Privacy Policy
PRIVACY AND PERSONAL DATA PROTECTION POLICY
The Privacy and Personal Data Protection Policy of the “OpenSyllo” Platform has been drawn up to affirm our commitment to the privacy and security of the data we process. Part of this commitment is aimed at protecting and respecting your privacy and your choices.
This Policy explains how we use the personal data you share with us, regardless of whether you are a registered user or not. This Policy covers the Platform’s processing of information capable of identifying users, whether collected directly on the Platform, stored in the database, or gathered by other means, such as forms completed on paper or provided via hardware devices.
Please read the information provided here carefully. If you have any questions or concerns regarding how we process your personal data, please contact us, either by post directly to the address Apartado 16, EC Sines | 7521-953 Sines, or via email at epd@apsinesalgarve.pt, and we will respond as soon as possible.
1. Who are we?
APS - Administração dos Portos de Sines e do Algarve, S.A. owns and operates the OpenSyllo Platform. This Platform brings together and makes available datasets and digital services relating to port and logistics activities, whilst also serving as a tool to promote research, development and innovation within this sector. Data and digital service providers can describe their datasets and services, making it easier for consumers to identify them, whilst consumers can access the relevant datasets by subscribing.
1.1 Contact details
APS - Administração dos Portos de Sines e do Algarve, S.A., with its registered office at Apartado 16, EC Sines, 7521-953 Sines, Portugal, is the data controller for the data collected on OpenSyllo. You may contact us regarding general matters in writing at the email address support@opensyllo.com and regarding matters relating to your personal data at the email address epd@apsinesalgarve.pt.
2. Data Processed
‘Personal data’ refers to any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, location data, or specific physical or physiological characteristics, amongst others. This may also include unique numerical identifiers, such as your computer’s Internet Protocol (IP) address or your mobile device’s Media Access Control (MAC) address, as well as cookies.
The specific types of personal data processed by APS - Administração dos Portos de Sines e do Algarve, S.A., within the scope of the OpenSyllo Platform, are directly related to its remit and are very diverse; these may include name, email address, telephone and mobile numbers, the department in which you work, amongst others, as well as reviews and opinions shared on the platform.
3. Collection methods:
The OpenSyllo Platform collects and processes personal data that can identify users in the following ways:
a) Directly, for example, when you create an account on the Platform or when you contact us;
b) Indirectly, for example, by using cookies to understand how you use the Platform.
When we collect data, we indicate which types of data are mandatory by means of asterisks. Some of the personal data we request is necessary to:
-
Perform a contract (e.g. create your account);
-
Provide the requested service;
-
Comply with legal and regulatory obligations.
If you do not provide the data marked with an asterisk, this may affect our ability to provide the products and services. All personal data collected will be incorporated and stored in APS’s systems.
APS may verify the personal data entered by the user by consulting public bodies or other specialist entities, and is expressly authorised to do so. This does not remove or diminish the user’s responsibility for the accuracy and truthfulness of the data they provide, which is why APS may, at its sole discretion, suspend and/or cancel the user’s account at any time if it detects any inaccuracy.
4. Purposes of processing:
Personal data is processed by APS - Administração dos Portos de Sines e do Algarve, S.A. for the following purposes:
-
Registration and use of our services: we collect the personal data you provide when you register for or use our services;
-
To handle any complaints or claims you may have regarding the Services and to protect ourselves against them or against any complaints or claims from third parties relating to your use of the Services;
-
To inform you about new features and functionalities of our Services;
-
To manage and plan our business activities (for example, to analyse how you use our products and services and to forecast demand for our products, or to predict how our users will use our services in the future, estimate trends in user needs and preferences, and develop new services and products). This information will be anonymised so as not to reveal your identity.
-
Pre-contractual steps, performance of contracts, or management of the contractual or administrative relationship with the data subject;
-
Compliance with legal and regulatory obligations to which APS is subject,
-
Pursuit of APS’s legitimate interests, in particular the objectives of the Single Logistics Window (JUL), pursuant to Article 6(2) of Decree-Law No. 158/2019 of 22 October, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April, and other applicable legislation.
