Privacy Policy

Regulation Privacy Policy Startup Portugal

1. Mission

This policy aims to define the general principles and rules to be applied by Startup Portugal – Portuguese Association for the Promotion of Entrepreneurship (SPAPPE) regarding the Personal Data collected and processed by it, taking into account applicable legal norms and requirements, as well as serving as a specific, explicit, and informed notification regarding the processing of your data, in full compliance with the legislation in force on personal data protection and processing.

2. General Principles

Startup Portugal collects and processes Personal Data in accordance with the following principles:

  • Personal Data is processed lawfully, fairly, and transparently;
  • Personal Data is collected for specified, explicit, and legitimate purposes and is not processed in a manner incompatible with those purposes;
  • Personal Data is processed under the principle of data minimization, ensuring that its processing is adequate, relevant, and limited to what is strictly necessary for the pursuit of the specified purposes;
  • Personal Data is accurate and kept up to date whenever necessary, with appropriate measures adopted to ensure that inaccurate data is erased or rectified without delay;
  • Personal Data is retained only for the period necessary for the specified purposes for which it is processed;
  • Personal Data is processed in a manner that ensures its total security, including protection against unauthorized or unlawful processing, as well as against accidental loss, destruction, or damage.
  • SPAPPE imposes the same level of Personal Data protection and the same processing rules with which it commits to in this policy, to all Recipients of Personal Data for whom SPAPPE is responsible for processing, through contracts and agreements for data processing.

3.1. Data Controller

SPAPPE, headquartered at Rua de Salazares, No. 842, 4100-442 Porto, is responsible for the processing of Personal Data collected and processed under this policy and can be contacted via email at contact@startupportugal.com.

3.2. Categories of Personal Data Processed

The categories of data processed by SPAPPE may vary according to the purposes, being strictly processed for those determined purposes. For example, SPAPPE processes:

  • Identification data;
  • Contact details;
  • Health data;
  • Curricular, academic, and professional data;
  • Financial, banking, and insurance-related data;
  • Browsing data (data collected by cookies).

3.3. Recipients of Personal Data

The data collected is processed by SPAPPE services or, in exceptional cases, and always with a pre-identified legal basis, by data recipients, strictly within the scope of pursuing the specified purposes. When personal data is transmitted to a third-party entity, SPAPPE only provides the personal data for which the data subject’s explicit consent for transmission to third parties was obtained at the time of data collection and ensures the same level of Personal Data protection and processing rules to which it commits in this policy through data processing agreements.

3.4. Transfer to Third Countries

SPAPPE commits not to transfer any personal data to third countries.

3.5. Purposes of Personal Data Collection

When visiting the SPAPPE website or during any interaction with SPAPPE services, you may be required to provide your Personal Data.

Thus, SPAPPE informs that it may collect your Personal Data through the following means:

  • Through cookies or similar technologies, such as Google Analytics;
  • Subscription to communication channels and promotional initiatives provided by SPAPPE, such as newsletters;
  • Completion of forms or registration in SPAPPE projects and events;
  • When contacting SPAPPE for requests, clarifications, complaints, suggestions, or information through various channels provided by SPAPPE;

Considering its diverse areas of activity, SPAPPE processes personal data for the following purposes:

  • Relationship with the data subject – When contacting SPAPPE and providing personal information, the collected information may be processed for relationship purposes between SPAPPE and the Data Subject, in compliance with contractual, regulatory, and/or legal obligations.
  • Event and project organization – Within its activity, SPAPPE only processes personal data strictly necessary for executing projects and events, ensuring that any personal data processing operation is lawful and complies with all requirements imposed by applicable legislation on personal data collection, processing, and protection, ensuring that such activities, where applicable, will be properly regulated through data processing agreements.
  • Contractual procedures – SPAPPE may process personal data to draft and execute contracts in which the data subject is a counterparty.
    The provision of your personal data is not a legal obligation but may be necessary for concluding a service contract, participating in an event or project, or any other case where providing personal data is essential. In such cases, failure to provide data will result in the impossibility of contract execution, participation, or maintaining a relationship with SPAPPE.

3.6. Lawfulness of Processing

Personal Data processing operations are carried out based on a legitimate interest in pursuing its activity, the intent to provide the best possible service to data subjects, the necessity to conclude and execute contracts, or the need to fully comply with legal requirements applicable to it.

SPAPPE only processes personal data if, and to the extent that, at least one of the following situations applies:

  • The data subject has given explicit consent for the processing of their Personal Data for one or more specific purposes;
  • The processing is necessary for the performance of a contract in which the data subject is a party or for pre-contractual steps at the request of the data subject;
  • The processing is necessary to comply with a legal obligation imposed by Union or national law that applies to SPAPPE;
  • The processing is necessary to protect the vital interests of the data subject or another natural person;
  • The processing is necessary for the performance of a task carried out in the public interest.

3.7. Retention Period for Personal Data

SPAPPE retains personal data only for the period necessary for the specified purposes for which it is processed unless another period is established by legal or regulatory norms.

3.8. Sharing of Personal Data

SPAPPE ensures that:

  • Personal Data is not disclosed to third parties without a valid legal reason, previously identified at the time of data collection, including prior and explicit consent from its holders;
  • It does not sell Personal Data to third parties under any circumstances.

3.9. Data Subject Rights

SPAPPE ensures the exercise of rights by data subjects, including the right of access, rectification, erasure, restriction of processing, objection, data portability, and the right to lodge a complaint with the supervisory authority.

4. Security Measures for Personal Data Processing

SPAPPE applies technical and organizational measures to ensure an adequate level of security for the processing of personal data.

5. Personal Data Breach

In the event of a data breach, SPAPPE notifies the relevant authority within 72 hours.

6. Cookie Policy

SPAPPE implements a Cookie Policy that complies with applicable regulations.

7. Changes to the Privacy Policy

SPAPPE reserves the right to modify this Privacy Policy, with such changes duly announced on its website.

Last updated: December 2024