Privacy policy

What is personal data?

Personal data is any information, of any nature and regardless of its support, including sound and image, relating to an identified or identifiable natural person.


An identifiable natural person is a person who can be identified, directly or indirectly, by reference to an identifier, such as a name, an identification number, location data, electronic identifier or by one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

What is the processing of personal data?

The processing of personal data consists of an operation or set of operations carried out on personal data or sets of personal data, using automated or manual means, namely the collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, comparison, interconnection, limitation, erasure or destruction.

Who is the data controller?

The personal data controller is Hyphen, as it determines the purposes and the means by which personal data is processed.

What types of personal data are processed?

Within the scope of its activities, Hyphen processes the personal data necessary to provide services and/or supply products and services, as well as to send newsletters and questionnaires, processing data such as full name, identification number, address, telephone number and e-mail address, more details of which are available for personal data subjects.

Without prejudice to the compliance with legal norms related to the transmission and storage of data for the purposes of investigation, detection or prosecution of serious crimes, as well as other legally obligatory processing, Hyphen will process traffic, geographical location, profile or consumption data, of Clients/Users as they are necessary for the provision of services.

Location information may also be recorded and transmitted to organizations with legal competence to receive emergency calls, for the purpose of responding to incoming calls.

Personal data, traffic, geographic location, profile and/or consumption are also processed for purposes of marketing or advertising Hyphen’s goods or services, if the data subject has consented to this processing. These communications are intended to inform data subjects of news, promotions, campaigns and other opportunities.

If there is prior consent from Clients, Suppliers and other project participants, it may be withdrawn at any time.

However, the withdrawal of consent shall not compromise the lawfulness of the processing carried out based on the consent previously given.

What are the purposes of the processing of personal data and their legal basis?

In general, the personal data collected is based on and intended for the management of the contractual relationship, the provision of contracted services, the adaptation of services to the needs and interests of Clients, Suppliers and other project participants, namely for accessing specific services functionalities, content suggestions, information and marketing actions such as sending newsletters.

Additionally, personal data may also be processed for the purposes of complying with legal obligations and investigating, detecting and prosecuting serious crimes.

The data subject may, however, make personal data available to Hyphen for other purposes, such as social intervention actions, submitting complaints and suggestions, disseminating institutional information, publicizing campaigns, promotions, advertising and news about Hyphen’s products or services, as well as for carrying out market research or evaluation surveys.

At the time of data collection, more detailed information will be provided on how Hyphen will use that data.

When and how do we collect your personal data?

Hyphen collects your personal data by telephone, in writing, through its website and questionnaires, during in-person or remote interviews, in-person or remote usability tests and other in-person or remote research activities, obtaining prior consent from the personal data subject.

Some personal data is indispensable for the execution of the contracts and services and if the data is incomplete or insufficient, Hyphen will not be able to provide the product or service in question.

If the data subject is not a Client, Supplier or other participant in Hyphen’s projects, the personal data will only be processed if they make it available, namely by subscribing to newsletters, in which case the rules of this Policy will apply.

The personal data collected is processed electronically and in an automated manner and in strict compliance with the legislation on the protection of personal data, being stored in specific databases, created for this purpose and, under no circumstances, will the data collected be used for any other purpose other than the one the data subject has given consent for.

Under which circumstances is data communicated to other entities (third parties and subcontractors)?

Within the scope of its activity, Hyphen may use third parties to provide certain services. Sometimes, the provision of these services implies access, by these entities, to the personal data of Clients, Suppliers and other project participants.

In these cases, Hyphen shall take all the appropriate measures to ensure that the entities that have access to the data are reputable and offer guarantees in this respect, duly established and contractually safeguarded between Hyphen and the third parties.

Thus, any entity subcontracted by Hyphen will process the personal data of its Clients, Suppliers and other project participants, on behalf of Hyphen, adopting the technical and organizational measures necessary to protect personal data against accidental or illicit destruction, accidental loss, alteration, dissemination or unauthorized access and against any other form of unlawful treatment.

In any case, Hyphen remains responsible for the personal data made available to it.

Hyphen may also communicate the personal data of Clients, Suppliers and other project participants with the purpose of fulfilling legal obligations namely to police, judicial, tax and regulatory authorities.

How long do we keep your personal data?

The period of time during which personal data is stored and preserved varies according to the purpose for which the information is processed.

Whenever there is no specific legal requirement that determines the storage of the data for a specific period, the data will be stored and preserved only for the minimum period necessary for the pursuit of the purposes that motivated its collection or its further processing, under the terms defined by law.

What are your rights as data subject?

