Introduction

Welcome to Log-U's Privacy Policy. Your privacy is critically important to us. This policy explains how we collect, use, and disclose your personal information, and your rights regarding this information.

About Us

Alfarroba Technologies, Lda. is an Information Technology consultancy that supports organisations to find the right technological solution to catalyze their growth. We bring engineering and technology best practices to global consulting projects. Headquartered at Rua Nossa Senhora de Fátima 5, Casais, 8550-240 Monchique, registered at the Commercial Registry Office of Lisbon, under the registration number and legal person 518163334, Alfarroba Technologies, Lda., within the scope of its consulting and engineering services, needs to collect and process personal data from candidates, employees, customers, suppliers and third parties. Being the protection of the privacy and personal data of all those who interact with Alfarroba Technologies, Lda. A concern and priority for us, this Privacy and Data Protection Policy has been drawn up accordingly. In this way, it is possible to convey in a clear and transparent way the good practices regarding this process. Any and all personal data provided will be treated with the guarantee of security and confidentiality required by the legal framework with regard to the protection of personal data.

Framing

This policy describes a set of guidelines, rules and principles that must be observed by Alfarroba Technologies, Lda. to ensure the protection of the rights of data subjects. Alfarroba Technologies, Lda. undertakes to comply with this policy in accordance with the obligations of Regulation 2016/679/EU of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "GDPR"). In this sense, Alfarroba Technologies, Lda., seeks to ensure that its internal procedures are in compliance with the legal obligations of the GDPR and that the personal data of its employees, customers, suppliers or service providers and any other data subjects whose personal data Alfarroba Technologies, Lda., in the exercise of their activity, are treated in accordance with the regulatory and legal standards in force and kept safe.

Data controller

Alfarroba Technologies, Lda., headquartered at Rua Nossa Senhora de Fátima 5, Casais, 8550-240 Monchique, registered at the Commercial Registry Office of Lisbon, under the registration number and legal person 518163334, is the entity responsible for the processing of personal data, undertaking to apply the necessary technical and organisational measures, taking into account all aspects that may influence compliance with the General Data Protection Regulation (hereinafter referred to as "GDPR"), to safeguard the Fundamental Rights of Data Subjects. We keep a record of the nature, scope, context and purposes of the processing of the data collected, which allows us to ensure and prove that the processing is carried out in order to guarantee the full Protection of the Data Subjects as a commitment that attests to our responsibility.

Contacts:

• Postal address: Rua Nossa Senhora de Fátima 5, Casais, 8550-240 Monchique
• Telephone Contact: 919 77 00 55
• Email: admin@log-u.com

Application and Scope

This Privacy Policy also applies to the respective employees, subcontractors, co-managers, suppliers, customers, users of this website, trainees and candidates who operate in the Universe of this company.

Your Personal Data

What is personal data?
Personal Data is information relating to an identified or identifiable natural person (Data Subject), excluding data relating to legal persons. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, etc. Any specific element of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

What Data Do We Need to Collect?

The personal data collected are strictly necessary and are limited to the purposes for which they are intended, which are determined, explicit, legitimate and kept for the strict period of time in which they may be necessary for their purpose. Personal data must be lawful, fair and transparent in relation to the data subject. For the fulfillment of the business activity and as responsible for the collection, Alfarroba Technologies, Lda. needs to collect and process the following data:

• Full name
• Email address
• Telephone number
• Address
• Tax Identification Number (NIF)
• Citizen Card or Passport Data
• Bank details for billing and payment purposes

Data Category

Candidate Data – Recruitment:
Name; date of birth or age; sex; nationality/citizenship/place of birth; residence address; telephone and fax number; e-mail address, mother tongue; data and copy of identification document; immigration status (in case you need a work permit); academic qualifications; academic record; professional history; photography; marital status; household and data on any dependents.