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April, APS has adopted the principle of data minimisation, collecting only the data strictly necessary to achieve the purpose pursued and defined for the data subjects concerned, whilst enabling them to exercise any rights in this regard. The rights of data subjects are set out in section 13 of this Policy.
5. Legal basis for data processing:
The processing of personal data will only take place to the extent that it can be justified on the basis of one of the grounds for lawfulness set out in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April, and in accordance with the applicable laws and regulations in Portugal. In addition, all data processing operations will be carried out in strict compliance with the applicable legal principles, namely in relation to data circulation, fairness, transparency and data minimisation, amongst others.
Therefore, whenever we use your personal data, APS will have a legal basis for doing so. For example, if you have asked us to provide a service and have given us your consent, or if we have a legitimate interest in using your data. Thus, the legal bases for processing your data may be:
a) The data subject has given their consent for one or more specific purposes;
b) It is necessary for compliance with a legal obligation to which APS - Administração dos Portos de Sines e do Algarve, S.A. is subject;
c) It is necessary for the protection of the vital interests of the data subject or of another natural person;
d) It is necessary for the performance of a task carried out in the public interest;
e) It is necessary for the purposes of the legitimate interests pursued by APS - Administração dos Portos de Sines e do Algarve, S.A., provided that the data subject’s direct interests and fundamental freedoms, which require the protection of personal data, are safeguarded.
6. Where do we store your personal data?
Your personal data is stored either on APS’s own IT infrastructure or on cloud services contracted for this purpose. In either case, the data will be stored in Portugal or within the European Territory.
7. Data retention periods:
The period for which data is stored and retained varies depending on the purpose for which the information is used; once this period has elapsed, the data will be permanently deleted or anonymised.
Data collected by the Platform will be stored and retained for as long as the user remains active on the Platform and will be permanently deleted or anonymised 12 months after the last recorded activity.
8. Who can access your personal data?
APS staff or service providers duly authorised for this purpose may access your data in order to carry out the tasks necessary for the operation, management, support and maintenance of the platform.
9. Information sharing:
We may share your personal data to comply with our legal obligations, prevent fraud, improve our products and services, or after obtaining your consent to do so.
Where permitted, we may also share some of your personal data (including that collected via cookies) to harmonise and update the information you share with us, to compile statistics based on your characteristics, and to personalise our communications. Your personal data may also be processed on our behalf by our service providers, who are duly accredited for this purpose.
We provide only the information necessary for the performance of the service in question and require them to commit to the same level of protection and privacy of your data as APS - Administração dos Portos de Sines e do Algarve, S.A. would have if it were processing it directly. This includes an obligation not to use your personal data for any purpose other than that contracted by APS, as well as confidentiality obligations and security standards, amongst others. We always do our utmost to ensure that all third parties with whom we work keep your personal data secure. For example, we may contract services that require the processing of your personal data to:
a) Advertising, marketing, digital and social media agencies to help us deliver advertising and marketing campaigns, analyse their effectiveness, and manage your enquiries and our relationship with you;
b) Third parties who assist us in providing IT services, such as platform providers, hosting, maintenance and support services, as well as our software and applications which may contain data relating to you (these services may sometimes involve access to your data in order to carry out the necessary tasks);
c) Third parties who provide us with consultancy services in market research and analysis and in gathering feedback on our products and services, as well as for customer relationship management purposes.
The legal basis for this sharing is our legitimate interests in:
a) Improving our products and services;
b) Improving our customer relationships;
c) Preventing fraud;
d) Protecting our tools;
e) Enabling interoperability and collaboration within the Marketplaces ecosystem.
We may also disclose your personal data to third parties:
a) If we are required to disclose or share your personal data in order to comply with a legal or regulatory obligation;
b) To comply with or enforce our terms of use or other terms and conditions that you have accepted;
c) To protect the rights or safety of APS, our users or employees;
d) If we have your express consent to do so;
e) Or if we are permitted to do so by law.
