Data Protection - SIBS Site

PERSONAL DATA PROTECTION POLICY

The purpose of this personal data protection policy is to inform the user on how SIBS processes personal data while using the SIBS Website (“Website”) and to comply with the provisions of the legislation on protection of personal data, particularly, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, “GDPR”), regarding the information to be provided to the user, the data subject.

1. Identity and contact details of the Controller and Data Protection Officer.
When using the Website, SIBS processes personal data as a Data Controller for its own purposes (as listed below).

• Name: SIBS SGPS, S.A. (“SIBS”)
• Head office: Rua Soeiro Pereira Gomes, Lote 1, 1649-031 Lisbon, Portugal
• Share Capital: EUR 24.642.300,00
• Legal Person Number: 501 408 819
• Data Protection Officer: DataProtectionOfficer@sibs.com

2. Purposes and legal basis of processing, personal data and retention periods.
When using the Website, SIBS collects personal data from the user (some of which is essential and mandatory and some of which is optional, otherwise some features will not work):
• In response to contact requests, email address, name, telephone contact are collected, with the legal basis of performance of a contract (pre-contractual measures at the request of the data subject) (see Article 6(1)(b) GDPR) and are retained for the period necessary to prove compliance with legal obligations.
• For the security and resilience of the Website (prevention and fight against fraud), website settings, activity or traffic data, namely, IP address | service status | geolocation | device ID | make and model of the user’s device | device name | Operating System of device are collected, on the legal basis of legitimate interest in ensuring security and preventing fraud (Article 6(1)(f) GDPR) and are retained for 5 years (Article 118(1)(c) of the Portuguese Criminal Code).
• For selection and recruitment (receipt of applications for employment positions and internships), email address, name and telephone contact are collected, with the legal basis of performance of a contract (pre-contractual measures at the request of the data subject) (see Article 6(1)(b) GDPR) and are retained for the period necessary to prove compliance with legal obligations.

The user can withdraw consent at any time (without affecting the lawfulness of the processing conducted on the basis of the consent previously given).

SIBS only stores personal data in order to allow the identification of data subjects for the period necessary or required for the fulfilment of the purposes indicated.

3. Data recipients.
In order to comply with legal obligations SIBS may have to share personal data with third parties, e.g. judicial or administrative authorities, as well as supervisory or regulatory bodies.

4. Service providers.
SIBS may use other SIBS Group companies, or third parties to provide certain services involving the processing of personal data on the Website, exclusively according to prior documented instructions given by SIBS.

5. International data transfers.
The personal data is processed within the territory of the European Union/European Economic Area (EU/EEA). From time to time, SIBS may transfer personal data outside the EU/EEA in a secure and lawful manner, ensuring that the data is only transferred under the mechanisms permitted in Chapter V of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”).

6. Data processing security.
SIBS has implemented the appropriate technical and organisational security measures to ensure the security of the personal data provided to it, in order to prevent its alteration, loss, processing and/or unauthorized access to it, taking into account the current state of the technology, the nature of the data processed and the risks to which they are exposed, and the user being aware that security measures are not impregnable.

7. Exercise of data subject rights.
Under the applicable terms of the legislation on the protection of personal data, the user may exercise, free of charge and at any time, the rights of: access; rectification; erasure (“right to be forgotten”); restriction; portability; object; by a written request addressed to the SIBS Data Protection Officer to the address indicated above, or to the following e-mail address: DataProtectionOfficer@sibs.com.

8. National supervisory authority.
The user has the right to lodge a complaint regarding the protection of personal data to the Comissão Nacional de Proteção de Dados (CNPD), which is the national supervisory authority for the purposes of the GDPR and Law no. 58/2019, of August 8th, which transposes the GDPR into Portuguese law.

9. Third-party websites and social networks.
The Website may contain advertising, hyperlinks or other content that redirects the user to partner or third-party websites and/or social networks.
SIBS does not control the content of these websites and/or social networks and is therefore not responsible for it, or for the practices of said websites or social networks. SIBS therefore recommends users to consult the personal data protection policy of these websites, or social networks, and their terms and conditions of use.

10. Updating the Personal Data Protection Policy.
This personal data protection policy will be reviewed and updated periodically whenever necessary.

Updated on: 28-08-24