PRIVACY POLICY
The purpose of the Privacy Policy is to maintain a high level of protection of the data collected that is in accordance with the applicable legal rules and in terms of promoting the trust of customers, users, suppliers, partners and other data subjects, for the need to maintain the confidentiality, availability and integrity of the personal data collected.
Ascendi, in accordance with the objectives outlined in the Personal Data Protection Policy, in the National Data Protection Legislation and in the 2016/679 Regulation (EU) of the European Parliament and of the Council of 27 April 2016 (hereinafter the “GDPR ”), is fully committed to everything related to the protection of Personal Data of its customers, users, suppliers, partners and other data subjects with whom it relates, as a fundamental right protected by national and European legislation.
The purpose of the Privacy Policy is to maintain a high level of protection of the data collected that is in accordance with the applicable legal rules and in terms of promoting the trust of customers, users, suppliers, partners and other data subjects, for the need to maintain the confidentiality, availability and integrity of the personal data collected.
In the same way, this Policy aims at the publication of the rules and procedures for the processing of personal data by Ascendi, guaranteeing the principles of transparency and information with data subjects and public opinion.
The Privacy Policy requires regular consultation by all Ascendi stakeholders, as it may be subject to changes.
The Person Responsible for the processing of personal data (hereinafter "Ascendi") is Ascendi O&M, S.A., for the processing related to the toll collection activity, and Ascendi IGI, Inovação e Gestão de Infra-Estruturas, S.A., with regard to the processing of the scope of the operation and maintenance of road infrastructure.
Ascendi is fully committed to protecting your privacy and personal data, in compliance with the applicable data protection legislation, in particular the General Data Protection Regulation (GDPR), creating this Privacy Policy for this purpose.
This Privacy Policy regulates the collection and processing of personal data provided by users, as well as the exercise of their rights in relation to this data, in accordance with the personal data protection legislation in force.
Ascendi domain websites/platforms may contain links to other websites and services of other companies with their own privacy policies. We recommend that you carefully read the privacy policies of these third parties. Ascendi is not responsible for the processing of data carried out by third parties whose control does not depend on you.
Address: Edifício Litografia Lusitana
Praça Mouzinho de Albuquerque, 197
4100-360 Porto
Phone: +351 229980200
The personal data we process are any information relating to an identified or identifiable individual, being considered an identifiable individual who can be identified, directly or indirectly, namely by reference to an identification number or one or more specific elements of its physical, physiological, psychological, economic, cultural or social identity.
The personal data collected depends on the context of your interactions with Ascendi and may include the following:
Identification:
- Name;
- TIN;
- Nationality;
- Registration data on website/digital platform;
- Citizen Card;
- Driving license.
Contacts:
- Address / Postal Code / Town / Country;
- E-mail address;
- Telephone number and /or mobile phone.
Registration and use of the Ascendi and Ascendi GO Apps:
- User/e-mail;
- Password.
Other:
- Location data: passages at tolling locations;
- Video: if you visit Ascendi's facilities or circulate on motorway networks;
- Voice: telephone conversations record;
- Vehicle data: License Plate/OBU Identifier/Vehicle documents;
- Billing data: Notification/billing document/Invoice/Receipt;
- Debt data: toll fees, administrative costs and fines;
- Applications: CV, Academic training, Training area, Functional area and professional experience.
Personal data are processed by Ascendi or by the entities subcontracted to respond to your requests for information or complaints, being the legal basis your consent, proceeding to collect the toll fees due, under the terms of Law no. 25/2006, of 30 June, provide additional related services, maintenance of the Ascendi and Ascendi GO Apps and send electronic communications, if you have given your consent.
Ascendi may communicate personal data of the data subject to third parties, provided that it has obtained the consent from the data subject for this purpose, or even when:
- The transmission of relevant information is made within the scope of a legal obligation accomplishment, a National Data Protection Commission resolution or a judicial order;
- The communication is carried out to protect user’s pivotal interests or any other legitimate purpose provided by law;
- Ascendi may subcontract other entities for services rendered in order to allow the operation of internal processes and contract, tax or legal obligations;
- The processing of personal data corresponds to a legitimate interest of Ascendi or third parties, unless the holder's fundamental interests or rights and freedoms prevail.
- In cases where there is a legal basis for the transmission of the user's personal data to third parties, Ascendi guarantees that these entities will have limited access to the information, accessing only the necessary data.
