The https://pharmaword.com site is published by:

EDUARDO COSTA, LDA with a declared capital of 10.000,00 euros, registered at the Conservatória do Registo Predial/Comercial Bombarral (Portugal) under the number 508196795.

Head office address:

Rua Leonel Sotto Mayor, 54-L3

2500-227 Caldas da Rainha

PORTUGAL

Telephone: (+351) 262 841 096

Fax: (+351) 262 841 096

Mobile: (+351) 916 926 826

Teams: pharmaword

E-mail: main@pharmaword.com

The https://pharmaword.com site is hosted by:

AMEN

Edificio Parque Expo

Av. D. João II 1.07-2.1 R/C

1998-014 Lisboa

Portugal

Telephone: (+351) 707 50 51 55

Fax: (+351) 707 50 51 56

E-mail: internic@amen.pt

Clique aqui e comece a digitar. Veritatis et quasi architecto beatae vitae dicta sunt explicabo nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt.

Clique aqui e comece a digitar. Labore et dolore magnam aliquam quaerat voluptatem ut enim ad minima veniam quis nostrum exercitationem ullam corporis suscipit laboriosam nisi ut aliquid ex ea commodi consequatur quis autem vel eum iure reprehenderit.

Clique aqui e comece a digitar. Veritatis et quasi architecto beatae vitae dicta sunt explicabo nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt.

Clique aqui e comece a digitar. Veritatis et quasi architecto beatae vitae dicta sunt explicabo nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt.

Clique aqui e comece a digitar. Veritatis et quasi architecto beatae vitae dicta sunt explicabo nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt.

Clique aqui e comece a digitar. Veritatis et quasi architecto beatae vitae dicta sunt explicabo nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt.

1. Purpose and contact

1.1 This policy is designed to ensure transparency on all processing by Pharmaword of personal information held on individuals. Pharmaword (EDUARDO COSTA, LDA) is the Data Controller and are hereby responsible for the processing of data that we collect and store through my website or otherwise. We ensure that your data is processed according to any applicable law. For any questions regarding this policy or invoking of any of the rights mentioned in this policy, please contact us at main[AT] pharmaword.com or by using the following phone number: PT +351 262 841 096

2. How do we comply with the GDPR requirements?

2.1 We take data security and the privacy of our users very seriously. Our services are secure, and we have implemented sufficient technical and organisational measures to ensure the security of your data during our processing. We have training in data protection and we have extensive guidelines and protocols to ensure that the processing of personal information lives up to the same high standards across our organisation. This policy will outline which types of data we process, why we process it and which rights you have regarding the processing of your data.

3. What Data Do You Provide Yourself?

3.1 We collect your personal/company data to deliver our services to you: Your contact information: name, surname, company name, e-mail, and phone number Information concerning the services you purchase with us to customize and adjust the services to your specific needs.

4. What Data do we Collect Automatically?

4.1 We want to improve our digital services and applications. That's why we collect the data automatically in form of cookies, click-stream, and web analytics. This data does not usually contain personal details about the user. Your visit to my website usually results in the collection of the following information: the visitor's IP address, the date and time of the visit, the referral URL (the site from which the visitor has come), the pages visited on my website, information about the browser used (browser type and version, operating system, etc.). Cookies: we use cookies on our website and mobile applications. Cookies are small text files that are stored on your device from the web browser. We can use cookies to match you with your account. You can find instructions on how to manage browser specific cookie settings here: Internet Explorer: https://support.microsoft.com/en-us/help/260971/description-of-cookies Mozilla Firefox: https://support.mozilla.com/en-US/kb/Cookies Google Chrome: https://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95647 Safari: https://support.apple.com/kb/PH5042 Opera: https://help.opera.com/en/latest/web-preferences/#cookies Web analytics We use Google analytics to collect information from your user sessions on our website as we want to improve our services and to give you the best possible experience.

5. How do we use your data?

To deliver the service you ordered we will use the information we have gathered to get back to you with service propositions based on your quote request. If you choose to accept the quote, we will use your data to deliver the service you ordered with us. This includes making files available to us. To deliver the best service and experience for you we will use the information we have gathered about you to customize our services for you and provide the best possible digital experience. This includes optimizing of our services and websites based on analytical information gathered from you. To send you newsletters if you have given your consent to receive our newsletters, you will get them. We can inform you about similar products, services, and campaigns we might have. You can, at any moment, unsubscribe from our e-mail service.

