Skip to content
MENU
Ascendum

Data Protection Policy

Data Protection Policy

All references to individuals are intended to be gender-neutral in every case and serve solely to facilitate readability. Contact us

1. Introduction

Ascendum Portugal – Serviços de Gestão, SA (hereinafter referred to simply as Ascendum Portugal) is responsible for the processing of customers’ personal data, whether by automated or non-automated means, from its collection and organisation to its storage and deletion. Ascendum Portugal is aware of and complies with the rules relating to the collection and processing of personal data, as set out in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.

2. Purpose and Legal Basis for the Processing of Collected Data

The personal data collected will be processed for the following purposes:

  • Management of the general business relationship and contractual purposes related to sales and the provision of services;

  • Responding to questions and complaints submitted in relation to the activities carried out;

  • Direct marketing, advertising, and public relations within the scope of Ascendum Portugal’s activities and brands;

  • Development of products and services, with the aim of making the business more effective;

  • Certifying and improving the quality of the products and/or services provided;

  • Compliance with laws, regulations, court decisions, or in the context of defending the legal rights of the Ascendum Group.

3. Methods of Collecting Personal Data

Personal data is collected if the customer purchases and/or uses a product or service provided by Ascendum Portugal or by another company of the Ascendum Group, if they provide personal data, and if they complete and submit any of the forms available on the Ascendum Portugal website.

4. Categories of Personal Data That May Be Collected

The personal data that may be collected are as follows:

  • Identification data – full name, date of birth, citizen card number, tax identification number;

  • Contact details – personal address, business address, personal and/or business email address, telephone number, etc.;

  • Professional details – occupation, organisation where the individual works, and its location;

  • Financial information – account number and banking details;

  • Information related to sales and/or service history, namely maintenance records and campaigns;

  • Other information the customer may choose to provide, such as the purpose of visiting the Ascendum Portugal website or facilities;

  • IP addresses of visits to the Ascendum Portugal website, social media, and also those of the Ascendum Group.

5. Retention Period of Collected Personal Data

Data will be retained for as long as the business relationship with the customer is maintained or for as long as such retention is required by law.

Once the legally permitted retention period has been reached, personal data will be processed with the highest level of security to ensure that future identification is no longer possible, in accordance with the General Data Protection Regulation.

6. Security Measures Implemented to Protect Collected Personal Data

Access control to Data Centers
All Data Centers used in the provision of services are divided into several zones with different security levels, with Data Centers receiving the highest security classification.

Access control to systems
Access to systems and applications requires the identification and authentication of individual users. Credentials must be personal and non-transferable, and it is the responsibility of each employee not to share their access. Access control, logging, and traceability are ensured. Passwords are automatically verified to include special characters and alphanumeric combinations, requiring numbers, uppercase, and lowercase letters, and must be mandatorily changed every three months.

Access control to customer data
Systems prevent activities that are not covered by the specific access rights assigned to each employee. The customer data access control system is based on an internal customised system where users may request access from their supervisor, ensuring differentiated access according to role. Access/profile settings (such as permission to create, modify, or delete) are defined within applications. This task is administered internally by system administrators.

Control of customer data disclosure
The applicable security framework requires compliance with both international and national legislation, regardless of where operations are carried out. Rules regarding personal integrity are based on the GDPR (General Data Protection Regulation) and any subsequent applicable regulations, complemented by national legislation. Remote network access can only be performed through a secure tunnel.

Control of customer data input
Each subcontracted third party has the ability to record any action in systems and applications. Whether this capability is used depends on the customer contract, and the customer must be aware of the classification of the information with respect to its personal nature. There is no automatic function that can independently assess whether personal data has been used, altered, moved, or deleted.

System control and availability
This includes the protection measures in force at Ascendum Portugal, namely: hard disk backups (across different Data Centers if necessary), uninterrupted power supply in all Data Centers, and backup copies stored in a third Data Center, independent from the other two, for the purpose of managing primary data.

Ascendum Portugal has implemented an advanced antivirus policy, driven by the IT Directive Rules for Virus Protection. The physical implementation of this directive consists of antivirus protection software. Servers and clients are protected by firewalls (systems for access control and LAN protection). The organisation also maintains a central function for vulnerability control, updates/security patches for hardware, operating systems, and applications, to prevent, ensure, and minimise potential system and application failures.

Data segregation control
Personal data collected for different purposes is processed separately in accordance with EU and national legislation and Ascendum Portugal’s security rules.

7. Identification of Entities with Whom Collected Personal Data May Be Shared

Personal data may be shared with companies within the Ascendum Group, as well as with Ascendum Portugal’s suppliers and service providers.

Personal data is shared only with those who need access to the information in the performance of their duties or due to a legal requirement. Whenever third parties access personal data, the necessary security measures will be implemented to ensure that the information is used correctly and securely, in accordance with this Data Protection Policy.

8. Procedure to Access or Modify Collected Data and to Request Data Erasure or the Amendment or Withdrawal of Consent

At any time, the customer may access their personal data and request its modification. They may also amend or withdraw their consent, with effect for the future. Once the customer withdraws their consent declarations, they will no longer be contacted or receive communications for the purposes described in this Data Protection Policy.

To access data, request modifications, or withdraw consent declarations, the customer should use the following contacts:

Ascendum Portugal – Serviços de Gestão, SA
Rua do Brasil, nº 27
2695-535 São João da Talha
Email: [email protected]

9. Contact Details for Clarification of Questions Related to Data Protection Rights and the Right to Lodge a Complaint with the Competent Authority

For any questions related to the collection and use of personal data, the customer should use the following contacts:

Ascendum Portugal – Serviços de Gestão, SA
Rua do Brasil, nº 27
2695-535 São João da Talha
Email: [email protected]

Under certain conditions, as the data subject, the customer may have the right to request additional information regarding the use Ascendum Portugal makes of their data, a copy of the data collected, the transmission of personal data to another data controller, the correction of inaccuracies in the personal data held, the deletion of data whose use is no longer lawful, and the restriction of the way in which personal data is used.

The exercise of these rights is subject to exceptions aimed at safeguarding the public interest or the interest of Ascendum Portugal. If any of these rights are exercised, the request will be reviewed, and every effort will be made to provide a response within thirty (30) days.

If a complaint regarding the collection and processing of personal data is to be submitted, it should be addressed to the national supervisory authority:
Comissão Nacional de Proteção de Dados – CNPD
Rua de São Bento, nº 148, 3º, 1200-821 Lisbon
Telephone: +351 213 928 400
Fax: +351 213 976 832
Email: [email protected]

10. How can you manage your preferences?

The user can check the information in the cookie list, revoke, or adjust the consent associated with cookies at any time, through the settings panel:

Privacy Settings

Your choice will be respected in accordance with current legal obligations, namely the General Data Protection Regulation (GDPR).