- The collected personal data may be assigned, for the same purposes, to concessionaires, sub-concessionaires or any road infrastructure operator for which Ascendi provides toll collection services.
- The transmission of personal data as described in this Privacy Policy doesn’t include the international transfer of personal data to countries outside the European Union.
Within the scope of the interconnection of toll collection portals, aimed at providing the possibility of, on a single platform, consulting, in a transversal and voluntary way, all tolls due and making the respective payment, in relation to the various portals, Ascendi O&M SA, Portvias -Portagem de Vias, SA, ViaLivre, SA and Via Verde Portugal - Gestão de Sistemas Eletrónicos de cobrança, S.A..are jointly responsible for this treatment, in particular, in accordance with the provisions of article 26 no. 1 of the GDPR.
For these purposes, the Data Controllers signed a joint liability agreement in accordance with the provisions of article 26 no. 1 of the GDPR, in which the respective responsibilities were established and the essence of which may be consulted here, under the terms of paragraph 2 of that article..
The data will be stored and preserved only for the minimum period necessary for the purposes that motivated its collection and subsequent treatment, after which they will have the proper treatment, being destroyed or anonymized, unless compliance with legal obligation or court order is at stake.
Ascendi makes its best efforts to protect users' personal data from unauthorized access. For this purpose, Ascendi implements appropriate, necessary and sufficient logical, physical, organizational and security measures to protect your personal data against destruction, loss, alteration, dissemination, unauthorized access or any other form of accidental or unlawful treatment.
The measures adopted by Ascendi include the implementation of appropriate access controls, in order to ensure the encryption, pseudonymization and anonymization of personal data, whenever possible.
The access to your personal data is only allowed under the terms already described above, always depending on the actual need for your knowledge, and subject to strict contractual confidentiality obligations when treated by third parties.
However, it is the user's responsibility to guarantee and ensure that the computer he/she is using is adequately protected against harmful software, computer viruses and worms. In addition, you should be aware that, without the adoption of adequate security measures (for example, the secure configuration of the navigation program, updated antivirus software, security barrier software and the non-use of software of doubtful origin), the risk of personal data and passwords being accessed by third parties, without authorization to do so, is aggravated.
Although data transmission over the internet or website cannot guarantee total security against intrusions, Ascendi and its service providers provide the best efforts to implement and maintain physical, electronic and procedural security measures designed to protect your personal data in compliance with applicable data protection requirements.
Under the provisions of the GDPR, we guarantee the user the exercise of their rights, namely the right of access, rectification, erasure, opposition, as well as the right to limit the processing, data portability, not being subject to automated decisions and the right to representation.
To exercise your rights, you can choose one of the following means:
- Submission of form available on the Ascendi website: https://portal.ascendi.pt/en/apoio-a-clientes -> Processing of Personal Data -> Exercise My Rights option.
- Sending e-mail to the address: RGPD@ascendi.pt;
- Sending a letter to the Ascendi Data Protection Officer: Rua de Agramonte, 130, 4150-029 Porto, Portugal;
- Fill out a form at our store, at the same address.
To contact the Ascendi’s Data Protection Officer, you can choose one of the following means:
- Submission of form available on the Ascendi website: https://portal.ascendi.pt/en/apoio-a-clientes -> Processing of Personal Data -> Exercise My Rights option.
- Sending e-mail to the address: RGPD@ascendi.pt;
- Sending a letter to the Ascendi Data Protection Officer: Rua de Agramonte, 130, 4150-029 Porto, Portugal;
- Fill out a form at our store, at the same address.
Ascendi has nominated a Data Protection Officer who can be contacted through the means described above. The data subject also has the right to file a complaint to the National Data Protection Commission, using the contacts provided by this entity for this purpose.
Any alteration will be immediately posted on this webpage, and we encourage our customers to check from time to time our Privacy Policy so they are up-to-date on how Ascendi protects your information.
If the Privacy Policy alteration has a direct impact on the data subject's consent(s), Ascendi undertakes to request consent to the processing of your data in accordance with the new Privacy Policy.
Objective
Ascendi, in accordance with the objectives outlined in the Personal Data Protection Policy, in the National Data Protection Legislation and in the 2016/679 Regulation (EU) of the European Parliament and of the Council of 27 April 2016 (hereinafter the “GDPR ”), is fully committed to everything related to the protection of Personal Data of its customers, users, suppliers, partners and other data subjects with whom it relates, as a fundamental right protected by national and European legislation.
