Privacy Notice

TO WHOM DOES THIS PRIVACY NOTICE APPLIES

This Privacy Notice applies to our processing of personal data relating to you:

(i)  As Clients, Business Partners and institutions as well as distributors, counterparties, suppliers and other third parties of ebankIT. Being companies and organizations that are legal persons, the processing of personal data is in general limited to contact details of their employees and representatives.

(ii)  As visitor of our public websites or social media profiles/pages or subscriber to our newsletter or other information from ebankIT;

(iii)  As visitor at our offices where camera surveillance is conducted in accordance with the Portuguese Privacy Act and Law on Surveillance;

(iv)  As regards candidates (internal or external) the relevant information will be provided as part of the application process according to our “Recruitment privacy notice”, available on https://www.ebankit.com/careers;

(v)  As being specifically referred to this Privacy Notice, e.g. by an agreement, contract a notice or similar.

As regards visitors of the ebankIT’s website, a ebankIT cookies policy describes how ebankIT is using, collecting, storing, and disposing of cookies when you visit and use our website, and aims to show you how we respect the privacy of all visitors to our site. This policy is available on https://www.ebankit.com/cookies.

DATA CONTROLLER AND CONTACT INFORMATION

If you have any questions about this Privacy Notice or regarding the processing of your personal data or if you wish to exercise any of your rights under applicable data protection regulation, you can contact dpo@ebankit.com.

EBANKIT OMNICHANNEL INNOVATION, S.A., with headquarters at Porto Office Park, Torre A, Av. Sidónio Pais, n.º 153, 3°, 4100-467, Porto, Portugal.

DATA SECURITY

Data security is a high priority for us. We will ensure that personal data are kept secure, both against external threats and internal threats. Although we use security measures to protect your personal information against unauthorized disclosure, misuse, or alteration, we cannot fully guarantee the security of information beyond our reasonable control.

In accordance with the law, ebankIT has taken the necessary measures to ensure that your Personal Information is protected against access or use by unauthorized third parties. ebankIT does not sell or rent to third parties any personal data sent by you.

Your personal information will generally be stored in ebankIT databases or databases maintained by our service providers.

WHEN, HOW AND FOR WHAT PURPOSES WE COLLECT YOUR DATA

LAWFULNESS OF THE PROCESSING

Each processing activity requires a legal basis. We will only collect, process, and share personal data fairly and lawfully and for specified purposes.

Typically, we process personal data when it is necessary (i) for the performance of a contract with the data subject or to fulfil a request from the data subject, or (ii) to comply with a legal or regulatory obligation.

Personal data may also be processed when it is necessary for the purposes of a legitimate interest, including such as to maintain our operational security and to manage risks. If a certain data process requires the prior consent by the data subject, we will collect such consent before carrying out the relevant processing activity. We will document in our records of processing activities the legal basis relied upon for each processing activity.

Whenever any personal data processing activity, whose the legal bases is the legitimate interest of ebankIT, an legitimate impact assessment will be carried out.

Special categories of personal data may only be processed if the data subject has given his or her explicit consent. If consent has not been given, special categories of personal data may, in principle, only be processed if it is necessary to exercise employment law rights or obligations or to justify a legal claim.

Personal information from children:

ebankIT will never knowingly collect any personal information from children under the age of 13. If we obtain actual knowledge that we have collected personal information from a child under the age of 13, that information will be immediately removed from any access. Because we do not collect such information, we have no such information to use or to disclose to third parties.

INFORMATION TO THE DATA SUBJECTS ABOUT THE PROCESSING OF PERSONAL DATA

A person whose data is to be processed, has the right to receive certain information before the processing activity is carried out. Such information shall include e.g. the identity of the data controller, the purposes of the processing and the legal basis, any recipients of the personal data and intentions to transfer the data outside EU/EEA, as also the data subject rights, and a data retention period.

We process personal data according to the following purposes and legal basis:

For our business purposes and legal obligations:

ebankIT uses Clients / Partners personal data to give support, including to answer inquiries. This usually requires certain personal information (for ex., to process demo request, technical issues, doubts/complains on products, customer support and inquiries, to analyze and process your application to join our partner network, etc.).

ebankIT also process personal data for business purposes, such as data analysis, audits, fraud monitoring and prevention, enhancing, improving or modifying our services to the needs of our clients, identifying usage trends, and any legal, regulatory, tax, accounting or reporting requirements

Lawful purposes for this processing:

-  Compliance with contractual obligations arising for the performance of a contract;

-  ebankIT's legitimate interests;

-  Legal obligations;

-  Data subjects’ consent.

Marketing, and other promotions.

