The purpose of this Policy is to define how data provided by users of the platforms developed by ACIN – iCloud Solutions, Lda, as well as all personal data of employees, is processed and used.

At the organisational level, this Policy represents the commitment of ACIN – iCloud Solutions, Lda leadership to comply with the principles of data processing and rights of the holders, as stated in Reg. (EU) 2016/679, General Data Protection Regulation (hereinafter referred to as “GDPR”), and in Law No. 58/2019, of 8 August, which ensures the implementation of the above-mentioned regulation in the Portuguese context.

The disclosure of personal information, as defined in this Policy, is punishable under Portuguese and European Legislation (GDPR and Law No. 58/2019).

Violations of the provisions may indicate serious offenses (art. 38 of Law No. 58/2019) and very serious offenses (art. 37 of Law No. 58/2019), which, in turn, may result in penalties with fines.

This policy applies to the processing of all personal data of natural persons, being considered as personal data the following:

• “any information, of any nature and independently of the respective support, including sound and image, related to an identified or identifiable natural person”;

• -“(...) information relating to an identified or identifiable natural person («data subject»), given that “(…) an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.” (Article 4, GDPR).

According to article 2 of the GDPR, this Policy applies “(…) to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system” conducted within the Portuguese territory, as well as outside this context (Art. 2, Law No. 58/2019), either by public or private entities.

Data collected by ACIN – iCloud Solutions, Lda is intended to:

• Registration on the platforms by completing the respective forms;

• Implementation of the Contract for use, including the platform use, invoicing, satisfaction questionnaires, and communication with customers;

• Statistical analysis;

• Processing information/support requests and complaints;

• Marketing, through newsletters on promotional campaigns or new functionalities;

• Call-back in the framework of the “Need help?” functionality.

The processing of the information collected is intended to ensure the highest levels of excellence in customer services and to continuously improve the ability to meet his/her needs.

The data collected through website forms is intended for the processing of user requests and will not be used for any other processing. If you do not allow the processing of your data, we will not be able to accept your registration.

Telephone calls made with ACIN – iCloud Solutions, Lda may be recorded for quality monitoring purposes. The data collected will be treated confidentially and stored for a maximum period of 90 days, unless otherwise legally required.

Access to these recordings is restricted to authorized personnel and only for the purposes mentioned.

Personal data will be retained only for the period necessary for the purposes for which it was collected, as described in this policy. After this period, the data will be deleted or anonymized, unless its retention is required by legal obligations.

The Director of Compliance (DC) and the Data Protection Officer (DPO) are responsible for the definition and implementation of this Policy.

The Data Protection Officer (DPO) ensures, among other aspects, compliance of data processing with the legislation in force and verification of compliance with this Data Protection Policy.

All ACIN – iCloud Solutions, Lda employees are responsible for complying with the defined rules and for reporting to the Director of Compliance and the DPO any irregularities or violations of this Policy and of data protection.

It is also the responsibility of the DPO to collaborate with the National Commission for Data Protection (Comissão Nacional de Proteção de Dados, [CNPD]) “(…) at its request, in the pursuit of its duties.”, mainly on issues related to the processing of information that the company has in its possession and that is considered sensitive.

ACIN – iCloud Solutions, Lda collects personal data of customers through:

• Completion of ACIN – iCloud Solutions, Lda service registration forms on the respective websites;

• Completion of forms/templates, regarding requests of contacts, support services, on ACIN – iCloud Solutions, Lda services websites; demonstration requests;

• Filing a complaint via email or telephone;

• Communications via email, telephone or platform;

• Through the online “Do you need help?” of the platforms.

ACIN – iCloud Solutions, Lda assumes that the data collected was submitted or made available by its respective holder and that its inclusion was authorised by him/her, being considered as true and accurate.

Holders of personal data shall be informed if the collection thereof constitutes a legal or a contractual obligation, or a necessary requirement to conclude a contract, as well as whether the holder is committed to provide personal data and the consequences of not providing that data.

