DATA PROTECTION AND PRIVACY POLICY – GFOUNDRY

Version 1.1 – JULY 2022

ENTITY RESPONSIBLE FOR PROCESSING

GFoundry Lda, with headquarters in Valença, at Avenida Tito Flores, nº 71, with a capital stock of €55000.00, registered at the Odivelas Registrar of Companies under the single registration and taxpayer identification number 510809510, hereinafter referred to as GFOUNDRY, is the entity responsible for the software products and accounts provided, hereinafter referred to as channels or applications, through which Users or Customers have remote access to a set of services and features, marketed or provided at any time through them. 

The use of the channels or applications by any User or Customer may imply the performance of personal data processing operations, whose protection, privacy and security by GFOUNDRY, as entity responsible for the respective processing, is ensured, in accordance with the terms of this Privacy and Data Protection Policy.

This privacy policy describes how we (GFOUNDRY) record and use the personal data we collect from you or that your employer provides for use through your use of our website and our mobile applications.

APPLICABILITY

This Privacy Policy applies to the online platform under the name of GFoundry (the “Service”), gfoundry.com (the “Website”) and other interactions (e.g. customer service requests, etc.) you may have with GFOUNDRY products. If you do not agree to the terms, please do not access or use the Service, Website or any other aspect of GFOUNDRY’ business.

In addition, a separate agreement governs the delivery, access and use of the Service (the “Service Agreement”), including the processing of any personal data, messages or other content submitted through Service accounts (collectively, “Customer Data”). The organization that entered into the Service Agreement (“Customer”) controls your instance of the Service (your “Customer Account”) and any associated Customer Data.

At GFOUNDRY we seek the correct application of the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

COLLECTION AND PROCESSING OF PERSONAL DATA

GFOUNDRY processes personal data strictly necessary for the provision of information and the operation of its channels, according to the uses made by Users or Customers, whether of those that are provided by Users for the purposes of registering on the channels, or of those that are provided by Customers for the purposes of joining those channels, or of those that result from the

use of the services provided by GFOUNDRY through them, such as accesses, consultations, instructions, transactions and other records related to their use. In particular, the use or activation of certain functionalities of the channels may involve the processing of various direct or indirect personal identifiers, such as name, home address, e-mail, device addresses or geographical location, behavioral data, provided there is the express consent of the User or the Customer.

In all cases, Users or Customers will always be informed of the need to access such data in order to use the functionalities of the channels in question. The personal data collected by GFOUNDRY are processed by computer, in certain cases in an automated way, including file, contractual or post-contractual processing with the Users or Customers, under the terms of the national and community regulations in force.

LEGALITY, LOYALTY AND TRANSPARENCY

GFOUNDRY guarantees that personal data is treated in a lawful way, as it ensures that this treatment is carried out only in the following situations:

– After formalized consent by the data subject to the processing of the data,

– In the context of the execution of a contract in which the holder is an integral part, – In compliance with legal obligations, to which GFOUNDRY is subject – In the defense of vital interests of the holder of the data or of another natural person – In the exercise of functions of public interest

PURPOSE LIMITATION

Data is collected for specified, explicit and legitimate purposes and may not be further processed in a manner incompatible with those purposes.

The data provided by Users or Customers may be used for the appropriate purposes, namely in the activities carried out in the context of the setup process and licensing of GFOUNDRY software products.

All personal data treated in the scope of GFOUNDRY software products are exclusively destined to provide information to the Users, to manage their personal information considered necessary for setup and use of the various modules of GFOUNDRY software products, as well as to provide the services contracted by the Customers and, in general, to manage the pre-contractual, contractual or post-contractual relationship with the Users or Customers.

Data provided by Users or Customers in connection with the licensing and use of GFoundry software products is stored in the cloud, and is used exclusively by the Customer for the duration of the contract with GFoundry.

The data provided by Users or Customers may be used to contact you regarding certain details associated with the registration of technical assistance requests, purchase of products or services, satisfaction surveys, response to complaints, partnership management, etc.

Personal data is collected and processed in these contexts, as strictly necessary, and relevant to these purposes.

DATA MINIMIZATION

The data collected and processed by GFOUNDRY will be only that which is adequate, relevant and limited to what is necessary for the intended purposes.

ACCURACY

The data shall be accurate, and updated where necessary, and all appropriate measures shall be taken so that inaccurate data, taking into account the purposes for which they are processed, are erased or rectified without delay.

LIMITATION OF STORAGE

The data shall not be recorded or stored on other media or devices, nor shall any data be stored other than for the purposes intended. The data shall be stored in such a way that the data subjects can be identified only for as long as is necessary for the purposes for which they are processed.

The process will not last longer than is necessary to complete the purpose for which the data was collected.

Personal data will only be kept for longer periods for archiving purposes in the public interest, or for scientific or historical research purposes or statistical purposes (according to article 89, paragraph 1, of the Regulation)

INTEGRITY AND CONFIDENTIALITY

Technical and organizational measures will be taken so that personal data will be kept secure, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.

LIABILITY

GFOUNDRY, as the controller, is responsible for compliance with the principles of the regulation described above.

