PRIVACY POLICY
The purpose of the Privacy Policy is to maintain a high level of protection of the data collected that is in accordance with the applicable legal rules and in terms of promoting the trust of customers, users, suppliers, partners and other data subjects, for the need to maintain the confidentiality, availability and integrity of the personal data collected.
Ascendi, in accordance with the objectives outlined in the Personal Data Protection Policy, in the National Data Protection Legislation and in the 2016/679 Regulation (EU) of the European Parliament and of the Council of 27 April 2016 (hereinafter the “GDPR ”), is fully committed to everything related to the protection of Personal Data of its customers, users, suppliers, partners and other data subjects with whom it relates, as a fundamental right protected by national and European legislation.
The purpose of the Privacy Policy is to maintain a high level of protection of the data collected that is in accordance with the applicable legal rules and in terms of promoting the trust of customers, users, suppliers, partners and other data subjects, for the need to maintain the confidentiality, availability and integrity of the personal data collected.
In the same way, this Policy aims at the publication of the rules and procedures for the processing of personal data by Ascendi, guaranteeing the principles of transparency and information with data subjects and public opinion.
The Privacy Policy requires regular consultation by all Ascendi stakeholders, as it may be subject to changes.
At the Ascendi, the main Controllers are Ascendi O&M, S.A., with respect to the processing related to the toll collection activity, and Ascendi IGI, Inovação e Gestão de Infra-Estruturas, S.A., with respect to the processing related to road infrastructure operation and maintenance (hereinafter referred to as “Ascendi”).
Ascendi domain platforms may contain links to websites and services of other entities with their own privacy policies. Ascendi is not responsible for data processing carried out by third parties that are not controlled by Ascendi. Therefore, we recommend that you read the privacy policies of these third parties carefully.
Ascendi can be contacted as follows:
Address: Edifício Litografia Lusitana
Praça Mouzinho de Albuquerque, 197
4100 – 360 Porto
Phone: 229980200
The personal data that we process are information that directly or indirectly enable identifying an identified or identifiable natural person, such as a personal identification number or any specific factors of the physical, physiological, mental, economic, cultural or social identity of that natural person.
The processed personal data depend on the context of the interactions with Ascendi and may include the following:
Identification:
- Name;
- Taxpayer Identification Number (NIF);
- Nationality;
- Citizen Card;
- Driving License;
Contacts:
- Address / Postal Code / Town / Country;
- E-mail address;
- Telephone number and /or mobile phone.
Registration and use of the Ascendi and Ascendi GO Apps:
- User/e-mail;
- Password.
Other:
- Location data: vehicle passages at charging points;
- Video: Ascendi facilities or travelling through motorway networks;
- Voice: recording of calls;
- Vehicle data: license plate number / vehicle identifier / registration certificate or equivalent;
- Billing data: Notification / Billing document / Invoice / Receipt;
- Browsing data: access and interaction logs
through webs, portals and mobile applications;
- Data on outstanding payments: toll charges, administrative costs and fines;
- Bank data: IBAN;
- Applications: CV, curricular information, professional experience, training and other;
- Whistleblowing complaints: content of the complaint; relationship with Ascendi; supporting information; Optional: name; e-mail.
Personal data are processed by Ascendi or by the entities subcontracted by Ascendi for the following purposes:
- Collection of outstanding toll charges, under the terms of the toll collection legislation in force, namely Law 25/2006 of 30 June;
- Operation and maintenance of the roads under its management, with a view to compliance with the obligations arising from Concession, Sub-concession or Service Provision Contracts;
- Response to requests for information or complaints, based on the data subject’s consent;
- Carrying out other commercial activities, including registration in the Ascendi Portal or in the Ascendi and Ascendi GO Apps, and electronic communications, when consented by the data subject;
- Manage internal and external whistleblowing channels, based on the consent of the whistleblower and the applicable legislation and regulations, namely the general regime for the protection of whistleblowers established in the Portuguese Law 93/2021 of 20 December.
Personal data may be disclosed to third parties, provided that the data subject’s consent has been obtained to that end, or when:
- The transmission is carried out in the context of compliance with a legal obligation, a resolution or authorisation of the competent data protection supervisory authority (CNPD - Comissão Nacional de Proteção de Dado)s or court order;
- The disclosure is carried out to protect the vital interests of users or any other legitimate purpose established in the law;
- Ascendi subcontracts other entities for the provision of services in order to enable the operationalisation of internal processes and obligations, namely contractual, tax-related or legal;
- The personal data processing corresponds to a legitimate interest of Ascendi or third parties, unless the interests or fundamental rights and freedoms of the data subject prevail.
