Privacy Policy

1. Introduction

The privacy and data protection policy of the Sociedade Interbancária e Sistemas de Pagamentos, hereinafter referred to as SISP, a financial institution oriented towards electronic payment systems, aims at informing and disclosing to its customers and users who visit its websites, how their personal data are collected, processed and protected, in compliance with the provisions anticipated in the legislation governing the matter.

Given the nature and specificity of its activities, the company attaches particular importance to the protection of information as an essential condition for guaranteeing the continuity of its operations and the confidence of partners, customers and suppliers in the system.

The main purpose of this document is to define SISP's privacy and data protection policy.

2. Privacy and Data Protection Policy

2.1. Who are we?

SISP was created with the objective of endowing the country with a modern, efficient payment system, integrated in the major international systems. The company’s activities rest upon the core objectives of reliability, security, and consolidation of the services provided.

SISP provides its users with the most modern, reliable and secure financial services, particularly in the area of payments.

With a success story supported by innovation and efficiency, SISP remains focused on its growth and on providing services that facilitate the daily lives of people and companies. SISP considers Data Protection and the related Privacy of personal information, a matter of the utmost importance. As part of its social responsibility and in compliance with the law, SISP is committed to respect the principles and rules regarding the protection of personal data of its customers and users, the final recipients of the services provided.

The purpose of the Personal Data Protection Act (LPDP) is to contribute to the strengthening of an area of freedom, security, justice and well-being of persons, and therefore ensuring the protection of personal data is the foundation of the economic activity and reputation of the SISP as a credible and reliable company.

This privacy and data protection policy (hereinafter referred to as "Privacy and Data Protection Policy") is of general application to all personal data that the user makes available to SISP on its Internet pages (websites), and has been drawn up in accordance SOCIEDADE INTERBANCÁRIA E SISTEMAS DE PAGAMENTO Privacy and Data Protection Policy PLSI021 of 06/08/2020 Page 5 of 8 with Law No. 133/V/2001, of January 22, 2001, as amended by Law No. 41/VIII/2013 of September 17, 1993, which establishes the General Legal Regime for the Protection of Personal Data (hereinafter abbreviated to LPDP).

In view of the need to comply with the personal data protection regime at international level, the LPDP presents a set of rights of the holders of personal data and data processing obligations imposed on the Controllers and their Subcontractors.

2.2. Who is responsible for handling and processing your data?

In the context of the Data Protection Policy, "User" means any person or agent who interacts with SISP through its websites and online portals. Prior to the submission and processing of personal data of Users, SISP is bound to request the explicit, informed and absolute consent of the User about this Policy. The purpose of the SISP Privacy Policy is to provide the User with information on how his/her personal data collected in the websites and portals operated by the SISP will be processed.

2.3. What is the purpose of processing your data?

Provide the service

SISP processes the personal data that the User provides through the online forms or retrieval of navigation data contained on our websites, for the following purposes:

- To attend to and provide assistance in the interests of the User;

- Any other matter relating to the provision of the Service and its improvements.

Consult and obtain your opinion on SISP

SISP considers and values the User's opinion. Your opinion about SISP or its products and services, as well as your suggestions and concerns, are important tools for evaluating the quality of our services. For this purpose, SISP provides you with contact and evaluation forms in order to know your perception and opinion on our products and services.

Your opinion and personal data should always be made available in a free and voluntary fashion.

2.4. What are the grounds for legitimate interest when the processing of your data takes place?

The processing of personal data shall be lawful only if, and to the extent that, at least one of the following situations is ensured:

-the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes;

- processing is necessary for the performance of a contract to which the data subject is a party, or for pre-contractual inquiries at the request of the data subject;

- processing is necessary for the performance of a legal obligation to which the controller is subject;

- processing is necessary in order to protect the vital interests of the data subject or of another natural person;

- processing is necessary for the performance of public interest duties or in the exercise of official authority vested in the controller;

- processing is necessary for the purposes of the legitimate interests pursued by the controller or by third parties except where the interests or fundamental rights and freedoms of the data subject, which require the protection of the personal data, prevail, in particular where the data subject is a child.

The User acknowledges and accepts that failure to fill in certain personal data will prevent SISP from providing all the services linked to that data.

Under no circumstances may SISP assign, exploit or use your personal data for a purpose other than that expressly defined.

2.5. How long do we keep your personal data?

SISP shall process the personal data of its Users for the duration of the relationship between the two parties and beyond, and shall not keep such data longer than necessary for the purposes for which they were originally collected, without prejudice to such storage as may be necessary to formulate, exercise or protect the legitimate interests of SISP or to lawful enforcement.

2.6. Who has access to your personal data?

SISP has access to them and, in order for SISP to provide service and assistance to the User of its websites or portals, it may be necessary, for that sole purpose, to share your personal data with other entities related to the SISP, which shall process the personal data in accordance with this Privacy Policy and in strict compliance with the applicable data protection legislation.

2.7. What rights are you entitled to?

SISP shall inform the user of his or her right to exercise his or her statutory rights, such as access, rectification, objection, deletion, portability and limitation of processing, and to refuse automated processing of personal data collected by SISP.

These rights may be freely exercised by the user or his/her legitimate representative by means of a written request, signed and forwarded to the following address:

Sociedade Interbancária e Sistema de Pagamentos (SISP)

Conjunto Habitacional Novo Horizonte, Achada de Santo António

Praia, Cabo Verde

Caixa Postal 861

In addition to the rights previously provided, the User may also request the revocation of the consent given at any time. The revocation shall not have retroactive effect and shall not affect the lawfulness of the treatment prior to the User's request.

The User may also submit any complaint to the National Commission for Data Protection (CNPD) whenever deemed necessary or convenient.

2.8. How to revoke consent to send commercial communications?

Users shall have the right to revoke their consent to the purposes agreed upon through SISP websites and portals at any time by simply notifying SISP.

2.9. What security measures are in place?

SISP undertakes to fulfil its obligation of confidentiality of personal data and its duty to store them and to make reasonable efforts to implement measures to prevent their unauthorized alteration, loss, processing or access in accordance with the provisions of the LPDP.

SISP complies with the best international practices and has implemented the certifications and technical and organizational security measures required to ensure the security of your personal data and prevent its alteration, loss and unauthorized processing and/or access, taking into account the state of technology, the nature of the data stored and the risks to which they are exposed, regardless of whether they are caused by human acts or the physical or natural environment, in accordance with the provisions of the LPDP.

SISP is an entity committed to the privacy, confidentiality and integrity of information, continuously monitoring and evaluating its processes to ensure full respect for privacy and information security.

SISP reserves the right to prevent, restrict or change the terms and conditions of access by any User, for justified security reasons that may put at risk the reputation and trust of the pages of the SISP websites and portals.

3. Use of cookies

SISP websites and portals may use "cookies" and other technologies, such as, but not limited to, pixel tags and web beacons. These technologies provide insights on the behavior of users, while allowing the latter to have a better experience browsing the pages of SISP's web sites and portals, as well as to measure and contribute to the effectiveness of information campaigns and research on the Internet. In this context, information collected by cookies and other technologies is treated as non-personal information. However, as Internet Protocol (IP) addresses or similar identifiers are considered personal information by the legislation in force, these identifiers will also be treated as personal information in an evolutionary manner.

4. Changes to the Privacy and Data Protection Policy

SISP may modify and update its Privacy and Data Protection Policy in accordance with the applicable legislation in force at the time. In any case, any modification of the Privacy and Data Protection Policy will be duly published on SISP websites and portals, namely but not limited to, and, to inform the User about the changes and, if the applicable legislation so requires, so that he/she may freely give his/her consent.