The purpose of this personal data protection policy is to inform the user on how SIBS processes personal data while using ATM Express Website (hereinafter “Website”) and to comply with the provisions of the legislation on personal data protection, particularly, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, “GDPR”), regarding the information to be provided to the user, the data subject.
When using the Website, SIBS processes personal data as a Data Controller for its own purposes (as listed below).
1. Identity and contact details of the Controller and Data Protection Officer.
- Name: SIBS Forward Payment Solutions, S.A (“SIBS”)
- Head office: Alfrapark, Edifício E, Estrada de Alfragide, n.º 67, 2610-008 Amadora, Portugal
- Share Capital: EUR 17.500.000,00
- Legal Person Number: 505.107.546
- Data Protection Officer: DataProtectionOfficer@sibs.com
2. Purposes and legal basis of processing, personal data categories and retention periods.
When using the Website, SIBS collects personal data from the user (some of which are essential and mandatory and some of which are optional, otherwise some features will not work):
| Purpose | Legal basis | Personal Data | Retention period |
|---|---|---|---|
| Response to contact requests | Performance of a contract (pre-contractual measures at data subject’s request) (see Article 6(1)(b) GDPR) | Address | Email address | Name | Telephone number | Retention for the period necessary to prove compliance with legal obligations. |
| Security and resilience of the Website | Legitimate interest in ensuring security and preventing fraud (Article 6(1)(f) GDPR) | Activity or traffic data| Device ID | IP address | Geolocation | Make and model of the user’s device | address | 5 years (Article 118(1)(c) of the Portuguese Criminal Code). |
The user can withdraw consent at any time (without affecting the lawfulness of the processing conducted on the basis of the consent previously given).
SIBS only stores personal data in order to allow the identification of data subjects for the period necessary or required for the fulfilment of the purposes indicated.
3. Data recipients.
In order to comply with legal obligations SIBS may have to share personal data with third parties, e.g. judicial or administrative authorities, as well as supervisory or regulatory bodies.
4. Service providers.
SIBS may use other SIBS Group companies, or third parties to provide certain services involving the processing of personal data on the Website, exclusively according to prior documented instructions given by SIBS.
5. International data transfers.
Personal data is processed within the territory of the European Union/European Economic Area (EU/EEA). SIBS may transfer personal data outside the EU/EEA in a secure and legal manner, ensuring that data is only transferred under the mechanisms provided for in Chapter V of the GDPR.
6. Data processing security.
SIBS has implemented the appropriate technical and organisational security measures to ensure the security of the personal data provided to it, in order to prevent its alteration, loss, processing and/or unauthorized access to it, taking into account the current state of the technology, the nature of the data processed and the risks to which they are exposed, and the user being aware that security measures are not impregnable.
7. Exercise of data subject rights.
Under the applicable terms of the legislation on the protection of personal data, the user may exercise, free of charge and at any time, the rights of: access; rectification; erasure (“right to be forgotten”); restriction; portability; object; by a written request addressed to the SIBS Data Protection Officer to the address indicated above, or to the following e-mail address: DataProtectionOfficer@sibs.com.
8. National supervisory authority.
The user has the right to lodge a complaint regarding personal data protection to Comissão Nacional de Proteção de Dados (CNPD).
9. Third-party websites and social networks.
The Website may contain advertising, hyperlinks or other content that redirects the user to partner or third-party websites and/or social networks.
SIBS does not control the content of these websites and/or social networks and is therefore not responsible for it, or for the practices of said websites or social networks. SIBS therefore recommends users to consult the personal data protection policy of these websites, or social networks, and their terms and conditions of use.
10. Updating the Personal Data Protection Policy.
This personal data protection policy is reviewed and updated periodically and whenever necessary.
Updated on: 20 | 08 | 2025