The purpose of the Privacy Policy is to maintain a high level of protection of the data collected that is in accordance with the applicable legal rules and in terms of promoting the trust of customers, users, suppliers, partners and other data subjects, for the need to maintain the confidentiality, availability and integrity of the personal data collected.
In the same way, this Policy aims at the publication of the rules and procedures for the processing of personal data by Ascendi, guaranteeing the principles of transparency and information with data subjects and public opinion.
The Privacy Policy requires regular consultation by all Ascendi stakeholders, as it may be subject to changes.
Guidelines
1. Overview
2. Personal data and data processing
3. Collection and processing of data
4. Data transfer
5. Storage and conservation
6. Rights of holders of personal data
7. Security measures
8. Changes to the Privacy Policy
1. Overview
The responsible for the processing of personal data (hereinafter “Ascendi”) is Ascendi O&M, SA, for subjects related to the toll collection activity, and Ascendi IGI, Inovação e Gestão de Infra-Estruturas, S.A, as regards to subjects related to the operation and maintenance of road infrastructures.
Ascendi is fully committed to protecting your privacy and your personal data, in compliance with the applicable data protection legislation, namely the General Regulation on Data Protection (GDPR), creating for this purpose this Privacy Policy.
This Privacy Policy regulates the collection and processing of personal data provided by users, as well as the exercise of their rights in relation to this data, under the terms of the personal data protection legislation in force.
The websites/platforms of the Ascendi domain may contain links to other websites and services of other companies with their own privacy policies. We recommend that you carefully read the privacy policies of these third parties. Ascendi is not responsible for the processing of data by third parties whose control doesn’t depend on Ascendi.
2. Personal data and data processing
For the purposes of this Policy, personal data is understood as “any information relating to an identified or identifiable individual, being considered an identifiable individual who can be identified, directly or indirectly, namely by reference to an identification number or one or more specific elements of its physical, physiological, psychological, economic, cultural or social identity”.
Likewise, processing is an “operation or set of operations carried out on personal data or on sets of personal data, by automated or non-automated means, such as the collection, registration, organization, structuring, conservation, adaptation or alteration, recovery, consultation, use, disclosure by transmission, diffusion or any other form of availability, comparison or interconnection, limitation, erasure or destruction ”.
3. Collection and Processing of Personal Data
Personal data are processed by Ascendi or by the entities subcontracted to respond to your requests for information or complaints, being the legal basis your consent, proceeding to collect the toll fees due, under the terms of Law no. 25/2006, of 30 June, provide additional related services and send electronic communications, if you have given your consent.
The personal data collected depends on the context of your interactions with Ascendi and may include the following:
Identification:
- Name;
- TIN;
- Nationality;
- Registration data on website/digital platform;
- Citizen Card;
- Driving license;
Contacts:
- Address / Postal Code / Town / Country;
- E-mail address;
- Telephone number and /or mobile phone.
Location data: passages at tolling locations.
Video: if you visit Ascendi's facilities or circulate on motorway networks, your image can be captured by our security cameras or even by the cameras installed at toll collection points.
Voice: When you contact us, telephone conversations with our employees can be recorded.
Applications: CV, Academic training, Training area, Functional area and professional experience.
Others:
- License Plate;
- OBU Identifier;
- Notification/billing document;
- Invoice/Receipt;
- Vehicle documents;
The data collected are not processed for other purposes incompatible with the above and in the terms provided for in this policy.
Ascendi assumes that the data collected were made available by the respective owner or their availability was authorized by the same, being the data true, current and accurate, without prejudice to the possibility of exercising the right to rectification, in particular.
4. Data Transfer
Ascendi may communicate personal data of the data subject to third parties, provided that it has obtained the consent from the data subject for this purpose, or even when:
- The transmission of relevant information is made within the scope of a legal obligation accomplishment, a National Data Protection Commission resolution or a judicial order;
- The communication is carried out to protect user’s pivotal interests or any other legitimate purpose provided by law;
- Ascendi may subcontract other entities for services rendered in order to allow the operation of internal processes and contract, tax or legal obligations;
- The processing of personal data corresponds to a legitimate interest of Ascendi or third parties, unless the holder's fundamental interests or rights and freedoms prevail.
In cases where there is a legal basis for the transmission of the user's personal data to third parties, Ascendi guarantees that these entities will have limited access to the information, accessing only the necessary data.