Candidate Data - Contract Process (Admission):
Name; date of birth or age; sex; nationality/citizenship/place of birth; residence address; telephone and fax number; e-mail address, mother tongue; data and copy of identification document (citizen card or passport), including social security number (or equivalent in your country) and NIF; details and copy of your driving licence and/or other proof of address; financial information (country of bank domiciliation, account holder, domiciliation (name of bank), IBAN, BIC (or SWIFT)); other tax information; immigration status (in case you need a work permit); academic qualifications, proof of qualifications, academic record; professional history, photograph, emergency contacts; marital status, household and data on any dependents.

Customer Data - Contractual Process:
Name, telephone number, and email address of employees of the client company.

Supplier Data - Contractual Process:
Name, telephone number and e-mail address of employees of the client company, as well as financial information (country of bank domiciliation, account holder, domiciliation (name of the bank), IBAN, BIC (or SWIFT)).

Data of External Trainees:
Full name; residence address; E-mail address; employment telephone number; number and validity of the Citizen Card; NIF; nationality; naturalness; Date of birth.

Site User Data:
Cookies collect generic information, namely: i) IP address; ii) the date, time, duration and frequency with which you access the website; iii) the way in which you arrive at and use the website; ii) information related to your preferences; iii) the area of the country through which you access the website.

What is the purpose of the processing?

Candidate Data – Recruitment:

• To frame the candidate in the respective business opportunities;
• Conducting interviews;
• Refer the candidate to customer qualification;
• Presentation of pre-proposal.

Employee Data:

• Human resources management; Personnel selection and recruitment;
• Processing of remuneration, benefits and allowances, including attachment of salaries and reimbursement of expenses;
• Occupational health and safety;
• Management of disciplinary sanctions;
• Professional training;
• Schedule / attendance control.

Customer Data:
The data collected from our Clients is quite limited, and the main reason for this collection is to ensure that the contractual provisions established are properly applied, so that the relationship unfolds without constraints. The use of this data is based on the main purposes:

• To provide a consulting service;
• If the service we provide to you is carried out in association with one of our partners, we will have to share your data in order to provide you with the best possible service;
• Provide training services.

Supplier Data:
We only use the data to ensure that the contractual provisions comply with legal obligations, that our relationship and communication runs smoothly and to ensure that payments are processed.

Site User Data:

• Improve the experience of using our website.

What is the Legal Purpose of the Processing?

The purposes of processing personal data are determined by the execution of various types of formalized legal contracts necessary to carry out all the company's activities. These include:

• The execution of service contracts with our customers;
• Employment contracts with our employees;
• Management of internal processes of customers and employees;
• Accounting, tax, and administrative management;
• Litigation management;
• Control of physical security and compliance with legal obligations.

Under the GDPR, processing is legitimized by the following legal grounds:

1. Execution of contracts or pre-contractual steps: Processing is necessary for concluding, executing, or managing contracts to which the data subject is a party, or at their request.
2. Compliance with Legal Obligation: For fulfilling legal obligations to which the company is subject (e.g., tax reporting).
3. Pursuit of Legitimate Interest: Such as ensuring safety, improving service quality, or promoting transparency in Social Responsibility. Alfarroba Technologies, Lda. performs a documented balancing test to validate the legitimacy of such processing.
4. Consent: When the above legal bases do not apply, consent will be requested. Consent must be freely given, specific, informed, and unambiguous. It may be withdrawn at any time by contacting admin@log-u.com.

Personal data will be processed and stored only for the purposes defined and for the legally necessary minimum period.

To Whom Can We Disclose the Data?

Alfarroba Technologies, Lda. may disclose personal data to fulfill the purposes outlined in this policy, within its internal network. Data may also be disclosed to:

• Entities required for the execution of services or legal obligations (e.g., tax authorities, salary processing);
• Official entities whenever legally required;
• Subcontractors such as auditors and service providers.

All third-party processing adheres to the following GDPR-aligned principles:

• Lawful, fair, and transparent processing;
• Specific, legitimate purposes without incompatible secondary uses;
• Data minimization — only necessary data is collected;
• Accuracy and data integrity maintained;
• Protection against unauthorized or illegal processing, destruction, or loss through technical and organizational safeguards;
• Data retention only as long as strictly necessary.

