Personal Data Protection Policy

Within this framework, Orbcom undertakes to:

• • Comply with applicable EU and national legal standards regarding data protection, privacy, and information security, such as the General Data Protection Regulation (GDPR), applicable since May 25, 2018, and the GDPR Implementation Law in Portugal (Law 58/2019).
•  
  • Adapt Orbcom’s organizational culture regarding data protection, extending the commitment to personal data protection to all employees across the organization.
•  
  • Adopt a data management governance model. Appoint a Data Protection Officer (DPO) and integrate them into a communication and reporting model at the highest management level."
•  
  • Implement the technical and organizational measures necessary to comply with the principles of privacy: lawfulness, fairness, transparency, minimization, accuracy, integrity, confidentiality, and accountability within the scope of personal data processing, whether through its information systems, organizational areas, or in the management and communication with clients, employees, partners, and other institutions."
•  
  • Demonstrate commitment through relevant policies and the provision of adequate resources to establish and develop effective data protection and information security controls. Ensure compliance among partners and other stakeholders involved in data processing activities carried out at Orbcom.
•  
  • Establish the necessary mechanisms and procedures for data subjects to exercise their rights regarding their personal data.
•  
  • Continuously update and make Orbcom’s Privacy Policy available to all employees, clients, suppliers, and other stakeholders.
  • Whenever necessary, conduct Data Protection Impact Assessments and promote active, multi-level risk management within the organization, including:
    • Risk assessments for personal data undergoing processing;
    • Regular information security risk assessments within specific operational areas;
    • Risk assessment as part of the change management process;
    • Data Protection Impact Assessments (DPIAs) to achieve compliance for new data processing activities or significant changes to existing ones;
    • Providing training and awareness tools so that all employees and other stakeholders are active agents in complying with GDPR requirements, ensuring information security and the right to privacy;
    • Ensuring a joint development strategy and plans for information security and data protection to guarantee effectiveness and continuous improvement;
    • Promoting the oversight and monitoring of entities operating within Orbcom regarding compliance with requirements, established procedures, and the achievement of planned results, aiming for the permanent and continuous improvement of data protection and information security."