1. Introduction
The privacy and data protection policy of the Sociedade Interbancária e Sistemas de
Pagamentos, hereinafter referred to as SISP, a financial institution oriented towards
electronic payment systems, aims at informing and disclosing to its customers and users
who visit its websites, how their personal data are collected, processed and protected,
in compliance with the provisions anticipated in the legislation governing the matter.
Given the nature and specificity of its activities, the company attaches particular
importance to the protection of information as an essential condition for guaranteeing
the continuity of its operations and the confidence of partners, customers and suppliers
in the system.
The main purpose of this document is to define SISP's privacy and data protection policy.
2. Privacy and Data Protection Policy
2.1. Who are we?
SISP was created with the objective of endowing the country with a modern, efficient
payment system, integrated in the major international systems. The company’s
activities rest upon the core objectives of reliability, security, and consolidation of the
services provided.
SISP provides its users with the most modern, reliable and secure financial services,
particularly in the area of payments.
With a success story supported by innovation and efficiency, SISP remains focused on
its growth and on providing services that facilitate the daily lives of people and
companies. SISP considers Data Protection and the related Privacy of personal
information, a matter of the utmost importance. As part of its social responsibility and
in compliance with the law, SISP is committed to respect the principles and rules
regarding the protection of personal data of its customers and users, the final recipients
of the services provided.
The purpose of the Personal Data Protection Act (LPDP) is to contribute to the
strengthening of an area of freedom, security, justice and well-being of persons, and
therefore ensuring the protection of personal data is the foundation of the economic
activity and reputation of the SISP as a credible and reliable company.
This privacy and data protection policy (hereinafter referred to as "Privacy and Data
Protection Policy") is of general application to all personal data that the user makes
available to SISP on its Internet pages (websites), and has been drawn up in accordance
SOCIEDADE INTERBANCÁRIA E SISTEMAS DE PAGAMENTO
Privacy and Data Protection Policy PLSI021 of 06/08/2020 Page 5 of 8
with Law No. 133/V/2001, of January 22, 2001, as amended by Law No. 41/VIII/2013 of
September 17, 1993, which establishes the General Legal Regime for the Protection of
Personal Data (hereinafter abbreviated to LPDP).
In view of the need to comply with the personal data protection regime at international
level, the LPDP presents a set of rights of the holders of personal data and data
processing obligations imposed on the Controllers and their Subcontractors.
2.2. Who is responsible for handling and processing your data?
In the context of the Data Protection Policy, "User" means any person or agent who
interacts with SISP through its websites and online portals. Prior to the submission and
processing of personal data of Users, SISP is bound to request the explicit, informed and
absolute consent of the User about this Policy. The purpose of the SISP Privacy Policy is
to provide the User with information on how his/her personal data collected in the
websites and portals operated by the SISP will be processed.
2.3. What is the purpose of processing your data?
Provide the service
SISP processes the personal data that the User provides through the online forms or
retrieval of navigation data contained on our websites, for the following purposes:
- To attend to and provide assistance in the interests of the User;
- Any other matter relating to the provision of the Service and its improvements.
Consult and obtain your opinion on SISP
SISP considers and values the User's opinion. Your opinion about SISP or its products and
services, as well as your suggestions and concerns, are important tools for evaluating
the quality of our services. For this purpose, SISP provides you with contact and
evaluation forms in order to know your perception and opinion on our products and
services.
Your opinion and personal data should always be made available in a free and voluntary fashion.
2.4. What are the grounds for legitimate interest when the processing of your data takes place?
The processing of personal data shall be lawful only if, and to the extent that, at least
one of the following situations is ensured:
-the data subject has given his or her consent to the processing of his or her personal
data for one or more specific purposes;
- processing is necessary for the performance of a contract to which the data subject is
a party, or for pre-contractual inquiries at the request of the data subject;
- processing is necessary for the performance of a legal obligation to which the controller
is subject;
- processing is necessary in order to protect the vital interests of the data subject or of
another natural person;
- processing is necessary for the performance of public interest duties or in the exercise
of official authority vested in the controller;
- processing is necessary for the purposes of the legitimate interests pursued by the
controller or by third parties except where the interests or fundamental rights and
freedoms of the data subject, which require the protection of the personal data, prevail,
in particular where the data subject is a child.
