1. Privacy statement
1.1. Application
This Privacy Policy applies to the Website and establishes iCognitus’ policy regarding the collection and processing of any information capable of being identified or associated with an institution (“Institutional Information”) or personal data of natural persons (“Personal Data”).
iCognitus is fully aware of its responsibility in the collection and processing, with care, of the Institutional Information and, in particular, of the Personal Data entrusted to it, keeping it secure, ensuring total privacy, confidentiality, and integrity of the same, all-in scrupulous compliance with the law.
Also explained herein are the rights that Data Subjects are entitled to under (i) the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), (ii) any Portuguese legislation that directly regulates, implement and apply the GDPR and other regulations and/or directives concerning data protection and privacy, and (iii) any judicial or administrative interpretation, recommendation, regulation, code of conduct, code of practice, standard contractual clauses or certification mechanism approved and published by a Supervisory Authority, as applicable, is in force and in accordance with any subsequent amendments and/or replacements.
1.2. Institutional Information
The Institutional Information collected regarding institutions is intended to create a centralised management area for the Contents of a specific institution, which is represented on the Website by an Organiser. This information is as follows: Name of the Responsible Person, Proof of Address of the Responsible Person, Identification Number of the Responsible Person, International Bank Account Number, BIC/SWIFT, Name of the Bank Account Holder, Document that proves the constitution of the institution or company.
The Institutional Information collected is intended to validate the existence of an institution or company in order to allow the integration with other features, beyond those of the Website, which depend on entities external to iCognitus.
The Institutional Information is stored by the Website and is transmitted to entities external to iCognitus for the purposes for which it is collected, in an encrypted and secure manner. iCognitus only transmits Institutional Information to entities certified by reputable bodies and that demonstrate the security levels recommended for the reception, processing, and storage of this type of data. However, iCognitus has no way of technically validate that all security recommendations are always adopted and cannot be held responsible for any security incidents or data breaches attributable to third parties.
The Institutional Information that the website displays at any given moment is that supplied by the external entity to whom it was previously transmitted.
With regard to the security of the Institutional Information transmitted to external entities to iCognitus for the intended purposes, this undertakes to seek partnerships only with entities that meet all legal requirements and good practices concerning their security and are certified by reputable bodies within their area of operation.
Currently, the Institutional Information is shared partly or wholly with the following entities (Partners):
• Azure, the hosting service on which the Website is hosted, meets the strictest security requirements in terms of the collection, processing, storage, and transmission of Personal Data, which are explained in https://docs.microsoft.com/en-us/compliance/regulatory/gdpr.
• Google Analytics, with which Technical Information is shared and which provides examples of how it can be used in https://www.google.com/intl/pt-PT_ALL/analytics/index.html
• PayPal (Europe) S.à r.l. et Cie, S.C.A., the payment provider with which iCognitus liaises, an accredited payment institution based in Luxembourg, to which the Payment Data are transmitted and which provides institutional information at https://www.paypal.com/pt/webapps/mpp/about
1.3. Personal Data
1.3.1. Categories of Collected Data
Personal Data / Payment Data / Billing Data
The “Personal Data” collected from all the Users are: full name, date of birth, gender, ID document number, e-mail, telephone contact, address, tax identification number (for billing purposes). If a User is an Organiser, the IBAN of the respective bank account and PayPal Id will also be collected, for the purposes of payment of registrations in Events.
Personal Data is accessible in the User area of the Website, which the User can then access using access data, that can be partially edited.
Information that may be required but is not stored: Depending on the configuration of the Services by the Organizer, you may be required to provide the following information, which is not stored on our System:
- Payment: We do not store Credit Card Information. Certain Organizers may require Users to make proctoring payments themselves. “PayPal” is used as a third-party payment gateway. Credit card information will be needed to complete the payment process with PayPal (only if you are required to make payments directly to us), we do not store credit card information.
- Keystrokes: We do not collect and store Keystroke Data. We may only detect and restrict certain keystrokes to facilitate the test requirements.
