Privacy Policy
Privacy Policy
Overview
This Privacy Policy governs the processing of personal data of users (hereinafter the “User” or “Users”) collected in the context of their interactions with ECS – Sociedade Gestora de Fundos de Capital de Risco, S.A. (hereinafter “ECS SGFCR”), as controller, including when using the website www.ecs.pt (hereinafter the “Website”), as well as information on the rights attributed to Users regarding said processing, and how to exercise them, under the terms of applicable legislation.
Providing your personal data entails your knowledge and acceptance of the terms and conditions of this Privacy Policy. This Privacy Policy must be read together with the Terms of Use and the Cookie Policy.
Purpose of personal data processing
The personal data of the Users shall be processed by ECS SGFCR for the purposes mentioned in the table below and have the legal basis explained therein.
The data shall be stored by ECS SGFCR for as long as strictly necessary for the aforementioned purposes, as per the terms or criteria also detailed in the table below.
Purpose | Legal basis | Storage period |
---|---|---|
Hiring suppliers and service providers and managing services, invoicing and payments | Processing necessary within pre-contractual measures and for the performance of the contractCompliance with legal obligations connected to the services hired | As long as the provider remains a supplier of ECS SGFCR and for as long as the credits and rights arising from services rendered remain in force |
Managing the relationship with the investors (participants of venture capital funds managed by ECS SGFCR) | Processing necessary within pre-contractual measures and for the performance of the contractCompliance with legal obligations applicable to ECS SGFCR in its relationship with investors or their representatives | As long as the participant of a venture capital fund managed by ECS SGFCR holds a participation in the venture capital fund and for the subsequent 10-year period (without prejudice to storage in the historic archive for as long as the venture capital fund maintains its legal existence) |
Compliance with the duties of collecting, storing, reporting, communicating or notifying public or private entitiesKnow Your Customer (KYC) activities/ legislation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (AML/CTF) | Compliance with legal obligations applicable to ECS SGFCR | Legal deadline applicable at each time for each legal obligation to be carried outKYC and AML/CTF activities - 7 years after the customer's identification was processed or, in the case of business relationships, after they end |
Sending of communicationsSending of newsletters, briefings and other updates | Data subject’s consent | For as long as your consent remains valid |
Event organization and management | Data subject’s consent | For as long as required to organize the event and send any subsequent relevant communications |
Management of registrations and communications sent to event participants | ECS SGFCR’s legitimate interest in organizing and promoting its events | For as long as required to organize the event and send any subsequent relevant communications |
Internal and external promotion of organized events | Data subject’s consent | For as long as required to promote the event, without prejudice to the data subject’s right to withdraw its consent |
Submission of recruitment applications | Pre-contractual procedures at the User's request | 1 year |
Availability of the Website and analysis of the use by the User and interaction with it | ECS SGFCR’s legitimate interest or the data subject’s consent | In accordance with our Cookie Policy |
Analysis of the Users’ interaction with the communications ECS SGFCR send the Users throughout the Website | ECS SGFCR’s legitimate interest in understanding the reach of our communications | In accordance with our Cookie Policy |
Security of people and property on ECS SGFCR's physical premises | ECS SGFCR’s legitimate interest in ensuring the safety of guests and property on its premises | 30 days |
Accounting and financial reports (accounting records and developing and releasing financial reports) | Compliance with a legal obligationLegitimate interest of controlling and managing ECS SGFCR' activity. | 10 years |
|
Personal data processing
The data of the Data Subjects are processed by ECS SGFCR in conformity with the legally applicable norms, namely:
- processed lawfully, fairly and in a transparent manner;
- collected for specified, explicit and legitimate purposes;
- accurate and, where necessary, kept up to date; every reasonable step being taken to ensure that personal data that are inaccurate or incomplete, having regard to the purposes for which they were collected or are processed, are erased or rectified;
- kept in a form which permits identification of data subjects for no longer than is strictly necessary and legally allowed in order to fulfil the purposes for which the personal data are collected or later processed.
