Privacy Policy

1. Privacy statement

1.1. Application

This Privacy Policy applies to the Website and establishes UpHill's policy regarding the collecting and processing of information that can identify or associate with an institution (“Institutional Information”) or personal data of natural persons (“Personal data"). UpHill is aware of its responsibility to carefully collect and process Institutional Information and, in particular, the Personal Data entrusted to it and to keep it safe, ensuring total privacy, confidentiality and integrity, all in scrupulous compliance with the law. The rights that assist Personal Data Holders are also explained herein, under (i) (EU) Regulation 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of individuals with regard to the processing of personal data and the free movement of such data (GDPR), (ii) any Portuguese legislation that directly regulates, executes and applies the GDPR and other regulations and / or directives relating to data protection and privacy, and (iii) any judicial or administrative interpretation, recommendation, regulation, code of conduct, code of ethics, standard contractual clauses or certification mechanism approved and published by a Control Authority, as applicable, is in force and in accordance with any subsequent changes and / or replacements.

1.2. Institutional Information

The Institutional Information collected in relation to institutions is intended to create a centralised management area for the Events of a given institution, which is represented on the Website by an Organiser. This information is as follows: Name of the Responsible Person, Proof of Address of the Responsible Person, Identification Number of the Responsible Person, International Bank Identification Number, BIC / SWIFT, Name of the Bank Account Holder, Document proving the constitution of the institution or company. The Institutional Information collected aims to validate the existence of an institution or company in order to allow integration with other features, in addition to those of the Website, which depend on entities external to UpHill. Institutional Information is stored on the Website and is transmitted to entities external to UpHill for the purposes for which it is collected, in an encrypted and secure manner. UpHill only passes on Institutional Information to entities certified by reputable organisations and which have the recommended security levels for receiving, processing and storing this type of data. However, UpHill has no way of technically validating that all security recommendations are adopted at all times, and cannot be held responsible for any security incidents or data breaches attributable to third parties. The Institutional Information that the website displays at all times is that provided by the external entity to whom it was previously transmitted. With regard to the security of Institutional Information transmitted to entities external to UpHill for the intended purposes, the latter undertakes to seek partnerships only with entities that comply with all legal requirements and good practices with regard to their security, be certified by suitable organisms within their area of expertise. Institutional Information is currently shared, in part or in whole, with the following entities (“Partners”): • Amazon Web Services, the hosting service on which the Website is hosted, which meets the strictest security requirements, with regard to the collection, treatment, processing, storage and transmission of Personal Data, which is explained at https: // aws. amazon.com/com/compliance/. • Bugle, video development software to support customers or employees, whose terms of service are available at https://www.bugleon.com/terms-of-service. This service can be used by certain Organisers at certain Events. • Google Analytics, with which Technical Information is shared and which provides examples of how it can be used at https://www.google.com/intl/pt-PT_ALL/analytics/index.html. • Lemon Way, a payment provider with which UpHill works, an accredited payment institution based in France, to whom the Payment Data is transmitted and which provides institutional information at https://www.lemonway.fr/ a-propos / lemonway. • Livestrom, a video streaming and conference service for Events or Courses, with which information is shared that allows the User to watch videos and participate in conferences provided by the Organiser and whose terms of service are available at https: // livestorm. co / terms /. This service can be used by certain Organisers at certain Events. • Moloni, billing software certified by the Tax Authority that allows Organisers to bill Users, whose terms of service are available at https://www.moloni.pt/sobre/?action=getTermsService. This service can be used by certain Organisers at certain Events.

