Privacy and Data Protection Policy

1. Introduction

This Privacy and Data Protection Policy applies to the collection and processing of personal data carried out by log.oscon within the scope of its activity

log.oscon is committed to complying with all applicable legislation on privacy and the protection of personal data, in particular the General Data Protection Regulation (GDPR - EU Regulation 2016/679 of 27 April 2016).

With this Privacy and Data Protection Policy, log.oscon intends to make public all the data processing practices and mechanisms that it intends to fulfil with regard to its clients, partners.

2. Responsibility for the Processing of Personal Data

This policy covers all processing operations involving personal data, such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission to authorised entities, comparison or interconnection, restriction, erasure or destruction.

All information on personal data processed by log.oscon is used exclusively for the purposes for which it was legitimately collected.

In order to guarantee the total security and privacy of the personal data processed, log.oscon adopts strict technical and organisational security measures to ensure that the data provided is protected against destruction, loss, alteration, disclosure or unauthorised access or against any other form of illicit processing.

These measures include the appropriate technical procedures for dealing with any suspected data breach, ensuring a response commensurate with the threat.

Access to personal data is restricted to those employees who need it for the purpose of processing specific functions for which they are duly mandated and authorised, and this policy is governed by the principle of necessity.

In order to achieve this level of security in the processing of information, log.oscon carries out training and awareness-raising activities for its employees, and has a set of widely publicised internal rules that guide people towards protecting the privacy and confidentiality of the personal data that data subjects entrust to us.

The compliance of the measures with the objectives to be achieved is checked regularly through internal or external audits, using the best practices and techniques available on the market.

The confidentiality, availability and resilience of information systems are guaranteed even in the event of a physical or technical incident, with the ability to restore access to information through regular backup mechanisms.

3. What Personal Data is Processed

In the normal course of its business, log.oscon collects and processes the professional and personal data necessary to carry out the tasks and functions it proposes to perform within the scope of providing contracted services and, to this end, it requests and relies on the authorisation and consent of its Clients and potential Clients who provide or authorise access.

It also processes personal data that is necessary for the fulfilment of legal obligations to which it is subject or for the satisfaction of its own legitimate interests.

4. Treatment regime

Personal data collected by log.oscon is processed lawfully, fairly and transparently, in full compliance with national or European legislation or any applicable code of conduct.

Data may be processed automatically. Processing is limited to what is strictly necessary to fulfil the purposes for which it was collected.

5. Rights of Data Subjects

With regard to personal data collected and processed lawfully, log.oscon grants data subjects all the rights provided for in national and European legislation, namely those enshrined in the GDPR.

5.1. Right to be informed

The data subject has the right to be informed in a concise, transparent and intelligible manner, using clear and simple language, of all their rights under the law.

5.2. Right of Access

The data subject has the right to obtain from log.oscon all the information relating to their personal data, in particular with regard to the purposes of the processing, the categories of data processed, the recipients to whom the data will be disclosed, their expected retention period, to be informed of the origin of the data if they were not obtained directly and other information provided for by law and the GDPR.

5.3. Right of rectification

The data subject has the right to obtain from log.oscon, without undue delay, the rectification of their inaccurate personal data, as soon as they make a declaration to this effect.

5.4. Right to erasure

The data subject has the right to have their personal data erased if it is no longer necessary for the purpose for which it was collected, if they have withdrawn their consent or object to its processing, if it has been processed unlawfully or to fulfil a legal obligation.

There are, however, exceptions provided for in the law that prevent this deletion, namely cases involving the exercise of freedom of expression and information, the fulfilment of a legal obligation or judicial defence that requires processing, reasons of public interest in the field of public health, for the purposes of public interest archives, scientific or historical research and for statistical purposes.

5.5. Right to Limitation

The data subject has the right to ask log.oscon to restrict the processing of their personal data, particularly in cases where they dispute its accuracy or the data is no longer necessary for processing purposes.

This right may not be granted in the case of the fulfilment of a legal obligation or the exercise of a right in legal proceedings.

5.6. Portability rights

In the cases provided for by law, the data subject has the right to receive the data concerning them that they have provided to log.oscon in a structured, commonly used and machine-readable format.

You also have the right to request that this information be transmitted directly to another data controller, as long as this is technically possible.

5.7. Right of opposition

The data subject has the right to object to the processing of their personal data for reasons relating to their particular situation, including profiling and direct marketing, and log.oscon is obliged to cease such processing, unless processing in the public interest prevails or there are compelling legitimate reasons, or defence of a right in legal proceedings.

6. Exercising the Rights of Personal Data Subjects

To obtain any further clarification or to exercise any right provided for in national or European data protection law, data subjects may contact or consult the Data Protection Officer identified below.

Coordinating Director and DPO: Tiago Jacob

Email address: [email protected]

Address: Rua Rodrigues Faria 103 - Edificio I, 4º andar - 1300501 Lisboa

You also have the right to lodge a complaint with the supervisory authority.

Portugal, the supervisory authority is the National Data Protection Commission. For more information go to www.cnpd.pt

7. Changes to the Privacy Policy

This Privacy Policy may be amended from time to time by publication on the log.oscon website (http://log.pt).

Any changes of a significant nature will be communicated with the degree of publicity corresponding to their relevance, either by highlighting them in the online publication or, if justified, by individualised communication to the data subjects.