PRIVACY POLICY
1. Contextualization
1.1. Responsible for Processing
The Pollux Association - Space Technologies (hereinafter, Pollux), based at Rua Larga - Department of Physics, number S/N, Coimbra, is responsible for the processing of personal data of Clients, Applicants, Trainees, Members, Partners, or others.
1.2. Personal Data
Personal Data refers to any information, of any nature and in any medium, relating to an identified or identifiable individual.
An identifiable person is one who can be identified directly or indirectly, through an identifier, such as a name, identification number, electronic identifier, or other specific elements of physical, physiological, genetic, mental, economic, cultural, or social identity that allow for the identification of that individual.
In the course of our activities and to pursue our mission and provide the best service, we collect the following personal data from Clients, Applicants, Trainees, Members, Partners, and others:
An identifiable person is one who can be identified directly or indirectly, through an identifier, such as a name, identification number, electronic identifier, or other specific elements of physical, physiological, genetic, mental, economic, cultural, or social identity that allow for the identification of that individual.
In the course of our activities and to pursue our mission and provide the best service, we collect the following personal data from Clients, Applicants, Trainees, Members, Partners, and others:
- Identification data (name, gender, ...);
- Contact data (phone number, email address, social media, ...);
- Other data that may be necessary.
2. Collection and Processing of Personal Data
The collection and processing of data have the sole purpose of providing our services, being requested either directly or by any other means. We may also access personal information indirectly through partners and official entities.
Aware of the importance of protecting privacy and the integrity of the registration and processing of personal data, with the entry into force of the General Data Protection Regulation and the National Implementation Law, Pollux has strengthened the physical and digital security of such data, in full legal compliance.
Aware of the importance of protecting privacy and the integrity of the registration and processing of personal data, with the entry into force of the General Data Protection Regulation and the National Implementation Law, Pollux has strengthened the physical and digital security of such data, in full legal compliance.
2.1. Basis and Purpose
The purposes of processing personal data are the execution of service contracts we maintain with our Clients, contracts we maintain with our Members (volunteers), management of internal processes for Clients, Applicants, Trainees, Members, Partners, and others, accounting, tax, and administrative management, management of litigation, and compliance with legal obligations.
As for the legal grounds for processing personal data, we are duly legitimized by the following:
As for the legal grounds for processing personal data, we are duly legitimized by the following:
- Consent: Whenever there is no other legal basis to process your data, we will request your explicit, free, informed, and specific consent for the determined purpose, such as when you are a recipient of institutional disclosure actions.
- Contract Execution or Pre-contractual Measures: When the processing of personal data is necessary for the conclusion, execution, and management of the contract to which you are a party or for pre-contractual procedures at the request of the data subject.
- Compliance with Legal Obligation: When the processing of personal data is necessary to comply with a legal obligation to which Pollux is subject, such as communication of data to police, judicial, tax, or regulatory authorities.
- Pursuit of Legitimate Interest: When the processing of personal data serves a legitimate interest of Pollux or third parties, such as improving service quality, detecting fraud, ensuring the security of people and property, or when the reasons for using the data should prevail over the rights of the data subjects.
The personal data we collect will be processed and stored according to the purposes and for the minimum legally required period.
2.2. Sharing of Data with Other Entities
The personal data we collect, in addition to being based on the fulfillment of legal obligations, may be communicated to official entities.
We base all our actions and extend the following obligations to Third Parties regarding the processing of personal data:
We base all our actions and extend the following obligations to Third Parties regarding the processing of personal data:
- Personal data will be processed in compliance with the lawful data processing regime, this Privacy Policy, and with the guarantee of lawful, fair, and transparent processing.
- The data collected are merely instrumental to our activity, intended to pursue a specific, legitimate purpose, and will not be processed in a way that is incompatible with these purposes.
- We respect the principle of data minimization, collecting only the data considered adequate, relevant, and necessary for the purposes of collection and processing.
- In compliance with the principle of accuracy, we will maintain the data accurate and up-to-date, whenever necessary, and will adopt and make available all necessary measures to ensure its integrity.
- We adhere to the principle of data retention, ensuring that data is kept only for the period necessary to fulfill the purposes for which the data is processed.
- We will process the data in accordance with the principle of security, protecting it from potential illegal or unauthorized processing, preventing any loss, destruction, or unforeseen damage, and adopting all necessary technical and organizational measures to ensure the security, integrity, and confidentiality of the data.
- Whenever consent is requested for data processing, we will provide the necessary information regarding the purposes of the processing and will remain faithful to these purposes.
3. Rights of the Data Subject
The data subject has the following rights, which can be exercised easily and free of charge, through the following email: dpo@polluxspace.pt.
3.1. Right to Transparency of Information, Communications, and Rules for the Exercise of Rights
Pollux must take appropriate measures to provide the data subject with all relevant information regarding the Data Controller processing their personal data, the data being processed, and their rights and how to exercise them. This information must be provided in a concise, transparent, intelligible, and easily accessible manner, using clear and simple language.
This information should be provided in writing or through other means, including, if applicable, electronic means. It may also be provided orally, if the data subject requests it, as long as the identity of the data subject can be verified through other means.
