Privacy policy

Highdome is a registered trademark of Moongy, S.A., headquartered at Rua Sousa Martins, nº10, Lisbon, registered at the Commercial Registry Office of Lisbon, under registration and legal person number 507 431 073, with share capital of €300,000.00 and with registered address at Rua Sousa Martins, nº 10 1050-217 Lisbon.

In turn, Moongy, S.A. is also the owner of the registered trademark "Agap2it", which is constituted for legal purposes as the operational division that designates the group of people responsible for IT operations on behalf of the Agap2IT Legal Person where Highdome is integrated (hereinafter referred to as the name of the operational division: "Agap2IT").

2. Framing

This policy describes a set of guidelines, rules and principles that must be observed by Agap2IT to ensure the protection of the rights of data subjects.

Agap2IT undertakes to comply with this policy in accordance with the obligations of Regulation 2016/679/EU of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR").

In this sense, Agap2IT seeks to ensure that its internal procedures are in compliance with the legal obligations of the GDPR and that the personal data of its employees, customers, suppliers or service providers and any other data subjects whose personal data Agap2IT processes in the exercise of its activity, are processed in accordance with the regulatory and legal standards in force and are kept safely.

3. Data Controller

Moongy, S.A. (hereinafter referred to as Agap2IT), headquartered at Rua Sousa Martins, nº10, Lisbon, registered at the Commercial Registry Office of Lisbon, under registration and legal person number 507 431 073, is the entity responsible for the processing of personal data, committing to apply the necessary technical and organizational measures, taking into account all aspects that may influence compliance with the General Data Protection Regulation (hereinafter referred to as " GDPR"), to safeguard the Fundamental Rights of Data Subjects. To this end, Agap2IT has several technological measures ("privacy-enhancing technologies") which we constantly seek to update, having employees specially assigned for this purpose, demonstrating our concern and commitment to the Data Subject. In addition, we keep a record of the nature, scope, context and purposes of the processing of the data collected, which allows us to ensure and prove that the processing is carried out in such a way as to guarantee the full Protection of Data Subjects as a commitment that attests to our responsibility.

Contacts:

• Postal address: Rua Sousa Martins, nº10, Lisboa, 1050 - 218 Lisboa

• Telephone contact: 21 313 7680

• Email: gdpr@agap2.pt

4. Application and scope

This Privacy Policy also applies to the respective employees, subcontractors, co-controllers, suppliers, customers, users of this website.

For the purposes of this Privacy Policy, each company holding its own taxpayer belonging to the MoOngy Business Group has its own Privacy Policy, independent and autonomous, therefore, for the purposes of Processing Responsibility, each Company (and its assets) belonging to this Business Group have its independence, and none of these entities are responsible for the acts or omissions of the other entities of the group with regard to Data Protection.

5. Global Projects Department

Among other responsibilities, this department, which is aware of and always involved, in an appropriate and timely manner, in all matters related to the protection of personal data, must always take into account the risks associated with the processing operations, such as their nature, scope, context and purposes. It must also ensure compliance with all processes established in order to preserve the confidentiality of data.

With regard to requesting the rights of data subjects, reporting personal data breaches and other communications related to the GDPR, this is the point of contact.

Contacts:

• Global Projects Department: gdpr@agap2.pt

6. Your Personal Data

6.1. WHAT IS PERSONAL DATA?

Personal Data is information relating to an identified or identifiable natural person (Data Subject), excluding data relating to legal persons. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, etc.

Any specific element of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

6.2. WHAT DATA DO WE NEED TO COLLECT?

The personal data collected are strictly necessary and are limited to the purposes for which they are intended, which are determined, explicit, legitimate and kept for the strict period in which they may be necessary for their purpose. Personal data must be processed lawfully, fairly and transparently in relation to the data subject.

For the fulfillment of the business activity and as responsible for the collection, Agap2IT needs to collect and process the following data:

Data Category Information to Collect

Platform Data Email; Name; Name (or email) of the person who referred you;

Privacy Note: The Application only stores the email in a database. No information regarding the location of the data subject will be retained.