6. How long do we store the data?

6.1 The data that we collect either directly from our users or from any of the services described in section 4, is stored during the whole time an account is active and the data is necessary, and for a period of time after the account is no longer active. The period after depends on the nature of the data, and will vary depending on any mandatory retention periods set forth by law. The maximum period will be 5 years.

7. Information Disclosure

7.1 We treat your data with confidentiality. This means that we do not sell you data to third parties. Your data will only be disclosed if required by law.

7.2 We may use supporting services provided by third parties. This might include maintenance services, analysis services, e-mail messaging services, handling of payment transactions. These third parties will get access to the data they require to provide their services. We take the necessary steps to ensure that these third-party providers protect your data.

8. Your rights

8.1 If you wish to gain access to your data, get them corrected or deleted or make any reservations towards our data processing, we will investigate whether or not this is possible according to any of our legal obligations, and get back to your request as soon as possible and no later than a month after we received your request.

8.2 Users can access their data at any time from their account settings, where users can see, download, delete or correct any information they have provided us.

8.3 You have the right to be informed, what data we have stored concerning you, where they are collected and what they are being used for. You can be informed about our retention periods, who receives data concerning you, in the extent that we disclose or transfer your data.

8.4 You can request to gain access to any data processed regarding your person. Access can be limited in cases where it can compromise other people's privacy, trade secrets or intangible rights.

8.5 You have the right to correct any information that is no longer correct or current. If you become aware that any of the data that we store concerning you are incorrect, you have the right to get such information corrected or deleted.

8.6 You also have the right to object our processing of your data, or to our disclosure or transfer of your data for marketing purposes. You have the right to receive any data that we am processing regarding your person, this includes data collected directly from your or from other parties. In the event that you put in such a request, your data will be provided for you on a commonly used digital transportable format.

8.7 Any matters relating to EDUARDO COSTA LDA. collection and storage of personal information, your rights under the GDPR or this policy, can be addressed to main [AT] pharmaword.com or to the phone number listed in section 1.

8.8 If our collection, storage or processing of your data should raise any concerns with you, you have the right to file a complaint with the Portuguese Data Protection Agency or any other supervising authority in your country.

9. Security of the Information

9.1 We take appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized use, disclosure, or access; in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing and misusing of data.

9.2 – Our platform is hosted at AMEN.PT which provides maximum scalability and security. The platform uses https/ssl for secure communication and is backed by a firewall and a load balancer to ensure constant availability. All passwords for clients and me are encrypted, and advanced role-based access control (RBAC) can be provided and customised. User logins are logged with timestamp and IP address. Additionally, web servers keep access logs of all requests. Source files and translations are hosted in a secure centralized storage service (S3). All data is stored in EU (Dublin, Ireland).

10. Privacy Policy Changes

Our Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without your explicit consent. We will post any Privacy Policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, in certain services, email notification of Privacy Policy changes).

1. Definitions

1.1 Consent – means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data.

1.2 Data controller – the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

1.3 Data Subject – any living individual who is the subject of personal data held by an organisation.

1.4 Personal Data – any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.5 Personal Data Breach – any breach of security leading to the accidental, or unlawful, destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. There is an obligation on the controller to report personal data breaches to the supervisory authority and where the breach is likely to adversely affect the personal data or privacy of the data subject.

1.6 Processing – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

1.7 Processor – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

1.8 Profiling – is any form of automated processing of personal data intended to evaluate certain personal aspects relating to a natural person, or to analyse, or predict that person's performance at work, economic situation, location, health, personal preferences, reliability, or behaviour. This definition is linked to the right of the data subject to object to profiling and a right to be informed about the existence of profiling, of measures based on profiling and the envisaged effects of profiling on the individual.

1.9 Special Categories of Personal Data – personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.

1.10 Third Party – a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

2. Purpose

2.1 Eduardo Costa Lda is committed to conducting its business in accordance with all applicable Data Protection laws and regulations and in line with the highest standards of ethical conduct. Eduardo Costa Lda is the Data Controller under the Data Protection laws, which means that it determines what purposes personal information held, will be used for.

