Privacy policy

This privacy policy describes how we collect, store, use and protect your personal data and how we comply with data protection rules. The values set out in this Policy complement the principles established in the General Code of Conduct on information control and confidentiality.

The protection of privacy and personal data is a fundamental commitment of Eupago - Instituição de Pagamento, Lda., towards the data owner.

In accordance with the terms of Regulation (EU) 2016/679 of the European Parliament and Council, of the 27th of April of 2016 on Personal Data Protection, and with Law no. 58/2019, of August 8, we would like to inform you that the personal data collected on this site is the responsibility of Eupago - Instituição de Pagamento, Lda., registered at Praça Artur Santos Silva 74, 4200-534 Porto, taxpayer no. 513 212 744 and registered at the Commercial Registry of Porto. We are responsible for processing of personal data defined in the General Data Protection Regulation.

Data collection

Personal data means that all information relating to an identified or identifiable natural person, directly or indirectly, such as, but not limited to, name, civil or tax identification number, location and contact details, or other elements specific to his or her physical, physiological, genetic, mental, economic/financial, cultural or social identity.

Purpose of personal data collection

Eupago collects and processes personal data for the following purposes:

• Sending commercial requests about Eupagos services;
• Sending notifications, alerts and other information necessary for the activity;
• For the execution of a contract or pre-contractual procedures, as well as for the execution of the resulting payment transactions;
• For compliance with a legal obligation to which the controller is subject;
• Prevention, investigation and detection of frauds;
• Statistical and marketing purposes, in particular for the promotion of new financial products and services, except where data subjects oppose the processing of such data for such purposes.

Owner data safety

Eupago is committed to guarantee the security of the information it holds as well as all resources associated to it, whether they are procedural, technological or human. Information protection is crucial for the strategic success of the organization and for business sustainability.

For this purpose, Eupago has adopted several security methods, technical and organizational, in order to protect personal data against destruction, loss, alteration, unauthorized divulgation or access or any other form of illicit treatment, including data encryption.

The management of information security and the systems that support it is carried out ensuring, through an approach based on risk management and continuous improvement, the confidentiality, integrity and availability of information. Protecting these three pillars of information security ensures the image, reputation and credibility of the organization and its production processes with employees, partners and customers.

Data conservation

EuPago only keeps and processes your personal data for the period necessary or mandatory to accomplish the purposes of the treatment, applying information retention criteria appropriate to each treatment and in line with the applicable legal and regulatory obligations.

In this way, personal data may be retained for different periods depending on its legal relevance or the duration of the contractual relationship.

Newsletter

Any visitor to the Eupago site can subscribe the newsletter. Cancellation and alteration of data relating to the sending and receipt of the newsletter are the subscribers responsibility. All newsletters can be sent to friends or known persons of the subscriber. Subscriptions can be cancelled, and the subscriber should contact Eupago for this purpose.

Defining profiles and automated decisions

Eupago proceeds to the definition of profiles by legal imposition and in the context of the regulatory framework applicable to the financial activity, where we highlight the obligations under the prevention of money laundering, terrorism financing and fraud. The profile definition in these contexts happens in the context of the execution or performance of the contract with the client or based on legal procedures.

Additionally, Eupago will be able to proceed to the definition of profiles for statistical and advertising purposes, namely to inform about products and services available. In this context, the data subject may, at any time, exercise his or her rights, including:

• Request for explanations about the terms and conditions according to which the profile is created;
• Question the decisions that will be made based on automated decisions;
• Request a human intervention (non-automated).

For any questions or to exercise their rights, the data subject may contact the Data Protection Officer.

Communication of personal data to other entities

Eupago processes your data entirely within the territory of the European Economic Area (EEA) and has no plans for any international transfer of data.

The Institution does not share personal data with any entity, ensuring data confidentiality and compliance with the Privacy Policy implemented in accordance with applicable legal requirements.

However, exceptionally, in compliance with legal obligations and/or judicial orders, under the legal duties of collaboration, Eupago may transmit the personal data of customers to public institutions and authorities.

What are your rights and how can you claim them?

In the terms of the legislation in force, the data subject is entitled to the following rights:

• Right to access;
• Right of rectification;
• Right to delete your data;
• Right to treatment limitation;
• Right to Portability;
• Right of opposition;
• Right to not be subject to uniquely automated individual decisions;
• Right to withdraw your consent;
• Right to submit complains to the supervisory authority.

You can exercise these rights by contacting the Data Protection Officer mentioned below.

We will respond within a maximum of 30 days from the time we receive your request.

The data owner has the right to receive a copy of his or her personal information in our possession.

The company has the right to charge a small tax (15€) for the administrative and processing costs of any order placed.

Data Protection Officer

Eupago has a Data Protection Officer (DPO) who assumes the following functions:

• Controls the compliance of data processing with applicable standards;
• Clarifies questions regarding data handling by the institution;
• Cooperates with the National Commission for Data Protection;
• Provides information and advice to the Institution or its subcontractors on privacy and data protection.

For any questions about the Privacy Policy or the exercise of your rights, the Data Protection Officer should be contacted through the following channels:

• Paulo Ramalho
• Phone number: +351 22 206 15 97
• E-mail: [email protected]
• Written communication: Praça Artur Santos Silva 74, 4200 - 534 Porto

Privacy policy consent

Eupago is governed by a policy of monitoring and continuous improvement of its policies and procedures. In this way, the information contained in this Policy is submitted to an update at any time. If changes are substantial, users will be notified via e-mail and/or telephone.