Privacy Policy

Document Version: WB.EN.01.01 | Previous Version

PDF Download 

1. General Informations

1.1. Xpand IT is committed to protecting your privacy. This Privacy Policy governs our data collection, processing, and usage practices. It applies to the information that we obtain through your use of our websites, services/products subscription (free and paid), marketing campaigns (e.g., events and webinars), or whenever you interact with Xpand IT.

1.2. We periodically update this Privacy Policy, so we that ask you review it frequently.

1.3. If our information practices change significantly at some time in the future, we will notify you of the policy changes before we use your data for these new purposes and we will provide you the ability to opt out of these new uses.

1.4. This Privacy Policy and our privacy practices were built according to the applicable European and Portuguese laws.

2. General Principles of our Privacy Policy

2.1. Xpand Solutions – Informática e Novas Tecnologias, Lda, owner of the brand Xpand IT, is the entity responsible for processing personal data, acting as data controller.

2.1. In your relationship with us, whether when you access our website, provide us with your personal data or interact with us in a way that we can collect it, we make it clear that you accept our Privacy Policy, which is based on the following principles:

i) Only authorised persons use authorised data for authorised purposes;

ii) We understand that the security of your data is a priority which we review periodically in line with technological innovation;

iii) We are aware that personal data is not ours but belongs to its owners.

iv) We promote good practices in the area of Privacy, Data Protection and Information Security, and we continually review them from a standpoint of continuous improvement.

3. Definitions

Personal Data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Websites: All Xpand IT websites under the master domains: and

Cookies: Small data files stored on your hard drive or in device memory.

4. Information We Collect

4.1. What information do we collect?

We can collect the following information about you:

  • Contact information such as name, email address, phone number, country, city
  • Profile information such as job title, company or other business information
  • Pictures: photos
  • Billing information such as tax ID
  • Software preferences, including software use and interests
  • User web behavior
  • IP addresses, URLs visited, and related information
  • Cookies (see our Cookie policy)
  • Education and work experience
  • Usage data and information about the systems running our products

4.2. The personal data we collect is subject to computerised processing and stored in databases in strict compliance with the legislation in force on Data Protection and the rules on Information Security.

4.3. We shall only process your personal data in accordance with a specific and legitimate purpose or purposes, determined at the time of collection, and such data shall not be further processed in a manner incompatible with those purposes, except for archiving in the public interest, scientific or historical research, or for statistical purposes, in which cases, under the terms of the GDPR, the aforementioned incompatibility does not exist.

4.4. In the event of collection of special categories of personal data (“sensitive data”), they will only be processed in accordance with the exceptions set out in Article 9, paragraph 2 of GDPR.

5. Where do we collect information?

5.1. These are the activities where you will be asked to give us personal information:

Activity where we ask for Personal Data Data we ask      
Website All websites Cookies
Webinars application forms Contact and profile information
Training application forms Contact, profile and billing information
Events application forms Contact, profile, event pictures
Newsletter subscription Contact information
Download content (e-books, case studies or others) Contact and profile information
Access online support Contact information
Product Sandboxes Contact information, user web behavior
Job application form Contact information, CV
Contact requests Contact information
Digital surveys Contact information, software preferences
Paper surveys Contact information, software preferences
Events attendance Contact information, software preferences
Recruitment activities (when you submit a spontaneous application or directly for an advertised position via our website; in job fairs, events, via a third-party; when applying through referrals provided by our employees and interviews) Contact and profile information, education and work experience or other relevant information

6. How do we use the information collected?

6.1. The information we collect about you is processed for the following purposes:

Activity where we ask for Personal Data Data we ask      
Marketing and communication campaigns Contact information, pictures, software preferences
Sales and to explore new marketing opportunities Contact information, profile information, software preferences
Manage contractual relationship (if one exists) Contact information
Send important notices, regarding changes to our terms, conditions, and policies. Contact information
Explore new market opportunities Profile information
Process and complete transactions and send related information, including purchase confirmations and invoices Contact information, Billing information
Improve our products User web behavior
Improve your browsing experience Cookies
Recruitment Education and work experience
Improve user experience Anonymized product usage data and metrics
Resolve technical problems Anonymized product usage data and metrics

7. Personal Data of minors

7.1. Xpand IT products and services are not directed to minors.

7.2. If we become aware that a child under has provided us Personal Information, we will delete that information.

7.3. If you become aware a child has provided us with their Personal Information, please contact us immediately.

8. Security of your Personal Data

8.1. We use a variety of security technologies and procedures to help to protect your Personal Data from its dissemination, loss, misuse, alteration unauthorized access or disclosure as well as against any other form of illicit treatment.