2.2 This policy sets forth the expected behaviours of all Eduardo Costa Lda employees and Third Parties in relation to the collection, use, retention, transfer, disclosure and destruction of any Personal Data belonging to a Data Subject.

2.3 Personal Data is any information (including opinions and intentions) which relates to an identified or Identifiable Natural Person. Personal Data is subject to certain legal safeguards and other regulations, which impose restrictions on how organisations may process Personal Data. An organisation that handles Personal Data and makes decisions about its use is known as a Data Controller. Eduardo Costa Lda, as a Data Controller, is responsible for ensuring compliance with the Data Protection requirements outlined in this policy.

2.4 Eduardo Costa Lda is fully committed to ensuring continued and effective implementation of this policy, and expects all employees and Third Parties to share in this commitment. Any breach of this policy will be taken seriously and may result in disciplinary action or business sanction.

3. Scope

3.1 This policy applies to all Eduardo Costa Lda entities processing Personal Data.

3.2 This policy applies to all Processing of Personal Data in electronic form or where it is held in manual files that are structured in a way that contains information about individuals.

4. Basic principles

4.1 Eduardo Costa Lda has adopted the following principles to govern its collection, use, retention, transfer, disclosure and destruction of Personal Data: Lawfulness, fairness and transparency: Personal Data is processed lawfully, fairly and in a transparent manner in relation to the data subject. Purpose limitation: Any Personal Data collected shall have a specified, explicit and legitimate purpose. Data minimisation: Any Personal Data collected shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. Accuracy: Any Personal Data collected shall be accurate and, where necessary, kept up to date. Storage limitation: Personal Data shall not be stored longer than what is necessary for the purposes for which the Personal Data are processed. Integrity and confidentiality: Personal Data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. Accountability: Eduardo Costa Lda shall be responsible for, and be able to demonstrate compliance with the above mentioned principles. This policy provides the foundation for adherence to this responsibility.

5. Lawfulness of processing

5.1 Eduardo Costa Lda will Process Personal Data in accordance with all applicable laws and applicable contractual obligations.

5.2 More specifically, Eduardo Costa Lda will not Process Personal Data unless one of the other available foundations for processing is applicable. As non-exhaustive examples of these valid grounds can be mentioned the following: The Data Subject has given valid Consent. Processing necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract. Processing is necessary for compliance with a legal obligation to which the Data Controller is subject.

5.3 To the extent that Eduardo Costa Lda process Special Categories of Data (also known as sensitive data), such processes shall receive special attention in the governance of personal data. Particularly, such processing shall only take place if the more stringent requirements for Processing of Special Categories of Data are fulfilled. As non-exhaustive examples of these valid grounds can be mentioned the following: The Data Subject has given valid Consent. The Processing relates to Personal Data which has already been made public by the Data Subject. The Processing is necessary for the establishment, exercise or defence of legal claims. The Processing is specifically authorised or required by law.

6. Information to data subjects

6.1 Eduardo Costa Lda will, when required by applicable law, contract, or where it considers that it is reasonably appropriate to do so, provide Data Subjects with information as to the purpose of the Processing of their Personal Data.

6.2 When any Personal Data is collected, all appropriate disclosures will be made, in a manner that draws attention to them, unless one of the following apply: The Data Subject already has the information A legal exemption applies to the requirements for disclosure and/or Consent.

6.3 By way of non-exhaustive example, Eduardo Costa Lda has implemented the following standard methods of providing information to Data Subjects: All Personal Data processed on Eduardo Costa Lda's website is described in a Privacy Policy made available to all users of Eduardo Costa Lda's website.

7. Continued compliance with basic principles

7.1 The basic principles of lawful Processing described in section 4 shall also apply when the same Personal Data is later stored, used and/or shared.

7.2 In particular it is essential to make sure that any changes in the purpose of Processing of Personal Data.

7.3 It is also essential that all stored Personal Data at all times is accurate and up-to-date.[1] In order to achieve this goal, Eduardo Costa Lda has implemented the following procedures: Correcting Personal Data known to be incorrect, inaccurate, incomplete, ambiguous, misleading or outdated, even if the Data Subject does not request rectification. Only storing Personal Data for the period necessary to satisfy the permitted uses or applicable statutory retention period. Restriction, rather than deletion of Personal Data, insofar as: a law prohibits erasure. erasure would impair legitimate interests of the Data Subject. the Data Subject disputes that their Personal Data is correct and it cannot be clearly ascertained whether their information is correct or incorrect.

