1. Introduction
The present Privacy and Personal Data Protection Policy ("Privacy Policy") aims to inform all those who interact with us through this platform regarding the processing of their personal data and has been drawn up in compliance with and pursuant to the General Data Protection Regulation of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), (in the version currently in force) and Law 58/2019 of 8 August.
2. Purpose of collection and processing
Personal data is collected as part of the recruitment and selection process and/or spontaneous applications and is used for that exclusive purpose.
3. Personal data collected
The personal data we collect is limited to the information necessary to assess you for employment opportunities. Where appropriate and in accordance with the law, we may also collect information relating to your health and any criminal convictions.
Categories of data collected and processed in connection with recruitment and selection and/or spontaneous application processes
4. Sharing of collected personal data
The personal data collected may be shared with our group companies and with our human resources employees and/or our recruitment service providers when necessary.
5. Conservation of collected personal data
Personal data is kept for as long as is strictly necessary. If we have had no relevant contact with you within a period of five years, we will delete your personal data from our systems, unless we are required to retain it by law (e.g. for tax reasons or in connection with anticipated litigation).
6. Security of collected personal data
We adopt the necessary and appropriate technical and organisational measures to protect the personal data collected, with the aim of protecting such data against accidental destruction, loss or modification, as well as against improper access and other unauthorised processes, among which we highlight the following:
All DataCenters used in the provision of services are divided into various zones with security levels, with the DataCenters receiving the highest security classification.
Access to systems and applications consists of the identification and authentication of individual users and should be personal and non-transferable, and it is the responsibility of the employee in question not to share their access with anyone, as well as access control, registration and traceability. Passwords are automatically checked to contain special characters, alphanumeric requiring at the same time numbers, upper and lower case letters, and must be changed mandatorily every 3 months
The systems prevent activities that are not covered by specific access rights for each employee. The data access control system is based on a personalised internal system where users can request access to their manager and which guarantees differentiated access control according to function. The configuration of accesses/profiles (such as permission to create, alter or delete) is defined within the applications. This task is managed by internal resources/system administrator.
The applicable security framework states that international and national legislation must be followed, regardless of where operations are carried out. The rules regarding personal integrity are based on the GDPR (General Data Protection Regulation) and any subsequent applicable regulation, complemented by national legislation. Remote access to the network can only be done through a tunnel.
Includes the protection measures in force in ASCENDUM SA, namely: carrying out hard disk backups (between different DataCenters if necessary), uninterrupted electricity supply in all DataCenters, backup copies stored in a third DataCenter, independent from the other two, for the purpose of processing primary data.
ASCENDUM SA has implemented an advanced policy of antivirus measures, driven by the IT (Information Systems) Directive Rules for Virus Protection and the physical implementation arising from this directive consists of virus protection software. Servers and clients are protected with firewall(s) (LAN(s) protection and access control systems). The organisation also includes a central function for vulnerability control, updates/security patches for HardWare, Operating Systems, Operating Systems and applications, which serve to prevent, secure and minimise potential failures with the systems and applications.
Personal data collected for different purposes are processed separately in accordance with EU and national legislation and the internal and security rules of ASCENDUM SA.
7. Rights of the personal data subject:
To exercise the rights listed above, the data subject must contact us at the following addresses: ASCENDUM SA, Praça Marquês de Pombal, 3A - 5º, 1250-161 Lisboa (for the attention of the Data Protection Officer). E-mail: corporate.recruitment@ascendum.pt
For initiating, continuing, and concluding a selection and recruitment process, we need to process your personal data, and this document serves to provide you with the legally required information.
Should you have any questions, comments, or suggestions about this Privacy Policy of our recruitment platform, please contact us using the contact details given in point 7 of this policy.