Our company logo Step Ahead Consulting

Privacy policy

 

This website is owned by Step Ahead Consulting, S.A.
The purpose of this policy is to provide all data subjects visiting our website or
who, by any digital means, provide us with information, with the necessary knowledge about our management of their personal data. This Privacy Policy applies solely to the personal data for which Step Ahead Consulting is responsible for collecting and processing.

Our commitment

The protection of privacy and personal data is a fundamental commitment of Step Ahead Consulting. Personal data is not owned by companies but by individuals,
. To safeguard them, while increasing value for the data subject and offering increasingly efficient, convenient and reliable software user experiences, Step Ahead
Consulting complies with all legal requirements in this regard, namely the provisions of Law No. 67/98
of 26 October, the Personal Data Protection Law, and Regulation (EU) 2016/679 of the European Parliament
and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data
. Your privacy is an essential part of the services we provide and we thank you for your trust in providing us with your personal data.

Entity responsible for processing and Data Protection Officer

Step Ahead Consulting, S.A. is the entity responsible for the collection and processing of personal data and
decides what data is collected, the means of processing and the purposes for which it is used. Step
Ahead Consulting is committed to:

  • Process your personal data lawfully and fairly, collecting only the
    information necessary and relevant to the purpose for which it is intended
  • To allow you, as a data subject, access and correction of the information that concerns you, transmitting it in clear language and strictly corresponding to the content of the register;
  • Not to use the data collected for a purpose incompatible with that of collection;
  • Keep data accurate and, if necessary, current;
  • Ensure the consent of the data subject under the terms of the legislation in contract;
  • Guarantee the right to erase data in accordance with the legislation in contract;
  • Respect professional secrecy with regard to the data processed;
  • Limit interconnections of personal data to minimum;
  • Have the appropriate protection and security measures in place to prevent unauthorised consultation, modification, destruction or addition of the data.

 

The Data Protection Officer (DPO) ensures, among other things,

data processing in accordance with the legislation in force, verifying
compliance with this Privacy Policy. The DPO also cooperates with the supervisory authority and
provides information and advice to the controller about their obligations under the
privacy and data protection.


Personal data, personal data subjects and categories of personal data

1. What is personal data?

Personal data means any information, of any nature and regardless of its support, concerning an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural or social identity.

2. Who are the data subjects?

The Client, Partner, Employee, or natural person to whom the data relates and who uses the services or products of Step Ahead Consulting.
The Prospective Client, Contact or Visitor, as a natural person, to whom the data relates.

3. What categories of personal data do we collect, how do we collect them and how do we process them? 

  • Step Ahead Consulting may collect, store and use the following types of personal data:
    Information for the purpose of registering in the general communication database. The data,
    requested and collected by completing an online registration form, from
    in accordance with the protection and security measures implemented by Step Ahead Consulting,
    such as: name, title, telephone, email;
  • Any other information that you, as a data subject, choose to provide, e.g.
    in the course of support and technical assistance actions or during participation in events or
    training actions. The personal data provided may include, but is not limited to:
  • Contact details; professional data; demographic data;
  • Information on technology preferences, management methodologies and software that
    uses in your organisation;
  • Data relating to the purchase and use of the products and services provided by Step
    Ahead Consulting, in the organisation where you work.

The provision of incorrect or inaccurate data is your sole responsibility, as
data owner. If you wish to correct any of this data, you can do so directly through
email: rgpd@stepahead.pt.


Basis, Purposes and Duration of the Processing of Personal Data

1. On what basis may we process your personal data?

The processing of personal data is lawful only if and to the extent that at least one of
the following situations exists:

Consent: When you, as a data subject, have given us your express consent,
in writing, orally or by validating an option, and in advance and if such consent is
freely given, informed, specific and unambiguous to the processing of your personal data for one or more specific purposes. Where reasonably possible or required by applicable law, we will obtain
your consent before collecting or using your personal data.

Compliance with contractual obligations and pre-contractual steps: Where the processing of
personal data is necessary for the performance of contractual obligations to which the data subject is a party, or for pre-contractual steps at the request of the data subject, such as
for the preparation of a proposal for products and/or services.

Compliance with legal obligations: When the processing of personal data is necessary to
fulfill a legal obligation to which Step Ahead Consulting is subject, such as
communication of identification data to law enforcement, judicial, tax or regulatory bodies.
Defense of vital interests of the data subject or of another natural person: In case the
data subject is physically or legally incapable of giving consent.

Performance of a task carried out in the public interest: where processing is necessary for the performance of
a task carried out in the public interest or in the exercise of official authority vested in the controller
.

2. For what purposes do we process your personal data?

The personal data collected is intended for the management and assessment of needs, interests and
expectations, for information and/or marketing activities, as well as for inclusion in the
general communication database and for responding to questions, suggestions or complaints.
Step Ahead Consulting safeguards that some of the personal data collected, namely for
purposes of registration for one of our events is mandatory and, therefore, in the event of
lack or insufficiency of such data, Step Ahead Consulting may not accept the registration.

Step Ahead Consulting may also use your personal data collected to:

  • Providing enhanced offers and experiences;
  • Sending you information, in particular about updates or changes to our products and
    services, changes to Step Ahead Consulting's terms, conditions and policies or from
    commercial communication.

3. For how long do we process your personal data?

Where there is no specific legal obligation, personal data is processed by Step Ahead Consulting only for the period of time necessary to fulfil the defined purpose.

Rights of the data subject
Under the terms of the applicable legislation, as a data subject, you have the right to access the data concerning you
and to request that it be rectified or added to by contacting Step
Ahead Consulting, by email to the Information Security and Privacy Committee: rgpd@stepahead.pt.

You may also, as the data subject, at any time object to the processing of the same
under the terms of the legislation in force.


Protective measures

Step Ahead Consulting has in place appropriate, necessary and sufficient logical, physical, organisational and security measures
to protect personal data, including:

  • Firewall and intrusion detection system;
  • Means of protecting data by design ("privacy by design") and also a set of
    privacy by default measures;
  • Audit and control mechanisms and procedures to ensure compliance with
    security policies;
  • All employees are covered by a confidentiality agreement or subject to
    confidentiality rules, within the scope of their working relationship with Step Ahead Consulting,
    regarding the data to which they have access within the scope of the operations of the respective computer database
    , being duly informed of the importance of complying with this legal duty of
    secrecy and being responsible for compliance with this confidentiality obligation.


Changes

Step Ahead Consulting reserves the right to amend this policy from time to time. The date of the last
modification is set out at the end of this document. If we make changes to this policy and how
we use data subject's personal data, we will provide an updated version of this policy
by posting it on the website.


Date of last update: 01/03/2022.