With the client’s consent (when needed), ebankIT uses Client / Partners Personal Data to give information on ebankIT services, or to proceed with marketing communications or campaigns and promotions. This can be done through e-mail, ads, SMS, calls and postal correspondence, to the extent permitted by applicable legislation.

Some ebankIT promotions and campaigns are conducted on third party’s websites and/or social networks. This use of client Personal Data is voluntary, which means that the client may object or withdraw his consent every time he wishes to.

Lawful purposes for this processing:

-  Data subjects’ consent;

-  ebankIT's legitimate interests.

For managing ebankIT website and social network services

ebankIT uses the Clients / Partners and Visitors Personal Data when he interacts with ebankIT website, for the website’s operations and/or management and with third-party social networking tools, such as the "Like" functions, to serve the client with ads and interact with him through third-party social networks. You can see more about how these tools work, what customer profile data ebankIT obtains, and choose to deny consent by reviewing the privacy policies of relevant social networks.

ebankIT’s website may contain links to other websites and incorporate content and services from other providers (e.g. YouTube, Facebook, Google, Twitter) who may use cookies and active components. ebankIT has no influence over how your data is processed on these websites or their compliance with provisions on data protection. Please note any data protection information they provide and that the option provided by ebankIT to configure settings for cookies on our cookies policy has no effect on cookies and active components from other providers (e.g. YouTube, Facebook, Google, Twitter). Please refer to the respective provider’s websites for information about how your data is handled. ebankIT assumes no responsibility for the processing of this kind of personal data by third parties.

ebankIT does not license or sell any personal information to third-party companies for its own marketing purposes, except in situations where the customer has given consent. The identity of these third parties will be disclosed at the time the client's authorization is requested.

Lawful purposes for this processing:

-  Data subjects’ consent;

-  ebankIT's legitimate interests.

For our Academy and Training purposes:

ebankIT also process personal data for managing our Academy training programs, according to our contractual obligations with our Clients, Partners and other third parties.

Lawful purposes for this processing:

-  To perform of a contract;

-  ebankIT legitimate interests;

-  When we need to comply with a legal obligation.

STORAGE LIMITATION

(i)  the provision of the ebankIT services,

(ii)  compliance with the legal obligations to which ebankIT is obliged,

(iii)  the pursuit of the purposes of collection or treatment of the operations identified above,

(iv)  allow the exercise of the rights of Data subjects’ and the fulfilment of the corresponding obligations.

After this period, personal data will be deleted.We maintain retention policies to ensure that Data subjects are informed of the period for which data is stored and/or how that period is determined.

DATA TRANSFERS WITHIN OUR ORGANIZATION AND /OR OUTSIDE OF THE EU/EEA

When personal data collected by ebankIT is processed by its employees or by suppliers and other partners, ebankIT engages all stakeholders through a “Commitment term” with its privacy policies.

When personal data is processed by a data processor on behalf of a data controller, a written data processing agreement (DPA) needs to be concluded between the data controller and data processor. When we act as a data controller, we shall ensure that DPAs are entered into with data that will process personal data on our behalf.

Furthermore, personal data may not be transferred from the EU to countries outside of the EU/EEA, unless an available derogation is applicable to such transfer. Before transferring any personal data outside of the EU/EEA, we shall ensure that at least one of the derogations are applicable, e.g. by ensuring that the standard contractual clauses issued by the EU Commission are entered into with the entity receiving the personal data.

WHEN WE ACT AS DATA PROCESSOR

When we process personal data on behalf of another entity, e.g. acts as a data processor, we will:

-  Only act on the controller’s documented instructions.

-  Impose confidentiality obligations on all personnel who process the relevant data.

-  Ensure the security of the personal data that ebankIT process.

-  Follow the rules regarding appointment of sub-processors.

-  Implement measures to assist the controller in complying with the rights of data subjects.

-  At the controller’s request, either return or destroy the personal data at the end of the relationship.

-  Provide the controller with all information necessary to demonstrate compliance with the data protection regulation.

THE RIGHTS OF THE DATA SUBJECTS

Data subjects have the following rights, as further detailed in the applicable data protection legislation:

(i)  a right to access (a record that shows, inter alia, what data is being processed about Data subject),

(ii)  rectification,

(iii)  erasure (right to be forgotten),

(iv)  restriction of processing,

(v)  portability,

(vi)  objection and

(vii)  a right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning Data subjects.

The data subject has the possibility to contact ebankIT and exercise his/her rights through dpo@ebankit.com.

Once the data subject's identity is verified, the request shall be responded to as soon as possible and at the latest within a month.

Data subjects have also the right to file a complaint with a supervisory authority if they believe that personal data has been processed in violation of data protection regulations.

Updated on 24^th January 2022