Home / Privacy Policy

Privacy Policy

In these terms you will find the privacy policies of this website and the privacy policies of the YO! Portal.

Privacy Policy of this Website

(Updated on 09/22/2023)

Introduction
Welcome to our website! KnowledgeWorks, creator of the YO! Portal and a member of the Wondercom Group, values ​​the privacy and data protection of its users and visitors. This website is a platform that allows you to purchase licenses for the YO! Portal, a multifunctional human resources management tool.

Commitment to Privacy
We are committed to protecting the privacy and integrity of our website users' information. This Privacy Policy explains how we collect, use, and protect information collected through the website, specifically during the license purchase process.

Information Collected

  1. Personal Information: We collect information such as, but not limited to, name, company name, company VAT number, billing address, email address, phone number, and payment information during the account creation or purchase process.
  2. Usage Information: We collect information about your visits to and interactions with our website, such as clicks and page views.
  3. Cookies and Similar Technologies: We use cookies, Facebook pixels, and Google tags to collect information about your use of our website so that we can provide you with the best possible service.

Use of Collected Information

We use the information we collect to:

  1. Process transactions and manage subscriptions.
  2. Personalize and improve the user experience on the website.
  3. Send communications, with the consent obtained.
  4. Optimize our website and services offered.

Security
Our website has all appropriate procedures and encryptions in place to protect the information collected from unauthorized access or disclosure.

Cookies and Similar Technologies
Users can control or refuse the use of cookies and other similar technologies through their browser settings. Please note that such action may affect the functionality of the website.

User Rights
Users have the right to access, correct, or delete their personal information. To exercise these rights, please contact us.

Changes to the Privacy Policy
We may update this Privacy Policy from time to time. Any changes will be posted on our website.

Contact
For any questions or clarifications regarding this Privacy Policy, please contact us through the means provided on the website.

Consent
By using our website, you agree to the collection and use of information as set out in this Privacy Policy.

Recommended Reading
We recommend that you carefully read this Privacy Policy and any updates to stay informed about our website's privacy practices.

YO! Portal Privacy Policy

(Updated on 12/27/2023)

INTRODUCTION

YO! Portal is a human resources management tool that aims to optimize communication between companies and their employees, allowing, in a simple and intuitive way, to facilitate the performance of various operations related to the execution of employment contracts and the provision of services (recording attendance and punctuality, scheduling vacations, recording absences and their respective justifications, requesting reimbursement of expenses, requesting use of equipment, project management, etc.).

It is a multi-client solution in which all developed functionalities are available to all companies that purchase the Portal.

YO! Portal was created, developed, and provided by KnowledgeWorks – Consultoria em Sistemas de Informação Ltda. – hereinafter KnowledgeWorks – a company belonging to the Wondercom Group.

KnowledgeWorks recognizes the importance of privacy and the protection of personal data for all Yo! Portal users, and one of its priorities is the integrity and security of the information shared and generated within the application. 

Please note that, in cases where KnowledgeWorks provides Yo! to companies outside the Wondercom Group, it will not be the Controller of the personal data entered into the application by Customers and Users, assuming, with regard to the processing of such data, the role of Processor, always acting on behalf of the Customer and under the terms of a Data Protection Agreement. In these circumstances, the Customer will be fully responsible for complying with the legal obligations inherent to its role as Controller, regarding the data of its employees.

This Privacy Policy explains, for those who use the YO! platform,  how your personal data is collected, used and shared within the same. 

We recommend reading this Privacy Policy and any updates.