It should also be highlighted that only data strictly necessary for the provision of the services concerned will be collected and requested according to the explicit information on the platform and the users options.

ACIN – iCloud Solutions, Lda may collect and enter personal data of customers in automated database with the aim to conduct activities included within the scope of its collection and processing.

Personal data will be stored only during the period of time required for the purposes that motivated its collection or its subsequent processing, ensuring the compliance with all legal provisions applicable to archives.

In accordance with the legislation in force, including the General Data Protection Regulation (GDPR), the data holder is guaranteed the right to:

• Access to their personal data;

• Update or rectification;

• Erasure ("right to be forgotten");

• Restriction of processing;

• Data portability;

• Opposition to processing, including for direct marketing purposes.

To exercise these rights, the data holder must submit a request through the contacts indicated on the websites of the various ACIN – iCloud Solutions, Lda platforms, or directly contact the Data Protection Officer via email.

If you consider that your data is not being processed in accordance with the applicable legislation, you have the right to file a complaint with the CNPD.

To exercise your rights, you may contact us:

By e-mail: dpo@acin.pt; dpo@acin.pt
By postal service: to our headquarters, at Estrada Regional 104, nº42-A, 9350-203 Ribeira Brava, Madeira.

ACIN – iCloud Solutions, Lda adopts all technical and organisational measures required to protect the personal data entrusted to it, in accordance with Art. 35 of the Constitution of the Portuguese Republic, the General Data Protection Regulation 2016/679, of 27/04/2016 and with the implementation of this regulation in the Portuguese territory, through Law No. 58/2019, of 8 August.

• By giving access to all employees and users of the platforms to personal data, in order to allow its rectification and updating, and providing information of the purpose of the data;

• By signing confidentiality agreements with their employees, customers and suppliers;

• Data holders have the right to: access their data; request the rectification of data; erasure of data; restriction of processing; data portability; object. However, these rights may be limited in accordance with Article 23 of the GDPR, in particular as regards: State security; defence; public security; inspections by supervisory authorities; protection of data subjects or others; civil proceedings;

• The purpose of data collection and processing is informed upon consent. Therefore, collected data is used for contractual purposes agreed with the customer, and for the delivery of newsletters or promotions exclusively about the platforms marketed by ACIN – iCloud Solutions, Lda, when previously authorised by customers;

• ACIN - iCloud Solutions, Lda regularly informs its customers and business partners about products/services it markets, or about any other information deemed relevant through the delivery of newsletters. Newsletter can only be received by the data subject if he/she has a valid e-mail address and if has subscribed or provided consent;

  There will be no transfer of personal data collected through the newsletter service to third parties. The subscription to newsletters can be cancelled by the data holder at any time. Consent for the storage of personal data previously provided by the data holder for the delivery of newsletter can also be revoked at any time. The corresponding address to revoke the consent or to cancel the subscription can be found in each newsletter;

• Users of ACIN – iCloud Solutions, Lda platforms are responsible for maintaining access and codes in a personal and non-transferable manner, in order to avoid unintended access by third parties. ACIN – iCloud Solutions, Lda must be immediately informed in case of any unlawful behaviour or access violation involving your customer session;

• The full content of our systems is owned by ACIN – iCloud Solutions, Lda, which holds the copyright and industrial property rights over the same, with the exception of contents provided by advertisers or business partners who are identified as such.

ACIN – iCloud Solutions, Lda undertakes to take appropriate security measures against destruction, loss, modification, accidental or unauthorized access or diffusion, namely through:

• Periodic system security testing;

• Use of information encryption mechanisms, both in its storage and its transmission, based on secure protocols and algorithms (TLS and SHA256);

• Personal or confidential data collection forms require the use of encrypted connections;

• Adoption of physical and logical security measures that we believe are essential for the protection of personal data of our customers, at the level of the physical infrastructure provided by the DataCenter used to store the information managed by ACIN – iCloud Solutions, Lda systems.

