Privacy policy

The protection of your privacy and your personal data is a permanent commitment for Spark Capital, Lda. (Spark Capital).

The purpose of this Privacy Policy is to state the principles that guide us in the collection and processing of personal data provided, through the various channels available, as well as to clarify the exercise of the rights of its holders in this matter, in accordance with the Regulation General on the Protection of Personal Data (Regulation No. 2016/679 of the European Parliament and of the Council, of 27 April 2016) and with the Law nr 58/2019, 8^th August, applicable in Portugal.

Definition of Personal Data

Personal data is any numerical, alphabetic, graphic, photographic, acoustic or any other information relating to a person (the data subject) that identifies or makes him identifiable, such as a name, an identification number, data location, identifiers electronically or to one or more specific elements of that person’s physical or social identity.

Controller for processing Personal Data

We are the controller responsible for the collection and processing of personal data that we collect or that is communicated to us by our users.

We assume that the data collected has been provided by the respective owner, is true and accurate, and that permission was obstained when it was collected.

Personal Data Processing

We process personal data for the following purposes:

Pre-contractual arrangements, execution of contracts or management of the contractual or administrative relationship with the data subject;

Compliance with legal and regulatory obligations to which we are subject, pursuit of the legitimate interests of Spark Capital or other authorities with jurisdiction or reasons of major public interest, pursuant to applicable legislation;

The data subject can, at any time, withdraw their consent, without, however, such decision affecting the lawfulness of the previous processing.

In accordance with the regulation, we have adopted the minimization principle, collecting only the data strictly necessary to achieve the objective pursued and defined for the interested individual persons, allowing them to exercise any right regarding this.

Personal Data received by other entities or controllers

We receive personal data provided by other entities, for contractual and business reasons.

In this context, we use the same procedures for the protection of privacy and personal data transferred, while that data remains in our applications databases.

Transmission of Personal Data to third parties

We may communicate personal data to third parties provided that for this purpose we have unequivocally obtained the consent of the data subjects, or even when:

• The transmission is carried out within the scope of compliance with a legal obligation, a resolution of the National Data Protection Commission or a court order;
• The communication is carried out in the performance of functions of public interest, public authority or any other legitimate purpose provided for by law.

Examples of data communication to third parties that we foresee, are the communication of data to recipients like public entities, such as the Tax and Customs Authority, the notification of case reports to the various authorities with jurisdiction in Portugal, and communications in which the communication of personal data constitutes a legal or contractual obligation, under penalty of not entering into a contract or legal infraction. Note that we do not intend to transfer personal data to a third country outside the European Union or to an international organization.

Data Storage

Appropriate data processing actions will be carried out in our databases, applying strict control regulations, in accordance with the latest technological advances and with the recommendations of the supervisory authority.

The conservation period depends on the treated activity, the nature of the contact (customer or potential customer, for example).

We keep certain mandatory documents (invoices, etc.) during the respective legal conservation period.

The period of retention of personal data must also be adequate, in accordance with the established archival criteria enforced.

The data will be deleted as soon as any of the justifications mentioned above cease to exist or when consent is withdrawn.

Your rights in controlling your data

We ensure data subjects the exercise of the rights of the GDPR, namely:

• Right to access;
• Right to update;
• Right to rectify;
• Right to portability;

When applicable, it is also guaranteed:

• Right to limit treatment (well-founded);
• Right to erasure (well-founded);
• Right of opposition (well-founded);

To exercise these rights, data subjects may contact our data protection officer.

If the use of your personal data is based on consent, you have the right to withdraw it, without compromising the validity of the data processing carried out until that moment.

In addition, holders have the right to submit a complaint to the National Data Protection Commission, whenever they consider that the processing of their data violates the provisions of the Regulation.

Security Measures

We continuously implement the best physical and logical security practices and measures, which we consider indispensable for the protection of our users’ personal data, as well as for the prevention of unauthorized access to data, improper use, disclosure, loss or undoing.

Only authorized personnel can access personal data, and within their assigned functions and in the course of their work.

Despite the measures adopted by us, it is important to warn our users that no website, Internet transmission, computer system or wireless connection guarantees conditions of absolute inviolability and security.

Cookies

Cookies are small software tags that are stored on devices used to access the internet, through the browser, retaining only information related to your preferences, not including your personal data.

These labels serve to help determine the usefulness, interest and number of uses of websites, allowing for faster and more efficient navigation, eliminating the need to repeatedly enter the same information.

So it is recommended to use the standard cookie settings in your browser, in order to take advantage of all the features and potential of our portal.

Social Networks

We do not use social networks to collect elements for the profiling of our users.

When contacting APL by visiting a company page on a social network, you will not be directly providing any personal data.

It is advisable to consult the Privacy Policies of social networks to better clarify your rights as a user.

Links to third party websites

This website has links to other sites, which may contain useful information / tools for our visitors. This privacy policy is not naturally extended to third party websites, and you should read the privacy policy of those sites visited.

Therefore, we cannot be responsible for the privacy policy or content present on those same sites.

Changes or updates to our Privacy Policy

We reserve the right, at any time, without prior notice and with immediate effect, to modify, add or revoke, partially or totally, this Privacy Policy, always in compliance with the GDPR and other applicable legislation.

Any changes will be immediately posted on this page.