Terms and Conditions
Ubiwhere complies with all applicable legal regulations regarding data protection, privacy and information security.Last updated: February 2024
«Personal data» means information relating to an identified or identifiable single person ("data owner"); an identifiable person can be identified, directly or indirectly, in particular by reference to an identifier. Personal identifiers are, for example, a name, an identification number, location data, electronic identifiers or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
«Processing of Personal Data»
«Processing» means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
«Cookies» are small text files containing information considered to be relevant that the devices used for access (computers, mobile phones or portable mobile devices) load, via the internet browser, when an online site is visited by the Citizen or User.
Entity Responsible for Treatment
Ubiwhere, a Public Legal Entity with the VAT 508245567, is the entity responsible for the www.testbed.ubiwhere.com website.
The use by any User, Service Recipient or Citizen may imply the carrying out of personal data processing operations, the protection, privacy and security of which is ensured by Ubiwhere, as the entity responsible for the respective processing, in accordance with the terms of this Data Protection Policy.
Contacts of the Entity Responsible for Treatment
To contact the Ubwihere Data Protection Resposible, please send an e-mail to firstname.lastname@example.org, describing the subject of the request and providing an e-mail address, a telephone contact address or a correspondence address.
Collection and Processing of Personal Data
Ubiwhere processes the personal data strictly necessary for the provision of information and the operation of its channels, in accordance with the uses made by Users, Service Recipients or Citizens, either those provided for the purpose of registering requests or obtaining information, or those provided for the purpose of joining the channel, or those resulting from the use of the services provided by Ubiwhere through it, such as accesses, queries, instructions, transactions and other records relating to their use.
In particular, the use or activation of certain features of the channel may involve the processing of various direct or indirect personal identifiers, such as name, home address, contact details, device addresses or geographical location, provided that the User, Service Recipient or Citizen has expressly consented to this.
In all cases, Users, Service Recipients or Citizens will always be informed of the need to access such data in order to use the functionalities of the channels in question.
The personal data collected by Ubiwhere is processed electronically, in certain cases in an automated way, including the processing of files or the definition of profiles and within the scope of the management of the pre-contractual, contractual or post-contractual relationship with Users, Service Recipients or Citizens, under the terms of the national and community regulations in force.
Categories of Personal Data Processed and Data Subjects
The categories or types of personal data that are processed are generally as follows:
- identification data;
- contact details;
- professional data;
- traffic and access control data.
In the various establishments of the Data Responsible, biometric data may also be processed, processed through the video surveillance systems that are installed.
The detailed list of categories of personal data and categories of data subjects can be found in the Data Processing Information Sheets.
All data processing operations comply with the fundamental legal principles in the field of data protection and privacy, namely concerning its circulation, lawfulness, fairness, transparency, purpose, minimisation, conservation, accuracy, integrity and confidentiality, and Ubiwhere is available to demonstrate its responsibility to the data subject or any other third party with a legitimate interest in this matter.
Foundations of Legitimacy
All data processing operations carried out by Ubiwhere have a legitimate basis, namely, either because the data subject has given their consent to the processing of their personal data for one or more specific purposes, or because the processing is considered necessary for the performance of a contract to which the data subject is a party or for pre-contractual steps at the request of the data subject, processing is necessary for compliance with a legal obligation to which the controller is subject, or in the public interest, or processing is considered necessary for the purposes of the legitimate interests pursued by Ubiwhere or by a third party.
Purpose of Data Treatment
All personal data processed within the scope of Ubiwhere channels is intended exclusively for the provision of information to Users, the management of personal information of Service Recipients deemed necessary for the purposes of relationship management or communication, as well as the provision of services to Citizens and, in general, the management of pre-contractual, contractual or post-contractual relationships with Users, Service Recipients or Citizens.
The personal data collected may also be processed for statistical purposes, for information dissemination or promotional actions and for communication actions, namely to promote actions to publicise new features or new services, through direct communication, whether by correspondence, e-mail, messages or telephone calls or any other electronic communications service.
While prior information and the collection of express authorisation for the latter purposes are always ensured, Users, Service Recipients or Citizens may, at any time, exercise their right to withdraw consent or their right to object to the use of their personal data for other purposes that go beyond the management of the relationship with the Data Controller, namely for the pursuit of legitimate interests, for the sending of informative communications or for inclusion in lists or information services, by sending a written request to Ubiwhere's Data Protection Officer in accordance with the procedures set out below.
Data Processing Information Sheets
Under the terms of the principle of loyalty and transparency, and to ensure compliance with the duty to inform, Ubiwhere delivers directly or makes publicly available to all data subjects, depending on how their personal data is collected, information sheets on the data processing operations carried out, which are available for consultation at any public service centre or at the Data Protection Officer.
