Ei-TAG Authentication NFC App - Privacy Policy

1. General conditions

1. The privacy and protection of user (User) personal information is of utmost importance to Network Electronics 2000 C.R.I. Unip. Lda. (NE2K) who is responsible for operating the App and related services as well as collecting and processing any User personal data (Data), as described in this Privacy Policy (Policy).

2. The processing of the Data is governed by the General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.

3. Technical and organisational security measures have been implemented to protect the Data against involuntary or illegal deletion, update, loss, and non-authorised disclosure or access.

4. The interpretation of the Policy is exclusive to NE2K who reserves the right to change it at any time. Significant changes shall be communicated via the App and/or Google Play before entering into force. If the User does not agree with such changes, they shall cease to use the App.

5. NE2K only processes the Data as described herein, except when the Data is necessary for:

6. NE2K does not sell the Data.

7. The User accepts that the only legally-binding version of the Policy is the one written in Portuguese and that any translations to other languages are merely informative.

8. The information included in the Policy may become out of date or incomplete over time. NE2K will use their human and technical resources in order to try to keep the Policy up to date and complete.

2. Third parties

The App does not depend on services provided by third-parties.

3. Data collection

When submitting the Data, the User provides them voluntarily and consents to their processing. The Data are collected through the following means:
Data Means
Location, date/time, IP address NFC tag validation functionality

4. Data processing purposes

The collected Data allow the App to be provided under normal operation and according to its characteristics and functionality:
Data Purposes
Location, date/time, IP address Fraud risk mitigation

5. Data processing lawfulness

The collected Data are processed according to the following lawfulness bases:
Data Lawfulness basis
Location User consent
Date/time, IP address Systems security according to recital 49 of the GDPR

The date/time and the IP address are not subject to individual analysis, unless security incidents occur, in which case they may be reported to the competent authorities. Thus, it is considered that there is no risk of User's privacy intrusion and that therefore NE2K's legitimate interests are not overridden by Users' rights and freedoms referred to in Article 6 (1)(f) of the GDPR.

6. Data retention

The Data are stored for as long as is strictly necessary to fulfil their processing purposes or the exercise of the User's right to object or to erasure, or until withdrawal of consent. The Data is then deleted or anonymised, unless the storage period turns out to be insufficient, or a legal obligation or authorisation exists.

Data Storage period
Location, date/time, IP address 30 days

7. Data access

The Data are accessed by:
Data Access
Location, date/time, IP address NE2K

No Data are transmitted to third parties.

8. User rights

1. Under the terms of the GDPR and other applicable legislation, the User has the right of access and to rectification, erasure and portability of the Data, and to restriction, object and withdrawal of consent to their processing.

2. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

3. The User may exercise their rights via email at info@ei-tag.com.

4. The answer to User's requests to exercise their rights shall be provided free of charge. Where requests are manifestly unfounded, excessive or unjustifiably reiterated, NE2K may either charge a reasonable administrative fee or refuse to act on the request.

5. The answer to User's requests shall be provided within one month of receipt of the request. Such period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

6. The User has the right to lodge a complaint about the processing of the Data with the Portuguese Data Protection Authority (CNPD).

9. Aggregate information

1. The Data may be used for the purposes of aggregate statistical analysis where no connection to individual Users is established.

2. Aggregate information is anonymous, thus devoid of personal identification or private information.

3. Aggregate analysis may allow detecting usage patterns, based on which the App can be improved.

4. Aggregate information may be disclosed to third-parties or publicly.

Last update: 31/07/2023