Privacy policy

Update and Approval

This Privacy Policy shall be updated whenever there is a need or requirement to do so. This instruction shall be updated in respect of changes within the privacy field, other regulatory changes, changes in the market where the company operates, and internal changes within the company. Any changes to this Privacy Policy are subject to approval by the Management.

1. Introduction

This Privacy Policy has been adopted by SIGNAL ALPHA REPUBLICA I, S.A. (the "Company" or "we"). We process personal data, through accredited processors, in accordance with the General Data Protection Regulation ("GDPR") and all relevant local laws on data protection. Our aim is to ensure that all personal data processed by us should be kept safe and secured at all times and that the personal integrity is respected. This Privacy Policy sets out how we seek to protect personal data and sets out certain basic principles that we and our employees, if any, must follow when processing personal data.

Consent

Means that the data subject agrees by a statement or positive action to the processing of his or her personal data by a clear affirmative act that is freely given, specific, informed and unambiguous.

Controller

Means the legal entity that decides the purpose and means of a certain kind of processing of personal data.

Data subject

Means the natural living identified or identifiable person about whom we hold Personal data.

Personal data

Means any information relating to a data subject that we can identify (directly or indirectly) from that data alone or in a combination with other identifiers we possess or can reasonably access, e.g. name, address, birth date, employee number, photographs, IP address, information about education, training, role and salary, sickness and leave records, health data, online activities, KYC and AML information.

Personal data breach

Means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed

Processing

Means any operation or set of operations performed on personal data, whether or not by automated means, e.g. collection, recording, organisation, storage, adaptation or alteration, retrieval, gathering, use, disclosure by transmission, dissemination or otherwise making information available, alignment or combination, blocking, erasure or destruction.

Processor

Means a legal entity processes personal data on behalf of the controller, i.e. not for its own purposes.

Special categories of personal data

Means personal data revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, data concerning health or a person’s sex life or sexual orientation, biometric or genetic data, and personal data relating to criminal convictions and offences.

2. Lawfulness of the processing

Each processing activity requires a legal basis. We will only collect, process and share personal data fairly and lawfully and for specified purposes, automated decision-making methods will not be used. We only process personal information based on of the following legal bases:  
  • For the purposes of executing a purchase and sale promise contract or a rent contract and/or pre- contractual measures, namely for formalizing the sale proposal or filling out the unit reservation form. The legal basis for the respective treatment is the performance of a contract. If you choose not to provide us with your personal data, which is necessary for the drafting of the contracts, these cannot be performed;
  • To comply with legal obligations to which we are subject, such as, within the scope of fulfilling the obligations set out in Law no. 83/2017 of 18 August – Anti Money Laundering Law, SIGNAL ALPHA REPUBLICA I, S.A. The legal basis is compliance with a legal obligation. If you do not provide us with the personal data necessary to fulfill these obligations, it may not be possible to carry out the transaction;
  • In order to meet our legitimate interests, regarding internal audits and assessments. We seek to improve risk management, legal compliance and the quality of the service provided, always considering the interests, rights and fundamental freedoms of the data subject. In these specific situations, you may exercise your rights as a data subject and oppose these treatments. The legal basis is the legitimate interests of the controller;
  • For the purposes of managing and developing real estate projects. The legal basis for this processing is the performance of a contract.

3. Joint Controller Agreement

In the context of the management and development of real estate projects, SIGNAL ALPHA REPUBLICA I, S.A., acts as joint controller with SIGNAL ALPHA REPUBLICA II, Lda., with headquarters at Avenida da Liberdade, no 110, 6o, 1250 - 146 Lisbon. To learn more about the essence of the arrangement, you may send an e-mail to info@republica5.pt .

4. Integrity and confidentiality

SIGNAL ALPHA REPUBLICA I, S.A., has innovative appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, alteration, unauthorized access and disclosure and against any form of unlawful processing, including requirements on data protection by design and default. All employees authorized to access personal data are bound by the duty of confidentiality.

