Purpose of personal data processing
The personal data of the Users shall be processed by ECS SGFCR for the purposes mentioned in the table below and have the legal basis explained therein.
The data shall be stored by ECS SGFCR for as long as strictly necessary for the aforementioned purposes, as per the terms or criteria also detailed in the table below.
|Purpose||Legal basis||Storage period|
|Hiring suppliers and service providers and managing services, invoicing and payments||Processing necessary within pre-contractual measures and for the performance of the contractCompliance with legal obligations connected to the services hired||As long as the provider remains a supplier of ECS SGFCR and for as long as the credits and rights arising from services rendered remain in force|
|Managing the relationship with the investors (participants of venture capital funds managed by ECS SGFCR)||Processing necessary within pre-contractual measures and for the performance of the contractCompliance with legal obligations applicable to ECS SGFCR in its relationship with investors or their representatives||As long as the participant of a venture capital fund managed by ECS SGFCR holds a participation in the venture capital fund and for the subsequent 10-year period (without prejudice to storage in the historic archive for as long as the venture capital fund maintains its legal existence)|
|Compliance with the duties of collecting, storing, reporting, communicating or notifying public or private entitiesKnow Your Customer (KYC) activities/ legislation on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (AML/CTF)||Compliance with legal obligations applicable to ECS SGFCR||Legal deadline applicable at each time for each legal obligation to be carried outKYC and AML/CTF activities - 7 years after the customer's identification was processed or, in the case of business relationships, after they end|
|Sending of communicationsSending of newsletters, briefings and other updates||Data subject’s consent||For as long as your consent remains valid|
|Event organization and management||Data subject’s consent||For as long as required to organize the event and send any subsequent relevant communications|
|Management of registrations and communications sent to event participants||ECS SGFCR’s legitimate interest in organizing and promoting its events||For as long as required to organize the event and send any subsequent relevant communications|
|Internal and external promotion of organized events||Data subject’s consent||For as long as required to promote the event, without prejudice to the data subject’s right to withdraw its consent|
|Submission of recruitment applications||Pre-contractual procedures at the User's request||1 year|
|Security of people and property on ECS SGFCR's physical premises||ECS SGFCR’s legitimate interest in ensuring the safety of guests and property on its premises||30 days|
|Accounting and financial reports (accounting records and developing and releasing financial reports)||Compliance with a legal obligationLegitimate interest of controlling and managing ECS SGFCR' activity.||10 years|
Personal data processing
The data of the Data Subjects are processed by ECS SGFCR in conformity with the legally applicable norms, namely:
- processed lawfully, fairly and in a transparent manner;
- collected for specified, explicit and legitimate purposes;
- accurate and, where necessary, kept up to date; every reasonable step being taken to ensure that personal data that are inaccurate or incomplete, having regard to the purposes for which they were collected or are processed, are erased or rectified;
- kept in a form which permits identification of data subjects for no longer than is strictly necessary and legally allowed in order to fulfil the purposes for which the personal data are collected or later processed.
The collected personal data of the data subjects may be entered by ECS SGFCR into automated filing systems in order to carry out activities within the scope of the purposes for which they were collected and processed, without prejudice to their storage, also, in the support documents made available and collected in the exercise of ECS SGFCR' activity, in its relationship with the data subjects or entities represented by the data subjects.
Protection of the personal data
ECS SGFCR shall implement the appropriate technical and organisational measures in order to protect the data subject's personal data against their accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access
Users are, however, responsible for ensuring that the devices and equipment used to access the Website are appropriately protected against any damaging software, viruses and worms, trojans, malwares, and other types of intrusion.
ECS SGFCR shall ensure the confidentiality of the personal data of the Data Subjects, and shall not disclose the personal data of the Data Subjects to third parties, without prejudice to the cases included in the present Policy or in other documentation supplied to the Data Subjects for this purpose.
Access to Personal Data
The Data Subjects' personal data may be disclosed to companies of the ECS SGFCR’s Group if it is strictly necessary in order to comply with the processing purposes duly described above, which justified the data in question being collected from the Data Subjects or provided by them to ECS SGFCR; the data may, when necessary, be processed by entities hired by ECS SGFCR, also within the scope and to satisfy the abovementioned purposes. Also, to fulfil these purposes, and to comply with a legal obligation, the personal data may be transmitted to judiciary, administrative, supervisory or regulatory authorities.
Except whenever expressly indicated, ECS SGFCR shall not transfer data to countries located outside of the European Economic Area.
Rights of the Individual (data subject)
Under the terms of applicable legislation, the data subject has the right to access to, update, rectification or erasure of their personal data, at all times, as well as the right to data portability, restriction of processing and to object to processing.
If consent is legally required for the processing of personal data, the User, data subject, has the right to withdraw consent at any time, although this right does not compromise the legality of the processing carried out on the basis of the consent previously given or the subsequent processing of the same data based on another legal basis, such as the fulfilment of legal obligations to which ECS SGFCR is subject.
ECS SGFCR emphasises that the exercise of the above rights may be limited due to the existence of third-party rights and freedoms, legal or confidentiality obligations as well as the prevailing legitimate rights of ECS SGFCR or a third party.
Users can contact ECS SGFCR with any queries regarding the processing of their personal data and the exercise of their rights under the applicable legislation, as detailed in this Policy, through the following contacts:
Address: Avenida da República, 23, 1050 185 Lisboa;
Telephone: +351 213 802 500
In the event of an infringement of applicable legislation on the protection of personal data, the Data Subject has the right to lodge a complaint with the Portuguese supervisory authority, the Portuguese data protection authority (Comissão Nacional de Proteção de Dados), without prejudice to any other form of administrative or judicial appeal in the Portuguese territory.
The present Policy may be subject to updates, for which reason ECS SGFCR advises the User to regularly consult this policy, that may be consulted, at any time, at www.ecs.pt.
27 September 2023