We are concerned about your privacy and protect the information provided by you. We believe that everyone’s personal data should be handled responsibly and ethically.

This Privacy and Cookies Policy shall apply to the general processing of your personal data as a User of this website or our mobile app.

Our website is for information purposes only, therefore if personal data are requested for a specific purpose, you shall be informed about all elements required by the applicable data protection regulations when the data are collected.

Our mobile app will process your personal data specifically for investment purposes. This mobile app is a “platform” that stores all your Fund and Golden Visa application information in one place, a platform that notifies you at every stage of the process. This mobile app allows multiple stakeholders to have an oversight of the application process, from uploading and document checking through to KYC, bank account opening and fund allocation.

We have tried to make this policy as easy to read as possible, but if anything is unclear, please contact us at recapfund@insulacapital.pt .

Your personal data shall be processed ensuring compliance with legally enforceable safeguards and obligations, namely, the Regulation (EU) 2016/679 of the European Parliament and the Council, of 27 April 2016 or General Data Protection Regulation (“GDPR”) and Law no. 58/2019 of 8 August. Law No. 58/2019 of 8 August, which ensures the implementation of GDPR in the Portuguese legal system.

The terms “personal data”, “data controller”, and “processing” have the meanings given to them in GDPR (which can be accessed here), unless otherwise indicated.

We are responsible for collecting and using your data in a responsible and secure way, and that starts with clearly telling you how we collect, use and protect your personal data. This policy sets out:

• The personal data we may collect from you;
• How and why we use your personal data;
• Why we may share personal data within other entities;
• The rights and choices you have when it comes to your personal data.

The RECap Fund is managed by Insula Capital, Sociedade Gestora de Organismo de Investimento Coletivo, S.A., (“Insula”), which is the controller of your data. Hereinafter, when we mean the controller of your personal data we will referred to as “we”, “us” or “our”.
Our contact details are set in “Contact Us” section at the bottom of this policy.

In this section we explain what personal data we may collect when you access our website, or you register on our mobile app.

When you interact with our website or our mobile app, you provide us with the data that powers our business. While there are certain data that you must provide in order to use our services, such as account details when you join our mobile app, you control how much data you share with us.

We will only retain your personal data for as long as we need to in order to fulfil the uses we describe in this policy (or until you exercise your right to erasure, which is explained in the section about “your rights” below).

• Contact details, such as your name, email and postcode
• Device and browser “metadata” (basically an audit trail of your device and browser use), including IP address, the make, model and operating system of the device you have used and browser type. This data is collected automatically when you browse our website or mobile app

• Identification elements, such as your name, nationality, date and place of birth, ID number, Tax ID
• Contact details, such as phone number, permanent and fiscal address, postcode, email
• Device and browser “metadata” (basically an audit trail of your device and browser use), including IP address, the make, model and operating system of the device you have used and browser type. This data is collected automatically when you answer questions in surveys or browse our website or mobile app

• Information through the use of cookies and similar technologies (please go to the section “Cookies and Similar Technologies” below)

• Any personal data that you may you provide about yourself, including your name and contact details and the conversation history of our communications with you
• Any comments you make on our website or social media pages

In this section we explain how and why we use your personal data, and the choices you have over how your data is used

We can process your personal data based on the following lawful bases:

• Contractual use: necessary for the signing of a contract, for the provision of a service.
• Legal or regulatory use: to comply with applicable legal and tax obligations, such as money laundering prevention and terrorist financing, public security, private security and other regulations that may apply to.
• For some processing, we will request your express consent, informed and freely given prior to the processing, to ensure you maintain control over your data.
• Legitimate interest we pursue as a business: as long as the necessity of the processing the personal data is balanced against your interests, rights and freedoms.

We use the data that you share with us to give you the best experience possible. We describe below the uses we gave to your personal data:

If you register with our mobile app, we will use your email address and a pin code to create your account and authenticate your identity each time you log on, and your account details to help us to interact with you.

We use your survey responses to improve our research tools and methods, which helps us ensure that we are giving you and the best possible experience.

We use your name and email address for sending you direct marketing communications, if you expressly and freely have given your consent.

We will use your account information and internal identifiers to identify the data that is relevant to your request and respond to you.

We use your IP address to ensure your location matches the location indicated by you.

If you have any questions about the grounds under which we process your personal data, or would like to find out more about the approach we take to determine that these grounds apply, please contact us using the contact details in the “Contact Us” section at the bottom of this policy.

In order to use your personal data in the ways described above, we may share with trusted third parties, namely, intermediaries (but only if you have agreed to that specifically, within the relevant survey).

We take all steps possible to ensure that your personal data remains within the European Economic Area (“EEA”). These countries may not have similar data protection laws to Portugal and so they may not protect the use of your personal information to the same extent.

In these cases, if we need to transfer your data to third parties that are in countries outside the EEA, we will inform you. In addition, we put in place appropriate safeguards to make sure your personal data remains adequately protected. Specifically, we make use of one of the following:

• Adequacy decisions: where the European Commission has determined that a country outside the EU offers an adequate level of data protection, personal data may be sent to that third country without implementing any other safeguards mentioned above.
• Standard contractual clauses: we use standard contractual clauses for the transfer of personal data to organisations outside the EEA. These contractual commitments have been adopted by the European Commission and ensure adequate protection for personal data transferred to countries outside the EEA by binding recipients of personal data to certain data protection standards including obliging them to apply appropriate technical and security measures.

We know how important it is to protect your personal data while we have it. This section describes some of the measures we take to ensure that it is kept secure.