8.2. We secure the Personal Information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure.

8.3. We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

(i) the pseudonymisation and encryption of personal data;

(ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

(iii) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;

(iv) a process for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

9. Information Sharing and Disclosure

9.1. We will not share or disclose any of your Personal Data with third-parties except as described in this policy.

9.2. We do not sell Personal Data. We will not provide Personal Data to any third-party, without previous consent, that don’t have, at least, the same level of security as the one we have. We ensure that the necessary procedures are in place to preserve your legal rights over Personal Data.

9.3. Social Media Features: Our websites include social media features, such as the “Facebook” Like button and widgets, the “share this” button and/or other interactive mini programs that run on our sites. Social Media Features and Widgets are either hosted by a third-party or hosted directly on our Websites so this Privacy Policy does not apply to these features.

9.4. Your interactions with these features are governed by the privacy policy and other policies of the companies providing them.

9.5. Links to third party-sites: Our websites may include links to other websites whose privacy practices may differ from ours. If you submit Personal Data to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.

9.6. Testimonials: We may display personal testimonials of satisfied customers. With your previous consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at any time.

9.7. With your previous consent: We will share your Personal Data with third-parties only when we have your consent to do so.

9.8. We reserve the right to use or disclose your Personal Data if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights or to comply with a law, court order, or legal process, but as far as is legally possible, we will inform you about such disclosure terms.

10. Your Rights

10.1. Under the provisions of the GDPR we guarantee you the exercise of your following rights as a data subject:

i) Right to Access – you have the right to request from us, among others, information regarding whether or not your data is being processed, what data we process and for what purposes.

You may also request a copy of your personal data processed by us. Further copies may be subject to payment of a reasonable fee, considering the administrative costs. If the request is submitted in an electronic format, and unless you indicate otherwise, the information will be provided by us in a commonly used electronic format.

ii) Right to Rectification – you have the right to have inaccurate personal data concerning you rectified and incomplete data completed, without undue delay.

iii) Right to Erasure – also referred to as right to be forgotten – you may request, under certain circumstances, that your personal data be deleted from our records, without undue delay, where any of the reasons set out in the GDPR apply.

iv) Right to Object – you have the right to object, on grounds relating to your situation, to certain types of data processing determined in the GDPR, such as processing for the purposes of direct marketing, in which case we shall cease processing for that purpose.

v) Right to Portability – you have the right to transfer your personal data that we keep to another organization or to receive it in a structured, commonly used, and machine-readable format.

vi) Right to Restriction of Processing – the right to obtain the restriction of the processing of your personal data where you wish, for example, to contest the accuracy of your personal data for a period of time that enables us to verify its accuracy, where the processing is unlawful or where you have exercised your right to object.

vii) Complaint –the data subject also has the right to lodge a complaint with a supervisory authority. The Portuguese supervisory authority is CNPD (Comissão Nacional da Proteção de Dados.

10.2 For the purpose of exercising these rights, please see number 14 of this Privacy Policy, below.

10.3 Within 30 (thirty) days you will receive a duly substantiated communication from us.

11. Retention of Personal Data

11.1. The period for which your data is stored varies according to the purpose for which the information is processed and in general Xpand IT will maintain your Personal Data records for the time needed to accomplish the purposes of processing and for legal reasons.

11.2. Subject to the rules stated at 11.1., above, in general terms, Xpand IT will maintain your Personal Data records for no more than 6 civil years, since the last contact with the data subject, unless special reasons may determine that Xpand IT maintains your Personal Data for a longer period, as authorized by law.

11.3. The Personal Data included at any agreement, invoice or other legal document or statement will be retained for the period that is legally necessary.

11.4. In any case, Xpand IT will always notify you of the deletion of your Personal Data.

12. Do we transfer your personal data internationally?

12.1. We may need to communicate personal data to third countries or international organizations. In this case, we will strictly comply with the applicable legal provisions and determine the suitability of the country or organisation in question with regard to the requirements applicable to such transfers.

12.2. In particular, we will take care that the data is securely transmitted, that the third parties are contractually bound to respect the confidentiality of the data received, and that they do not use the data for any purpose other than the purpose for which it was transmitted.

13. How do we use cookies on our website?

To learn more about cookies and how we use them on our corporate websites please access our Cookie Policy.

14. Contact us about privacy questions

14.1. If you have requests, questions, or concerns about Xpand IT’s Privacy Policy or data processing, you may contact our Data Protection Officer:

Email – [email protected]

Phone Number: +351 21 896 7150

Address – Edifício Ageas Tejo, Praça Príncipe Perfeito nº 2 3º piso, 1990 – 278 Lisboa

15. Revisions of our Privacy Policy

15.1. We reserve the right to change the content of our Privacy Policy without prior notice to you.

15.2. We will post the changes on our website, and such changes will become an integral part of the Privacy Policy.

15.3. After such publication, you are bound by the new terms when you browse our website and whenever you interact with us.