INTERNATIONAL DATA TRANSFERS

Any transfer of personal data to a third country or an international organization shall only take place in the framework of the fulfillment of legal obligations or to guarantee that the compliance with the community and national legal norms applicable in this matter is guaranteed.

SECURITY MEASURES

Taking into account the most advanced techniques, the costs of implementation and the nature, scope, context and purposes of processing, as well as the risks, varying in probability and severity, to Users or Customers, GFOUNDRY and all its subcontractors apply appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

For this purpose, several security measures are adopted in order to protect personal data against diffusion, loss, misuse, alteration, unauthorized treatment or access, as well as against any other form of unlawful treatment.

It is the exclusive responsibility of Users and Customers to keep access codes secret, not sharing them with third parties, and, in the particular case of computer applications used to access GFOUNDRY’s software products, to maintain and keep the access devices in safe conditions and follow the security practices advised by the manufacturers and/or operators, namely regarding the installation and updating of the necessary security applications, namely, among others, antivirus applications. All mobile applications that GFOUNDRY makes available should be – whenever possible – updated with the last available version.

DATA SUBJECTS – EXERCISE OF PERSONAL DATA SUBJECTS’ RIGHTS

According to the provisions of the European Data Protection Regulation (EU 2016/679), data subjects’ rights are:

  1. Right to restrict processing: The data provided may be included in automated files, which will be used for the purposes expressly indicated at the time of their collection, and will always be treated confidentially in accordance with the legislation in force.
  2. Right of access: The holder of the data is guaranteed access to the information that directly concerns him/her, and may request its correction, addition or elimination, through direct or written contact with the organization.
  3. Right of rectification: The data subject shall have the right to obtain, without undue delay, from the controller the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of an additional declaration.
  4. Right to “erasure”: The data subject shall have the right to obtain from the controller the erasure of personal data without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the grounds listed in Art. 17 of the Regulation applies.
  5. Right to portability: The data subject shall have the right to receive the personal data concerning him which he has provided to a controller, in a structured, commonly used and machine-readable format, and the right to transmit such data to another controller, without the controller to whom the personal data have been provided being able to prevent this.
  6. Right to object: The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her on the basis of Article 6(1)(e) or (f) or Article 6(4), including profiling on the basis of those provisions. The controller shall stop the processing of personal data unless

It demonstrates compelling legitimate grounds for such processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

Any request for the exercise of data protection and privacy rights must be addressed in writing by the respective data subject to the Data Protection Officer in accordance with the procedure and contact details described below.

COOKIES

GFOUNDRY’s software products use a technology called “cookies” to store information about sessions. We use persistent cookies to ensure system security and to continually improve our Service. A cookie is a small amount of data, which includes an anonymous unique identifier that is sent to your browser from our website computers and stored on your computer’s hard drive. GFOUNDRY will set and access cookies on your computer. Persistent cookies will be automatically deleted from your computer after a predetermined period which may differ based on the type of cookie. Cookies are necessary for the Service to function fully and reliably are stored based on our legitimate interests in the operation of our Service, Website and business in accordance with Art. 6 (1) (f) GDPR.

Right to object: You can decide yourself via your browser settings whether to allow cookies or to object to the use of cookies. Please note that disabling cookies may result in restricted or completely disabled functionality of the website.

GOOGLE ANALYTICS

GFOUNDRY’s software products use Google Analytics to collect information about visitors to its marketing website. Google Analytics, a web analytics service of Google Inc., (“Google”, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Analytics stores cookies on your computer that enable it to analyze the browsing patterns of visitors to a website. The information generated by the cookie about your use of this website (including your anonymous IP address) will be sent to a Google server in the United States and stored there. Google is Privacy Shield certified, thus ensuring European data protection law.

Google will use this information to evaluate your use of the website, to compile reports on website activity for website operators and to report on other website activities and internet-related services. If required by law, Google will transmit this information to third parties. Google will also transmit data to third parties for processing, as long as this processing is done on behalf of Google. Under no circumstances will Google link your IP address to any other data held by Google. If you wish, you can adjust your browser settings in order to refuse cookies. Keep in mind, however, that if you refuse all cookies, you will not necessarily have access to all functions of this website. By using this website, you consent to the processing of your data by Google as described above for the above purposes.

CONTACTS OF THE DATA CONTROLLER

Reporting of irregularities should be communicated, not anonymously, to the e-mail address info@gfoundry.com, describing the subject of the request and indicating an e-mail address, a telephone contact address or a mailing address for reply.

The protection of whistleblowers is guaranteed, for example: “In compliance with the law and the values and principles, GFOUNDRY does not retaliate in any way against an agent who has reported knowledge or reasonable suspicion of conduct inconsistent with the code and guarantees the necessary protection to the addressee of fulfilling his duty to report.

For any other purpose, the following general GFOUNDRY contact details may be used:

Address:

Rua do Instituto Industrial 16, 1200-225 Lisboa – Portugal

CHANGE OF THIS PRIVACY POLICY

In order to guarantee the respective updating, development and continuous improvement, GFOUNDRY may, at any moment, proceed to the alterations, that are considered adequate or necessary, to this Policy of Data Protection and Privacy, being assured its publication in the different channels to guarantee the respective transparency and information to the Users and Customers.