This Privacy Policy explains how we collect and process personal data that is necessary for the provision of services that are available through the WEBSITE.

The aim is for these services to be provided in an expeditious and hassle-free manner, describing the practices adopted to this end.

Examples of personal data we collect: name, telephone number, email address.

Identifiable means a person who can be identified, directly or indirectly, in particular by reference to an identification number or other factors specific to his or her physical, physiological, mental, economic, cultural or social identity.

CIGO will use the personal data you provide for the following purposes:

• To analyse and respond to your messages, customer support and requests for information;
• For the operations and management of the WEBSITE;
• To keep track of your contact details;

These personal data processing operations are an essential tool for your satisfaction and for CIGO's activity and are carried out in accordance with the applicable legislation and best practices.

Your personal data will not be reused for other purposes that have not been previously identified or that are unrelated to the purposes for which they were initially collected.

The personal data that CIGO processes has specific grounds, depending on the purposes for which it is used.

In the following table you can see which foundations are in line with the purposes identified above:

The personal data that CIGO collects and processes is only that which is necessary and appropriate for the purposes indicated above.

CIGO will collect and process the following personal data:

We will collect your personal data through the forms on the WEBSITE, but also through the WEBSITE and the communication it makes with your equipment and the e-mail messages you send us.

Your personal data is collected via your device as follows:

• Through your browser;
• Through cookies;
• Through pixel tags and other similar technologies;
• IP address;
• Through your User data.

CIGO undertakes to process your data in accordance with the law and in a legitimate manner.

CIGO will not sell, rent or share your personal data with third parties, except in the cases clearly identified in this Privacy Policy (see Point 12 to understand how).

CIGO's services are not aimed at minors and no personal data of minors is processed intentionally.

Cookies are small information files that help identify your browser and can store information such as user settings and preferences.

CIGO will store cookies on your device to personalise and facilitate browsing as much as possible, but also for troubleshooting, statistics, quality assurance and to monitor system security.

With the exception of cookies specifically necessary for the performance of the website, the storage of other cookies will always depend on the User's acceptance and consent, which may be withdrawn at any time through specific browser tools.

Your personal data is kept secure through the adoption of various technical and organisational security measures that guarantee that only Employees and the processes that must access it have access to personal data, in accordance with the rules created for this purpose.

To protect your personal data we only use data centre providers that offer us adequate and documented security measures, namely guarantees that your personal data is stored on servers that are kept in controlled environments with limited access.

Personal data is kept on secure servers, with adequate security guarantees to protect personal data against unauthorised disclosure, loss, misuse, alteration, processing or access, as well as against any other form of unlawful processing.

Likewise, when you browse the WEBSITE, we protect your data with encryption, such as Transport Layer Security (TLS, a security protocol that protects telecommunications via the Internet). and your password is stored using a one-way hash, i.e. it cannot be retrieved (or disclosed) by anyone, including CIGO, and can only be reset.

Although we take the care and precautions we deem appropriate to protect the personal data you provide and we collect, you should realise that no security system is impenetrable.

You should therefore take certain precautions, such as keeping your password secret and not divulging it to anyone else; if you believe that your password has been misused, you should notify us immediately; you should also take care to log in and log out every time you close your browser.

Your personal data will be kept for as long as necessary for the purposes for which they are intended, as listed in this Privacy Policy. Thus:

If a specific or obligatory period is stipulated by law, this will be the data retention period. In all other cases, personal data will be kept for a maximum of the periods indicated above, periods that CIGO considers to be sufficient to fulfil the purposes.

At the end of the retention period, all personal data collected will be deleted.

Before we explain how you can exercise your rights, you should know what they are. The law gives you the right to ask us to exercise the following rights:

• AccessThe right to obtain confirmation as to whether or not personal data concerning you is being processed and, if so, the right to access your personal data;
• RectificationThe right to obtain the rectification of inaccurate personal data concerning you and to have incomplete personal data completed;
• DeletionThe right to obtain the erasure of your personal data when one of the reasons listed in the legislation applies;
• Limitation of treatmentThe right to obtain restriction of processing if one of the situations listed in the legislation applies;
• OppositionThe right to object at any time to the processing of personal data concerning you;
• PortabilityThe right to receive personal data concerning you in a structured, commonly used and machine-readable format.

You also have the right to lodge a complaint with the competent supervisory authority (in Portugal, the National Data Protection Commission in www.cnpd.pt)

In order to exercise the above rights, you should contact CIGO using the appropriate contact form.

If you ask us to delete some or all of your personal data, some of the services you have requested may not be provided and CIGO will retain the personal data necessary to fulfil the legal obligations to which it is bound.

CIGO may use third parties to provide certain services, in terms of maintenance, technical support, marketing, invoicing or payment management, and these may have access to some of the personal data, namely the data necessary for the contracted purposes.

CIGO ensures that the entities that have access to the data are credible and offer high guarantees of protection, never transmitting data to them beyond what is necessary for the provision of the contracted service, although CIGO remains responsible for the personal data made available.

CIGO may also transmit data to third parties in the context of investigations, enquiries and judicial and/or administrative proceedings or of a similar nature, provided that it is duly ordered to do so by a court order.

The WEBSITE may contain links to other websites which may collect and process your personal data, and this processing is the sole responsibility of the owners of these websites, with CIGO having no responsibility for their policies and/or practices.

In the event that data is transferred to third countries that do not belong to the European Union, CIGO will comply with the legal rules, particularly with regard to the suitability of the country of destination for the protection of personal data and the requirements that apply to such transfers, and personal data will not be transferred to jurisdictions that do not offer guarantees of security and protection.

CIGO thanks you for not sending us or making us aware of any sensitive personal data, i.e. information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic information, biometric information, data relating to health or data relating to a natural person's sex life or sexual orientation.

If you still send us or make known these categories of personal data, they will be deleted immediately.

CIGO reserves the right to readjust or change this Privacy Policy at any time, and these changes will be publicised.

If you have any questions about this Privacy Policy, please contact us in writing at goncalo.carvalho@cigo.pt.

1st November 2021. Queluz, Belas, Portugal.