Your personal data shall be processed ensuring compliance with legally enforceable safeguards and obligations, namely, the Regulation (EU) 2016/679 of the European Parliament and the Council, of 27 April 2016 or General Data Protection Regulation (“GDPR”) and Law no. 58/2019 of 8 August. Law No. 58/2019 of 8 August, which ensures the implementation of GDPR in the Portuguese legal system.
The terms “personal data”, “data controller”, and “processing” have the meanings given to them in GDPR (which can be accessed here), unless otherwise indicated.
WHAT THIS POLICY COVERS
We are responsible for collecting and using your data in a responsible and secure way, and that starts with clearly telling you how we collect, use and protect your personal data. This policy sets out:
- The personal data we may collect from you;
- How and why we use your personal data;
- Why we may share personal data within other entities;
- The rights and choices you have when it comes to your personal data.
WHAT IS DATA CONTROLER
The RECap Fund is managed by Insula Capital, Sociedade Gestora de Organismo de Investimento Coletivo, S.A., (“Insula”), which is the controller of your data. Hereinafter, when we mean the controller of your personal data we will referred to as “we”, “us” or “our”.
Our contact details are set in “Contact Us” section at the bottom of this policy.
PERSONAL DATA WE COLLECT
In this section we explain what personal data we may collect when you access our website, or you register on our mobile app.
When you interact with our website or our mobile app, you provide us with the data that powers our business. While there are certain data that you must provide in order to use our services, such as account details when you join our mobile app, you control how much data you share with us.
We will only retain your personal data for as long as we need to in order to fulfil the uses we describe in this policy (or until you exercise your right to erasure, which is explained in the section about “your rights” below).
When you access our website, we collect:
- Contact details, such as your name, email and postcode
- Device and browser “metadata” (basically an audit trail of your device and browser use), including IP address, the make, model and operating system of the device you have used and browser type. This data is collected automatically when you browse our website or mobile app
When you register on our mobile app, we collect:
- Identification elements, such as your name, nationality, date and place of birth, ID number, Tax ID
- Contact details, such as phone number, permanent and fiscal address, postcode, email
- Device and browser “metadata” (basically an audit trail of your device and browser use), including IP address, the make, model and operating system of the device you have used and browser type. This data is collected automatically when you answer questions in surveys or browse our website or mobile app
When you browse our website or use our mobile app, we collect:
When you contact us or interact with our website or social media pages, we collect:
- Any personal data that you may you provide about yourself, including your name and contact details and the conversation history of our communications with you
- Any comments you make on our website or social media pages
How and why we use your Personal Data
In this section we explain how and why we use your personal data, and the choices you have over how your data is used
We can process your personal data based on the following lawful bases:
- Contractual use: necessary for the signing of a contract, for the provision of a service.
- Legal or regulatory use: to comply with applicable legal and tax obligations, such as money laundering prevention and terrorist financing, public security, private security and other regulations that may apply to.
- For some processing, we will request your express consent, informed and freely given prior to the processing, to ensure you maintain control over your data.
- Legitimate interest we pursue as a business: as long as the necessity of the processing the personal data is balanced against your interests, rights and freedoms.
We use the data that you share with us to give you the best experience possible. We describe below the uses we gave to your personal data:
Register, authenticate and administer your account
If you register with our mobile app, we will use your email address and a pin code to create your account and authenticate your identity each time you log on, and your account details to help us to interact with you.
Develop and improve our services
We use your survey responses to improve our research tools and methods, which helps us ensure that we are giving you and the best possible experience.
We use your name and email address for sending you direct marketing communications, if you expressly and freely have given your consent.
Respond to you when you exercise any of your rights relating to the data we hold about you (more information about “your rights” is set out below)
We will use your account information and internal identifiers to identify the data that is relevant to your request and respond to you.
Detect and prevent fraudulent activity
We use your IP address to ensure your location matches the location indicated by you.
If you have any questions about the grounds under which we process your personal data, or would like to find out more about the approach we take to determine that these grounds apply, please contact us using the contact details in the “Contact Us” section at the bottom of this policy.
Who we may share your Personal Data with
In order to use your personal data in the ways described above, we may share with trusted third parties, namely, intermediaries (but only if you have agreed to that specifically, within the relevant survey).
