Through this personal data protection policy, we aim to clarify the user how we process personal data when using the LightPOS 2.0 application (hereinafter, “App“) and to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, “GDPR”) regarding the information to be provided to the user, the data subject.
When using the App, SIBS processes the user’s personal data as Data Controller for its own purposes as specified below.
1. Identity and contact details of the Data Controller and Data Protection Officer.
- Name: SIBS Forward Payment Solutions, S.A (“SIBS”)
- Address: Alfrapark, Edifício E, Estrada de Alfragide, n.º 67, 2610-008 Amadora, Portugal
- Share capital: EUR 17.500.000,00
- NIPC (legal person number): 505.107.546
- Data Protection Officer: DataProtectionOfficer@sibs.com
2. Purposes and legal basis for processing, personal data and retention periods.
When using the App, SIBS processes the user’s personal data (some of which are necessary and mandatory – otherwise some features will not work – and others which are optional), namely for the following purposes:
| Purpose of processing | Legal basis | Personal data | Retention Period |
|---|---|---|---|
| User’s authentication | Performance of a contract to which the data subject is party (Article 6(1)(b) GDPR). | Email address | Mobile number | Name | Period required to prove compliance with contractual and legal obligations. |
| Sending technical information to users via e-mail on security, operation and new features of the App. | Legitimate interest in informing users of technical updates, in particular security updates and new features (Article 6(1)(f) GDPR). | E-mail address | Name | Period required to prove compliance with contractual and legal obligations. |
| Response and management of requests for information and complaints from the App. | Performance of a contract to which the data subject is a party (Article 6(1)(b) GDPR). | Telephone contact | E-mail address | Address | Tax Identification Number | Name | Period required to prove compliance with contractual and legal obligations. |
| Security and resilience of information systems and preventing and combating fraud. | Legitimate interest in ensuring security and preventing fraud (Article 6(1)(f) GDPR). | App settings | Activity or traffic data, namely | App service status | Nome | 5 years (Article 118(1)(c) of the Portuguese Penal Code). |
SIBS only stores personal data in order to allow the identification of data subjects for the period necessary or required for the fulfilment of the purposes indicated.
3. Data recipients.
In order to comply with legal obligations SIBS may have to share personal data with third parties, e.g., judicial or administrative authorities, as well as supervisory or regulatory bodies.
4. International data transfers.
The personal data is processed within the territory of the European Union/European Economic Area (EU/EEA). From time to time, SIBS may transfer personal data outside the EU/EEA in a secure and lawful manner, ensuring that the data is only transferred under the legal mechanisms permitted by the GDPR.
5. Data processing security.
SIBS has implemented the appropriate technical and organisational security measures to ensure the security of the personal data provided to it, in order to prevent its alteration, loss, processing and/or unauthorised access (taking into account the current state of technology, the nature of the data processed and the risks to which they are exposed), and the user being aware that the security measures are not impregnable.
6. Exercise of data subject rights and complaints.
Under the applicable terms of the legislation on the protection of personal data, the user may exercise, free of charge and at any time, the rights of: access; rectification; erasure (“right to be forgotten”); restriction; portability; object; by means of a written request, accompanied by proof of identity and specification of the right you wish to exercise, addressed to the SIBS Data Protection Officer to the address indicated above or to the e-mail address: DataProtectionOfficer@sibs.com.
7. National Supervisory Authority.
The user has the right to lodge a complaint regarding the protection of personal data to the Comissão Nacional de Proteção de Dados (CNPD).
8. Update of the Personal Data Protection Policy.
This personal data protection policy will be periodically reviewed and updated whenever necessary.
Updated: 23-09-2025