Scope of Application and Responsibility

APCER provides certification, auditing and training services and is committed to protecting the privacy of the personal information that it collects in its various areas of activity. With the General Data Protection Regulation (EU) coming into effect on 25th May 2018, APCER has strengthened its commitment in this regard.

APCER assumes no responsibility for and provides no guarantees with regard to other websites that can be accessed via a link on APCER’s own website. Moreover, it is the user’s responsibility to take precautions and to ensure that the information they retrieve does not contain any damaging properties.

APCER’s Privacy Policy outlines the relevant points regarding the data which is collected, what it will be used for, how you can view it, etc.

Data collection

Your data will be collected, processed and retained by APCER – ‘Associação Portuguesa de Certificação’, or ‘Portuguese Association of Certification’. APCER’s head office is located at Rua António Bessa Leite, 1430, 1º, 4150-074 – Porto, Tax Identification Number 503 731 765.

When you interact with APCER, your data, including your personal data, is collected. This includes:

• Business procedure
• Information requests and training services registration
• General information requests
• Download guides and other documentation
• Event management (on-site and/or online)
• Recruitment or unsolicited application procedures
• Auditing procedures
• Training initiatives
• Complaint management

Depending on the nature of the interaction and only when necessary, APCER may request some personal information, such as: name, email, address, phone number, Identification Document/Tax Identfication Number, date of birth, sex, nationality, education level, professional status and/or bank/payment details.

Why we collect data

APCER collects and processes your data only when strictly necessary and only when requested for the specified purpose, in accordance with your consent, and for legitimate purposes, such as:

• Providing an appropriate and targeted response to requests for information/proposals;
• Better informing you about relevant issues, only when necessary and in accordance with the nature of your data and preferences;
• Complying with business purposes, particularly statistical data for improving the performance of the various services provided;
• Meeting the requirements of accrediting bodies on which the validity of the certificates of some of the services provided depends, particularly training initiatives;
• Billing services/products, such as training initiatives.

Provided there are no specific legal obligations, the personal data will be processed by APCER only for the period of time needed to achieve the defined aim.

The length of time that your data can be kept for may change significantly whenever public interest archival purposes and historical, scientific or statistical reasons are concerned. APCER is committed to providing appropriate retention and security measures.

Data sharing

APCER may communicate your personal data to third parties, ensuring that they process this personal data solely and exclusively to fulfil the specified purposes.

Where applicable, we will share your information with:

1. APCER group companies, for marketing communication purposes;
2. Regulatory bodies, in order to carry out compliance checks on the activities that APCER provides;
3. Entities with which APCER has an operational partnership, for the purpose of carrying out the activities included in the same.

The Entities referred in the previous paragraphs, may be located outside the European Union. In these cases, APCER will ensure that data transfer take place safely, in compliance with applicable legal rules.

Users’ data may be processed by a reliable service provider contracted by APCER. The service provider will process data exclusively for the purposes outlined by APCER, in strict compliance with the instructions issued and with the legal regulations on the protection of personal data, information security and other applicable regulations.

Data protection rights

You can exercise your rights under the General Data Protection Regulation at any time, including: the access, correction, restriction or deletion of your personal data.

Where the use of your personal data is based on your consent, you have the right to withdraw it without compromising the validity of the data processing which has occurred up to this point.

If you make any type of request in relation to your data, you may be asked to provide proof of identification as the owner of the data for reasons of security and protection.

APCER has appointed a Data Protection Officer who can be contacted by email atThis email address is being protected from spambots. You need JavaScript enabled to view it.

Personal data security

We use a range of technologies and appropriate security procedures to protect your Personal Data against unauthorised access, use or disclosure, as well as access control and database and information system monitoring. We do this via security policies which are in line with information security best practices to ensure appropriate auditing and monitoring and access accountability.

Changes to this Privacy Policy

Where appropriate, this privacy policy will be permanently updated in order to reflect the comments received. When we publish changes to this policy, we will simultaneously amend the respective "date of update".

We recommend periodically reviewing our privacy policy so you can stay informed about how APCER protects your Personal Data and keep up-to-date with information and your rights.

November 22, 2019