- The personal data provided may be transferred, for the same purposes, to concessionaires, sub-concessionaires or any road infrastructure operator for which Ascendi provides toll collection services.
When there are legal grounds for transmission of the data subject's personal data to third parties, Ascendi guarantees that these entities shall have limited access to the information, only accessing the necessary data.
Ascendi is responsible for the systems that process personal data and their repositories, which are located in European Union countries.
- The transmission of personal data, as described in this Privacy Policy, does not include the international data transfers to countries outside the European Economic Area.
Concerning the interconnection of toll collection portals, aimed at enabling the consultation, on a single platform, in a transversal and voluntary manner, of all outstanding toll charges and their payment, relative to the different portals, Ascendi O&M S.A., Portvias – Portagem de Vias, S.A., ViaLivre, S.A. And Via Verde Portugal – Gestão de Sistemas Eletrónicos de Cobrança, S.A. act as joint controllers, specifically, pursuant to Article 26(1) of the General Data Protection Regulation (GDPR).
For all due purposes, the joint controllers have signed a joint liability agreement pursuant to Article 26(1) of the GDPR, establishing their responsibilities, the essence of which, in accordance with Article 26(2), can be consulted here, under the terms of paragraph 2 of that article.
The data shall be stored and kept only for the minimum time required for the purposes for which they were collected and subsequently processed, after which they shall be treated appropriately, being destroyed or anonymised, except in the case of compliance with a legal obligation or court order.
Ascendi does its utmost to protect the users' personal data against unauthorised access by implementing suitable logical, physical and organisational measures and access controls in order to ensure the encryption, pseudonymisation and anonymisation of personal data, whenever possible as well as the appropriate, necessary and sufficient security measures to protect personal data against destruction, loss, alteration, dissemination, unauthorised access or any other form of accidental or unlawful treatment.
The measures taken by Ascendi include the implementation of appropriate access controls, in order to ensure the encryption, pseudonymisation and anonymisation of personal data, whenever possible.
Access to personal data is only allowed on a need-to-know basis and subject to strict contractual confidentiality obligations when processed by third parties.
However, the user is responsible for ensuring that the terminal being used is adequately protected against harmful software, computer viruses and worms. Furthermore, the user is responsible for taking adequate security measures (e.g., secure browser configuration, up-to-date antivirus software, security barrier software and non-use of software of doubtful origin), without which the risk of personal data and passwords being accessed by unauthorised third parties is enhanced.
Although data transmission via the internet or website cannot guarantee full security against intrusion, Ascendi and its service providers engage their best efforts to implement and maintain physical, electronic and procedural security measures to protect personal data in compliance with the applicable data protection requirements.
Pursuant to the GDPR, Ascendi guarantees that data subjects may exercise their rights, in particular the right of access, the right to rectification, the right to erasure, the right to object, the right to restriction of processing, the right to data portability, the right not to be subject to automated decisions, and the right of representation.
The following means can be used to exercise your rights:
- Submission of form available on the Ascendi website: https://portal.ascendi.pt/en/apoio-a-clientes -> Processing of Personal Data -> Exercise My Rights option.
- Sending e-mail to the address: RGPD@ascendi.pt;
- Sending a letter to the Ascendi Data Protection Officer: Rua de Agramonte, 130, 4150-029 Porto, Portugal;
- Fill out a form at our store, at the same address.
The following means can be used to contact the Data Protection Officer (DPO):
- Submission of form available on the Ascendi website: https://portal.ascendi.pt/en/apoio-a-clientes -> Processing of Personal Data -> Exercise My Rights option.
- Sending e-mail to the address: RGPD@ascendi.pt;
- Sending a letter to the Ascendi Data Protection Officer: Rua de Agramonte, 130, 4150-029 Porto, Portugal;
- Fill out a form at our store, at the same address.
Ascendi has appointed a Data Protection Officer who can be contacted by the means described above. The data subject also has the right to submit a complaint with the competent data protection supervisory authority, using the contacts using the contacts provided for the effect by that entity.
Any change to this Privacy Policy shall be disclosed immediately on this page and referenced through the version number and date of update.
Accordingly, we advise users to periodically review this Privacy Policy so as to keep up-to-date on how Ascendi collects and processes personal data, and how data subjects can exercise their rights concerning that data.
If the change to the Privacy Policy directly affects the consent given by the data subjects, Ascendi undertakes to request a new consent for the processing of personal data in accordance with the new Privacy Policy.