8. Transfers within the group of companies

8.1 In order for Eduardo Costa Lda to carry out its operations effectively across its various entities, there may be occasions when it is necessary to transfer Personal Data from one entity to another, or to allow access to the Personal Data from an overseas location. Should this occur, the Eduardo Costa Lda entity sending the Personal Data remains responsible for ensuring protection for that Personal Data. All Eduardo Costa Lda entities are located within the EU.

9. Transfers to Third parties

9.1 Eduardo Costa Lda will only transfer Personal Data to, or allow access by, Third Parties when it is assured that the information will be Processed legitimately and protected appropriately by the recipient. Where Third Party Processing takes place, Eduardo Costa Lda will first identify if, under applicable law, the Third Party is considered a Data Controller or a Data Processor of the Personal Data being transferred.

9.2 Where the Third Party is deemed to be a Data Controller, the Eduardo Costa Lda entity will enter into an appropriate agreement with the Controller to clarify each party's responsibilities in respect to the Personal Data transferred.

9.3 Where the Third Party is deemed to be a Data Processor, Eduardo Costa Lda will enter into an agreement with the Data Processor.

10. Use of data processors

10.1 Eduardo Costa Lda will enter into an agreement with all of its Data Processors.

10.2 The agreement must require the Data Processor to protect the Personal Data from further disclosure and to only Process Personal Data in compliance with Eduardo Costa Lda instructions. In addition, the agreement will require the Data Processor to implement appropriate technical and organisational measures to protect the Personal Data as well as procedures for providing notification of Personal Data Breaches.

10.3 When Eduardo Costa Lda is outsourcing services to a Third Party (including Cloud Computing services), they will identify whether the Third Party will Process Personal Data on its behalf and whether the outsourcing will entail any Third Country transfers of Personal Data. In either case, it will make sure to include adequate provisions in the outsourcing agreement for such Processing and Third Country transfers.

11. Transfer of personal data outside EU

11.1 Eduardo Costa Lda will only transfer Personal Data to internal or Third Party recipients located in country outside of the European Union where the conditions for such a transfer are fulfilled.

12. Security

12.1 Eduardo Costa Lda will adopt physical, technical, and organisational measures to ensure the security of Personal Data. This includes the prevention of loss or damage, unauthorised alteration, access or Processing, and other risks to which it may be exposed by virtue of human action or the physical or natural environment.

12.2 The minimum set of security measures to be adopted by Eduardo Costa Lda is provided in the Information Security Policy. A summary of the Personal Data related security measures is provided below: Prevent unauthorised persons from gaining access to data processing systems in which Personal Data are Processed. Prevent persons entitled to use a data processing system from accessing Personal Data beyond their needs and authorisations. Ensure that Personal Data in the course of electronic transmission during transport cannot be read, copied, modified or removed without authorisation. Ensure that access logs are in place to establish whether, and by whom, the Personal Data was entered into, modified on or removed from a data processing system. Ensure that in the case where Processing is carried out by a Data Processor, the data can be Processed only in accordance with the instructions of the Data Controller. Ensure that Personal Data is protected against undesired destruction or loss. Ensure that Personal Data collected for different purposes can and is Processed separately. Ensure that Personal Data is not kept longer than necessary.

13. Breach Reporting

13.1 Any individual who suspects that a Personal Data Breach has occurred due to the theft or exposure of Personal Data must immediately notify the Data Protection Officer Eduardo Costa providing a description of what occurred. Notification of the incident can me made via e-mail contact [AT] ejcosta.com or by calling the phone number +351 262 841 096.

13.2 The Data Protection Officer will investigate all reported incidents to confirm whether or not a Personal Data Breach has occurred. If a Personal Data Breach is confirmed, the Data Protection Officer will follow the relevant authorised procedure based on the criticality and quantity of the Personal Data involved, assessed by the completion of a Data Protection Impact Assesment (DPIA).

14. Limitation of retention period

14.1 To ensure fair Processing, Personal Data will not be retained by Eduardo Costa Lda for longer than necessary in relation to the purposes for which it was originally collected, or for which it was further Processed.

