The purpose of this privacy policy is to inform Customers/Users of the general rules governing the processing of personal data, which are collected and processed in strict compliance with the personal data protection legislation in force at any given time, namely Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”) and Law No. 58/2019, of 8 August 2019.
All data provided is not disclosed or communicated to third parties, except where required by law or essential for the provision of contracted services.
Cookies policy;
“Cookies” are small text files that are stored on the device (e.g. computer, smartphone, etc.) through your web browser (e.g. Google Chrome).
These small files are only used to retain information about preferences, or how you use our online products and services, and their ultimate objective is to improve functionality/usability and the way we provide our services. These files do not retain personal information, do not extract personal information from the user’s computer and usually have a limited duration. You can always block the use of “Cookies” through the configuration options in your web browser. For more information please consult your browser’s technical support.
On our platforms we use only strictly necessary cookies.
Retention of personal data;
The retention period for data will be the period legally stipulated by law (Art. 13(2)(a) of the GDPR) and will always be kept until the end of the contractual relationship for which they were collected.
In the case of Customers and Users who place data in our products and solutions, these will be maintained for as long as the license for the use of the solution containing the data of the data subject remains active. In cases where it is necessary to keep a history of data during the term of the services, this will be kept for a minimum period of 6 months. When the payment of the data subject’s license is suspended or declared terminated the data history may be deleted. In case of service reactivation, we do not guarantee the continuity of previous data history.
Storage of data;
Data storage is carried out within the European Union and data is not exported outside the European Union.
Users’ rights in relation to data (objection, information, access, portability, rectification and deletion)
Data subjects have the right to:
- Right of access to their personal information;
- Right to rectification of their data;
- Right to erasure of data;
- Right to restriction of processing;
- Right to data portability;
- Right to object;
- Right to file a complaint with i4Devices, or even with the CNPD – Comissão Nacional de Proteção de Dados (www.cnpd.pt);
They also have the right to know whether their personal data are being processed, whether they have been transmitted to another entity, namely recipients established in third countries or belonging to international organizations, and the destination given to them.
They may access their data and all information concerning the processing operations (collection, processing, handling), after unequivocal identification of the data subject.
They may request the rectification of their personal data if they are outdated, incorrect or incomplete. In the case of incomplete personal data, they have the right to have them completed and may provide an additional statement.
Personal data, even if the right to erasure is exercised, must comply with the legal retention period and at the end of this period we proceed to their definitive deletion.
The exercise of this right will not be possible for all personal data, since there are situations, namely contractual and legal, in which it is not possible to proceed with deletion when requested by the data subject. The exercise of this right will not be possible in the case of public interest in the field of public health, for the declaration, exercise or defense of a right in legal proceedings, as provided for in Articles 17(3) and 23 of the GDPR.
The data subject may request the exercise of the Right to Erasure of the processing of personal data. If they verify that the processing to which they are subject is unlawful, they may use it as an alternative to the Right to be Forgotten.
The data subject may request restriction of processing of their data if they consider their data to be incorrect or if they consider that we should not process it.
The data subject may request the transfer of their data to other entities, either by requesting the controller to transfer it directly to another entity, or by receiving the data themselves and carrying out portability to another entity.
The data subject may at any time object to the processing of their personal data, provided that it concerns their particular situation and is based on legitimate interests.
The data subject has the right to withdraw consent to the processing of their personal data at any time.
The data subject has the right to refuse that their data be processed in an automated manner that may produce effects in their legal sphere, such as profiling with their personal data.
If you wish to file a complaint, please contact i4Devices with a view to a quick resolution of the problem you report. We will do our best to help; however, if you remain dissatisfied, you may contact the CNPD – Comissão Nacional de Proteção de Dados whose contact details can be consulted at www.cnpd.pt.
Consent acceptance
Data processing presupposes obtaining the prior consent of the data subject.
In cases of a direct contract between i4Devices and the data subject, and if it is i4Devices’ responsibility to collect the data, i4Devices is also responsible for obtaining the subject’s consent for processing.
In situations where i4Devices’ products and services are contracted by Customers (not data subjects), promoting Users who are not the data subjects themselves (cases in which i4Devices has no direct contract with the data subject), it is the responsibility of these entities (Customers, Users or Partners) to ensure that they have valid consent from the data subjects to process their data using i4Devices’ products and solutions. In these cases, i4Devices assumes that its Customers, Users and Partners have taken the necessary legal and regulatory steps, and are entirely responsible for obtaining the consents of the data subjects. i4Devices cannot be held responsible if this has not happened, as it is completely independent of how third parties obtained the data.
Data security
We are committed to continuously analysing and improving the measures implemented to protect your personal information against unauthorized access, accidental loss, disclosure or destruction.
Internet-based communications (such as emails, web access and APIs) will only be considered secure if they are encrypted. Your communications may pass through several countries before delivery, as that is the nature of the Internet.
We cannot accept responsibility for any losses or unauthorized access to personal information that are outside our control.
We will never ask you to provide personal or account information through an unsolicited or unexpected channel. The Customer, User, Partner or Data Subject is responsible for keeping their personal and account information secure and not sharing it with others so as not to compromise their security or that of others whose data is stored in the products or solutions.
Subcontracting / Data Processor
We may use subprocessors for the partial or full processing of personal data, as permitted by law. These entities are contractually bound to maintain confidentiality and guarantee the security of the data to which they have access for this purpose, and may not use such data for any other purposes nor relate it to other data they hold. Also, depending on commercial and business relationships, we may act as subprocessors for our Customers.
Hyperlinks to Websites;
Our websites, products or solutions may contain links to third-party websites. We cannot be held responsible for the security and content of such third-party websites. You should make sure you read the privacy and cookie policies of these companies before using or transferring personal information to them. The same applies to any third-party websites or content you link to using our products and services.
Contact of the data controller.
For any questions related to the processing of personal data, you can contact us through the “Contact Form” or send an email to: info@i4Devices.pt
Complaint and Supervisory Authority
The data subject has the right to lodge a complaint with the designated supervisory authority, either directly or through a representative.
The CNPD — Comissão Nacional de Proteção de Dados is the authority that controls and monitors compliance with the GDPR, Law 58/2019, Law 59/2019 and Law 41/2004, as well as other legal and regulatory provisions regarding the protection of personal data.