This information should be provided in writing or through other means, including, if applicable, electronic means. It may also be provided orally, if the data subject requests it, as long as the identity of the data subject can be verified through other means.
3.2. Right to Information
Right of the data subject to be informed about everything related to the processing of their data, the data controller, or the processor.
3.3. Right of Access
Right to obtain confirmation of which personal data will be processed and information about them.
Right to view or obtain a copy of the documents containing the data, such as invoices or written contracts.
Right to view or obtain a copy of the documents containing the data, such as invoices or written contracts.
3.4. Right to Rectification
Right to request the rectification of your personal data that is inaccurate or to request that incomplete personal data be completed.
3.5. Right to be Forgotten
Right to obtain the deletion of your personal data, provided there are no valid grounds for its retention, such as for compliance with a legal obligation or for the exercise of a right.
3.6. Right to Data Portability
Right to receive the data you provided in a commonly used, machine-readable digital format, if the processing is based on consent or a contract to which the data subject is a party and is carried out by automated means.
The right to portability does not include inferred or derived data, for example, personal data generated by Pollux as a consequence or result of the analysis of the data being processed.
The right to portability does not include inferred or derived data, for example, personal data generated by Pollux as a consequence or result of the analysis of the data being processed.
3.7. Right to Withdraw Consent
When the processing of data is based on consent, the data subject has the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out based on the consent previously given.
3.8. Right to Object
In cases where data processing is carried out for the legitimate interests of Pollux, or for institutional marketing purposes or the creation of profiles based on personal preferences or interests, you may, at any time, object to the processing of your personal data.
3.9. Right to Restriction of Processing
Right to request the restriction of the processing of your personal data, in the following forms:
- Suspension of processing;
- Limitation of the scope of processing to certain categories of data or processing purposes.
3.10. Right to Notification
It is the duty of Pollux to communicate to each recipient to whom the personal data has been disclosed any rectification, deletion of personal data, or restriction of processing, unless such communication proves impossible or involves a disproportionate effort, as well as if the data subject requests it.
3.11. Right to Complain
Right to lodge a complaint with the supervisory authority, the National Data Protection Commission, in addition to being able to do so directly with Pollux, if you believe that your data is not being processed lawfully.
Right not to be subject to automated decisions (including profiling) – the data subject's right not to be subject to any decision made solely based on automated processing, including profiling, which produces effects in their legal sphere or significantly affects them in a similar manner.
Right not to be subject to automated decisions (including profiling) – the data subject's right not to be subject to any decision made solely based on automated processing, including profiling, which produces effects in their legal sphere or significantly affects them in a similar manner.
4. Data Protection
4.1. How Do We Protect Your Data?
In compliance with the principles of security, confidentiality, and privacy, we ensure that your data is processed only by authorized personnel, with access and processing restricted to those with legitimate authority to do so, always in absolute confidentiality, in accordance with our internal security and confidentiality policies and procedures, which are periodically updated based on needs and the legally established terms and conditions.
Depending on the nature, scope, context, and purposes of the data processing, as well as the risks associated with processing for the rights and freedoms of the data subject, we apply the necessary and appropriate technical and organizational measures to protect the data both at the stage of defining processing methods and during the actual processing.
Pollux also commits to ensuring that, by default, only the relevant, necessary, and appropriate data for each specific processing purpose will be processed, and that such data will not be made available without human intervention to an indefinite number of people.
Although not explicitly foreseen, in the event that personal data is transferred to countries outside the European Union, the applicable legal provisions will be observed, particularly regarding the determination of the adequacy of such a country in terms of data protection and the requirements for such transfers.
Depending on the nature, scope, context, and purposes of the data processing, as well as the risks associated with processing for the rights and freedoms of the data subject, we apply the necessary and appropriate technical and organizational measures to protect the data both at the stage of defining processing methods and during the actual processing.
Pollux also commits to ensuring that, by default, only the relevant, necessary, and appropriate data for each specific processing purpose will be processed, and that such data will not be made available without human intervention to an indefinite number of people.
Although not explicitly foreseen, in the event that personal data is transferred to countries outside the European Union, the applicable legal provisions will be observed, particularly regarding the determination of the adequacy of such a country in terms of data protection and the requirements for such transfers.
4.2. Personal Data Breach
In the event of a data breach, and to the extent that such a breach may result in a high risk to the rights and freedoms of Members, Clients, Candidates, Trainees, Partners, and others, we commit to notifying the National Data Protection Commission within 72 hours of becoming aware of the incident. We will also inform the data subjects whenever the breach is likely to result in a high risk to their rights.
5. Changes to the Privacy Policy
Pollux reserves the right to change this Privacy Policy at any time, with such changes being duly published.
6. Applicable Laws and Jurisdiction
The Privacy Policy, as well as the collection, processing, or transmission of data from Clients, Candidates, Trainees, Members, Partners, or others, are governed by the provisions of Regulation (EU) 2016/679 of the European Parliament and Council, of April 27, 2016, and by the applicable laws and regulations in Portugal, specifically Law No. 58/2019 of August 8.