6.3. WHAT IS THE PURPOSE OF THE PROCESSING?

Data Category Purpose of Processing

Platform Data They are used to:

• Management of Information provided by the user on the Platform

• To ensure the operations determined by the Purpose of the Platform

6.4. WHAT IS THE LEGAL PURPOSE OF THE PROCESSING?

The Purposes of personal data processing are determined by the execution of the various types of formalized legal contracts that become necessary to continue the entire activity of the company, among them we state:

1) the execution of the service contracts we have with our clients;

2) employment contracts we have with our employees;

3) management of internal processes of customers and employees;

4) accounting, tax and administrative management;

5) litigation management;

6) control of physical security and compliance with legal obligations.

Under the terms of the GDPR, we are duly legitimized by the following grounds of lawfulness of processing:

1 – Execution of contracts or pre-contractual steps – The processing is necessary for the conclusion, execution and management of contracts to which the data subject is a party, or at the request of the data subject himself.

2 – Compliance with a Legal Obligation – For the fulfillment of a legal obligation to which the company is subject. For example, communication of tax data.

3 – Pursuit of a legitimate interest, such as providing an improved experience. Agap2IT carries out a duly registered weighting test that allows the legitimacy of the processing to be safeguarded.

4 – Consent – Whenever the legal grounds listed above are not applicable, Agap2IT requests the Consent of the Data Subject. Consent is a free, specific, informed and explicit manifestation of will by means of an unequivocal (and written) statement or act in which the Data Subject authorizes the Processing.

The withdrawal/withdrawal of consent can be requested at any time by sending a simple request to the e-mail address: gdpr@agap2.pt.

The Personal Data collected by us will be processed and stored in accordance with the purposes and for the minimum period legally necessary.

7. To whom may we disclose the data?

 Agap2IT may, within the scope of its basic activities, disclose the data collected to fulfill the purposes indicated in this policy, and only the data strictly necessary for the execution of the service will be provided to the entities of the Agap2IT network, based on the fulfillment of a contractual obligation (for example, any obligation to be ensured under the ordinary terms of the service), They may also, to the extent necessary, be communicated to official entities, whenever legally required, and may be processed by entities subcontracted by the company (for example, internal and external auditors, which allow us to preserve and improve the quality of the service).

In this sense, the entire scope of this policy extends to the processing of third parties and processors, taking into account:

1) Compliance of processing with the GDPR, this privacy policy and lawful, fair and transparent processing;

2) The data collected is merely instrumental to our activity, intended to pursue a determined, specific and legitimate purpose, and there can be no subsequent processing incompatible with the determined purposes;

3) The data collected will be strictly necessary for the purpose, being adequate, relevant and necessary for the purposes and collection of processing, taking into account the principle of data minimization;

4) The data will be kept accurate and up-to-date in order to guarantee the principle of accuracy and to guarantee the integrity and confidentiality of the data;

5) Also with regard to integrity and confidentiality, there can be no illegal and unauthorized processing to prevent any loss, destruction, or damage to the data by adopting all appropriate technical and organizational measures;

6) The retention of the Data Subject's data is a concern for Agap2IT whereby the data will remain identifiable solely and exclusively for the period necessary for the purposes for which the data is processed.

 

7.1. DISCLOSURE TO LEARNWORLDS

The platform is built using LearnWorlds, a course building platform, the email data provided at the time of sign-in is communicated to LearnWorlds so that it can provide access to the course. As such, LearnWorlds is a data processor for Agap2IT. If you would like to learn more about LearnWorlds' Privacy Policy, please visit the LearnWorlds Privacy Policy.

8. How we design new products

Whenever a new product is developed, it is ensured in the design itself (as a primary aspect) that it has the most advanced technical and organizational measures at Agap2IT's disposal (taking into account the risks arising from the processing for the rights and freedoms of data, as well as the risks arising from the processing for the rights and freedoms of natural persons, being aware of the variability of probability and severity), while having the Privacy as a pillar throughout the treatment process. In this way, the application of all the Principles determined by the GDPR from the design is ensured, protecting Data Subjects and ensuring the rights of data subjects.

In short, Agap2IT is committed to implementing and having privacy present in the product development phase and throughout the processing in order to ensure data protection from the very conception of the product ("Privacy by Design").

9. How long does the data be stored?

The data will be strictly kept for: the period necessary for the purposes for which they are intended and for which they are processed within the scope of the application's activity. And as part of training for a period of 5 years.

