Privacy Policy LOQR|sign
Introduction
The LOQR|sign Platform (hereinafter “Platform”) is provided by LOQR, S.A. (hereinafter “LOQR”), with the goal of making available, for its clients, a software where it is possible to electronically sign documents with legal validity, in countries where the technical specificities allow it, from multiple parties in a fast and effective way.
LOQR compromises to safeguard the privacy, data protection and information security of all the personal data that is processed, both when it comes to the clients on the platform, as well as the rest of its users, as data subjects, to the extent that they are affected, in any way, in this transmission.
Identification of the Data Controller
The controller for the processing of personal data is LOQR, S.A., with NIPC 513653457 and headquartered in Rua Dona Maria II 15, 4610-164 Felgueiras. As such, LOQR will look to implement the necessary technical and organizational measures to ensure the confidentiality, integrity, availability and resiliency of the personal data.
Without prejudice to the foregoing, applicable legislation will prevail over this Policy, to the extent that it exceeds its standards, or imposes more stringent requirements and, ultimately, provides a greater degree of protection.
Processing of Personal Data
The Portuguese National Law on the Protection of Personal Data (Law no. 58/2019, of 8 August, hereinafter referred to as “LERGPD”) and the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016, hereinafter referred to as “GDPR” or “Regulation”) ensure the protection of natural persons with regard to the processing of Personal Data and the free movement of such data.
This document describes how LOQR defines itself internally and complies with applicable legislation on the protection of personal data, but may, however, be complemented by other data protection procedures, which are defined and disseminated by LOQR, through the various channels available.
This Policy is intended to serve as guidance, whenever there are doubts regarding the processing of personal data in the different realities with which data subjects may be correlated, with the use of the LOQR|sign Platform.
LOQR will process the following personal data for the purposes described in this Policy:
– Full Name;
– Phone Number;
– Email;
– ID Photograph;
– ID Number;
– Type of ID;
– Personal data in the document submitted to the Platform;
– Videoselfie;
– Other data within the documents submitted to the Platform for signature.
In this sense, this Policy is therefore intended for everyone who wishes to understand how LOQR processes and protects the personal data of its data subjects, namely:
– Users registered on the Platform;
– Clients;
– Third parties whose data is in the submitted documentation to be signed and/or those who are invited to sign.
During the processing process, only the data absolutely necessary to fulfill the purpose of the informed collection, or related purposes, will be requested and under the assumption of the legality basis provided to the data subject.
Purposes for the Processing of Personal Data
Personal data may only be processed for the specific purposes – or others, as long as related with these – that are communicated to the data subject in the moment that the data was originally collected. Those are:
– In order to provide our services, namely to be able to go through the process of signing documents electronically and the issuance of the qualified certificate to the Certification Authority;
– For billing purposes;
– For detection and prevention of fraud;
– Managing our relationship with our clients, by understanding how our platforms are used by visitors and optimizing the service we provide;
– Managing complaints and suggestions that may arise from potential failures in the provision of the service.
Legal Basis for the Processing of Personal Data
The legal basis for the processing of this personal data is:
– The necessity to comply with all legal obligations related to LOQR’s business practices;
– The fulfillment of the established contractual relationship;
– The consent given by the data subjects, for various purposes, freely, expressly and embodied in a clear and unambiguous positive act.
The latter, when requested, should be so under the compromise that the ease with which it is given is similar to that with which it can be withdrawn, if requested by the data subject. This Policy later informs as to how this can be done.
In any case in which the data subject must provide personal data from third parties, they ensure they are legally allowed to do so, that they have informed the third party about the processing of their data and undertake to provide them with this Privacy Policy. In this case, the data subject shall be the only person responsible for the fulfillment of these obligations and duty to inform.
Recipients of Personal Data
LOQR may resort to other companies as service providers, namely, cloud storage, email management, systems management and IT security, development and maintenance of its website, network security, hygiene and safety, among others.
Likewise, LOQR may share data with public entities that have legal legitimacy to process the data in question, as well as LOQR‘s internal and external auditors.
In any of the aforementioned cases, LOQR declares that it will carry out an assessment of the processors’ GDPR compliance and will have in place the respective Data Protection Agreements with each of the service providers with access to personal data, therefore guaranteeing that personal data will be processed in compliance with the current legislation on personal data protection.
LOQR may, as well, have to transfer personal data to entities that have the legal legitimacy to process the data in question, when legally applicable.
In the case of the Certification Authority of the Qualified Certificate necessary to comply with the legal formalities associated with the attribution of legal value to the signature, LOQR acts as Registration Authority, that is, in the name and under the authority of the UANATACA Certification Authority – Trust Service Provider.
Minors
If the data subject is a minor, the parental guardians must be asked to read and competently sign/manage the consent for any activity processing their personal data, which involves the use of the LOQR Platform.