Transferring Personal Data outside EEA
We take all steps possible to ensure that your personal data remains within the European Economic Area (“EEA”). These countries may not have similar data protection laws to Portugal and so they may not protect the use of your personal information to the same extent.
In these cases, if we need to transfer your data to third parties that are in countries outside the EEA, we will inform you. In addition, we put in place appropriate safeguards to make sure your personal data remains adequately protected. Specifically, we make use of one of the following:
- Adequacy decisions: where the European Commission has determined that a country outside the EU offers an adequate level of data protection, personal data may be sent to that third country without implementing any other safeguards mentioned above.
- Standard contractual clauses: we use standard contractual clauses for the transfer of personal data to organisations outside the EEA. These contractual commitments have been adopted by the European Commission and ensure adequate protection for personal data transferred to countries outside the EEA by binding recipients of personal data to certain data protection standards including obliging them to apply appropriate technical and security measures.
How we store and protect your Personal Data
We know how important it is to protect your personal data while we have it. This section describes some of the measures we take to ensure that it is kept secure.
We do everything we can to protect your personal data from loss or misuse, and from unauthorized access, disclosure, alteration and destruction. This section describes some of the measures we take to ensure that your personal data is secure:
- We make sure we process only those personal data that are adequate, relevant and limited to what is necessary in relation to the specific purposes for which they are collected;
- We apply all reasonable measures to suppress or rectify all data that may be non-relevant, inaccurate or incomplete, with respect to the said purposes;
- We retain personal data only for the time strictly necessary for lawful processing. After that period, the data shall be deleted or, where appropriate, kept locked in accordance with the legal retention periods and limitation periods for the liabilities arising from the processing indicated in the data protection information when providing the data;
- Our standards ensure and guarantee that the data will be processed with the appropriate level of security, including protection against unauthorised or illicit processing activity and against its loss, destruction or accidental damage, through the application of appropriate technical or organizational measures, such as pseudonymization or encryption of personal data. Likewise, we apply the appropriate measures to guarantee the permanent confidentiality, integrity, availability and resilience of the processing activity systems and services;
- When your data are processed outside the EEA, our aim is to ensure that the level of protection guaranteed by the GDPR is not undermined. To this end, we shall adopt the appropriate guarantees provided for in the European Data Protection Regulation;
- Our staff has been specifically trained on data protection matters and periodically updated as part of our mandatory training programs.
This section explains the rights that you have in relation to the personal data that we hold about you.
You have certain rights in relation to the personal data that we hold about you, which are designed to give you more choice and control over your personal data. These rights are explained below:
- The right to be informed – You have the right to obtain clear, transparent, and easily understandable information about how we use your personal data and your rights. That is why we provide you with information on this Policy.
- The right to access – You can request a copy of the data we hold about you and related information.
- The right to rectification – You are entitled to rectify your personal data if it is incorrect or outdated, and/or to complete it if it is incomplete.
- The right to request erasure of personal data/right to be forgotten – Please note that this is not an absolute right as we may have legal or legitimate grounds for withholding your personal data.
- The right, at any time, to withdraw the processing of data, based on the consent – You may withdraw from our data process when such processing is based on your consent. Withdrawal of consent does not affect the legality on consent prior to its withdrawal.
- The right to data portability – You have the right to receive a copy of your personal data in a structured and machine-readable format and, where possible, have this sent to another organisation. This applies only to data you have provided, where the processing is based on your consent, or in contract and the processing is carried out by automated means.
- The right to request a restriction on the processing – You can request that we restrict our use of your data to storage only, that we stop using it for all other purposes or that we retain data that was due for deletion.
Automated decision making
We do not envisage that any decisions that will have a legal or other significant effect on you will be taken about you using purely automated means, however we will update this policy if this position changes and notify you of those changes.
Exercising your rights
You can exercise any of these rights by using the contact details below.
Lodging a complaint with a regulator
You also have the right to lodge a complaint with a data protection regulator in Europe, in particular in a country you work or live, where your legal rights have been infringed or where your personal information has or is being used in a way that you believe does not comply with data. The contact details for Comissão Nacional de Proteção de Dados are available here, which also contains details on how to make a complaint.
HOW TO CONTACT US
If you have questions about this policy, or about how we collect, store and use personal data, or you would like to exercise your rights, you can contact us:
Av. da Liberdade, 190