ACIN – iCloud Solutions, Lda cannot be held liable for any wrongful act that cannot be prevented and/or foreseen.

In the event of a security failure, the ACIN – iCloud Solutions, Lda leadership, together with the DPO and the Compliance Director, will inform the national supervisory authority (Article 51 GDPR) and will request support from this authority to minimize the damages arising from the breach.

ACIN – iCloud Solutions, Lda may transmit your personal data to third parties, provided that:

• It has the unequivocal consent of users;

• As the result of the compliance with a legal obligation, or by a decision of the National Commission for Data Protection (Comissão Nacional de Proteção de Dados [CNPD]), or a court order;

• It is required for the protection of vital interests of users or any other legitimate purpose provided by the legislation;

• In this case, the user will be duly informed, giving him/her the identity of the recipients and the purpose of the processing of the transferred data.

Only duly authorised users, defined in accordance with the principles of need to know and least privileges, will be able to access the resources and information available in the applications managed or developed by ACIN – iCloud Solutions, Lda.

The user is only authorised to use the contents of our application solely and exclusively for the intended purposes, and it is expressly prohibited to reproduce, publish, publicly disclose, distribute or, by any means, make the contents accessible to third parties, for purposes of public communication or marketing, being further prohibited to make any alteration to the contents.

It is expressly forbidden to the user to create or introduce in our application any type of virus or programs that may damage or contaminate it, or advise third parties to do so.

ACIN – iCloud Solutions, Lda ensures the deletion of data, once it is no longer required in legal, financial and accounting terms.

We use cookies and similar technologies to analyze user behavior, manage our platforms, and personalize your experience. As part of our commitment to privacy, we have implemented Consent Mode v2 (Google Consent Mode), which ensures that our measurement and advertising tools respect your choices dynamically.

A cookie is a small text file stored on your device. Cookies help websites function and provide information to site owners. You can control or disable cookies in your browser settings, although disabling them may limit the use of certain features of our platforms.

We use cookies for the following purposes:

• Essential cookies – They are essential for the website to function (e.g., login, security). These cookies do not collect personal information for marketing purposes and cannot be disabled.

• Functionality cookies – They allow the site to remember your choices (such as your name or email in forms) for a more personalized experience.

• Analytics Cookies (analytics_storage) : Used to monitor the performance of our platforms and understand how visitors interact with content. This data is processed in aggregate form.

• Advertising Storage (ad_storage): Supports the storage of information for advertising purposes.

  User Data (ad_user_data): Defines consent for sending user data related to advertising to Google.

  Personalized Advertising (ad_personalization): Defines consent for displaying personalized ads (e.g., remarketing).

• Session cookies - These are temporary and remain in your internet browser cookies until you leave the website. The information obtained allows us to identify problems and provide a better browsing experience.

Whenever a user denies consent for analytics or advertising cookies, ACIN tags adjust their behavior. In these cases, Google may use cookieless pings for modeling purposes, which do not store information on your device but allow us to maintain basic performance measurements anonymously and securely.

We use Google Analytics to measure traffic on our site. Google has its own Privacy Policy. If you do not want your visits to websites to be detected by Google Analytics, go to http://tools.google.com/dlpage/gaoptout .

For statistical purposes, our newsletters may contain a single "pixel" that allows us to know if they are opened and check clicks on links or ads within the newsletter. The user always has the option to disable newsletter delivery in their personal area or in the newsletter itself. Cookies can be managed or deleted through your browser settings or by visiting https://www.allaboutcookies.org .

ACIN collects information from devices where our services are installed, according to the permissions granted. In compliance with Consent Mode v2, our applications respect user privacy decisions regarding the collection of identifiers for analytical and advertising purposes.

The use of our applications implies acceptance of this collection based on granular consent. If consent for advertising purposes is denied, the application will continue to function, but usage data will be processed anonymously for statistical purposes.