How We Design New Products

During the design of new products, Alfarroba Technologies, Lda. ensures that privacy is integrated from the outset. Advanced technical and organizational measures are embedded in the design phase, based on a risk-based approach to ensure the protection of rights and freedoms of individuals.
This approach aligns with GDPR's “Privacy by Design” principle, ensuring data protection throughout the lifecycle of the product and any processing activities.

What is the Data Retention Period?

Data is retained for:

• The period necessary for the purposes for which they were collected and processed;
• A maximum of 5 years for personnel selection and recruitment data;
• Longer periods where required by applicable legal obligations.

Your Rights

Data subject rights

The Holder of the personal data has the following rights, which they can exercise easily and free of charge, through the following email: admin@log-u.com.
Only in the case of manifestly unfounded or excessive requests may a fee be charged for the exercise of these rights (pursuant to Article 15(3) GDPR).

Right of access

The data subject has the right to question whether or not the data is processed and, if so, the right to access his or her personal data and to be provided with the following information:

1. Purpose of processing;
2. Categories of data to be processed;
3. Recipients to whom the data will be disclosed;
4. Expected retention periods or, if this is not possible, the criteria used to set that period;
5. Existence of the right to request rectification, erasure, restriction of processing or opposition to processing;
6. Security and destination measures related to the transfer of data to third countries;
7. Right to lodge a complaint with the supervisory authority.

The data subject also has the right to obtain a copy of the personal data that is being processed.

Right to rectification

The data subject has the right to request and obtain the rectification of inaccurate data and to request that incomplete personal data be completed without undue delay.

Right to erasure/to be forgotten

The data subject has the right to request the erasure of his or her personal data, without undue delay, whenever they are no longer necessary for the purpose for which they were collected or processed. You can also decide to withdraw your consent to the processing of your personal data whenever you want to exercise the right to object to it.

There are some exceptions to this right, such as if they are against the exercise of freedom of expression and information, if they are necessary for the fulfillment of legal obligations, if they are necessary for reasons of public interest or public health, if they are necessary for archival issues of public interest, scientific or historical research, for statistical purposes or the exercise or defense of rights in judicial proceedings. In these cases, the data subject must be informed of the reason why it is not possible to respond to his or her request.

Right to restriction of processing

The data subject has the right to restrict/restrict the processing of his or her personal data whenever one of the following situations occurs:

1. If the data is inaccurate and contested during the period for which it is possible to verify its accuracy;
2. If the processing is unlawful, but the data subject objects to the end of the processing and only wants the limitation of its use;
3. If the controller no longer needs the data for processing, but such data is required by the data subject for the purposes of establishing, exercising or defending legal claims;
4. If at any time you have objected to the respective processing and it has not ceased (i) for compelling and legitimate reasons presented to the controller or (ii) for the establishment, exercise or defence of legal claims.

In the situations listed above, the suspension of processing or the limitation of the scope of processing to certain categories of data (e.g. only provision of full name and address) or even to specific processing purposes may be requested.

Direct to notification

Whenever the rectification, deletion or limitation of data processing is requested by the respective data subject, the controller informs the data subject that it has proceeded in accordance with the request, unless such communication proves impossible or involves a disproportionate effort. If the data subject so requests, the controller will provide him with information about these recipients.

Right to data portability

The data subject has the right to receive personal data concerning him/her in a structured, commonly used and machine-readable format without Alfarroba Technologies, Lda. may object pursuant to Article 20(1) of the GDPR:

• if the processing is based on a contract;
• the data subject has given consent;
• the processing is carried out by automated means.

How can I exercise my rights?

To exercise any of these rights or for any questions regarding the processing of their personal data, the holder of the same must address a request to the person responsible for the entity, through the email address admin@log-u.com.

Although these rights are explained to the holder when collecting the respective personal data, in case of doubts he may contact the responsible person through the e-mail admin@log-u.com.

Responsibilities

How Do We Protect Your Data?

