Privacy Statement

Privacy Statement

Softinsa Privacy Statement

Last updated: April 13, 2023


At Softinsa, an IBM Group company, we value your privacy and are committed to protecting and handling your personal data responsibly and in accordance with the requirements of the General Data Protection Regulation.

This privacy statement describes how we collect, use and share your personal data. By using our Website and Services, you are deemed to have read, understood and accepted this privacy statement. We advise you to read it carefully and consult it regularly.

Data Controller

The Controller of your personal data, within the scope of this Privacy Statement, is SOFTINSA – ENGENHARIA DE SOFTWARE AVANÇADOS LDA., a company headquartered at Rua do Mar da China, nº 3, Parque das Nações, 1990-138, Lisbon, registered at the Commercial Registry Office of Lisbon, under the unique registration number and legal person no. 508207908.

If you have any questions regarding this Privacy Statement, please contact Softinsa’s Data Protection department at the email address.

Personal Data that Softinsa collects and processes

This section describes the various categories of personal data we collect and how we use it.

Softinsa Website

Our website introduces you to Softinsa and to some of our services. The data we collect on the Website is necessary to provide the basic functionalities while the user browses the Softinsa website.

These features include cookie preferences, load balancing, session management, language selection, and checkout processes. We have the use of cloudflare because of the CDN, which stores only the essential cookies for the proper functioning of the platform, allowing an optimization of performance in the presentation of media elements, without saving any personal data of the users.

For more information about the technologies we use to collect data from the Website and set your preferences, please see the “Cookies and Similar Technologies” section below.

Softinsa also collects the data that your browser or device automatically sends, such as:

  • the type of browser and IP address,
  • the operating system, device type, and version information,
  • language settings,
  • block logs.

We use this data to provide access to our Website, to improve its display on your devices and browsers, and to adapt settings and language. We also use this data to meet system and network security requirements and to provide support. For more information, see “Support Services” and “Protecting Customer and Softinsa”.

Softinsa has no responsibility for the content provided or the privacy practices of third-party websites or applications.


We use the information we collect to communicate with you about relevant products, services, and offers. We also use this information to personalize your experience with our content and ads, and to develop our internal marketing and business intelligence. To set or update your marketing communication preferences, please contact You can also submit a request to unsubscribe from these communications by selecting Unsubscribe at the bottom of each marketing email.

We use the contact details we collect directly from you, your organization, or third-party data providers to communicate with you regarding our products, services, and offerings. When we obtain data about you indirectly from third parties, we implement checks and controls to confirm that that data has been lawfully acquired by those third parties and that they have the right to provide us with that data for marketing purposes.

We may collect data about interactions with our marketing communications (such as whether emails are opened or links are selected) and with other Softinsa content, including, from time to time, content on third-party websites.

We use this data to develop our internal marketing and business intelligence. For example, we can:

  • Combine the data collected to better understand your interests and potential business needs, such as Softinsa events you have attended, content you have reviewed, or visits to our Website.
  • Leverage the data collected to personalize content and ads across multiple interactions and devices.

Contractual Relationships

A contractual relationship is formed with your request for the supply of a product or for the provision of a service by Softinsa. Although we provide our products and services primarily to businesses, individuals can also enter into agreements directly with Softinsa. We may collect any data that is reasonably necessary to prepare, enter into and perform such contracts.

The data collected as part of a contractual relationship may include business contact information and order details. May also be collected data that is necessary for shipping and payment, for the execution of the services, or to grant access to the product or service.

This data may be collected for various purposes, depending on the nature of the products or services. For example, for management and contract compliance,, to provide support, for the improvement or development of our products and services, to contact you for satisfaction surveys, and to generate technical and market insights.

Support Services

When you contact us for support, we collect your contact details, description of the problem and possible solutions. We collect this data to be able to provide support, for administrative management, to foster our relationship with you, for staff training and for quality assurance purposes.

The data we collect may include any data provided during telephone conversations or provided in chat support sessions, if available. We may use this data to inform you about products or services related to your support request. This can include product updates or patches, for example. We may also combine the data collected through other interactions with you or your organization to provide more valuable suggestions regarding product support, as well as any available training on the issue.

While providing the support service, we may accidentally gain access to the data you have provided us or to the data that exists on your systems. This data may contain data about you, the organization’s employees, customers, or other third parties. The conditions related to the processing of this data are established by the terms and conditions applicable to you or by other agreements entered into between your organization and Softinsa.