The collected personal data may be assigned, for the same purposes, to concessionaires, sub-concessionaires or any road infrastructure operator for which Ascendi provides toll collection services.
The transmission of personal data as described in this Privacy Policy doesn’t include the international transfer of personal data to countries outside the European Union.
Within the scope of the interconnection of toll collection portals, aimed at providing the possibility of, on a single platform, consulting, in a transversal and voluntary way, all tolls due and making the respective payment, in relation to the various portals, Ascendi O&M SA, Portvias -Portagem de Vias, SA, ViaLivre, SA and Via Verde Portugal - Gestão de Sistemas Eletrónicos de cobrança, S.A..are jointly responsible for this treatment, in particular, in accordance with the provisions of article 26 no. 1 of the GDPR.
For these purposes, the Data Controllers signed a joint liability agreement in accordance with the provisions of article 26 no. 1 of the GDPR, in which the respective responsibilities were established and the essence of which may be consulted here, under the terms of paragraph 2 of that article.
5. Storage and conservation
If there is no legal conservation period, the data will be stored and preserved only for the minimum period necessary for the purposes that motivated its collection and subsequent treatment, after which they will have the proper treatment, being destroyed or anonymized, unless compliance with legal obligation or court order is at stake.
Ascendi keeps your personal data in systems that are in a safe environment, protected from unauthorized access or misuse. We adopt technical, electronic and organizational measures to guarantee the security of your data and prevent its loss, misuse or improper access.
The systems that handle your data and the respective repositories are the responsibility of Ascendi and are located in European Union countries.
6. Rights of the Personal Data Subjects
Under the provisions of the GDPR, we guarantee the user the exercise of their rights, namely the right of access, rectification, erasure, opposition, as well as the right to limit the processing, data portability, not being subject to automated decisions and the right to representation
To exercise your rights, you can choose one of the following means:
- Submission of form available on the Ascendi Website: https://portal.ascendi.pt/en/apoio-a-clientes -> Processing of Personal Data -> Exercise My Rights option.
- Sending e-mail to the address: RGPD@ascendi.pt;
- Sending a letter to the Ascendi Data Protection Officer: Praça Mouzinho de Albuquerque, 197 4100-360 Porto, Portugal;
- Fill out a form at our store, at the same address.
Ascendi has nominated a Data Protection Officer who can be contacted through the means described above. The data subject also has the right to file a complaint to the National Data Protection Commission, using the contacts provided by this entity for this purpose.
7. Security Measures
Ascendi makes its best efforts to protect users' personal data from unauthorized access. For this purpose, Ascendi implements appropriate, necessary and sufficient logical, physical, organizational and security measures to protect your personal data against destruction, loss, alteration, dissemination, unauthorized access or any other form of accidental or unlawful treatment.
The measures adopted by Ascendi include the implementation of appropriate access controls, in order to ensure the encryption, pseudonymization and anonymization of personal data, whenever possible.
The access to your personal data is only allowed under the terms already described above, always depending on the actual need for your knowledge, and subject to strict contractual confidentiality obligations when treated by third parties.
However, it is the user's responsibility to guarantee and ensure that the computer he/she is using is adequately protected against harmful software, computer viruses and worms. In addition, you should be aware that, without the adoption of adequate security measures (for example, the secure configuration of the navigation program, updated antivirus software, security barrier software and the non-use of software of doubtful origin), the risk of personal data and passwords being accessed by third parties, without authorization to do so, is aggravated.
Although data transmission over the internet or website cannot guarantee total security against intrusions, Ascendi and its service providers provide the best efforts to implement and maintain physical, electronic and procedural security measures designed to protect your personal data in compliance with applicable data protection requirements.
8. Privacy Policy Alterations
Ascendi reserves the right to alter the Privacy Policy in accordance with new legal and/or regulatory requirements, for security reasons or for the purpose of adapting the said policy to the control authority’s instructions regarding data protection.
Any alteration will be immediately posted on this webpage, and we encourage our customers to check from time to time our Privacy Policy so they are up-to-date on how Ascendi protects your information.
If the Privacy Policy alteration has a direct impact on the data subject's consent(s), Ascendi undertakes to request consent to the processing of your data in accordance with the new Privacy Policy..
If there’s any question or concern about how Ascendi processes your personal data, please send us your request for clarification through a proper form on our Ascendi Website: https://portal.ascendi.pt/en/apoio-a-clientes -> Processing of Personal Data -> Exercise My Rights Option.
Last updated date: Novembro 25, 2021