14.2 The length of time for which Eduardo Costa Lda need to retain Personal Data is set out in the Personal Data Retention Schedule. This takes into account the legal and contractual requirements, both minimum and maximum, that influence the retention periods set forth in the schedule. All Personal Data should be deleted or destroyed as soon as possible where it has been confirmed that there is no longer a need to retain it.

15. Notification of Data Protection Officer

15.1 All requests received for access to or rectification of Personal Data must be directed to the appointed Data Protection Officer, who will log each request as it is received.

15.2 The Data Protection Officer will observe that all Data Subject requests are handled in accordance with section 16-18 below.

16. Data Subject request handling procedure

16.1 The Data Protection Officer has established a system to enable and facilitate the exercise of Data Subject rights related to: Information access. Objection to Processing. Objection to automated decision-making and Profiling. Restriction of Processing. Data portability. Data rectification. Data erasure.

16.2 If an individual makes a request relating to any of the rights listed above, Eduardo Costa Lda will consider each such request in accordance with all applicable Data Protection laws and regulations. No administration fee will be charged for considering and/or complying with such an initial request unless the request is deemed to be unnecessary or excessive in nature due to repetitive requests.

17. Information access

17.1 Data Subjects are entitled to obtain, based upon a request made in writing to the Office of Data Protection and upon successful verification of their identity, the following information about their own Personal Data: The purposes of the collection, Processing, use and storage of their Personal Data. The source(s) of the Personal Data, if it was not obtained from the Data Subject; The categories of Personal Data stored for the Data Subject. The recipients or categories of recipients to whom the Personal Data has been or may be transmitted, along with the location of those recipients. The envisaged period of storage for the Personal Data or the rationale for determining the storage period. The use of any automated decision-making, including Profiling.

18. Response time

18.1 A response to each request will be provided within 30 days of the receipt of the written request from the Data Subject. Appropriate verification must confirm that the requestor is the Data Subject or their authorised legal representative. Data Subjects shall have the right to require [Company] to correct or supplement erroneous, misleading, outdated, or incomplete Personal Data. If [Company] cannot respond fully to the request within 30 days, the Office of Data Protection shall nevertheless provide the following information to the Data Subject, or their authorised legal representative within the specified time: An acknowledgement of receipt of the request. Any information located to date. Details of any requested information or modifications which will not be provided to the Data Subject, the reason(s) for the refusal, and any procedures available for appealing the decision. An estimated date by which any remaining responses will be provided. An estimate of any costs to be paid by the Data Subject (e.g. where the request is excessive in nature). The name and contact information of the Eduardo Costa Lda individual who the Data Subject should contact for follow up.

19. Data Protection Officer

19.1 To demonstrate our commitment to Data Protection, and to enhance the effectiveness of our compliance efforts, Eduardo Costa Lda has appointed an employee to be the primary supervisor of Eduardo Costa Lda's compliance with the Data Protection rules (the DPO).

19.2 The DPO reports directly to the CEO of Eduardo Costa Lda.

19.3 The DPO's duties include: Informing and advising Eduardo Costa Lda and its Employees who carry out Processing pursuant to Data Protection regulations, national law or Union based Data Protection provisions; Ensuring the alignment of this policy with Data Protection regulations, national law or Union based Data Protection provisions; Providing guidance with regards to carrying out Data Protection Impact Assessments (DPIAs); Acting as a point of contact for and cooperating with Data Protection Authorities (DPAs); Determining the need for notifications to one or more DPAs as a result of Eduardo Costa Lda's current or intended Personal Data processing activities; Making and keeping current notifications to one or more DPAs as a result of Eduardo Costa Lda's current or intended Personal Data processing activities; The establishment and operation of a system providing prompt and appropriate responses to Data Subject requests; Informing senior managers, officers, and directors of Eduardo Costa Lda of any potential corporate, civil and criminal penalties which may be levied against Eduardo Costa Lda and/or its Employees for violation of applicable Data Protection laws. Ensuring establishment of procedures and standard contractual provisions for obtaining compliance with this Policy by any Third Party who: provides Personal Data to Eduardo Costa Lda receives Personal Data from Eduardo Costa Lda has access to Personal Data collected or processed by Eduardo Costa Lda.

