Ascendi, in accordance with the objectives outlined in the Personal Data Protection Policy, in the National Data Protection Legislation and in the 2016/679 Regulation (EU) of the European Parliament and of the Council of 27 April 2016 (hereinafter the “GDPR ”), is fully committed to everything related to the protection of Personal Data of its customers, users, suppliers, partners and other data subjects with whom it relates, as a fundamental right protected by national and European legislation.
In the same way, this Policy aims at the publication of the rules and procedures for the processing of personal data by Ascendi, guaranteeing the principles of transparency and information with data subjects and public opinion.
2. Personal data and data processing
3. Collection and processing of data
4. Data transfer
5. Storage and conservation
6. Rights of holders of personal data
7. Security measures
The responsible for the processing of personal data (hereinafter “Ascendi”) is Ascendi O&M, SA, for subjects related to the toll collection activity, and Ascendi IGI, Inovação e Gestão de Infra-Estruturas, S.A, as regards to subjects related to the operation and maintenance of road infrastructures.
The websites/platforms of the Ascendi domain may contain links to other websites and services of other companies with their own privacy policies. We recommend that you carefully read the privacy policies of these third parties. Ascendi is not responsible for the processing of data by third parties whose control doesn’t depend on Ascendi.
2. Personal data and data processing
For the purposes of this Policy, personal data is understood as “any information relating to an identified or identifiable individual, being considered an identifiable individual who can be identified, directly or indirectly, namely by reference to an identification number or one or more specific elements of its physical, physiological, psychological, economic, cultural or social identity”.
Likewise, processing is an “operation or set of operations carried out on personal data or on sets of personal data, by automated or non-automated means, such as the collection, registration, organization, structuring, conservation, adaptation or alteration, recovery, consultation, use, disclosure by transmission, diffusion or any other form of availability, comparison or interconnection, limitation, erasure or destruction ”.
3. Collection and Processing of Personal Data
Personal data are processed by Ascendi or by the entities subcontracted to respond to your requests for information or complaints, being the legal basis your consent, proceeding to collect the toll fees due, under the terms of Law no. 25/2006, of 30 June, provide additional related services and send electronic communications, if you have given your consent.
The personal data collected depends on the context of your interactions with Ascendi and may include the following:
- Registration data on website/digital platform;
- Citizen Card;
- Driving license;
- Address / Postal Code / Town / Country;
- E-mail address;
- Telephone number and /or mobile phone.
Location data: passages at tolling locations.
Video: if you visit Ascendi's facilities or circulate on motorway networks, your image can be captured by our security cameras or even by the cameras installed at toll collection points.
Voice: When you contact us, telephone conversations with our employees can be recorded.
Applications: CV, Academic training, Training area, Functional area and professional experience.
- License Plate;
- OBU Identifier;
- Notification/billing document;
- Vehicle documents;
The data collected are not processed for other purposes incompatible with the above and in the terms provided for in this policy.
Ascendi assumes that the data collected were made available by the respective owner or their availability was authorized by the same, being the data true, current and accurate, without prejudice to the possibility of exercising the right to rectification, in particular.
4. Data Transfer
Ascendi may communicate personal data of the data subject to third parties, provided that it has obtained the consent from the data subject for this purpose, or even when:
- The transmission of relevant information is made within the scope of a legal obligation accomplishment, a National Data Protection Commission resolution or a judicial order;
- The communication is carried out to protect user’s pivotal interests or any other legitimate purpose provided by law;
- Ascendi may subcontract other entities for services rendered in order to allow the operation of internal processes and contract, tax or legal obligations;
- The processing of personal data corresponds to a legitimate interest of Ascendi or third parties, unless the holder's fundamental interests or rights and freedoms prevail.
In cases where there is a legal basis for the transmission of the user's personal data to third parties, Ascendi guarantees that these entities will have limited access to the information, accessing only the necessary data.
The collected personal data may be assigned, for the same purposes, to concessionaires, sub-concessionaires or any road infrastructure operator for which Ascendi provides toll collection services.
Within the scope of the interconnection of toll collection portals, aimed at providing the possibility of, on a single platform, consulting, in a transversal and voluntary way, all tolls due and making the respective payment, in relation to the various portals, Ascendi O&M SA, Portvias -Portagem de Vias, SA, ViaLivre, SA and Via Verde Portugal - Gestão de Sistemas Eletrónicos de cobrança, S.A..are jointly responsible for this treatment, in particular, in accordance with the provisions of article 26 no. 1 of the GDPR.
For these purposes, the Data Controllers signed a joint liability agreement in accordance with the provisions of article 26 no. 1 of the GDPR, in which the respective responsibilities were established and the essence of which may be consulted here, under the terms of paragraph 2 of that article.
5. Storage and conservation
If there is no legal conservation period, the data will be stored and preserved only for the minimum period necessary for the purposes that motivated its collection and subsequent treatment, after which they will have the proper treatment, being destroyed or anonymized, unless compliance with legal obligation or court order is at stake.
Ascendi keeps your personal data in systems that are in a safe environment, protected from unauthorized access or misuse. We adopt technical, electronic and organizational measures to guarantee the security of your data and prevent its loss, misuse or improper access.
The systems that handle your data and the respective repositories are the responsibility of Ascendi and are located in European Union countries.
6. Rights of the Personal Data Subjects
Under the provisions of the GDPR, we guarantee the user the exercise of their rights, namely the right of access, rectification, erasure, opposition, as well as the right to limit the processing, data portability, not being subject to automated decisions and the right to representation
To exercise your rights, you can choose one of the following means:
- Submission of form available on the Ascendi Website: https://portal.ascendi.pt/en/apoio-a-clientes -> Processing of Personal Data -> Exercise My Rights option.
- Sending e-mail to the address: RGPD@ascendi.pt;
- Sending a letter to the Ascendi Data Protection Officer: Praça Mouzinho de Albuquerque, 197 4100-360 Porto, Portugal;
- Fill out a form at our store, at the same address.
Ascendi has nominated a Data Protection Officer who can be contacted through the means described above. The data subject also has the right to file a complaint to the National Data Protection Commission, using the contacts provided by this entity for this purpose.
7. Security Measures
Ascendi makes its best efforts to protect users' personal data from unauthorized access. For this purpose, Ascendi implements appropriate, necessary and sufficient logical, physical, organizational and security measures to protect your personal data against destruction, loss, alteration, dissemination, unauthorized access or any other form of accidental or unlawful treatment.
The measures adopted by Ascendi include the implementation of appropriate access controls, in order to ensure the encryption, pseudonymization and anonymization of personal data, whenever possible.
The access to your personal data is only allowed under the terms already described above, always depending on the actual need for your knowledge, and subject to strict contractual confidentiality obligations when treated by third parties.
However, it is the user's responsibility to guarantee and ensure that the computer he/she is using is adequately protected against harmful software, computer viruses and worms. In addition, you should be aware that, without the adoption of adequate security measures (for example, the secure configuration of the navigation program, updated antivirus software, security barrier software and the non-use of software of doubtful origin), the risk of personal data and passwords being accessed by third parties, without authorization to do so, is aggravated.
Although data transmission over the internet or website cannot guarantee total security against intrusions, Ascendi and its service providers provide the best efforts to implement and maintain physical, electronic and procedural security measures designed to protect your personal data in compliance with applicable data protection requirements.
If there’s any question or concern about how Ascendi processes your personal data, please send us your request for clarification through a proper form on our Ascendi Website: https://portal.ascendi.pt/en/apoio-a-clientes -> Processing of Personal Data -> Exercise My Rights Option.
Last updated date: Novembro 25, 2021