Protecting the Client and Softinsa

We may collect and use data to protect you and Softinsa from IT security threats and to protect data from unauthorized access, disclosure, alteration or destruction. This includes data from our IT access authorization systems, such as login information.

The security solutions we use to protect your data, our infrastructure and our networks, may collect data such as IP addresses and log files. This is necessary for the functionality and usefulness of security programs, to enable the investigation of any potential security incidents, and to generate insights about security threats.

We may use specialized tools and other technical means to collect data at access points and on IT systems and networks to detect unauthorized access, viruses, and indications of malicious activity. The data we collect may be used to conduct investigations when unauthorized access, malware,  or malicious activity is suspected, and to remove or isolate malicious code or content.

Softinsa Facilities

When you visit one of our facilities, we collect your name or business contact information and, in some cases, identification data when legally permissible. This data is collected for access management (e.g. to issue access badges) and to ensure the security of our facilities and of our employees.

We may verify the identity of visitors within our premises and, in the case of our employees, require the display of a photo badge for identification.

Camera supervision and access management are carried out for the safety and security of our facilities, employees and assets.

Recruitment and Former Employees

We are continuously looking for new talent, and we collect data on candidates or potential candidates from various sources. We may search for potential candidates with the help of recruitment intermediaries, and use publicly available data on social media platforms to identify potential candidates for a specific role.

When an employee leaves Softinsa, we will only continue to process personal data oto the necessary extent to comply with legal and contractual obligations.

Management of our Business Operations

We collect data about our business operations so that we can make informed decisions about our organization and our business, and to be able to report on performance, audits, and business trends. As an example, we use this data to analyze the costs and quality of our operations. When possible, these analyses are made using aggregated data, but personal data may also be used.

We collect and process data from our business systems, which may include personal data, to:

  • protect or enforce our rights, including to detect fraud or other criminal activity (for example, through the use of data in payment systems);
  • manage and resolve disputes;
  • respond to complaints and defend Softinsa in legal proceedings;
  • comply with legal obligations.

We collect data through the use of our business processes, our website, and the products and services we offer. This data may include personal data and it is used for the development of products and processes. For example, we may use this data to increase efficiency, decrease costs, or improve services through the development of automated processes and tools, or to develop or improve the technologies on which it is based.

Cookies and Similar Technologies

When you use our Website, we collect information about your connection using online tracking technologies such as cookies. A cookie is a piece of data that a website can send to your browser, and which can be stored on your computer and used to identify you.

Currently, we only use necessary or functional cookies, which are necessary to operate the Website efficiently.

There are two types of cookies, depending on their duration:

Session cookies, which can be used to track your usage from page to page so that we are not asked for information that you have already provided during the current session. Session cookies are deleted when the web browser is closed;

Permanent cookies, which store your preferences for successive visits to our Website, such as your choice of language and location (country). Permanent cookies delete your data within 12 months.

All browsers allow the user to accept, refuse or delete cookies. You can also configure cookies in the “preferences” menu of your browser.

Please note, however, that refusing cookies on the Softinsa Website may cause it to not function properly.

Our Website has links so that you can access social networks operated by third parties. If you access those links, third parties may collect your information, such as your IP address, access time, and URLs of the website you come from. If you are logged in to these social networks, they may associate the information collected with your profile information. Softinsa has no responsibility for the data processing carried out by these third parties, so we encourage you to consult their privacy policies.

To obtain information about cookies and how to remove these technologies using your browser settings, please see


Unless expressly stated otherwise, our Website, and our products and services are not intended for use by anyone under 16 years of age.

Sharing of Personal Data

We may share your personal data internally, or externally, with suppliers, consultants or business partners, for the purposes of Softinsa’s legitimate business interests and only to the extent that there is a need to share such data. This section describes how we share data and how we organize that sharing.

How We Share Personal Data

In order to share personal data, we have implemented verification and control methods that allow us to confirm that the data may be shared.

Internally, personal data is shared for the purposes of our legitimate business interest, including to manage our relationship with you and third parties, for the purposes of compliance  programs or for the security of systems and networks. We do this to improve the efficiency of our business, to reduce costs and as part of the collaboration between companies in the IBM Group. Access to personal data at Softinsa is restricted, being granted when necessary. The sharing of this data is subjected to appropriate internal agreements and the IBM Group’s security policies and standards.