1. DEFINITIONS

  1. YO! Clients/Client Company/Client : entities that purchase the service provided by the Yo! Portal from KnowledgeWorks; 
  2. Account: an account created on the Portal, which allows a person to access and use the Services, including Administrator accounts and User accounts; 
  3. Administrator Account : Customer accounts for the purpose of managing both Customer's use of the Platform and all Customer user accounts. 
  4. User Account : the account accessible by users of the Portal Client, each user having a separate account with personal Account Details; 
  5. Data/Information : all data and materials uploaded, stored, made available or provided by the Customer on the Portal or by users on the Portal or generated by the Portal and/or Customer and Users, as a result of the use of the Services; 
  6. Account Owner / Customer / Customer Company : organization/company/person that purchased the Solution and manages its settings, determining its Users; 
  7. Services : the services chosen by the Customer and all related performances and functionalities provided by KnowledgeWorks, including the management, availability and operation of the Platform; 
  8. Application User : any person for whom the Customer has created an account to access the Portal and who has agreed to the Privacy Policy and its Terms and Conditions. 

Furthermore, regarding concepts that are not integrated and for the purposes of interpreting this Privacy Policy, the definitions established in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and respective national implementing legislation (Law No. 58/2019 and Law No. 59/2019, both of 8 August) will apply. 

2. SCOPE AND PURPOSE OF THIS POLICY 

This Privacy Policy aims to demonstrate the commitment and respect for the privacy and personal data protection rules on the Yo! Portal, applying to its use and providing information to its users about the data processing carried out within its scope.

3. DATA CONTROLLER AND SUBCONTRACTOR

A. Use of the Yo! Portal within the Wondercom Group

In cases where the YO! Portal is used by Wondercom Group companies, within the scope of the management of their respective human resources, the following are jointly Responsible for Processing:

  • Wondercom, Information and Telecommunications Project and Equipment Management Ltd., a company with NIPC 506845303, headquartered at Campus do Lumiar, Building K 1, Estrada do Paço do Lumiar 1649-038 Lisbon.
Contact Data Protection Officer: dpo@wondercom.pt
  • Knowledgeworks - Information Systems Consulting Ltd., company with NIPC 507869931, headquartered in Lumiar Campus - Building K1, Estrada Paço do Lumiar, 1649-038 Lisbon.

Data Protection Officer Contact : dpo@wondercom.pt

B. Use of YO! by Client Companies

In cases where the services provided by the YO! Portal are acquired from Knowledgeworks by a Client Company, it is the Client Company that assumes the position of Controller of the personal data entered and generated on the portal, and is responsible for defining: 

  • Which Personal Data should be processed; 
  • What are the Purposes for which Personal Data is processed; and, 
  • What means will be applied to process Personal Data. 

In these circumstances, KnowledgeWorks assumes the position of Subcontractor, regarding the processing of personal data entered and generated on the Portal, always acting on behalf of the Client and in accordance with the Client's instructions.

4. OTHER SUBCONTRACTORS

Taking into account the agreement reached with the Client, KnowledgeWorks may subcontract any companies, especially other companies within the Wondercom group, to perform data processing operations on its behalf. In such cases, KnowledgeWorks guarantees that Processors are bound by the same security and privacy rules as those contained in this Policy.

5. PERSONAL DATA COLLECTED AND PROCESSED ON THE YO! PORTAL 

THE  Portal Yo! carries out, on behalf of the Controller, the processing of the following personal data of Data Subjects:


6. LEGAL BASIS FOR PROCESSING 

The personal data of Yo! Portal Users is always processed in strict compliance with the law. According to the GDPR, for data processing to be lawful, the Controller must always have an adequate legal basis for doing so. 

A. In cases where the Yo! Portal is used within the scope of the Wondercom Group's Human Resources management, the following are the grounds for lawful data processing:

B. In cases where the Yo! Portal is used by Client Companies and these are the Controllers of the data entered and generated on the Yo! Portal by their respective Users, it is their responsibility to demonstrate the legal basis and applicable purpose for each type of data processing performed.

7. CATEGORIES OF DATA SUBJECTS 

Personal data concerns the following categories of data subjects:

the) YO! Portal Users;

b) Customers.