The Payment Data collected is for the purpose of transferring a monetary amount defined by the Organiser, which corresponds to the price of registration in Events or the amount payable for the Membership status. Fees may be applied to the defined monetary amount, which will also be paid at the same time as the registration payment.
Technical information
“Technical Information” is collected from the Website Users, namely, but not exclusively, the following: the IP address (Internet Protocol), the Internet browser, the operating system, the date and time of access to the various subpages of the Website. The Website will relate this Technical Information to the other Information Collected.
The Technical Information collected is intended to implement improvements to the Website that allow the development of new features, the integration of features from other entities external to iCognitus, and/or improve the user experience. If necessary for this purpose, the Technical Information may be cross-referenced with Personal Data.
1.3.2. Purposes of Processing Personal Data
Personal Data may be collected in an automated manner through interaction with external platforms (Google© and Microsoft©).
iCognitus does not have any institutional or contractual relationship with these platforms for the purposes of using the Website, collecting only the Personal Data that the User allows, whether directly provided by the User or indirectly through interaction with such platforms. By allowing the collection of Personal Data by the Website from external platforms, some of the features of such platforms may be made available through the Website.
The Personal Data collected is for the following purposes:
• Provision of iCognitus Services;
• Communication through electronic means about the Services and Content of the application;
• Creation of certificates, such as proof of presence and completion of Events;
• Compliance with legal and regulatory obligations applicable to the activity of iCognitus, as well as for compliance with legal regulations on the protection of personal data;
• In the legitimate interest of iCognitus, so that it can provide a better service to its customers, improving the way it develops its activity, the quality of its services, as well as to conduct statistics, surveys, or market research. For these purposes, iCognitus may use information about the products and services it sells, in an anonymous way and without any characteristic that can identify the Data Subject.
• The legitimate interest of iCognitus respects the fundamental rights and freedoms of the Data Subject, including the protection of their personal data, their honour, and their personal and family intimacy.
1.3.3. Categories of recipients of the personal data
In the context of the execution of the Features, some Users’ Personal Data is transmitted to the Organisers as well as to other external entities (“Partners”):
iCognitus undertakes to seek partnerships and to disclose Personal Data, for purposes of providing its services, only to entities that meet all legal requirements and good practices regarding the security of personal data, are certified by reputable bodies within their area of expertise, demonstrate to have the security levels recommended for the reception, processing, and storage of personal data and ensure an adequate level of protection of personal data. However, iCognitus has no way of technically validate that all security recommendations are adopted at all times and cannot be held responsible for any security incidents or data breaches attributable to third parties.
The Payment Data and Technical Information are stored by the Website and transmitted to the below-mentioned partners for the purpose for which they are collected, in an encrypted and secure manner.
Currently, Personal Data is shared partly or wholly with the following Partners:
• Azure, the hosting service on which the Website is hosted, meets the strictest security requirements in terms of the collection, processing, storage, and transmission of Personal Data, which are explained in https://docs.microsoft.com/en-us/compliance/regulatory/gdpr.
• Google Analytics, with which Technical Information is shared and which provides examples of how it can be used in https://www.google.com/intl/pt-PT_ALL/analytics/index.html
• PayPal (Europe) S.à r.l. et Cie, S.C.A., the payment provider with which iCognitus liaises, an accredited payment institution based in Luxembourg, to which the Payment Data are transmitted, and which provides institutional information at https://www.paypal.com/pt/webapps/mpp/about
iCognitus will always cooperate with the competent authorities by providing them with all information to which it is legally obliged, including, if applicable, information from or supplied by its Users, wholly or partly, and cannot be held responsible either for such disclosure or for the use of same by the competent authorities. If technically possible, the transfer of this information shall be carried out in an encrypted form. iCognitus will endeavour to inform Users affected by such measures unless it is legally inhibited from doing so.