1.3. Personal data

1.3.1. Data Categories Collected

Personal Data / Payment Data / Billing Data “Personal Data” collected from all User is: full name, date of birth, gender, identification document number, e-mail, telephone contact, address, tax identification number (for billing), social network username. When a User is an Organiser, the IBAN will also be collected from the respective bank account and proof of address, for the purposes of making payments to register for Events or Courses. Personal Data is accessible in the User's area of the Website, which the User can access through access data, and can be partially edited. Payment Data is also collected since registration for Events or Courses is not free, it is necessary to pay a registration fee according to the amount defined by the Organiser. Depending on the payment method chosen by the Participant, the “Payment Data” collected may be: credit or debit card number, credit or debit card expiration date, credit or debit card verification code, name of the credit or debit card holder, billing address, tax identification number and mobile phone number associated with the MB Way account. Technical information The collection of “Technical Information” from Website Users is, namely, but not exclusively, the following: IP address (Internet Protocol), the Internet browser, operating system, the date and time of accesses to the various sub-pages of the Website. The Website will link this Technical Information with the rest of the Collected Information. The collected Technical Information is intended to implement improvements to the Website that allow the development of new features, the integration of features from other entities outside UpHill and / or improve the user experience. If necessary, for this purpose, Technical Information may be crossed with Personal Data. The collected Technical Information may also be used for marketing, dissemination and / or advertising actions by UpHill and the Website, and Users can be contacted in this context, by UpHill or indirectly by the Organisers.

1.3.2. Purposes of the Processing of Personal Data

Personal Data may be collected in an automated way through interaction with external platforms (Facebook ©, Google © and Linkedin ©). UpHill does not institutionally relate or contract services with these platforms for the purposes of using the Website and collects only Personal Data that the User allows, either directly provided by the User or indirectly through interaction with such platforms. By allowing the collection of Personal Data by the Website from external platforms, some of the functionalities of those platforms may be made available through the Website. Personal Data collected is intended for the following purposes: • Provision of UpHill services; • Compliance with the legal and regulatory obligations applicable to UpHill's activity, as well as with legal regulations on the protection of personal data; • Exclusively in situations where the Data Subject gives their express consent, so that UpHill informs them about the services being provided, including by electronic and / or telematic means, as well as for the conduct of marketing studies, with the purpose of adapting any offers and promotions to the profile of the Data Subject; • In the legitimate interest of UpHill, so that it can provide a better service to its customers, improving the way it develops its activity, the quality of its services, as well as to carry out statistics, surveys or market studies. For those purposes, UpHill may use information about the products and services it sells, anonymously and without any characteristics that can identify the Data Subject. • UpHill's legitimate interest respects the Data Subject's fundamental rights and freedoms, including the protection of their personal data, their honour and their personal and family intimacy. The Payment Data collected is used for transferring a monetary amount defined by the Organiser, which corresponds to the price of registration in Events or the amount to be paid for Member status. Fees may be applied to the defined monetary amount, which will also be paid at the same time as the registration payment.