Alfarroba Technologies, Lda. has been working to maintain and preserve personal data with a high level of security. In obedience to the principle of security, secrecy and privacy, we guarantee the processing of your data only by authorized persons, only accessing and processing your data who has the legitimacy to do so, always doing so in an absolutely confidential manner. The "need-to-know" principle was adopted, where employees can only have access to personal data if it is strictly necessary for the performance of their duties. Processing outside this scope is considered prohibited and subject to disciplinary sanctions, in accordance with our internal security and confidentiality policies and procedures, which are periodically updated as needed.

Depending on the nature, scope, context and purposes of the data processing, as well as the risks arising from the processing for the rights and freedoms of the data subject, we apply, both at the time of defining the means of processing and at the time of the processing itself, the technical and organisational measures necessary and appropriate for data protection.

Employees are not permitted to use personal data for private or economic purposes, transmit it to unauthorized third parties and/or otherwise allow access.

Alfarroba Technologies, Lda. It also undertakes to ensure that, by default, only data that is relevant, necessary and appropriate for each specific purpose of the processing will be processed and that such data is not made available without human intervention to an indeterminate number of people.

Although it is not foreseen, if the transfer of personal data to countries outside the European Union is carried out, the applicable legal provisions will be observed, namely regarding the determination of the adequacy of such country with regard to data protection and the requirements applicable to such transfers.

Security measures were also defined that range from good practices to the prevention of external threats. These are described in the security policy. If you wish to have access to it, you can request its sending via email admin@log-u.com.

Personal Data Breach

A personal data breach is considered to be any act that jeopardizes their security, accidentally or unlawfully, and that causes the destruction, loss, alteration, disclosure or unauthorized access to personal data transmitted, stored or subject to any other type of processing.

We reiterate that Alfarroba Technologies, Lda. It has been working to maintain and preserve personal data with a high level of security, having technical staff solely for this mission in the company. However, there may always be small deviations from the forecast. If any of our candidates, employees, customers, subcontractors, or even third parties detects or suspects a possible data breach, they should immediately send an email to admin@log-u.com, indicating what happened, as well as identifying the data that may be at stake. In this way, the responsible department will be able to act quickly and appropriately in accordance with the standards set out in the GDPR.

In the event of a data breach and to the extent that such a breach is likely to entail a high risk to the rights and freedoms of customers, employees and other employees and/or partners, Alfarroba Technologies, Lda. undertake to report such breach to the National Data Protection Commission, within 72 hours of becoming aware of the incident and to the holders of personal data whenever such breach is likely to entail a high risk to their rights.

Complaint to the supervisory authorities

Notwithstanding the existence of the commitment of Alfarroba Technologies, Lda. to solve any type of situation. The Data Subject has the right to file a complaint with the competent Authorities (CNPD) if any of the rights are denied.

From the competent Authority:
National Data Protection Commission
Of. D. Carlos I, 134 - 1.º
1200-651 Lisbon / Portugal
Tel: +351 213928400 / Fax: +351 213976832
www.cnpd.pt

Changes to the privacy policy

Alfarroba Technologies, Lda. reserves the right to change this Privacy Policy at any time, and such change will be duly published here. In any case, we suggest that you review this Policy regularly so that, if changes occur or updates are made, you can always be properly informed about them.

Applicable Law and Venue

The privacy policy, as well as the collection, processing or transmission of data from customers, employees and partners, are governed by the provisions of Regulation (EU) 2016/679, of the European Parliament and of the Council, of 27 April 2016, and by the legislation and regulations applicable in Portugal, namely Law No. 58/2019, of 8 August. Any Disputes arising from the validity, interpretation or execution of the Privacy Policy, or that are related to the collection, processing or transmission of the Client's data, must be submitted exclusively to the jurisdiction of the judicial courts of the District of Lisbon, without prejudice to the applicable mandatory legal rules.

Contact

If you have any questions, wish to exercise your rights, suggestions or complaints regarding Data Protection and this Privacy Policy, you can contact us at our email address: admin@log-u.com.