The User acknowledges and accepts that failure to fill in certain personal data will
prevent SISP from providing all the services linked to that data.
Under no circumstances may SISP assign, exploit or use your personal data for a purpose
other than that expressly defined.
2.5. How long do we keep your personal data?
SISP shall process the personal data of its Users for the duration of the relationship
between the two parties and beyond, and shall not keep such data longer than
necessary for the purposes for which they were originally collected, without prejudice
to such storage as may be necessary to formulate, exercise or protect the legitimate
interests of SISP or to lawful enforcement.
2.6. Who has access to your personal data?
SISP has access to them and, in order for SISP to provide service and assistance to the
User of its websites or portals, it may be necessary, for that sole purpose, to share your
personal data with other entities related to the SISP, which shall process the personal
data in accordance with this Privacy Policy and in strict compliance with the applicable
data protection legislation.
2.7. What rights are you entitled to?
SISP shall inform the user of his or her right to exercise his or her statutory rights, such
as access, rectification, objection, deletion, portability and limitation of processing, and
to refuse automated processing of personal data collected by SISP.
These rights may be freely exercised by the user or his/her legitimate representative by
means of a written request, signed and forwarded to the following address:
Sociedade Interbancária e Sistema de Pagamentos (SISP)
Conjunto Habitacional Novo Horizonte, Achada de Santo António
Praia, Cabo Verde
Caixa Postal 861
In addition to the rights previously provided, the User may also request the revocation
of the consent given at any time. The revocation shall not have retroactive effect and
shall not affect the lawfulness of the treatment prior to the User's request.
The User may also submit any complaint to the National Commission for Data Protection
(CNPD) whenever deemed necessary or convenient.
2.8. How to revoke consent to send commercial communications?
Users shall have the right to revoke their consent to the purposes agreed upon through
SISP websites and portals at any time by simply notifying SISP.
2.9. What security measures are in place?
SISP undertakes to fulfil its obligation of confidentiality of personal data and its duty to
store them and to make reasonable efforts to implement measures to prevent their
unauthorized alteration, loss, processing or access in accordance with the provisions of
the LPDP.
SISP complies with the best international practices and has implemented the
certifications and technical and organizational security measures required to ensure the
security of your personal data and prevent its alteration, loss and unauthorized
processing and/or access, taking into account the state of technology, the nature of the
data stored and the risks to which they are exposed, regardless of whether they are
caused by human acts or the physical or natural environment, in accordance with the
provisions of the LPDP.
SISP is an entity committed to the privacy, confidentiality and integrity of information,
continuously monitoring and evaluating its processes to ensure full respect for privacy
and information security.
SISP reserves the right to prevent, restrict or change the terms and conditions of access
by any User, for justified security reasons that may put at risk the reputation and trust
of the pages of the SISP websites and portals.
3. Use of cookies
SISP websites and portals may use "cookies" and other technologies, such as, but not
limited to, pixel tags and web beacons. These technologies provide insights on the
behavior of users, while allowing the latter to have a better experience browsing the
pages of SISP's web sites and portals, as well as to measure and contribute to the
effectiveness of information campaigns and research on the Internet. In this context,
information collected by cookies and other technologies is treated as non-personal
information. However, as Internet Protocol (IP) addresses or similar identifiers are
considered personal information by the legislation in force, these identifiers will also be
treated as personal information in an evolutionary manner.
4. Changes to the Privacy and Data Protection Policy
SISP may modify and update its Privacy and Data Protection Policy in accordance with
the applicable legislation in force at the time. In any case, any modification of the Privacy
and Data Protection Policy will be duly published on SISP websites and portals, namely
but not limited to, www.sisp.cv and www.vinti4.cv, to inform the User about the
changes and, if the applicable legislation so requires, so that he/she may freely give
his/her consent.