8. DURATION OF PERSONAL DATA PROCESSING

    1. Personal data is kept for the period of time necessary to achieve the purposes for which it is processed, and is also preserved for up to 6 months after cancellation/non-renewal of the subscription, only if the user expresses the right to object to the processing of the same, under the terms of point 11 ;
    2. The deletion of User data and profiles is the responsibility of the Controller;
    3. If a User account is disabled, including if it is removed from a Client company's account, and as soon as we are informed of this, the User will be soft-deleted, making the account inactive. Once the required legal deadlines have passed and we have received confirmation from our Client, we will remove the User's data. Furthermore, any User may request the deletion of their account information if the necessary conditions are met (for example, if they have ceased working for the Employer using the YO! Portal) by contacting us via email at dpo@wondercom.pt. Please note, however, that we cannot delete any content previously shared on the Portal by the User or third parties regarding the User; 
    4. We also add that although we comply with legally established retention periods whenever applicable, there are certain situations in which we may be required to retain some data for a longer period, for example, to meet certain legal or contractual obligations and/or KnowledgeWorks' legitimate interest. In any case, as soon as the retention period ends, the data will be securely deleted by KnowledgeWorks.

9. DATA OF CHILDREN UNDER 13 YEARS OF AGE

The YO! Portal and its content are not intended for children under the age of 13. If the processing of personal data of a child under the age of 13 is detected without parental consent, this information will be deleted as soon as possible.

10. DATA SUBJECT RIGHTS

The holder of Personal Data, user of Portal Yo!, has the right to request, by written request:

  1. RIGHT OF ACCESS : Users have the right to know whether or not personal data concerning them is being processed, what type of data is in question, what the purpose of such processing is, whether the data has been transmitted to third parties and for how long it will be stored;
  2. RIGHT TO RECTIFICATION : Users have the right to request the rectification of their personal data that is outdated, incorrect or incomplete;
  3. RIGHT TO BE FORGOTTEN : Users have the right to request the deletion of their data if they are no longer necessary for the purpose for which they were collected, if consent has been withdrawn ( if there is no other basis for processing ), if there is opposition to the processing (in the absence of a prevailing legitimate interest) or if the data has been subject to unlawful processing. 
  4. RIGHT TO LIMITATION OF PROCESSING : Users have the right to demand the limitation of processing when: (i) the data are not accurate; (ii) the data subject does not want the data to be erased; (iii) the data are no longer necessary for the original purpose but cannot yet be erased for legal reasons; (iv) as long as there is no decision on the data subject's objection to processing.
  5. RIGHT TO DATA PORTABILITY : Users have the right to receive, upon request, a copy of the data provided and to transmit such data to another controller – within certain feasibility/burdensome standards.
  6. RIGHT TO OBJECT : Users have the right to object, at any time, to the processing of their personal data. Once this right is exercised, data processing will cease immediately, unless the Controller demonstrates compelling legitimate grounds that override the interests, rights, and freedoms of the data subjects, or unless such data is necessary for the exercise of legal defense in legal proceedings.
  7. RIGHT TO WITHDRAW CONSENT : in cases where consent is the legal basis for data processing , Users have the right to withdraw consent at any time. 
  8. RIGHT TO COMPLAIN : Users have the right to make a complaint to the CNPD (supervisory authority), whose contact details can be found on the website www.cnpd.pt.

Please note that the exercise of the above rights may be limited in certain circumstances, for example, due to the existence of third party rights and freedoms, legal and/or contractual obligations, confidentiality, and prevailing legitimate interests of KnowledgeWorks, the Client, or a third party. In these situations, the User will be informed of the reason why it will not be possible to fulfill their request.

11. PROCEDURE FOR THE EXERCISE OF RIGHTS BY THE HOLDER 

To exercise the aforementioned rights, data subjects must contact the Controller or the respective Data Protection Officer:

AND:  dpo@wondercom.pt 

M: Lumiar Campus, Building K 1, Estrada do Paço do Lumiar, A/C Data Protection Officer

The exercise of rights is free of charge.

