Strongstep - Innovation in Software Quality, as an organization that deals with personal data on a daily basis, considers itself committed to the matters regulated and the obligations imposed by the new European legislation on data protection consisting, in particular, of Regulation (EU) 2016/679 of the Parliament and of the Council (on the protection of individuals with regard to the processing of personal data and on the free movement of such data) hereinafter referred to as RGPD. In this sense, this Personal Data Protection Policy is approved, with the purpose of strengthening the commitment and respect of the organization to the rules of privacy and protection of personal data.
- Personal Data
For the purposes of this Personal Data Policy, "Personal Data" shall mean information relating to an identified or identifiable natural person ("data subject").
Accordingly, an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, electronic identifiers, or to one or more factors specific to that natural person's physical, physiological, genetic, mental, economic, cultural or social identity.
- The data controller
The entity responsible for collecting and processing personal data is Strongstep, which in this context decides which data is collected, the means of processing, the period of conservation and the purposes for which it is used.
- Collection of personal data
Strongstep collects personal data in person, by telephone, in writing or through computer systems. The personal data collected is treated either by non-automated means (e.g. manual files), or by computer and in strict compliance with the legislation of personal data protection, being stored in specific databases created for that purpose. Under no circumstances shall the data collected be used for purposes other than those for which consent has been given by the data subject or the condition of legitimacy of the processing.
- On the lawfulness of personal data processing
The processing of personal data depends on verification of the conditions of legitimacy and on verification that the purpose of the processing is lawful, as well as on compliance with the principle of proportionality lato sensu.
Specifically, all processing of personal data at Strongstep will only occur provided that:
- It is necessary for the pursuit of legitimate interests and if the data subject has unambiguously given consent;
- It is necessary for the performance of a contract or for compliance with any legal obligation to which the controller is bound;
- It is necessary for the protection of vital interests of the data subject or of another natural person;
- It is necessary for the purposes of the legitimate interests pursued by the controller or a third party to whom the data are disclosed, provided that the interests or the rights, freedoms and guarantees of the data subject should not prevail.
- On the purposes of the processing of personal data
Information on the processing of personal data shall be provided to the data subject at the time of collection or, where the personal data have been obtained from another source, within a reasonable time, depending on the circumstances.
When collecting data, the controller provides the data subject with more detailed information about the use that will be made of the information, in particular:
a) The identity and contact details of the controller.
b) The contact details of the data protection officer.
c) The purposes for which the personal data are processed, as well as the legal grounds for processing.
d) The recipients or categories of recipients of the personal data.
e) The rights of the data subject.
f) The data retention period or the criteria used to define this period.
g) Which data you have to provide compulsorily and which are optional.
The personal data processed by Strongstep - Innovation in Software in Quality, may be legitimately transmitted to third parties when complying with purposes directly related to the legitimate functions of the holder or controller.
Where personal data can be legitimately transferred to another recipient, the data subject shall be informed prior to the communication of personal data to a third party and, where justified, may require that his/her personal data are not transferred, provided that this does not prejudice the vital and legitimate interest of one of the parties or the public interest.
Where Strongstep intends or needs to process personal data for a purpose other than that for which they have been collected, it shall provide the data subject, in advance, with information about that purpose and other necessary information. When it is not possible to inform the data subject of the origin of the personal data that Strongstep holds, due to the use of several sources, he/she shall be provided with all the information that exists about this origin.
- Term of conservation of personal data
The period for which data is stored and retained varies according to the purpose of the processing. Personal data will be kept by Strongstep for a period of 5 years from the date of collection, unless another retention period derives from applicable law.
Such data will be collected and processed by Strongstep, to:
(i) Contact request: personal data will be processed, subject to your consent, to manage the contact established and provide clarifications and information requested by the User
(ii) Newsletter sending: personal data will be processed, for the purpose of pre-contractual diligence
(iii) Information requests and registrations for training services
(iv) Audit processes
(v) Recruitment or spontaneous application processes
- User rights
Under the terms of the applicable legislation, the user may request, at any time, access to personal data concerning him/her, as well as its rectification, elimination, limitation of processing, data portability, forgetting or opposing its processing.
Under the terms of the law, the user is also guaranteed the right, by the aforementioned means, to withdraw his/her consent for the processing of data for the purposes indicated, not invalidating, however, the processing carried out until that date based on the consent previously given.
To exercise any of the above rights, the user must submit a written request to the following contact details:
• Email DPO: firstname.lastname@example.org
• Address: Rua Alfredo Allen, 465-461, 4200-135 Porto
• Phone: +351 22 030 15 85
- Why do we collect data
Depending on the nature of the interaction and only when necessary, Strongstep - Innovation in Software Quality may request some personal data, such as: name, email address/location, telephone number, ID/tax identification number, date of birth, gender, nationality, academic qualifications, professional situation and/or bank/payment details.
Strongstep collects and processes your strictly necessary data, which is only requested when related to the purpose at hand, in accordance with your consent and for legitimate purposes, such as:
- Provide an adequate and targeted response to requests for information/proposal;
- Communicate better with you, for relevant matters and only as often as necessary, according to the characterisation of your data and preferences;
- Comply with requirements of accrediting bodies, on which the validity of certificates for some of the services provided, namely training actions, depends;
- Invoice services/products, such as training actions.
- Data sharing
Strongstep will be able to communicate your personal data to third parties, guaranteeing that they process said personal data solely and exclusively for the fulfillment of the indicated purposes.
Quando aplicável, partilharemos as suas informações com:
a) Partner Entities, for the purpose of carrying out the activities included in the partnership agreement.
b) Regulatory Entities, for the purpose of verifying the compliance of the activities provided by Strongstep .
c) Public Entities
The processing of user data may be carried out by a reputable service provider, hired by Strongstep. Said service provider will exclusively process the data for the purposes established by Strongstep and in compliance with the instructions issued by it, strictly complying with the legal rules on personal data protection, information security and other applicable rules.
Strongstep uses its best efforts to protect users' personal data from unauthorized access. For this purpose, it uses security systems, rules and other procedures, in order to guarantee the protection of personal data, as well as to prevent unauthorized access to data, improper use, disclosure, loss or destruction.
It is, however, the users' responsibility to guarantee and ensure that the devices and equipment used to access the website are adequately protected against harmful software, computer viruses and worms.
- Links to third party websites
Links on this website may lead to other websites. Strongstep is not responsible for, approves or in any way supports or subscribes to the content of these websites, nor the websites linked to or referred to therein.
Strongstep is not responsible for damages resulting from viruses that may infect the user's computer or network, or other assets, by virtue of accessing the website with the transfer of its contents to the user's computer or network.
This privacy statement applies solely to information collected on the Strongstep website.
Without prejudice to any other means of administrative or judicial recourse, the user has the right to file a complaint with the competent supervisory authority under the terms of the law, if he believes that the processing of his data by Strongstep violates the legal regime in force at any given time.
- Questions and suggestions
The user may contact Strongstep about all questions related to the processing of their personal data and the exercise of their rights under applicable law and, in particular, referred to in this Policy, through the following contacts:
UPTEC – Parque de Ciência e Tecnologia da U. Porto
Rua Alfredo Allen, 455/461
Phone: + 351 220 301 585
Last update: 18/09/2020