and it is the responsibility of the employee in question not to share their access with anyone, as well as access control, registration and traceability. Passwords are automatically checked to contain special characters, alphanumeric requiring at the same time numbers, upper and lower case letters, and must be changed mandatorily every 3 months


  • Access to candidate data in recruitment

The systems prevent activities that are not covered by specific access rights for each employee. The data access control system is based on a personalised internal system where users can request access to their manager and which guarantees differentiated access control according to function. The configuration of accesses/profiles (such as permission to create, alter or delete) is defined within the applications. This task is managed by internal resources/system administrator.


  • Control of disclosure of data of candidates for recruitment

The applicable security framework states that international and national legislation must be followed, regardless of where operations are carried out. The rules regarding personal integrity are based on the GDPR (General Data Protection Regulation) and any subsequent applicable regulation, complemented by national legislation. Remote access to the network can only be done through a tunnel.


  • Control and availability of systems

Includes the protection measures in force in ASCENDUM SA, namely: carrying out hard disk backups (between different DataCenters if necessary), uninterrupted electricity supply in all DataCenters, backup copies stored in a third DataCenter, independent from the other two, for the purpose of processing primary data.

 ASCENDUM SA has implemented an advanced policy of antivirus measures, driven by the IT (Information Systems) Directive Rules for Virus Protection and the physical implementation arising from this directive consists of virus protection software. Servers and clients are protected with firewall(s) (LAN(s) protection and access control systems). The organisation also includes a central function for vulnerability control, updates/security patches for HardWare, Operating Systems, Operating Systems and applications, which serve to prevent, secure and minimise potential failures with the systems and applications.


  • Control of data separation

Personal data collected for different purposes are processed separately in accordance with EU and national legislation and the internal and security rules of ASCENDUM SA.


7. Rights of the personal data subject:

  • Right to object: the data subject has the right to object to the processing of collected data if he or she does not agree with the use that is made of the data.
  • Right to withdraw consent: the data subject may withdraw his/her consent to the use and storage of data at any time, provided that such processing and storage does not stem from a legal obligation.
  • Data Subject Access Requests: the data subject has the right to request that we confirm the information we hold and may ask to amend, update, or delete this information.
  • Right to Erase: In certain situations (for example, where we have unlawfully processed your data), the data subject has the right to request that their personal data is erased.
  • Right to data portability: the data subject has the right to request that their data be transferred to another controller.

To exercise the rights listed above, the data subject must contact us at the following addresses: ASCENDUM SA, Praça Marquês de Pombal, 3A - 5º, 1250-161 Lisboa (for the attention of the Data Protection Officer). E-mail: corporate.recruitment@ascendum.pt

  • Right to lodge a complaint with a supervisory authority: the data subject also has the right to lodge a complaint with the supervisory authority, the National Commission for Data Protection (Rua de São Bento n.º 148-3º 1200-821 Lisbon. Telephone + 351 213928400. Fax: +351 213976832. e-mail: geral@cnpd.pt). 


For initiating, continuing, and concluding a selection and recruitment process, we need to process your personal data, and this document serves to provide you with the legally required information.

Should you have any questions, comments, or suggestions about this Privacy Policy of our recruitment platform, please contact us using the contact details given in point 7 of this policy.