We do everything we can to protect your personal data from loss or misuse, and from unauthorized access, disclosure, alteration and destruction. This section describes some of the measures we take to ensure that your personal data is secure:

• We make sure we process only those personal data that are adequate, relevant and limited to what is necessary in relation to the specific purposes for which they are collected;
• We apply all reasonable measures to suppress or rectify all data that may be non-relevant, inaccurate or incomplete, with respect to the said purposes;
• We retain personal data only for the time strictly necessary for lawful processing. After that period, the data shall be deleted or, where appropriate, kept locked in accordance with the legal retention periods and limitation periods for the liabilities arising from the processing indicated in the data protection information when providing the data;
• Our standards ensure and guarantee that the data will be processed with the appropriate level of security, including protection against unauthorised or illicit processing activity and against its loss, destruction or accidental damage, through the application of appropriate technical or organizational measures, such as pseudonymization or encryption of personal data. Likewise, we apply the appropriate measures to guarantee the permanent confidentiality, integrity, availability and resilience of the processing activity systems and services;
• When your data are processed outside the EEA, our aim is to ensure that the level of protection guaranteed by the GDPR is not undermined. To this end, we shall adopt the appropriate guarantees provided for in the European Data Protection Regulation;
• Our staff has been specifically trained on data protection matters and periodically updated as part of our mandatory training programs.

This section explains the rights that you have in relation to the personal data that we hold about you.

You have certain rights in relation to the personal data that we hold about you, which are designed to give you more choice and control over your personal data. These rights are explained below:

• The right to be informed – You have the right to obtain clear, transparent, and easily understandable information about how we use your personal data and your rights. That is why we provide you with information on this Policy.
• The right to access – You can request a copy of the data we hold about you and related information.
• The right to rectification – You are entitled to rectify your personal data if it is incorrect or outdated, and/or to complete it if it is incomplete.
• The right to request erasure of personal data/right to be forgotten – Please note that this is not an absolute right as we may have legal or legitimate grounds for withholding your personal data.
• The right, at any time, to withdraw the processing of data, based on the consent – You may withdraw from our data process when such processing is based on your consent. Withdrawal of consent does not affect the legality on consent prior to its withdrawal.
• The right to data portability – You have the right to receive a copy of your personal data in a structured and machine-readable format and, where possible, have this sent to another organisation. This applies only to data you have provided, where the processing is based on your consent, or in contract and the processing is carried out by automated means.
• The right to request a restriction on the processing – You can request that we restrict our use of your data to storage only, that we stop using it for all other purposes or that we retain data that was due for deletion.

Automated decision making
We do not envisage that any decisions that will have a legal or other significant effect on you will be taken about you using purely automated means, however we will update this policy if this position changes and notify you of those changes.

Exercising your rights
You can exercise any of these rights by using the contact details below.

Lodging a complaint with a regulator
You also have the right to lodge a complaint with a data protection regulator in Europe, in particular in a country you work or live, where your legal rights have been infringed or where your personal information has or is being used in a way that you believe does not comply with data. The contact details for Comissão Nacional de Proteção de Dados are available here, which also contains details on how to make a complaint.

If you have questions about this policy, or about how we collect, store and use personal data, or you would like to exercise your rights, you can contact us:

We use “cookies” to improve your experience as you use our website. This section tells you about the cookies that we use, what they do and your choices when it comes to cookies.

Cookies are small software tags that are stored in your computer in the browser, retaining information related to your preferences, which does not include personal data.

Cookies help determine the usefulness, relevance and number of accesses to a website, besides giving users’ a faster and more efficient browsing experience, by reducing the need to repeatedly insert the same information.

There are two groups of cookies we use:

• Permanent cookies – are stored in the device’s browser (PC, mobile phones and tablets) and are used whenever one visits our website. They are generally used to adjust navigation to the users’ interests, allowing us to offer a more personalized service.
• Session cookies – are temporary cookies that remain in the browser’s cookies archive until you leave the website. The information obtained by these cookies is used to analyse web navigation patterns, allowing us to identify problems and offer a better browsing experience.

• Strictly necessary cookies – They allow users to browse the website and use its apps, as well as to access secure areas. Without these cookies, some services requested by a user may not be offered.
• Analytical cookies – Are used anonymously to gather and analyse statistics in order to improve the website.
• Functionality cookies – Save user’s preferences regarding the use of the website, so that it doesn’t have to be reconfigured in each visit.
• Third-Party Cookies – Measure the success of applications and the efficiency of third-parties’ advertisement. They may also be used to personalize a widget with users’ data.
• Advertising cookies – They direct advertising according to the interests of each user, in order to direct the advertising to take into account the users taste and also limit the number of times a user sees an ad, helping to measure the ads’ efficiency and the success of the websites’ organization.

Every browser allows users to accept, refuse or delete cookies. You can configure cookies in the “Options” or “Preferences” menu of your browser.

You can also choose how web browser cookies are handled by your device via your browser settings. If you choose not to receive cookies at any time, websites may not function properly, and certain services will not be provided. Each browser and device is different, so use the following links to find information on how to manage cookie settings on certain browsers via the following links:

• Cookie settings in Chrome
• Cookie settings in Firefox
• Cookie settings in Internet Explorer
• Cookie settings in Safari

This policy was last updated on the date that appears at the beginning of the policy. While we reserve the right to change this policy at any time, if any material changes are made, we will provide notice to you via email or any other appropriate means to give you the opportunity to review the changes before they become effective.