Permission	Description	Platform
Access phone camera	This permission may be used to take photos or read barcodes.	iGEST, iParque, iMED, GTS, iDOK, Agromarket
Read phone status and identification	In the iGEST application, this permission may be used to access the telephone unique identifier (IMEI), which is presented in the application settings, as well as to communicate the operating system version and the percentage of the battery for assistance on the technical support provided by our services. In the iDOK application we use devideID for real-time notifications.	iGEST, iDOK
Search and use account on the device	This permission may be used to send real-time messages to the users of the iParque and iDOK applications. It can also be used to enable the automatic “login" whenever the application is opened. Only applies to the iParque application.	iParque, iDOK, Agromarket
Access the geographic location of the mobile	This permission may be used to automatically detect the Street where the driver is located in order to start the Parking easier and faster and, in omeutáxi, to identify the location of the device and locate Bluetooth devices.	iParque, omeutáxi
Bluetooth	This permission allows all Bluetooth communications, such as a connection request, accept a connection and data transfer.	iGEST, omeutáxi
Internet	This permission allows the connection with the mobile application server.	iGEST, iParque, iMED, GTS, iDOK, omeutáxi, Agromarket
USB	This permission allows the connection of external peripherals.	iGEST

When the user makes a purchase on our ACIN – iCloud Solutions, Lda platforms, the information that is strictly necessary for the payment is collected. This information is transmitted to our PayPay payment gateway PayPay to proceed with the collection of the payment before the bank.

Field	Mandatory
User first name;	Mandatory for card payments
User last name;	Mandatory for card payments
User email;	Mandatory for card payments
User mobile phone number;	Mandatory for MB WAY payment method
Invoicing address.	Mandatory for card payments

We reserve the right to update and amend our policy at any time, being our responsibility to inform customers of changes that alter the consent previously agreed, being at their discretion the continuity of the contract.

If substantial changes are made to this policy, customers will be notified by e-mail or through a notice on our website.

The use of this system implies your consent and acceptance of the terms of our Privacy Policy. In the event of any dispute related to the terms and conditions of use, the Portuguese law will be applicable.

The collection and processing of personal data shall be carried out in accordance with the legislation applicable and in force, and in line with the guidelines of the National Commission for Data Protection (Comissão Nacional de Proteção de Dados, [CNPD]).

Any issue regarding the collection and processing of data of ACIN – iCloud Solutions, Lda customers will be governed by the legislation in force.

To learn more about how ACIN – iCloud Solutions, Lda platforms process your personal data, or to clarify any question, submit a complaint or a comment about this Privacy Policy, please contact us through the contact mentioned below.

ACIN - iCloud Solutions, Lda is the entity responsible for collecting and processing your personal data for the purposes referred to in this privacy policy.

Headquarters: Estrada Regional 104, nº42-A, 9350-203 Ribeira Brava, Madeira
Tel: +351 707 451 451
Tel (international): +351 291 957 888
Fax: 291 957 171 Email: dpo@acin.pt dpo@acin.pt

Note: in and outbound calls are recorded upon prior information to the holder of personal data and with his/her consent as per the regulations of the National Commission for Data Protection defining the principles applicable to the processing of call recording data (Resolution No. 1039/2017).

This Privacy and Data Protection Policy is available online, in three languages:

• https://acin.pt/politica-privacidade (Portuguese)

• https://acin.pt/es/politica-privacidade (Spanish)

• https://acin.pt/en/politica-privacidade (English)

Personal data collected may be transferred to countries outside the European Economic Area (EEA). In such cases, ACIN – iCloud Solutions, Lda will ensure that such transfers are carried out in compliance with the GDPR, namely through the use of standard contractual clauses approved by the European Commission.

This privacy policy is reviewed at least once a year or whenever necessary to ensure its relevance and applicability.

ACIN – iCloud Solutions, Lda reserves the right to amend this policy at any time. Changes will be duly communicated through our website.