The collected personal data of the data subjects may be entered by ECS SGFCR into automated filing systems in order to carry out activities within the scope of the purposes for which they were collected and processed, without prejudice to their storage, also, in the support documents made available and collected in the exercise of ECS SGFCR' activity, in its relationship with the data subjects or entities represented by the data subjects.
Protection of the personal data
ECS SGFCR shall implement the appropriate technical and organisational measures in order to protect the data subject's personal data against their accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access
Users are, however, responsible for ensuring that the devices and equipment used to access the Website are appropriately protected against any damaging software, viruses and worms, trojans, malwares, and other types of intrusion.
ECS SGFCR shall ensure the confidentiality of the personal data of the Data Subjects, and shall not disclose the personal data of the Data Subjects to third parties, without prejudice to the cases included in the present Policy or in other documentation supplied to the Data Subjects for this purpose.
Access to Personal Data
The Data Subjects' personal data may be disclosed to companies of the ECS SGFCR’s Group if it is strictly necessary in order to comply with the processing purposes duly described above, which justified the data in question being collected from the Data Subjects or provided by them to ECS SGFCR; the data may, when necessary, be processed by entities hired by ECS SGFCR, also within the scope and to satisfy the abovementioned purposes. Also, to fulfil these purposes, and to comply with a legal obligation, the personal data may be transmitted to judiciary, administrative, supervisory or regulatory authorities.
Except whenever expressly indicated, ECS SGFCR shall not transfer data to countries located outside of the European Economic Area.
Cookies
The Website uses Cookies. Cookies are small text files that a website installs on the User's computer/device through which they browse when they access it (hereinafter "Cookies"). Cookies allow the Website to remember the User's browsing actions and preferences for a certain period of time and are therefore used by ECS SGFCR to process and manage the User's requests in the most efficient way, as well as to develop and improve the services and operation of this Website.
ECS SGFCR will obtain, from the User and whenever legally necessary, their consent to the use of Cookies and information storage and access mechanisms, under the terms required by law.
For more information, read our Cookie Policy.
Rights of the Individual (data subject)
Under the terms of applicable legislation, the data subject has the right to access to, update, rectification or erasure of their personal data, at all times, as well as the right to data portability, restriction of processing and to object to processing.
If consent is legally required for the processing of personal data, the User, data subject, has the right to withdraw consent at any time, although this right does not compromise the legality of the processing carried out on the basis of the consent previously given or the subsequent processing of the same data based on another legal basis, such as the fulfilment of legal obligations to which ECS SGFCR is subject.
ECS SGFCR emphasises that the exercise of the above rights may be limited due to the existence of third-party rights and freedoms, legal or confidentiality obligations as well as the prevailing legitimate rights of ECS SGFCR or a third party.
Users can contact ECS SGFCR with any queries regarding the processing of their personal data and the exercise of their rights under the applicable legislation, as detailed in this Policy, through the following contacts:
Address: Avenida da República, 23, 1050 185 Lisboa;
Telephone: +351 213 802 500
E-mail: ecs.rgpd.geral@ecs.pt
Governing Law
In the event of an infringement of applicable legislation on the protection of personal data, the Data Subject has the right to lodge a complaint with the Portuguese supervisory authority, the Portuguese data protection authority (Comissão Nacional de Proteção de Dados), without prejudice to any other form of administrative or judicial appeal in the Portuguese territory.
Amendments to the Privacy Policy
The present Policy may be subject to updates, for which reason ECS SGFCR advises the User to regularly consult this policy, that may be consulted, at any time, at www.ecs.pt.
ECS SGFCR reserves the right to make changes and amendments to the Privacy Policy at any time and without prior notice by making the new Privacy Policy available on the Website. Access to and use of the Website following the publication of any modifications or amendments shall constitute acceptance by the User of the new Privacy Policy, as indicated above.
Last updated
27 September 2023