International Data Transfers
Personal data may only be transferred to another entity outside the European Economic Area (EEA) if such transfer complies with the data protection principles and the other rules set out in this Policy and applicable laws and deliberations on matters of data protection.
As such, such a transfer may only occur if it is in accordance with the purpose for which the data was collected and if the transfer is necessary for that purpose.
When implementing this Policy, LOQR will respect legal requirements that impose specific conditions on international transfers of personal data.
Therefore, personal data can only be transferred from an EEA country to countries outside it (“third party countries”) when the European Commission considers that they guarantee an adequate level of protection.
If the third party country does not offer this level of protection, personal data may, as a general rule, only be transferred to that country if the data exporter and importer implement any of the appropriate safeguards set out in article 46, paragraphs 2 and 3 of the GDPR.
Still, the likelihood of LOQR performing these transfers will be residual and, if it exists, it will do so by applying additional compliance validation requirements.
Exercise of Rights
Data subjects have the prerogative to exercise the following rights:
– Right of Information: to be informed, prior to the processing of personal data, about aspects related to its processing and, also, to request additional information about the use of your personal data at all times;
– Right of Access: obtain confirmation that the personal data concerning you are or are not subject to processing and to access to the personal data that you provided to LOQR and that it holds;
– Right to Data Portability: request the transmission of the personal data you provided to LOQR, if technically applicable;
– Right to Rectification: request the correction or update of your personal data;
– Right to Erasure: request the erasure of your personal data, when the law or contract allows;
– Right of Limitation: request the restriction of how LOQR uses your personal data, correcting or clarifying any doubts about its content or processing thereof;
– Right to Object: Object to the continued processing of this data;
– Right not to be subject to automated individual decisions;
– Right to lodge a complaint with the competent control authority: In Portugal, with the Comissão Nacional de Proteção de Dados.
Data subjects also have the right to withdraw or change, at any time, the consent they gave to LOQR for the use of their personal data, when this has been the legal basis for their processing.
To this end, you can exercise your rights directly and free of charge, to:
– The email address dpo@loqr.com, or by registered letter with acknowledgment of receipt to R. Dona Maria II 15, 4610-164 Felgueiras indicating in the subject “EXERCISE OF RIGHTS”, addressed to the Data Protection Officer.
– Your request must include date, first and last name, mobile contact/email address, if applicable and necessary for identity validation and an explanation of the specific request.
Security
Personal data is processed with the level of protection legally required to guarantee its security and prevent its alteration, loss, unauthorized processing or access, taking into account the state of technology.
Access to the personal data of data subjects will always be carried out under the commitment of:
– Adoption of legally required security measures, of a technical and organizational nature, that guarantee its security, including the training of personnel allocated to the management of personal data assigned to each processing;
– Process them exclusively for previously defined purposes, or purposes related to them.
Conservation of Personal Data
Personal data will only be retained by LOQR for 15 years counting from the revocation of the qualified certificate issued, as it is necessary or mandatory to fulfill the purposes described above, in accordance with applicable legal provisions, regulations and even prescription of civil and criminal liability.
Furthermore, the conservation criteria appropriate to each processing as legally provided for will be applied.
After the respective data retention period has elapsed, it will be deleted or made anonymous, when it should not be kept for a separate purpose that may prevail.
Other Considerations
LOQR is not responsible for any acts or omissions of third parties, particularly regarding links to third-party websites/applications and their contents.
LOQR, as it cannot fully control the circumstances associated with the use of digital platforms, in particular, absolutely guarantee that they, once made available online, are not capable of being reused and disseminated by third parties, warns the data subject that the reuse of these images and/or any statements made for any purpose, without the possibility of control, may occur, as they are made on an open network, even if the possible mitigation measures are ensured by LOQR and the aim is to instill accountability in the participants in the sense of legal compliance that concerns them.
In case of possible legislative changes, LOQR reserves the right to change this Policy at any time, therefore, you must consult it whenever you use this Platform.
Supervisory Authorities
The data subject has the right to submit a complaint, if he/she considers that there is a basis for doing so, in terms of personal data protection, to the competent supervisory authority.
Changes to this Policy
LOQR will update this document from time to time.
The updates will be made as appropriate, seeking to comply with legislative changes and the development of the state of the art and technology, in order to keep the data subject informed, therefore, you should consult it regularly if you want to know more information about how your personal data will be processed.
Cookies Policy
Our website uses cookies or similar technologies to ensure the best user experience, making a point of only configuring cookies that are strictly necessary and for which it is not necessary to seek your consent.
However, if others are configured other than those mentioned above, the data subjects’ prior consent will always be requested to do so. Whether for the installation of your own cookies or third-party cookies, whether session or persistent cookies.
Última atualização: 10 de setembro de 2024.