Data Retention Period
Personal data will only be stored for the period necessary for the purposes for which it was collected or subsequently processed, ensuring compliance with all applicable legal rules on archiving and specifying the specific storage period in each of the Data Processing Information Sheets.
Communication of Data to Other Entities
The provision of information or services by Ubiwhere to its Users, Service Recipients or Citizens through the channels may involve the use of third party subcontractors, including entities based outside the European Union, for the provision of certain services, which may imply access by these entities to such personal data.
In these circumstances, and whenever necessary, Ubiwhere will only use subcontractors that provide sufficient guarantees that appropriate technical and organisational measures have been taken so that the processing meets the requirements of the applicable rules, and such guarantees will be formalised in a contract signed between Ubiwhere and each of these third parties.
Except in the fulfilment of legal obligations, the execution of contracts or the pursuit of legitimate interests, under no circumstances will the personal data of Users, Recipients of the Service or Citizens be communicated to third parties other than subcontractors or legitimate recipients, nor will any other communication be made for purposes other than those mentioned above.
International Data Transfers
Any transfer of personal data to a third country or an international organisation will only be carried out within the framework of compliance with legal obligations or to ensure compliance with the applicable EU and national legal rules.
Taking into account the most advanced techniques, the costs of application and the nature, scope, context and purposes of the processing, as well as the risks, of varying probability and severity, to Users, Service Recipients or Citizens, Ubiwhere and all its subcontractors apply the appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
To this end, various security measures are adopted in order to protect personal data against its dissemination, loss, misuse, alteration, unauthorised processing or access, as well as against any other form of unlawful processing.
It is the sole responsibility of Users, Recipients of the Service or Citizens to keep their access codes secret and not share them with third parties and, in the particular case of the computer applications used to access the channels, to keep and maintain the access devices in a secure condition and to follow the security practices advised by the manufacturers and/or operators, particularly as regards the installation and updating of the necessary security applications, including, among others, antivirus applications.
If there is a need to subcontract services to third parties that may have access to the personal data of Users, Service Recipients or Citizens, Ubiwhere's subcontractors will be obliged to adopt the security measures and protocols at organisational level and the technical measures necessary to protect the confidentiality and security of personal data, as well as to prevent unauthorised access, loss or destruction of personal data.
Exercising the Rights of Data Subjects
Users, Service Recipients or Ubiwhere Citizens may, as holders of personal data, at any time exercise their data protection and privacy rights, namely the rights of access, rectification, erasure, portability, limitation or opposition to processing, under the terms and with the limitations provided for in the applicable rules.
Any request to exercise data protection and privacy rights must be addressed in writing by the respective data subject to the Data Protection Officer, in accordance with the procedure and contact details described below.
Complaints or suggestions
Users, Recipients of the Service or Citizens have the right to lodge a complaint, either by registering the complaint in the Complaints Book or by submitting a complaint to the regulatory authorities - in the latter case, they can submit a petition or complaint directly to the National Data Protection Commission via the contacts available at www.cnpd.pt .
Users, recipients of the service or citizens can also make suggestions by emailing the Data Protection Officer at email@example.com.
Ubiwhere has implemented an incident management system for data protection, privacy and information security.
If any User, Service Recipient or Citizen wishes to report the occurrence of any personal data breach, which accidentally or unlawfully results in the unauthorised destruction, loss, alteration, disclosure of or access to personal data transmitted, stored or otherwise processed, they can contact the Data Protection Officer or use Ubiwhere's general contact details.
Changes to the Data Protection Policy
In order to ensure its updating, development and continuous improvement, Ubiwhere may, at any time, make any changes deemed appropriate or necessary to this Data Protection Policy, and its publication in the different channels is ensured to guarantee transparency and information to Users, Service Recipients and Citizens.
Express Consent and Acceptance
The free, specific and informed provision of personal data by the respective holder implies knowledge and acceptance of the conditions contained in this Policy, and it is considered that, by using the channels or by providing their personal data, Users, Service Recipients and Citizens are expressly authorising their processing, in accordance with the rules defined in each of the applicable channels or collection instruments.
Special Data Protection Policies
With a commitment to transparency and information and to ensure that the Data Protection Policy is appropriate to the different data processing operations carried out and, above all, to the different categories of data subjects, Ubiwhere may develop special Data Protection Policies, such as:
- the Data Protection Policy in the Labour Context;
- the Application Management Data Protection Policy; and
- the Supplier Employee Data Protection Policy.
These special policies are made available directly to the respective categories of data subjects and are available for consultation on request from the Data Protection Responsible.
Data Protection Responsible
For the exercise of any type of data protection and privacy rights or for any matter relating to data protection, privacy and information security issues, Users, Service Recipients and Citizens who interact with Ubiwhere may contact the Data Protection Officer by e-mail at firstname.lastname@example.org, describing the subject of the request and indicating an e-mail address, a telephone contact address or a correspondence address for reply.