PRIVACY AND DATA PROTECTION POLICY
NCR Angola is committed to safeguarding the personal data of all individuals with whom it comes into contact in all instances where personal data is processed. In this context, NCR Angola has developed this Policy, which demonstrates its commitment to complying with applicable data protection laws and industry best practices.
To facilitate comprehension of this Policy, the following definitions are taken from Law No. 22/11 of June 17 - Law on the Protection of Personal Data:
1. Individual in Charge of Personal Data Processing
The Company is responsible for processing personal data provided by the respective holder when filling out forms, as well as personal data that have been or will be provided in any other medium, directly or through a third party, or that have been generated by the Company, either in the context of prior contacts or in the conclusion, execution, renewal, or termination of contracts with the Company or with affiliated entities, and their representatives, hereinafter referred to as "Personal Data".
Personal data collected during pre-contractual or procurement procedures will also be processed for the purposes of this policy, except where it corresponds to information required to comply with the Company’s legal obligations.
Personal data will be processed by the Company, the data controller, for the purposes listed in paragraph 4 below, in strict compliance with current data protection legislation.
2. Data Protection Officer
You may contact the Personal Data Protection Officer in writing at the following addresses:
R. Rainha Ginga 147 - Luanda, Angola
3. Personal Data Processing
The data provided in the relationship established with the Company are treated in accordance with the applicable legal precepts, namely:
- treated in a licit, loyal and transparent manner;
- collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date, with appropriate steps being taken to ensure that inaccurate or incomplete data can be erased or rectified, with regard to the purposes for which they were collected or for which they are further processed;
- and kept in a form that permits identification of data subjects for no longer than is strictly necessary and legally permissible for the purposes for which the data were collected or for which they are further processed.
4. The Purpose of Personal Data Processing
Personal data provided by the data subject or generated in the course of providing the service will be processed and stored electronically and will be used by the Company.
The Company collects and processes data that is strictly necessary for the purpose at hand and for legitimate purposes, such as:
- Providing an adequate and targeted response to requests for information/proposals;
- Improve communication with personal data subjects, for relevant purposes and only as frequently as necessary, in accordance with their data’s characterization and preferences;
- Comply with business objectives, namely statistical data used to improve the performance of the various services provided;
- Comply with human resource management assumptions;
- Comply with legal or regulatory requirements, the validity of which is contingent upon the provision of certain services, namely training actions;
- Receipt for services/products.
5. Data Sharing
Personal data will be transmitted outside Angola only with the consent of the data subject, when necessary for the execution of orders or requests transmitted to the Company, when required by law, or when necessary for the Company’s internal convenience/organization.
The Company uses financial service providers from countries outside the European Economic Area only if they adhere to data protection laws. Additionally, the Company may transmit personal data about customers in accordance with legal obligations and/or judicial orders, most notably under legal obligations to collaborate with public institutions and authorities.
6. Telephone Call Recording
The Company may record telephone contacts established between the data subject and the Company in the course of its business, with the data subject’s prior knowledge and consent, for the purpose of managing the pre-contractual and contractual relationship, namely as a means of proving the transmission of information or instructions, as well as for the improvement of the services offered or contracted and, furthermore, for the control of their quality. Call recordings will be retained for the duration specified in this policy, as well as any subsequent amendments.
7. Data Communication
Personal Data may be disclosed to other affiliated companies, the identity and contact information for which may be obtained at any time from the Personal Data Protection Officer, and may be processed by other entities to which the Company has subcontracted the processing Additionally, Personal Data may be processed by duly authorized third parties in the event that the Company provides a service or supplies a product on behalf of and in the representation of the mentioned third party.
Personal data may be transmitted to judicial, administrative, supervisory, or regulatory authorities, as well as to entities, particularly those of an associative nature, that may lawfully frame or carry out data compilation actions, fraud prevention and detection actions, market studies, or statistical or technical-actuarial studies, for the purposes described above and in compliance with a legal obligation.
8. Collecting Data from Additional Sources
The Company may collect additional information about the holder that is relevant to its assessment prior to entering into any contractual relationship from publicly accessible sources, such as public bodies, sector associations, or specialist companies, in order to supplement or confirm the information provided by the holder and for the purpose of managing pre-contractual and contractual relationships.
9. The Data Subject’s Rights
The Company guarantees all data subjects’ rights in relation to the processing of their data at any time, including those set forth in applicable legislation and incorporated in the following:
- Legitimacy of processing and conditions for consent
- The data subject’s access right
- Oppositional right
- The right to update/correct
- Right to erasure of data
- Right to restrict data processing
Personal data subjects may exercise the aforementioned rights by writing to the Company’s Personal Data Protection Officer or in person at any of the Company’s business establishments.
Additionally, data subjects have the right to file complaints with the appropriate authorities regarding their rights and the protection of theirpersonal data.
10. Obligation to Provide Personally Identifiable Information
As part of the business relationship with the Company, the data holder will be required to provide personal data in order to establish and maintain the relationship, as well as to comply with pre-contractual and contractual obligations and steps.. Without this information, the business will generally be unable to enter into a contract or will be unable to maintain the contract and will be forced to terminate it.
11. Automated Operations
Within the context of contract subscription and renewal processes, or when updating data on the Company’s various platforms, the Company may utilize automated decision-making solutions that are necessary for the conclusion and execution of the contract, by utilizing customer-related information obtained during the pre-contractual phase or during the contract’s execution, to ensure that contractual decisions are made in a timely manner. The data subject may also request additional information from the Personal Data Protection Officer regarding the logic underlying the processes in question, particularly in the context of contract subscription and renewal, and in particular regarding the information used to make exclusively automated decisions and the manner in which it is incorporated into the decision-making process. In all instances where the Company makes decisions solely through automated data processing, the Company’s processes will incorporate mechanisms that allow data subjects to (i) express their viewpoint; (ii) contest a decision; and (iii) request and obtain human intervention from the Company during the decision-making review process.
12. Measures of Security
The Company ensures an adequate level of security and protection for data subjects’ personal information. To accomplish this, it employs a variety of technical, organizational, logical and physical security measures to safeguard personal data against loss, disclosure, alteration, unauthorized processing or access, as well as any other form of illicit processing.
13. Data Retention
The Company adheres to the following legal requirements regarding the storage of personal data:
a) For a period of up to ten years following the termination of the contractual relationship;
b) For as long as the contractual relationship’s obligations continue;
c) For the duration that the Company’s rights are enforceable.
The Company retains personal data for the necessary period and as long as the legitimate purposes for which the data is processed continue to exist, in accordance with the Company’s legal, regulatory, and contractual obligations.