As data subjects, Clients, Suppliers and other project participants are guaranteed, at any time, the right to access, rectify, update, limit and erase their personal data (except for data that is essential to the provision of services by Hyphen, duly identified on the various supports as being mandatory, or to fulfil legal obligations to which the controller is subject), the right to object to Hyphen using the personal data for commercial purposes and to withdraw consent, without compromising the lawfulness of the processing carried out under that consent, as well as the right to data portability.

How can you access, rectify, update, limit, delete or object to the processing of your personal data, or withdraw consent?

The personal data subject may do so directly or upon written request sent to Hyphen, to the contacts provided for this purpose, in this Policy.

How can you object to being contacted for marketing purposes?

Hyphen may promote dissemination actions to its Clients, Suppliers and other project participants regarding new products or services, by telephone, e-mail, SMS, MMS or any other service and means, with the consent of the personal data subjects.If personal data subjects do not wish to continue receiving these communications, they may, at any time, withdraw their consent to the use of their data for marketing purposes.

How can you complain?

Without prejudice to being able to submit complaints directly to Hyphen, using the contacts provided for this purpose, the Client, Supplier or other project participant in Hyphen’s projects may complain directly to the Controlling Authority, which is the National Data Protection Commission (CNPD), using the contacts provided by this entity for this purpose.

What are the measures adopted to ensure the security of your personal data?

Hyphen is committed to ensuring appropriate security of the personal data made available to it, having approved and implemented strict rules on this matter. Compliance with these rules is obligatory for all those who legally access the data.

Bearing in mind the concern and commitment shown by Hyphen in the defence of personal data, several security measures of a technical and organizational nature have been adopted to protect the personal data made available to it, against its dissemination, loss, misuse, unauthorized alteration, processing or access, as well as against any other form of unlawful processing.

In addition, third parties that process the personal data of Clients, Suppliers or other project participants, in the name and on behalf of Hyphen, within the scope of the services rendered, are obliged, in writing, to implement technical and security measures that satisfy the requirements provided for by the legislation in force and safeguard the data subject’s rights (namely, the protection of privacy and personal data).

In this sense, the personal data collection forms on all Hyphen websites require encrypted browser sessions and all the personal data that is transmitted is securely stored on Hyphen’s systems, which, in turn, are found in a data center covered by all the physical and logical security measures that the company deems necessary for the protection of personal data.

Notwithstanding the security measures adopted, Hyphen warns all those who surf the Internet that they must adopt additional security measures, namely, ensuring that they use an updated PC and browser with properly configured security updates, an active firewall, antivirus and anti-spyware, and to verify the authenticity of the sites they visit on the internet, avoiding websites they don’t trust.

Under what circumstances do we transfer your personal data?

The provision of certain services by Hyphen may involve the transfer of your data outside Portugal, including outside the European Union or to International Organizations.

In such a case, Hyphen will strictly comply with the applicable legal provisions, determining whether there is a suitable level of protection of personal data in the destination country or countries and the requirements for such transfers, including, whenever applicable, the signing of appropriate contractual instruments that guarantee and respect the legal requirements in force.

Recruitment processes/spontaneous applications

Under current legislation, whenever you send us your Curriculum Vitae (CV) as part of a recruitment process or a spontaneous application (“selection process”), your data will be processed by Hyphen, in its capacity as data controller.

Data provided on the Curriculum Vitae and during the selection process will be processed to evaluate and manage your application and, when appropriate, to carry out the necessary steps in the selection and hiring process and, unless otherwise indicated, it will be used to inform you of future job openings that fit your profile and that may be of interest to you.

We may share your data with other companies of the Group, if you give us your consent to use it in other selection and recruitment processes, for positions that suit your profile.

We further inform you that you have the right to:


• Obtain from Hyphen, confirmation as to whether or not your personal data is being processed.
• Access your personal data.

• Correct inaccurate or incomplete data.

• Request the erasure of your personal data when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
• Ask Hyphen to restrict data processing when any of the conditions foreseen in the current legislation on data protection issues, have been met.

You may exercise these rights by contacting Hyphen in writing, by email to joinus@hyphenteam.com or by mail to the above address.

How do we use cookies?

“Cookies” are small software tags that are stored on your computer through the browser, only retaining information related to preferences, not including, as such, personal data.

All browsers allow the user to accept, refuse or delete cookies, and also inform the user whenever a cookie is received, namely by selecting the appropriate settings in the respective browser. The user can configure cookies in the “options” or “preferences” menu of their browser.

Please note, however, that by disabling cookies, you may prevent some web services from functioning correctly, affecting navigation on the website partially or completely.

For more information about the cookies we use on Hyphen’s website, see our Cookie Policy.

Applicable law and jurisdiction

This Policy, as well as the Clients, Suppliers and other project participants in accordance with it, are governed by Portuguese law, with the Lisbon District Court having exclusive jurisdiction to settle any issues arising from this Policy.