10. Your Rights

10.1. RIGHTS OF THE DATA SUBJECT

The Holder of the personal data has the following rights, which can be exercised easily and free of charge, through the following e-mail: gdpr@agap2.pt

Only in the case of manifestly unfounded or excessive requests may a fee be charged for the exercise of these rights (pursuant to Article 15(3) GDPR).

10.2. RIGHT TO OBJECT

The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him/her.

In this case, the controller ceases to process the personal data, unless it presents compelling legitimate grounds for such processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

10.3. RIGHT OF ACCESS

The data subject has the right to question whether or not the data is being processed and, if so, the right to access his or her personal data and to be provided with the following information:

I. Purpose of the processing;

II. Categories of data to be processed;

III. Recipients to whom the data will be disclosed;

IV. envisaged retention periods or, if this is not possible, the criteria used to set such a period;

V. Existence of the right to request rectification, erasure, restriction of processing or objection to processing;

VI. security and destination measures related to the transfer of data to third countries;

VII. Right to lodge a complaint with the supervisory authority.

The data subject also has the right to obtain a copy of the personal data that is being processed.

10.4. RIGHT TO RECTIFICATION

The data subject has the right to request and obtain the rectification of inaccurate data and to request that incomplete personal data be completed without undue delay.

10.5. RIGHT TO ERASURE/TO BE FORGOTTEN

The data subject has the right to request the erasure of his or her personal data, without undue delay, whenever it is no longer necessary for the purpose for which it was collected or processed. You can also decide to withdraw your consent to the processing of your personal data whenever you want to exercise your right to object to it.

There are some exceptions to this right, such as if they are against the exercise of freedom of expression and information, if they are necessary for compliance with legal obligations, if they are necessary for reasons of public interest or public health, if they are necessary for archival reasons of public interest, scientific research, historical, for statistical purposes or the exercise or defense of rights in judicial proceedings. In these cases, the data subject should be informed of the reason why it is not possible to respond to their request.

10.6. RIGHT TO RESTRICTION OF PROCESSING

The data subject has the right to limit/restrict the processing of his/her personal data whenever one of the following situations occurs:

I. If the data is inaccurate and is disputed during the period for which it is possible to verify its accuracy;

II. If the processing is unlawful, but the data subject opposes the end of the processing and only wants the restriction of its use;

III. If the controller no longer needs the data for processing, but the data is required by the data subject for the establishment, exercise or defence of legal claims;

IV. If at any time you have objected to the respective processing and it has not ceased (i) for compelling legitimate reasons presented to the controller or (ii) for the establishment, exercise or defence of legal claims.

In the situations numbered above, you may be asked to suspend the processing or to limit the scope of the processing to certain categories of data (e.g. only the provision of full name and address) or even to specific processing purposes.

10.7. DIRECT TO NOTIFICATION

Whenever the rectification, erasure or restriction of the processing of data is requested by the respective data controller, the controller informs the data controller that it has complied with the request, unless such communication proves impossible or involves a disproportionate effort. If the data subject so requests, the controller shall provide the data controller with information about those recipients.

10.8. RIGHT TO DATA PORTABILITY

The data subject has the right to receive personal data concerning him or her in a structured, commonly used and machine-readable format without Agap2IT being able to object under the terms of Article 20 (1) of the GDPR:

I. if the processing is based on a contract;

II. the data subject has given consent;

III. the processing is carried out by automated means.

10.9. HOW CAN I EXERCISE MY RIGHTS?

To exercise any of these rights or for any questions regarding the processing of their personal data, the data subject must address a request to the data controller, through the email address gdpr@agap2.pt

Although these rights are clarified to the data subject when collecting their personal data, in case of doubts, they may contact the data controller through the e-mail gdpr@agap2.pt

11. Responsibilities

11.1. HOW DO WE PROTECT YOUR DATA?

 Agap2IT has been working to maintain and preserve personal data with a high level of security. In obedience to the principle of security, secrecy and privacy, we guarantee the processing of your data only by authorized persons, only accessing and processing your data who has the legitimacy to do so, always doing so in an absolutely confidential manner. The principle of "need-to-know" has been adopted, where employees can only have access to personal data if it is strictly necessary for the performance of their duties. Processing outside this scope is considered prohibited and subject to disciplinary sanctions, in accordance with our internal security and confidentiality policies and procedures, which are periodically updated as needed.