The disclosure of statistics on the use of the Website, namely but not exclusively for Marketing purposes or publication of case studies, will always be made by anonymizing the Collected Information.
iCognitus does not commercialise in any way, namely through direct sale or exchange of counterparts, the Personal Data, including Payment Data, that it collects through the Website.
1.3.4. Users’ rights
The Users, as Data Subjects, have the right to prevent, at any time, their personal data from being processed by iCognitus, in any form, for the purposes of commercial communications. This right can be exercised by sending an e-mail, addressed to iCognitus, to the address info@icognitus.com.
The Users may also exercise their rights, as Data Subjects, of access, rectification, erasure, objection, limitation of processing, and portability of their Personal Data, using the following means: (i) addressing a written communication, to the following address: iCognitus – Escola de Medicina da Universidade do Minho – Campus de Gualtar, 4710-057 Braga, or addressing an e-mail communication to the following address info@icognitus.com.
iCognitus appreciates being contacted immediately if a User has a complaint or question concerning the way iCognitus uses and handles their Personal Data. iCognitus will make every effort to resolve the situation as soon as possible.
The User also has the right to file a complaint at any time regarding the processing of Personal Data to the CNPD through its website www.cnpd.pt.
1.3.5. Storage Period of Personal Data
iCognitus will store Personal Data only for the time necessary to provide its services.
After the full execution of its services, iCognitus will only store personal data that is reasonably necessary for the purposes indicated above and for as long as they are necessary.
iCognitus may store personal data for longer periods, in particular, when obliged to do so according to legal, regulatory, fiscal, or accounting obligations, as well as in the context of a complaint or claim processes or litigation relating to personal data.
2. Privacy and Personal Data Protection Officer
The main point of contact at iCognitus for handling any questions relating to the protection of personal data is the Privacy and Personal Data Protection Officer, who can be contacted at the e-mail address info@iCognitus.com.
3. Security Measures
Personal Data is stored on high-security servers at hosting providers that meet the strictest international requirements. The databases in which they are stored are encrypted and are virtually inaccessible except through the Website interface. The hosting services with which iCognitus liaises must ensure that they meet the most stringent requirements in terms of security, not only as concerns access via the Internet but also from the point of view of physical access, as regards the servers and the very premises where they are installed.
4. Privacy Policy Changes
This Privacy Policy is current as of the Effective Date set forth below. We may change this Privacy Policy from time to time, and new versions will be posted on this Site, so please check back periodically for updates.
5. Conflict resolution
If there is a complaint, suggestion, or request for clarification on the privacy policy of the Website, please write to us at iCognitus, Escola de Medicina da Universidade do Minho – Campus de Gualtar, 4710-057 Braga, Portugal, or via the email address info@icognitus.com. We will reply as quickly as possible, offering a solution that will address the issue presented.
The User has the right to appeal to the competent Portuguese judicial courts to settle any questions concerning the processing of their personal data by iCognitus.
6. Cookies and Other Tracking Technologies:
We use various technologies to collect information, including cookies. A cookie is a small file placed on your device. Across the web, cookies do lots of different jobs, like letting you navigate between pages efficiently, storing your preferences, and generally improving your experience on a website. Cookies make the interaction between you and the website faster and easier. If a website does not use cookies, it will think you are a new visitor every time you move to a new page on the site – for example, when you enter your login details and move to another page it will not recognize you, and it will not be able to keep you logged in.
Our Services use cookies and similar technologies, such as web beacons, to identify your device and enable the functioning of our features, including the ability to log into your account, authentication, security, preferences retention, performance optimization, and data analytics.
If you do not want to receive cookies, you can change your browser settings. If you use our Services without changing your browser settings, we will assume that you’ve agreed to receive all cookies on the Company websites. Please note that our Services will not function properly without cookies.
Our Services may use two types of cookies, session and persistent. A session cookie expires after a set time, normally when you close your web browser. A persistent cookie remains after you close your web browser and may be used on subsequent visits to our Services to enable us to recognize you as an existing user.
7. Current Version
This Privacy Policy entered into force on 11 May 2016 and was revised on 28 March 2022.