5. Data transfers in/or outside of the EU

For the Company to meet all its obligations, it may have to disclose or allow access to your personal data by other entities. The Company will only disclose personal data to the following types of recipients:  
  • Bank(s) with whom has entered into a Loan agreement or a credit facility;
  • The Companies' service providers (e.g. Asset management agreements, Real estate agreements, property management agreements);
  • For the purposes of complying with legal obligations, namely for the purposes of preventing money laundering and combating terrorism, communications to authorities to which personal data must be transmitted (such as, for example, the Instituto dos Mercados Públicos, do Imobiliário e da Construção, I.P. (IMPIC, I.P.) or the Departamento Central de Investigação e Ação Penal (DCIAP). Or to other State Entities like Fiscal Authority;
  • All personal data is processed by a processor on behalf of the Company (the controller), according to a written data processing agreement (DPA) entered into with the processor. We shall ensure that relevant DPAs are entered into with processors that will process personal data on our behalf;
  • Furthermore, personal data may not be transferred from the EU to countries outside of the EU/EEA, unless there is an adequacy decision authorizing it, or adequate safeguards are in place to ensure compliance with the EU's level of protection for personal data, or when an available derrogation is applicable to such transfer. Before transfering any personal data outside of the EU/EEA, we shall ensure that appropriate safeguards are in place, e.g. by ensuring that the standard contractual clauses issued by the EU Commission are entered into with the entity receiving the personal data. SIGNAL ALPHA REPUBLICA I, S.A., would like to assure data subjects that any data transfers outside the European Union (EU) are solely associated with Signal Capital's headquarters and its operations in the UK, these transfers are made under the terms of the European Commission's adequacy decision;
  • With the exception of the situations mentioned above, your personal data will not be transferred to third parties.

6. Personal data processed

The Company, as data controller, will only collect and process the personal data needed to develop its activities and comply with its the legal and contractual obligations. The Company does not process personal data that is not needed for the legitimate purposes associated with each processing activity. When developing its activities, the Company processes, or may process, certain types of personal data, including:  
  • Data relating to identity and address, such as name and contact information such as your home or business address, email address and telephone number, passport number or national identity card details, country of domicile and/or nationality;
  • Data relating to tax, such as tax number, tax residence, family situation if relevant;
  • Data relating to financial situation, such as income, expenditure, assets and liabilities, sources of wealth, as well as bank account details;
  • Data relating to employment and education, such as name of the employee, type of contract and salary;
  • Data relating to politically exposed position and other information's need to assess if there is any type of association or relation with a politically exposed person;
  • Other type of data needed to comply with legal obligations namely Tax and Anti-Money Laundering and Counter-Financing Terrorism.

7. Data subject Rights

With regard to the processing data subjects have certain rights. at any time and in accordance with current law, to access, rectify, erasure, restriction of processing, to data portability or to object the processing of data concerning you. For this purpose you can exercise your rights communicating by email to: info@republica5.pt. However, the exercise of the rights of access and rectification, regarding personal data and processing of Anti-Money Laundering activities, must be performed through Comissão Nacional de Proteção de Dados (CNPD). You also have the right to lodge a complaint with the Comissão Nacional de Proteção de Dados (CNPD), the Portuguese supervisory authority, if you believe that the processing is not correct.

8. Retention periods

We will only retain your personal data for as long as we have a lawful reason to do so:  
  • When we have collected your personal data as required by anti- money laundering legislation, including for identification, screening and reporting, we will retain that personal data for seven years after the termination of our relationship, unless we are required to retain this information by another law or for the purposes of court proceedings;
  • Personal data processed regarding the purchase and sale promise contract or a rent contract and/or pre-contractual measures, sale proposal or filling out the unit reservation form, will be stored for a period of 10 years;
  • Personal data regarding payments and receivables, accounting and other finance and administrative actions, will be stored for a period of 10 years;
  • Personal Data associated with the audits and assessments will be retained for 5 years;
  • Other personal data collected, will be retained for as long as necessary to achieve the purposes for which they were collected, complying with legal requirements whenever applicable, and the necessary period for the execution of the contractual relationship;
  • Personal data shall not be processed for a longer period than necessary for the purposes for which the personal data was collected.

9. Changes to this policy

We will update this privacy and personal data protection policy whenever we deem necessary. We suggest that you consult them regularly to find out about them. If you have any questions about this Privacy Policy or regarding the processing of your personal data or if you wish to exercise any of your rights under applicable data protection regulation, you may contact us throughout the following contact: Email: info@republica5.pt.