  • Our dealings with suppliers may include collecting, using, analysing or otherwise processing personal data on our behalf;
  • Our business model foresees the existence of cooperation with independent business partners, for the areas of marketing, sales and supply of Softinsa products and services. When necessary, we share business contact details with selected business partners.
  • We may share personal data with professional advisors, including lawyers, auditors and insurers, to provide us their services .
  • We may share information about contractual relationships with third parties, for example, business partners, financial institutions, transport companies, postal service providers or government authorities.

In certain circumstances, personal data may need to be shared with government agencies by legal or judicial enforcement. We may also share personal data to protect our rights or those of others, such as to prevent fraud.

On the other hand, we may have to share personal data in the context of a corporate restructuring, in the event of a sale, a merger or a demerger of the company, for example.

International Transfers

Your data may need to be accessed by, or transferred to, entities in other parts of the world. Softinsa complies with the legal regulations applicable to the transfer of personal data between countries, keeping your personal data protected wherever it is.

In this regard, we have implemented several measures, including the conclusion of standard contractual clauses approved by the European Commission with entities that process data in countries that do not have an adequate level of protection.

Data Security & Retention

To protect your personal data from unauthorised access, use and disclosure, we have implemented appropriate technical and organisational measures. Such measures include access controls and encryption to keep personal data private. We also require business partners, suppliers and third parties to implement appropriate security measures to protect data from unauthorized access, use and disclosure.

We retain personal data only for as long as necessary to fulfill the purposes for which it is processed or to comply with legal or regulatory retention requirements. Legal and regulatory retention requirements may include retention of data for tax, audit, and accounting purposes; dispute resolution; and so on…

We have processes in place to securely delete personal data when it is no longer needed.

Your rights

As a data subject, you have certain rights with regard to the processing of such data. You can use the address  to:

  • request access to, or update your personal data;
  • request erasure, restriction, objection to processing (e.g., you can request to stop receiving marketing communications, or select Unsubscribe at the bottom of each email);
  • request data portability;
  • ask questions about this Privacy Statement;
  • Please, send us a complaint if you are not satisfied with the way we process your personal data.

Your rights may be subject to limitations and exceptions provided by the General Data Protection Regulation. For example, there may be situations in which we cannot disclose certain information if such disclosure would involve the disclosure of data about other people.

If you consider that the processing of your personal information by Softinsa is not compliant with the applicable personal data protection laws and with this Statement, you may complain to the competent data protection authorities. The name and contact details of data protection authorities in the European Union can be obtained from the following address: In Portugal, the competent authority is the National Data Protection Commission (CNPD), which you can contact using the form available here.

Legal basis for processing

The processing of personal data is lawful only to the extent that it is based on a legal basis. Softinsa may only process your personal data if such processing is:

Necessary for the performance of a contract

We rely on this ground where we need to process certain personal data, such as contact, payment and shipping details, to fulfil our contractual obligations or to manage our contractual relationship with you.


  • If you wish to purchase a product or service, we need your business contact details in order to enter into a contract with you;
  • Following a contract with us, you may need support services, for which Softinsa needs to collect the Customer’s contact details.
  • Softinsa needs personal data to consider job applicants or to manage pension rights of retired employees.

Necessary for the purposes of Softinsa’s legitimate interest or that of a third party

Legitimate interests relate to our ability to conduct and organize business, which includes marketing our offerings, protecting our legal interests, protecting the IT environment, or meeting our customers’ requirements.


  • We collect data about the use of our Website in order to improve it;
  • When we have a contractual relationship with the organization you work for, we have a legitimate interest in processing your personal data used to manage this contract;
  • We process business contact data by combining it with other relevant business information in order to personalize the contacts we make with you and to promote products and services that interest you;
  • We process candidates’ personal data on the basis of our legitimate interest in finding talent;
  • We need to keep our overall business operations functional. For this purpose, we may, for example, process login data from IT systems and networks, or CCTV images on our premises, for safety and security purposes.

We also may process personal data when it is necessary to defend our rights in judicial, administrative or arbitration proceedings.


The processing is based on your consent, when we ask you to do so. Example:

  • the optional use of Cookies and Similar Technologies or  sending by email marketing communications unrelated to our contractual relationship.

Necessary to comply with a legal obligation

When we need to process personal data in order to comply with a legal obligation.


  • the submission of data to the Tax Authority.

Updates to the Privacy Statement

If we materially change this Privacy Statement, the effective date will change and we will post a 30-day notice of that change on our Website. By continuing to use our Website and services after a revision has taken effect, you will be deemed to have read and understood the changes.