12. CONFIDENTIALITY

KnowledgeWorks does not sell, rent, distribute, or otherwise make Personal Data commercially or otherwise available to any third party, except as identified in paragraphs 4 and 14 of this policy.

KnowledgeWorks preserves the confidentiality and integrity of the Personal Data it processes and protects it in accordance with this Policy and in accordance with current legislation.

13. DATA SHARING

As part of the use of the Yo! Portal, Users' personal data may be shared with:

  1. The User's Employer: if the User has a collaborator account, for the purposes of providing services arising from the Yo! Portal, personal data will be shared with their Employer and, within the Employer, with the collaborators designated to process such data (for example, Human Resources, hierarchical superior);
  2. Other companies of the Wondercom Group: through an intra-group data sharing agreement, which will comply with data protection rules and act in accordance with this Privacy Policy;
  3. Subcontractors: which are linked to the Wondercom Group by written contract, and may only process Personal Data for the specifically established purposes;
  4. Judicial, administrative, supervisory or regulatory authorities, in compliance with legal and/or contractual obligations.

14. INTERNATIONAL TRANSFERS OF PERSONAL DATA 

KnowledgeWorks will not operate any transfer of personal data to a country outside the European Economic Area.

15. PERSONAL DATA SECURITY

To ensure the security of Users' personal data, KnowledgeWorks has adopted appropriate technical and organizational measures to protect it against accidental or unlawful loss, destruction or damage, and to ensure that the data provided is protected against access or use by unauthorized third parties.

At this point, Users are recommended to take some additional measures to protect their personal data, for example, using a password with a combination of upper and lower case letters, numbers and special characters; changing the password frequently and never sharing it or placing it in a place visible to third parties.

16. PERSONAL DATA BREACHES 

A. Instances in which KnowledgeWorks acts as Controller

Whenever any personal data breach incident poses a risk to the fundamental rights, freedoms and interests of its holders, KnowledgeWorks will inform the CNPD of the occurrence as quickly as possible and within a maximum period of 72 hours, under penalty of having to justify its delay.

Whenever any type of incident occurs, which is declared a personal data breach, the holders of the breached data will be informed – without undue delay – when the breach represents a high risk to their fundamental rights, freedoms and interests, through written communication in clear and easy-to-understand language that informs:

1. Contact details of the Data Protection Officer or the person responsible within the company, so that further information can be requested;

2. The likely consequences of the violation that occurred;

3. The measures adopted or proposed by the Controller to repair the breach of personal data, including, if applicable, measures to mitigate its possible negative effects

This obligation does not apply if existing or adopted technical and organizational measures are sufficient and appropriate to protect the rights of personal data subjects, ensure that the high risk to them is no longer possible to materialize or involve a disproportionate effort - in which case a public communication is made to that effect or a similar measure is taken.

Any subcontractors with whom KnowledgeWorks has a relationship are obliged to report incidents of personal data breach immediately after becoming aware of the fact.

B. Instances in which KnowledgeWorks acts as a Subcontractor

In the event of a data breach, the GDPR requires the Subcontractor to notify the Controller and the Regulatory Authority without undue delay and no later than 72 hours after becoming aware of the breach, except in cases where such breach is unlikely to result in a high risk to the rights and freedoms of data subjects.

The security and privacy incident management process implemented by KnowledgeWorks ensures that, in the event of a data breach and if communication to the aforementioned entities is required, this will be carried out within the required timeframe.

17. CHANGES TO THE PRIVACY POLICY

This Privacy Policy may be changed from time to time. 

In case of change, the date of the last review will be updated and the updated Policy will be available on the Yo! Portal, in the same location. 

If the revision of this Policy implies a substantial change in relation to the way in which User data is processed, KnowledgeWorks will notify Users of such changes upon their first login after such changes. 

Date of last review: 12/27/2023