1. General Provisions

This Personal Data Processing Policy is drawn up in accordance with the requirements of the Law “On Personal Data” (hereinafter referred to as the Personal Data Law) and defines the procedure for processing personal data and the measures to ensure the security of personal data undertaken by MEDIA ADEX, UNIPESSOAL LDA (hereinafter referred to as the Operator).
1.1. The Operator considers compliance with human and civil rights and freedoms when processing personal data, including the protection of the right to privacy and personal and family confidentiality, to be its most important objective and condition for carrying out its activities.
1.2. This Policy of the Operator regarding the processing of personal data (hereinafter referred to as the Policy) applies to all information that the Operator may obtain about visitors to the website https://empact.digital/.

2. Key Terms Used in the Policy
2.1. Automated processing of personal data — processing of personal data using computer technology
2.2. Blocking of personal data — temporary suspension of the processing of personal data (except where processing is necessary to clarify personal data).
2.3. Website — a collection of graphic and informational materials, as well as computer programs and databases, ensuring their availability on the Internet at https://empact.digital/.
2.4. Personal data information system — a set of personal data contained in databases and the information technologies and technical means that ensure their processing.
2.5. Depersonalization of personal data — actions as a result of which it is impossible to determine, without the use of additional information, the ownership of personal data by a specific User or another personal data subject.
2.6. Processing of personal data — any action (operation) or set of actions (operations) performed with or without the use of automation tools on personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.
2.7. Operator — a state authority, municipal authority, legal entity, or individual that independently or jointly with others organizes and/or processes personal data, and determines the purposes of personal data processing, the composition of personal data to be processed, and the actions (operations) performed with personal data.
2.8. Personal data — any information relating directly or indirectly to a specific or identifiable User of the website https://empact.digital/.
2.9. Personal data permitted by the subject for distribution — personal data to which access by an unlimited number of persons is granted by the personal data subject by giving consent for the processing of personal data permitted for distribution in accordance with the procedure provided by the Personal Data Law.
2.10. User — any visitor to the website https://empact.digital/.
2.11. Provision of personal data — actions aimed at disclosing personal data to a specific person or a specific group of persons.
2.12. Distribution of personal data — any actions aimed at disclosing personal data to an indefinite group of persons (transfer of personal data) or making personal data available to an unlimited group of persons, including publication in mass media, placement in information and telecommunication networks, or providing access in any other way.
2.13. Cross-border transfer of personal data — transfer of personal data to the territory of a foreign state to a foreign state authority, foreign individual, or foreign legal entity.
2.14. Destruction of personal data — any actions as a result of which personal data are irreversibly destroyed with no possibility of restoring their content in the personal data information system and/or physical media containing personal data are destroyed.

3. Basic Rights and Obligations of the Operator
3.1. The Operator has the right to:

• receive reliable information and/or documents containing personal data from the personal data subject;
• continue processing personal data without the consent of the personal data subject in the event of withdrawal of consent or submission of a request to terminate processing, provided there are grounds specified in the Personal Data Law;
• independently determine the composition and list of measures necessary and sufficient to fulfill obligations under the Personal Data Law and related regulations, unless otherwise provided by law.

3.2. The Operator is obliged to:

• provide the personal data subject, upon request, with information concerning the processing of their personal data;
• organize the processing of personal data in accordance with applicable law;
• respond to requests and inquiries from personal data subjects and their legal representatives as required by the Personal Data Law;
• provide necessary information to the authorized body for the protection of personal data subjects’ rights within 10 days of receiving a request;
• publish or otherwise ensure unrestricted access to this Policy;
• take legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, alteration, blocking, copying, provision, distribution, and other unlawful actions;
• cease transfer, processing, and destroy personal data in cases and according to procedures provided by law;
• fulfill other obligations stipulated by the Personal Data Law.

4. Basic Rights and Obligations of Personal Data Subjects

4.1. Personal data subjects have the right to:

• receive information regarding the processing of their personal data, except where restricted by federal law;
• demand clarification, blocking, or destruction of their personal data if such data are incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the stated processing purpose;
• require prior consent for processing personal data for marketing purposes;
• withdraw consent to the processing of personal data and submit a request to terminate processing;
• appeal unlawful actions or inaction of the Operator to an authorized body or in court;
• exercise other rights provided by law.

4.2. Personal data subjects are obliged to:

• provide the Operator with accurate personal data;
• notify the Operator of updates or changes to their personal data.

4.3.Persons who provide inaccurate information about themselves or about another personal data subject without consent bear responsibility under applicable law.

5. Principles of Personal Data Processing
Personal data processing is carried out on a lawful and fair basis, limited to specific, predetermined, and legitimate purposes, and only to the extent necessary to achieve those purposes. Accuracy, relevance, and proper storage duration are ensured. Personal data are destroyed or depersonalized upon achievement of processing goals unless otherwise required by law.

6. Purposes of Personal Data Processing
Purpose: Informing the User by sending emails.
Personal data: Last name, first name, patronymic; email address; phone numbers.
Legal basis: Contracts concluded between the Operator and the personal data subject.
Processing type: Sending informational emails.

7. Conditions for Processing Personal Data
Personal data are processed with consent, to fulfill legal obligations, contracts, judicial acts, legitimate interests, or public interests, and in cases where data are publicly available or subject to mandatory disclosure by law.

8. Procedure for Collection, Storage, Transfer, and Other Processing
The Operator ensures the security and confidentiality of personal data, prevents unauthorized access, does not transfer data to third parties except as required by law or consent, and determines processing duration based on the stated purposes. Users may update or withdraw consent via email at info@empact.digital.

9. List of Actions Performed with Personal Data
The Operator performs collection, recording, systematization, accumulation, storage, updating, extraction, use, transfer, depersonalization, blocking, deletion, and destruction of personal data, including automated processing.

10. Cross-Border Transfer of Personal Data
The Operator must notify the authorized body before initiating cross-border transfers and obtain necessary information from foreign recipients.

11. Confidentiality of Personal Data
The Operator and other persons with access to personal data must not disclose or distribute them without consent unless otherwise provided by law.

12. Final Provisions
Users may contact the Operator at info@empact.digital for clarifications. The Policy is valid indefinitely until replaced. The current version is available at https://empact.digital/policy.