The ASCENZA Agro, S.A. (hereinafter referred to as ASCENZA) sell products and provide services at their different establishments in accordance with the conditions of use that are in effect at each of those establishments, carrying out personal data protection activities for the pursuit of its business activities, this processing being performed in accordance with data protection standards, specifically the General Data Protection Regulation, the Personal Data Protection Law or special law, and according to the following parameters:

Data controller: ASCENZA, with the NIPC 503463060, having registered offices at Alameda dos Oceanos, Lote 1.06.1.1 D2º, 1990-207, Lisboa - Portugal, telephone +351 265 710 100 and email info@ascenza.com.

Data Protection Officer contact details: the data controller has a specific email address for the purposes of personal data protection, and the Data Protection Officer may be contacted at dataprotection@rovensa.com.

Categories of data subjects: stakeholders, potential customers, customers or users of different products, services or events provided by ASCENZA through its establishments or its direct communication channels.

Personal data for processing: data necessary for responding to information requests, for participation in events, for the presentation of proposals, for the conclusion of contracts or for the use of any direct communication channel with ASCENZA, such as, namely, civil identification and tax data, banking and financial data, contact details deemed necessary for the conclusion of Contracts or contact details that are considered optional for purposes of responding to requests, sending information, managing registrations or the provision of ancillary services, under the terms and conditions of use of the products, services or direct communication channels.

Context and purpose of the processing: information, promotion, marketing, organisation of events, support or assistance, communication with data subjects for purposes of marketing products, providing services and correlated ancillary services.

Legal basis: according to the specific situation concerned, the data processing is based on the management of a contractual relationship, the fulfilment of legal obligations, the pursuit of legitimate interests or, in specific situations of ancillary services, the data subject’s consent.

Consequences of failing to provide mandatory data: failure to provide the data necessary to respond to requests or conclude contracts, such as civil identification and tax data, banking and financial data and contact details deemed necessary, shall render unfeasible a response or the conclusion of the respective contract and consequent provision of services.

Consequences of failing to provide optional data: the data subject is not obliged to permit the processing of optional contact details, as a result of which, where consent is not given, or consent previously given is subsequently withdrawn, such data shall not be processed, in which case, upon request, the personal data concerned shall be erased, or the use thereof shall be cancelled for the purposes of providing ancillary services, without affecting, however, the legality of the operations carried out in the meantime, up to the date of the withdrawal of consent.

Recipients: the data controller carries out the processing on its own initiative (through professionals subject to the obligation of professional secrecy) or through processors acting on its behalf that are qualified for the provision of services selected by it and bound by strict technical and organisational measures adapted to the protection of personal data.

Security measures: adequate technical and organisational security measures are implemented to ensure a level of security in the processing appropriate to the risk.

Place where the data are collected: the data are collected at the time of submission, by the data subject, of information requests, applications to participate in events, during the acquisition of products or services and use of direct communication channels, through the data controller’s different service channels, guaranteeing privacy and confidentiality in their collection and the respective integrity, quality and accuracy of the data.

Retention period: notwithstanding the exceptional situations of extension of the retention period provided for by law or deemed necessary for the protection of rights or legitimate interests, the personal data processed shall be kept for a period of ten years after the end of the contractual relationship, and shall thereafter be erased.

Signage: all the service points where personal data processing operations are carried out shall be duly identified, with the application of specific indications with a commitment to data protection when receiving and supporting customers, users or clients, ensuring transparency and information on the correct use of the systems and procedures for processing personal data at the data controller’s establishments.

Communication of data: with the exception of situations of legal obligation to communicate data or communication of data between group companies(*), there are no data communication operations, and personal data is not communicated to third parties.

Data interconnection and automated decisions: no personal data interconnection operations are performed. Only the manual or computerised human resources management systems are integrated for the purpose of processing information requests, orders for products or services under the respective contractual relationship and only those automated decisions are made that are required for performance of the Contracts concluded.

Data subject's rights: the data subject shall be entitled to request from the data controller access to, rectification of or erasure of their personal data, as well as restriction or objection to processing and data portability, under the conditions provided for by law, and may also withdraw consent for data processing in situations where that consent provides the lawful grounds for that processing.

Right to complain to the supervisory authority: where deemed necessary, the data subject may at any time exercise the right to file a complaint with the Supervisory Authorities - the National Data Protection Commission (www.cnpd.pt).

Address for exercising rights: to request any information, submit complaints or claim rights, please contact us using the following email address: dataprotection@rovensa.com.

Conditions of Use: the conditions of use of the different communication channels, platforms or websites are available for consultation by any stakeholder at the service points or at any reception desk at the establishments of the Group companies.

Data Protection Policy: personal data processing operations are carried out in accordance with the Data Protection Policy, which is available at www.rovensa.com.