20. Awareness

20.1 The management team of Eduardo Costa Lda will ensure that all Eduardo Costa Lda Employees responsible for the Processing of Personal Data are aware of and comply with the contents of this policy.

20.2 All Eduardo Costa Lda Employees that have access to Personal Data will have their responsibilities under this policy outlined to them as part of their staff induction training. In addition, each Eduardo Costa Lda Entity will provide regular Data Protection training and procedural guidance for their staff.

20.3 The training and procedural guidance set forth will consist of, at a minimum, the following elements: The Data Protection Principles set forth in Section 4 above. Each Employee's duty to use and permit the use of Personal Data only by authorised persons and for authorised purposes. The need for, and proper use of, the forms and procedures adopted to implement this policy. The correct use of passwords, security tokens and other access mechanisms. The importance of limiting access to Personal Data, such as by using password protected screen savers and logging out when systems are not being attended by an authorised person. Securely storing manual files, print outs and electronic storage media. The need to obtain appropriate authorisation and utilise appropriate safeguards for all transfers of Personal Data outside of the internal network and physical office premises. Proper disposal of Personal Data by using secure shredding facilities. Any special risks associated with particular departmental activities or duties.

21. Governance of Third Parties and Data processors

21.1 In addition, Eduardo Costa Lda will make sure all Third Parties engaged to Process Personal Data on TRADUQUEST's behalf (i.e. their Data Processors) are aware of and comply with the contents of this policy.

21.2 Assurance of such compliance must be obtained from all Third Parties, whether companies or individuals, prior to granting them access to Personal Data controlled by Eduardo Costa Lda.

22. Data Protection Impact Assessments

22.1 The Data Protection Officer will ensure that a Data Protection Impact Assessment (DPIA) is conducted, in cooperation with the Office of Data Protection, for all new and/or revised systems or processes for which it has responsibility. Where applicable, the Information Technology (IT) department, as part of its IT system and application design review process, will cooperate with the Data Protection Supervisor to assess the impact of any new technology uses on the security of Personal Data.

23. Compliance Monitoring

23.1 To confirm that an adequate level of compliance that is being achieved by Eduardo Costa Lda in relation to this policy, the Data Protection Officer will carry out an annual Data Protection compliance audit for all relevant parts of the organisation. Each audit will, as a minimum, assess: Compliance with Policy in relation to the protection of Personal Data, including the assignment of responsibilities, raising awareness and training of employees. The effectiveness of Data Protection related operational practices, The level of understanding of Data Protection policies and Privacy Notices. The accuracy of Personal Data being stored. The conformity of Data Processor activities. The adequacy of procedures for redressing poor compliance and Personal Data Breaches.

23.2 The DPO in cooperation with key business stakeholders from management, will devise a plan with a schedule for correcting any identified deficiencies within a defined and reasonable time frame.

We care about the General Data Protection Regulations (GDPR). More importantly, we care about you, your business, and your privacy. With everything these new regulations have done to revolutionise personal privacy and security online, we feel it's necessary to answer some of the most important questions you may have.

Are you, Eduardo Costa Lda, compliant with the new rules and regulations of the GDPR?

We are! In fact, before the universal EU enforcement date: 25 May 2018, we were ready to go above and beyond the GDPR, in order to protect your data and privacy.

What do you do with my data?

We only collect information which will allow us to perform our job on your behalf, in the most efficient manner possible. Which is why we collect your personal, professional, and financial data only for the purposes of creating an account, translating your work, and invoicing you.

Can I access, edit, move, and/or delete my data, whenever I like?

Definitely! Simply contact us so that we can edit, export, and delete your data, at the touch of a button.

Will my data cross any borders within, or without, the EU?

Yes! We receive and process your important documents at our office in Portugal. Additionally, our platform is hosted on state-of-the-art AMEN.PT cloud servers.

How secure is your office network?

We ensure access to our local network is secure, and limited to office personnel. Both wired and wireless connections can only be accessed by us, working on-site, at our office(s).

Where can I learn more about how my data is handled by you?

We have created a new Data Protection Policy in order to provide you with absolutely everything you could ever want to know about how we handle your data, which includes our compliance with GDPR.

Who do I contact if I have important questions or concerns regarding Eduardo Costa Lda & the GDPR?

You may contact us, Pharmaword, by email: main[at]pharmaword.com.