1.3.3. Categories of recipients of Personal Data

As part of the execution of the UpHill Events or UpHill Simulate Functionalities, some Participants’ and Members’ Personal Data is transmitted to the Organisers as well as to other external entities ("Partners"): UpHill undertakes to seek partnerships and disclose Personal Data, for the purpose of providing its services, only to entities that comply with all legal requirements and good practices with regard to their security; are certified by reputable bodies within their area of expertise, demonstrate the recommended security levels for the receipt, processing and storage of Personal Data, and ensure an adequate level of protection of Personal Data. However, UpHill has no way of technically validating that all security recommendations are adopted at all times, and cannot be held responsible for any security incidents or data breaches attributable to third parties. Payment Data and Technical Information is stored on the Website, and are also transmitted to the partners listed below for the purpose for which it is collected, in an encrypted and secure manner. Personal Data is currently shared, in part or in whole, with the following Partners: • Amazon Web Services, the hosting service on which the Website is hosted, which meets the strictest security requirements, with regard to the collection, treatment, processing, storage and transmission of Personal Data, which is explained at https: // aws. amazon.com/com/compliance/. • Bugle, video development software to support customers or employees, whose terms of service are available at https://www.bugleon.com/terms-of-service. This service can be used by certain Organisers at certain Events. • Google Analytics, with which Technical Information is shared and which provides examples of how it can be used at https://www.google.com/intl/pt-PT_ALL/analytics/index.html. • Lemon Way, a payment provider with which UpHill works, an accredited payment institution based in France, to whom the Payment Data is transmitted and which provides institutional information at https://www.lemonway.fr/ a-propos / lemonway. • Livestrom, a video streaming and conference service for Events or Courses, with which information is shared that allows the User to watch videos and participate in conferences provided by the Organiser and whose terms of service are available at https: // livestorm. co / terms /. This service can be used by certain Organisers at certain Events. • Moloni, billing software certified by the Tax Authority that allows Organisers to bill Users, whose terms of service are available at https://www.moloni.pt/sobre/?action=getTermsService. This service can be used by certain Organisers at certain Events. UpHill always collaborates with the competent authorities providing them with all information to which it is legally obliged, including, if applicable, information from its Users or provided by them, in whole or in part, and cannot be held responsible for either such disclosure or for the use by competent authorities. If technically possible, the transfer of this information will be carried out in encrypted form. UpHill will endeavour to inform Users affected by such measures, unless it is legally prohibited from doing so. The dissemination of website usage statistics, namely, but not exclusively for Marketing Purposes or publication of case studies, will always be done through the anonymisation of the Collected Information. UpHill does not sell in any way, namely through direct sale or exchange of counterparts, Personal Data, including Payment Data, which it collects through the Website.

1.3.4. Users' Rights

Users, as Data Subjects, have the right to prevent, at any time, their personal data from being processed by Uphill, in any form, for the purposes of commercial communications. This right can be exercised by sending an email, addressed to Uphill, to support@uphill.pt. Users may also exercise their rights, as Data Subjects, to access, rectify, delete, oppose, limit the treatment and portability of their Personal Data, using the following means: (i) sending a written letter to the following address : UBIMedical - Estrada Municipal 506, 6200-284 CovilhĂŁ, or by sending an e-mail to the following address support@uphill.pt. UpHill appreciates being contacted immediately if a User has a complaint or any question regarding the way UpHill uses and treats their Personal Data. UpHill will make every effort to resolve the situation as soon as possible. The User is also entitled to submit a complaint at any time regarding the processing of their Personal Data, to the National Data Protection Commission through the respective website www.cnpd.pt.

1.3.5. Period of Retention of Personal Data

UpHill will keep Personal Data only for as long as necessary for the provision of its services. After the complete execution of its services, UpHill will only keep the personal data that is reasonably necessary for the purposes indicated above and for as long as it is. UpHill may retain personal data for longer periods, in particular, when it is obliged to do so in accordance with legal, regulatory, tax or accounting obligations, as well as within the scope of complaints or claims or litigation relating to personal data.

2. Privacy and Protection of Personal Data Officer

UpHill's main point of contact for dealing with any issues related to the protection of personal data is the Privacy and Protection of Personal Data Officer, who can be contacted through the email address support@uphill.pt.

3. Security measures

Personal Data is stored on high security servers at hosting providers that meet the most stringent international requirements. The databases in which they are stored are encrypted and they are virtually inaccessible except through the website interface. The hosting services with which UpHill articulates must ensure that they meet the most stringent security requirements, not only with regard to access via the Internet, but also from the point of view of physical access, with regard to servers and the facilities where they are installed.

4. Changes to the Privacy Policy

If this Privacy Policy is changed, Users will be notified by email 30 days before the date on which the new wording will be applied.

5. Conflict resolution

If you have a complaint, suggestion or request for clarification on the website's privacy policy, you should write to us at UpHill, Lda, UBIMedical - Estrada Municipal 506, 6200-284 CovilhĂŁ, Portugal or via the support@uphill.pt email address. We will try to answer you as soon as possible, proposing a solution that meets the enquiry put forward. The User has the right to appeal to the competent Portuguese judicial courts to settle any issues relating to the processing of their personal data by UpHill.

6. Current Version

This Privacy Policy came into effect on May 11, 2016 and was revised on December 1, 2018.