Depending on the nature, scope, context and purposes of the data processing, as well as the risks arising from the processing to the rights and freedoms of the data subject, we apply, both at the time of defining the means of processing and at the time of the processing itself, the technical and organisational measures necessary and appropriate for data protection.

Employees are not allowed to use personal data for private or economic purposes, transmit it to unauthorized third parties and/or otherwise allow access.

 Agap2IT also undertakes to ensure that, by default, only relevant, necessary and appropriate data for each specific purpose of the processing will be processed and that such data will not be made available without human intervention to an indeterminate number of people.

However, this is not foreseen, if personal data is transferred to countries outside the European Union, the applicable legal provisions are observed, namely regarding the determination of the adequacy of such country with regard to data protection and the requirements applicable to such transfers.

Security measures have also been defined ranging from good practices to the prevention of external threats. These are described in the security policy. If you wish to have access to it, you can request it to be sent by e-mail gdpr@agap2.pt

11.2. GLOBAL PROJECTS DEPARTMENT (DPG)

The DPG is responsible for:

I. Act on behalf of the controller in respect of all duties and obligations under the GDPR;

II. Monitor and control the compliance of processes with the GDPR and with the policies implemented in an appropriate and timely manner;

III. ensure that it has all the necessary resources to carry out its duties;

IV. Act as a point of contact for requests from data subjects regarding the processing of their personal data and the exercise of their rights;

V. Carry out a data protection impact assessment if a certain type of processing so requires.

12. Personal Data Breach

A personal data breach is considered to be any act that jeopardizes the security of the data, accidentally or unlawfully, and that causes the destruction, loss, alteration, disclosure or unauthorized access to personal data transmitted, stored or subject to any other type of processing.

We reiterate that Agap2IT has been working to maintain and preserve personal data with a high level of security, having technical staff solely with this mission in the company. However, there may always be slight deviations from the forecast. If any of our candidates, employees, clients, subcontractors, or even third parties detect or suspect a possible data breach, they should immediately send an email to gdpr@agap2.pt , indicating what happened, as well as identifying the data that may be involved. In this way, the responsible department will be able to act quickly and appropriately in accordance with the rules established in the Regulation.

In the event of a data breach and to the extent that such a breach is likely to entail a high risk to the rights and freedoms of customers, employees and other employees and/or partners, we undertake to report such breach to the National Data Protection Commission, within 72 hours of becoming aware of the incident and to the holders of personal data whenever such breach is likely to entail a high risk to your rights.

13. Revocation and management of consents

The user may, at any time, revoke or change the preferences of consents previously granted. To do this, simply access the cookie management tool.

The use of cookies can also be set in your browser preferences, namely in the privacy options. For this purpose, we recommend that you consult the help section/menu of your browser or visit the web pages of the respective provider.

14. Complaint to the supervisory authorities

Notwithstanding the existence of Agap2IT's commitment to resolve any type of situation. The Data Subject has the right to lodge a complaint with the competent authorities (CNPD) if any of the rights are denied.

From the competent authority:

National Data Protection Commission

Av. D. Carlos I, 134 - 1.º

1200-651 Lisboa / Portugal

Tel: +351 213928400 / Fax: +351 213976832 

www.cnpd.pt

15. Changes to the Privacy Policy

 Agap2IT reserves the right to change this Privacy Policy at any time, and such change will be duly published herein.

In any case, we suggest that you review this Policy regularly so that, in case of changes or updates, you can always be duly informed about them.

16. Governing Law and Jurisdiction

The privacy policy, as well as the collection, processing or transmission of data from customers, employees and partners, are governed by the provisions of Regulation (EU) 2016/679, of the European Parliament and of the Council, of 27 April 2016, and by the laws and regulations applicable in Portugal, namely Law No. 58/2019, of 8 August.

Any Disputes arising from the validity, interpretation or execution of the Privacy Policy, or that are related to the collection, processing or transmission of the Client's data, shall be submitted exclusively to the jurisdiction of the judicial courts of the District of Lisbon, without prejudice to the applicable mandatory legal rules.