Privacy Policy & Terms and Conditions
I. GENERAL PART
1.1. Collection and processing of customer data
Protecting the privacy and personal data is a fundamental commitment of A2P Estudos e Projectos, Lda. (hereinafter referred to as A2P) of its Customers.
This Privacy Policy sets the collection, processing, or transmission of personal data provided by A2P’s Customers and website users, as well as the exercise of their rights in respect of this personal data, in accordance with the General Data Protection Regulation.
The use of this website is governed by the following terms and conditions, which the user agrees to fully respect. The user should not use this website if you do not agree with these terms and conditions.
By using our website and platforms, you agree to this Privacy Policy.
1.2. Data controller and data protection officer
The entity responsible for the collection and processing of your personal data will be A2P, which provides engineering and architecture studies and projects services, and within this scope, decides which data are collected, the means of processing, and the purposes for which the data are used.
A2P also has a Data Protection Officer (DPO), who (i) monitors the compliance of data processing with applicable regulations, (ii) serves as a point of contact with the Customer for clarification of questions regarding the processing of their data, and (iii) cooperates with the supervisory authority.
1.3. Personal data, data subjects, and categories of personal data
Personal Data refers to any information relating to an identified or identifiable living individual (data subject) of any kind and in any form and medium.
The personal data collected and processed by A2P are mainly intended for responding to information and contact requests, but with your explicit consent, they may also be used for evaluation surveys and legally required information actions.
The personal data collected are limited to Name, Email, and Telephone / Mobile Number.
Additionally, when email submissions are made, statistical data is collected to understand the behavior of each subscriber regarding the received email.
1.4. Subcontracted entities
In the context of Customer Data processing, A2P may use or may resort to third-party entities, subcontracted by it, to, on its behalf, and in accordance with the instructions given by it, carry out the processing of Customer Data, in accordance with the law and this Privacy Policy.
However, these subcontracted entities may not transmit Customer Data to other entities without prior written authorization from A2P, nor are they allowed to subcontract other entities without prior authorization from A2P.
A2P undertakes to subcontract only entities that offer maximum security in the execution of adequate technical and organizational measures, to ensure the defense of Customer rights. All subcontracted entities are bound before A2P through a written agreement regulating, namely, the object and duration of the processing, the nature and purpose of the processing, the type of personal data, the categories of data subjects, and the rights and obligations of the parties.
2. General principles applicable to the processing of customer data
A2P undertakes to ensure that Customer and/or Website User data processed are:
i) Subject to processing in accordance with the law, and a fair and transparent relationship with the Customer;
ii) Collected for specified, explicit, and legitimate purposes, and are not processed in a manner incompatible with those purposes;
iii) Adequate and limited to what is necessary for the purposes for which they are processed;
iv) Accurate and up-to-date whenever necessary, and all necessary measures are taken to ensure that inaccurate data, considering the purposes for which they are processed, are erased or rectified without delay;
v) Kept in a form which permits identification of the Customer and/or Website User only for the period necessary for the purposes for which the data are processed;
vi) Processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
The processing of data carried out by A2P is permitted and lawful when at least one of the following situations occurs:
- The Customer and/or Website User has freely, specifically, informed, and explicitly given their consent to the processing of their personal data for one or more specific purposes;
- The processing is necessary for the performance of a contract to which the Customer is a party, or for pre-contractual procedures at the Customer’s request;
- The processing is necessary for compliance with a legal obligation to which A2P is subject;
- The processing is necessary for the purposes of the legitimate interests pursued by A2P or by third parties (except where such interests or fundamental rights and freedoms of the Customer requiring the protection of personal data prevail).
A2P undertakes to ensure that the processing of personal data is only carried out under the above conditions and in compliance with the principles mentioned above.
When the processing of Personal Data is based on Customer Consent, the Customer has the right to withdraw their consent at any time. However, the withdrawal of consent shall not affect the lawfulness of the processing carried out by A2P based on the previously given consent.
The period during which data are stored and retained varies according to the purpose for which the information is processed.
Indeed, there are legal requirements that require data to be retained for a minimum period of time. Thus, whenever there is no specific legal obligation, the data will be stored and retained only for the minimum period necessary for the purposes that motivated their collection or subsequent processing, at the end of which they will be deleted.
3. Use and purposes of customer data processing
In general terms, A2P uses Personal Data for the following purposes:
- Provision of engineering and architecture studies and projects services;
- Management of contacts with the Customer and/or Website User;
- Billing and collection from the Customer;
- Customer and User registration on the Website;
4. Technical, organizational, and security measures implemented
To ensure the security of Customer and Website User Data and maximum confidentiality, A2P treats information as strictly confidential, undertaking to apply the necessary technical and organizational measures to protect Personal Data and comply with legal requirements.
A2P also undertakes to ensure that only data necessary for each specific purpose of processing are processed.
Communication between the Customer’s device and the A2P Site is carried out through secure channels and communications using the HTTPS protocol and the SSL security standard.
We caution that the links on this website may lead to other websites. We do not take responsibility, approve, or in any way support or endorse the content of these websites, nor the websites linked to them or referred to in them.
II. CUSTOMER RIGHTS (DATA SUBJECTS)
5. Right to information, access, rectification, erasure, and portability of personal data
As data subjects, Customers and Users of this Website are guaranteed, at any time, the right to information, the right of access, rectification, updating, limitation, and erasure of their personal data.
You also have the right to object to their use for commercial purposes and to withdraw consent, without affecting the lawfulness of processing based on consent before its withdrawal, as well as the right to data portability.
You may request any of the above actions through our contact page on the website, using the most convenient and accessible means for your needs, establishing communication with us through our address, telephone, or email provided in the link: Contact us.
If you request the deletion of some or all of your personal data, some of the requested services may not be provided to you, and personal data necessary to fulfill legal obligations will be retained.
We reserve the right to request access to identifying elements of the requester to verify their identity.
6. Personal Data Breach
In case of personal data breaches, A2P will notify the National Data Protection Commission within 72 hours, also committing to communicate such breach to the Customer, the data owner in question.
III. FINAL PART
7. Changes to the privacy policy
A2P reserves the right to modify this Privacy Policy at any time, so we advise you to check it regularly.
All changes will take effect immediately upon publication on the website.
8. Applicable law and jurisdiction
The Privacy Policy, as well as the collection, processing, or transmission of Customer Data, are governed by the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, and by the applicable legislation and regulations in Portugal.
Any disputes arising from the validity, interpretation, or execution of the Privacy Policy, or related to the collection, processing, or transmission of Customer Data, must be submitted exclusively to the jurisdiction of the Judicial Courts of the District of Lisbon, without prejudice to the applicable mandatory legal provisions.
9. Final provisions
A2P is not responsible for any damages resulting from computer viruses that may infect the user’s computer or network, or other property, due to accessing our website with content transferred from it to the user’s computer or network.