Strongstep – Innovation in Software Quality, as an organisation that deals on a daily basis with personal data, is considered to be committed to the regulated matters and obligations imposed by the new European legislation on data protection constituted, namely by Regulation (EU) 2016/679 of the Parliament and of the Council (on the protection of individuals with regard to the processing of personal data and on the free movement of such data) hereafter referred to as the RGPD.

To this end, the present Personal Data Protection Policy is approved, with the aim of strengthening the organisation’s commitment to and respect for privacy and personal data protection rules.


This Personal Data Protection Policy applies exclusively to the processing of personal data by Strongstep – Innovation in Software Quality.

This Privacy Policy regulates the treatment of personal data of users (hereinafter “user” or “users”), collected in connection with the use of the website, by Strongstep, as the entity responsible for the treatment of personal data.

The provision of your personal data implies knowledge and acceptance of the conditions contained in this Privacy Policy.

This Privacy Policy is supplemented by the Terms and Conditions of Use.

You will find detailed information regarding Strongstep’s Privacy Policy and Cookie Policy at the following points:

Personal data

For the purposes of this Personal Data Policy, “personal data” means information relating to an identified or identifiable natural person (“data subject”).

Accordingly, an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier – such as a name, an identification number, location data, electronic identifiers – or to one or more elements specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The data controller

The entity responsible for the collection and processing of personal data is Strongstep, which in this context decides on the data collected, the means of processing, the storage period and the purposes for which it is used.

Collection of personal data

Strongstep collects personal data in person, by telephone, in writing or through computer systems. The personal data collected is processed either by non-automated means (e.g. manual files) or computerised and in strict compliance with personal data protection legislation and is stored in a specific database created for this purpose. Under no circumstances will the data collected be used for any purpose other than that for which the consent of the data subject has been given or the condition of legitimacy of processing.

Lawfulness of the processing of personal data

The processing of personal data is subject to verification of the legitimacy and lawfulness of the purpose of such processing and to compliance with the principle of proportionality in the broad sense.

In particular, all processing of personal data at Strongstep will only take place if it is carried out in accordance with the principle of proportionality:

– it is necessary in order to pursue legitimate interests and the data subject has given his or her unambiguous consent;

– it is necessary for the performance of a contract or the fulfilment of any legal obligation to which the controller is bound;

– is necessary for the protection of the vital interests of the data subject or of another natural person;

– it is necessary in order to pursue the legitimate interests of the controller or of a third party to whom the data are disclosed, provided that the interests or the rights, freedoms and guarantees of the data subject should not prevail.

On the purposes of processing personal data

Information on the processing of personal data shall be provided to the data subject at the time of collection or, if the personal data have been obtained from another source, within a reasonable time, depending on the circumstances.

When collecting the data, the controller shall, as controller, provide the data subject with more detailed information on the use to which the information will be put, in particular:

(a) the identity and contact details of the controller.

b) the contact details of the Data Protection Officer.

c) the purposes for which the personal data are processed and the legal basis for the processing.

d) the recipients or categories of recipients of the personal data.

e) The rights of the data subject.

f) The storage period of the data or the criteria used to define this period.

g) Which data must be supplied and which are optional.

The personal data processed by Strongstep – Innovation in Software in Quality, may be legitimately transmitted to third parties when the fulfilment of purposes directly related to the legitimate functions of the holder or the controller is verified.

Where personal data are likely to be legitimately transferred to another recipient, the data subject is informed prior to the communication of the personal data to a third party and, where justified, may require that his or her personal data not be transferred, provided that this does not harm the vital and legitimate interest of one of the parties or the public interest.

Where Strongstep has the intention or necessity to process personal data for a purpose other than that for which it was collected, it will provide the data subject with information about that purpose and other necessary information in advance. Where it is not possible to inform the data subject where the personal data held by Strongstep come from, because various sources have been used, the data subject must be provided with all the information that exists about the source.

Storage period of personal data

The period during which data are stored and retained varies according to the purpose of their processing. Personal data will be retained by Strongstep for a period of 5 years from the date of collection, unless another retention period is required by applicable law.

Such data will be collected and processed by Strongstep for:

(i) Contact request: personal data will be processed, with your consent, to manage the contact established and to provide clarifications and information requested by the User;

(ii) Sending a newsletter: personal data will be processed for the purposes of pre-contractual arrangements

(iii) Requests for information and registration for training services

(IV) Audit procedures

(V) Recruitment or spontaneous application procedures

User rights

In accordance with the applicable legislation, the user may at any time request access to personal data concerning him/her, as well as their rectification, elimination, limitation of their processing, portability of the data, forgetting or opposing their processing.

In accordance with the law, the user is also guaranteed the right to withdraw his or her consent to the processing of the data for the purposes indicated, although this shall not invalidate the processing carried out until that date on the basis of the consent previously given.

For the exercise of any of the aforementioned rights, the user must submit a written request to the following contacts:

Email DPO:

Address: Rua Alfredo Allen, 465-461, 4200-135 Porto

Telephone: +351 22 030 15 85

Why we collect the data

Depending on the nature of the interaction and only when necessary, Strongstep – Innovation in Software Quality may request some personal data, such as: name, email address/location, telephone, ID/tax number, date of birth, gender, nationality, academic qualifications, professional status and/or bank/payment details.

1. Strongstep collects and processes your data strictly necessary, which is only requested when related to the purpose in question, in accordance with your consent and for legitimate purposes such as:

– To provide an appropriate and targeted response to requests for information/proposals;

– To communicate better with you, for relevant matters and only as often as necessary, according to the characterisation of your data and your preferences;

– To comply with the requirements of the accreditation bodies, on which the validity depends certificates for some of the services provided, in particular training activities;

– Billing services/products, such as training actions.

Data sharing

Strongstep may disclose your personal data to third parties, ensuring that they process such personal data solely for the stated purposes.

Where applicable, we will share your information with:

  1. a) Partner Entities, for the purpose of carrying out the activities included in the partnership agreement.
  2. b) Regulatory Authorities, for the purpose of verifying compliance of the activities provided by Strongstep.
  3. c) Public Entities

Users’ data may be processed by a suitable service provider contracted by Strongstep. This service provider will process the data exclusively for the purposes established by Strongstep and in compliance with the instructions issued by it, strictly complying with the legal rules on personal data protection, information security and other applicable standards.


Strongstep makes its best efforts to protect the personal data of Users against unauthorised access. To this end, Strongstep uses security systems, rules and other procedures to ensure the protection of personal data as well as to prevent unauthorised access to data, improper use, disclosure, loss or destruction.

It is, however, the responsibility of Users to ensure and guarantee that the devices and equipment used to access the site are adequately protected against harmful software, computer viruses and worms.

Links to third party sites

The links on this Site may lead to other sites. Strongstep is not responsible for, endorses or in any way supports or subscribes to the content of such sites, or the sites linked to or referred from them.

Strongstep is not responsible for damages resulting from viruses that may infect your computer or network, or other property, by reason of your access to the site transferring content from the site to your computer or network.

This privacy statement applies solely to information collected on the Strongstep site.


Without prejudice to any other means of administrative or judicial redress, you have the right to lodge a complaint with the competent supervisory authority in accordance with the law if you believe that the processing of your data by Strongstep violates the legal regime in force at any time.

Questions and advice

You may contact Strongstep about all matters relating to the processing of your personal data and the exercise of your rights under applicable law and, in particular, as set out in this Policy, through the following contacts:

UPTEC – Parque de Ciência e Tecnologia da U. Porto
Rua Alfredo Allen, 455/461
4200-135 Porto
Telephone: + 351 220 301 585

Last update 24/09/2020