- Security Policy and the translation company's responsibilities
- AP | PORTUGAL - Training Center's legal framework
- Legal notice
- Existing Technical and Organisational Measures (TOM)
AP | PORTUGAL - Training Center ("we" or "our") recognises the importance of privacy. This Data Protection Policy is a document that outlines the way we collect, use and reveal all of the information we receive from the individuals who use our websites ("sites"), as well as, the existing programs available in the sites ("Courses").
This policy serves not only to comply with the European GDPR regulations but also as proof of said compliance on our part.
By visiting our sites, or taking part in one of our offered courses, you will be authorising the usage of your data as described in this Data Protection Policy. The use of our site or of our courses by you, as well as any litigation relating to privacy, is bound to the terms of this Data Protection Policy.
1.1 - AP | PORTUGAL - Linguistic Services is a translation company specialised in technological and linguistic services that works on a national and international level. We have translation agencies in Lisbon and in Porto. Since it was established, in 1998, this institution's goal is to provide high-quality translation and interpretation services, maintained through strong trust-based relationships. Nowadays, we provide services in the areas of translation, interpretation, transcription and subtitling for various types of companies as well as any individual clients that request our linguistic services. We are members of both the Portuguese and International Translators and Translation Companies Associations.
From 2020 onwards, we will develop a training platform, AP | Portugal Training Center, which is what this Data Protection Policy relates to.
1.2 - Taking into consideration the current legal obligations and consequences in the event sensitive personal data is violated, we are greatly motivated to abide by the Data Protection Policy.
1.4 - Through this Data Protection Policy we will tell you how we handle and store your personal data whether they are provided by yourself or by a third party. We will also provide insight on the reasons why we handle your personal data and the statutory regulations it follows.
2. Safety and Responsibility Policy at AP | PORTUGAL - Training Center
2.1 - All handling of personal data (non-professional and relating to singular individuals) must be done so, with its holders explicit and prior authorisation.
2.2 - Regarding personal data, we are allowed to handle:
a) Data Usage (data relating to your use of our website and courses), this may include, namely, IP address, geographical location, type and version of browser used, operating system, font reference, length of visit, page and website visits, navigational routes, as well as information regarding the moment, frequency and pattern of its use. The statutory regulation in place allows our legitimate interest in monitoring and improving our website and courses. Consent for this to be done is given upon your acceptance of this Data Protection Policy.
b) Account data (your account data) may include, your name, email address, and account source. The statutory regulation in place allows our interest in the functionality of our website, the course offers and respective security measures, along with the maintenance of our backup database and our line of communication with you. Consent for this to be done is given upon your acceptance of this Data Protection Policy.
c) Profile data (information on your personal profile) may include your name, address, phone number, email address, pictures, gender, date of birth, marital status, hobbies and interests, details relating to education and profession, generally found in CVs. The statutory regulation in place allows us to monitor your use of our website and the courses within it. Consent for this to be done is given upon your acceptance of this Data Protection Policy.
d) Survey data (information enclosed in any survey regarding our goods and/or courses that you submit to us). The statutory regulation in place allows our interest to offer, study, publicise and provide you with relevant goods and/or courses, or simply, redefine AP | PORTUGAL - Training Center's strategies if necessary. Consent for this to be done is given upon your acceptance of this Data Protection Policy.
e) Transaction data (information relating to transactions, including the acquisition of goods and/or courses you are involved in and/or through our website or email) may include your contact data, banking and transactional details. The statutory regulation in place allows our interest in providing you with your acquired goods and/or courses and keep a record of these transactions under the terms and our legal obligations to the Portuguese legislation. Consent for this to be done is given upon your acceptance of this Data Protection Policy.
f) Please do not provide any other personal data unless we request it from you.
2.3 - All of AP | PORTUGAL - Training Center's internal staff are required and bound to the company's Protection of Personal Data Policy devised under the terms of GDPR (Regulation EU 2016/679 of 27 April 2016). Therefore, all handling of personal data that they have to perform is only possible under a professional context and exclusively for professional purposes, properly embedded in their expected framework at AP | PORTUGAL - Training Center.
2.4 - All of AP | PORTUGAL - Training Center's internal staff are required to abide by and bound to the company's Protection of Personal Data Policy devised under the terms of GDPR (Regulation EU 2016/679 of 27 April 2016), this also applied to its management policy and the use of email.
2.5 - AP | PORTUGAL - Training Center has a team in charge of Data Protection, led by a Data Protection Officer. It also has a team dedicated to privacy measures that will perform continuous assessments to the need to take additional privacy steps in accordance with new demands.
3. AP | PORTUGAL - Training Center's legal framework
3.1 - All of AP | PORTUGAL - Training Center's partners through which the company works, particularly in regard to its internal and external communication system, reception, storage and use of data, work tools that supply formative courses, consist of namely and to mention only a few main ones:
They are also bound to GDPR through its Protection of Personal Data Policies.
3.2 - AP | PORTUGAL - Training Center devised a DPA, in an effort to safeguard the privacy and protection of personal data it handles. This was created to attend the company's need to transfer that same protected data to some of its external service providers, during the course of its activity.
3.3 - Regarding the aforementioned in 3.2, and also under the protection of the Data Protection Agreement (DPA), we are allowed to handle:
a) Personal data set forth in 2.2, for our suppliers and subcontractors in terms of what is reasonably necessary for the commercial purposes of AP | Portugal Training Center namely its training courses.
b) Commercial transactions related to AP | PORTUGAL - Training Center's commercial object, are left to the responsibility of service providers in the payment industry and/or to external accounting. AP | PORTUGAL - Training Center will only share information with service providers dealing with payments and/or external accounting when strictly necessary. The only information shared will mainly be related to payment processing, refund and responses to complaints or questions relating to the stated payments and refunds. More information on service providers in the payment industry and their proceedings can be given by contacting our Personal Data Protection Officer (DPO) and enquiring about the Personal Data Protection Policies.
c) In addition to the protection awarded to personal data specified in this point (3.3), AP | PORTUGAL - Training Center is allowed to use your data when necessary to comply with its legal obligations, or when doing so is to protect your integral interests or those of another individual. AP | PORTUGAL - Training Center may also have to disclose your personal data when required for the enforcement, exercise or defence against legal claims, be it in the wake of judicial or administrative cases or of extra-judicial proceedings.
3.4 - AP | PORTUGAL is a company that provides linguistic services and training certified by the ISO 1700:2015 international standard. It is also in compliance with the standard's framework of legal regulations and requirements by having all its products and related content referenced and traceable.
4. Legal notice
Under GDPR's regulations, and intent on obtaining a legal authorisation for the protection of its own personal data, from partners, collaborators, clients and users, AP | PORTUGAL - Training Center presents in its website, cookies and emails several legal notices.
4.1 - Website
AP | PORTUGAL - Training Center, in accordance with legal demands, provides all its users with the utmost confidentiality and privacy regarding freely given personal data when visiting this website.
By providing AP | PORTUGAL - Training Center with their personal data through any online form, the user authorises said data to be used by AP | PORTUGAL - Training Center for professional purposes and in accordance with the most recent policy's regulations regarding the protection of personal data. As this policy may suffer some changes, we advise its periodical consultation.
In accordance with the existing GDPR, any user of AP | PORTUGAL - Training Center's website is able to, at any given moment, exercise their rights to access, correct, limit, object, delete and of portability under the stipulated regulations referred to by the law and its following norms. In order to exercise those rights, the user must make their wishes known by emailing [email protected].
AP | PORTUGAL - Training Center commits to comply with its obligation to protect personal data and its duty to preserve it in a confidential manner, by adopting the necessary measures to avoid their modification, loss and unauthorised handling or access.
4.2 - Cookies
A) Cookies are small text files with distinct information that is stored in the users' hard drive when they access a website or Internet portal. These files are sent to the webserver when the users connect to the server again.
5.1 - All personal data protection led by AP | PORTUGAL - Training Center and its adjustment to GDPR's policy goes through regular and periodical inspections and must be available for external inspections when required, as these are strictly framed in GDPR's legal notices.
5.2 - All documentation handled by AP | PORTUGAL - Training Center is stored in accordance with the most recent Data Protection Policy. All documentation will be filed as either "Normal", with no need for protection, or "Classified", it requires protection.
6. Existing Technical and Organisational Measures (TOM)
6.1 - Adding to all of the previously described measures within the Personal Data Protection Policy, AP | PORTUGAL - Training Center guarantees, through its DPO, access to the legal rights granted on the GDPR, namely:
- Right of Access;
- Right to Rectification;
- Right to Restriction;
- Right to Portability;
- Right to Object;
- Right of Erasure ('right to be forgotten') of all personal data that are no longer useful after 5 years.
On behalf of any holder of any personal data handled by the company, within the stipulated 30 days after requesting the aforementioned rights, or from the moment those data are no longer necessary for the purpose in which they were retrieved.
6.2 - Appropriate technical and organisational measures were implemented and substantiated by AP | PORTUGAL - Training Center. Among all that were considered are the purpose for handling the data, the state of the technology used, implementation costs, among others, as it is described in this Data Protection Policy, namely:
a) Measures relating to the final users environmental and physical safety such as:
- Maximum authorised levels
- Instructions for the transfer of information based on the desktop and lock-screen;
- Mobile and remote work devices;
- Restrictions regarding the installation and use of the software.
b) Information backups;
c) Information transfer;
d) Protection against malware;
e) Weak spots in manual processing;
f) Encryption policies;
g) Security in communication;
h) Privacy and protection of personal information;
i) Relationships with suppliers.
AP | PORTUGAL - Training Center will schedule regular inspections and data protection evaluations, particularly on the matters of the implemented technical efficiency and organisational measures.
6.3 - Through the mediation of this policy as well as its respective internal proceedings, AP | PORTUGAL - Training Center, has established a personal data protection policy since its creation that falls in line with Article 25 of the GDPR, which equally institutes an Impact Evaluation as anticipated in GDPR, Articles 35 and 36.
6.4 - Through the mediation of this policy as well as its internal proceedings, AP | PORTUGAL - Training Center has established a system in order to notify the responsible Control Authority as well as contact the data subject if there is ever a violation of personal data, as anticipated in GDPR Articles 33 and 34, respectively.