Apart from these situations, we do not transfer your personal data to third parties, either free of charge or for a fee.
9.1 International data transfers:
No personal data will be transferred outside the European Union or the European Economic Area.
10. Data protection and privacy
APS - Administração dos Portos de Sines e do Algarve, S.A. will do everything in its power to protect the privacy of the personal data it holds and undertakes to use technology and technical controls that are sufficiently appropriate for this purpose.
Using the internet to transmit information involves risks, so you should exercise care and caution regarding the method of transmission and the choice of personal data you share with us.
11. Platform security measures
In the course of its activities, APS employs a range of security technologies and procedures designed to protect your personal data, safeguarding it against unauthorised access or disclosure, namely:
-
Communications Encryption: Use of security protocols (HTTPS/TLS) to ensure the integrity and confidentiality of browsing and data transmission.
-
Certified Authentication: Use of identity and access management systems based on recognised and certified security standards (Keycloak) for user validation in restricted areas.
-
Selective Visibility in Marketplaces: Implementation of control mechanisms ensuring that the exposure of entities, applications or dataset records occurs exclusively through the configuration and prior authorisation of the respective Suppliers.
-
Exposure Control and GDPR: Provision of tools enabling the Data Provider to declare the existence of personal data and specifically identify the columns or fields subject to the GDPR. The use of these tools is the sole responsibility of the Provider, who guarantees that they have the legal basis for sharing the submitted data.
-
Infrastructure Security: Hosting in monitored environments with firewalls and physical and logical access controls.
12. Data Protection Supervisory Authority:
Without prejudice to your right to lodge complaints directly with APS, you may, if you so wish, lodge a complaint directly with the National Data Protection Commission (CNPD), the supervisory authority, using the contact details provided by that body for this purpose:
Avenida D. Carlos, I, no. 134, 1st floor, 1200-651 Lisbon. Tel.: +351 213 928 400. Email: geral@cnpd.pt.
13. Rights of data subjects:
APS - Administração dos Portos de Sines e do Algarve, S.A. undertakes to respect the rights of data subjects, in particular those set out in Articles 17 and 18 of the GDPR:
a) The right of access: The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed and, where that is the case, the right to access his or her personal data and information regarding the purposes of the processing, categories of personal data, recipients, retention period and the existence of automated decision-making;
b) The right to rectification: The data subject has the right to obtain, without undue delay, from the controller, the rectification of inaccurate personal data concerning them;
c) The right to erasure: The data subject has the right to obtain the erasure of their personal data where one of the following grounds applies: the personal data is no longer necessary for the original purpose, or consent has been withdrawn, or the data subject has exercised their right to object, or the data has been processed unlawfully;
d) The right to restriction of processing: The data subject has the right to obtain from the controller the restriction of processing if they contest the accuracy of the data or if the processing is unlawful;
e) The right to data portability: The data subject has the right to receive the personal data concerning them that they have provided to a data controller, in a structured, commonly used and machine-readable format.
f) The right to object: The data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them.
14. Cookies and online tracking
This Platform uses cookies and other local data storage mechanisms (session or persistent local storage) to provide a better and more personalised user experience. It should be noted that cookies (also known as ‘connection tokens’) are small pieces of data that a website stores in your browser and which are sent back to the website with every request. Depending on their origin, cookies may be:
a) First-party cookies: These are cookies stored by the website you are visiting and are only sent to that website.
b) Third-party cookies: Websites may use external services that may also instruct your browser to store their own cookies.
Depending on their duration, cookies may also be:
a) Persistent cookies: These are stored on your device and are not automatically deleted when you close your browser; their validity varies depending on the cookie.
b) Session cookies: These are deleted when you close your browser.
Cookies and other local data storage mechanisms are used to enable the website to remember your preferences (such as your user session or the language in which the Platform is displayed) for a certain period of time. This means you do not have to re-enter them whilst browsing the website during your visit. They may also be used to collect statistical data on your browsing experience on the Platform.
This Platform primarily uses ‘first-party cookies’. To help you manage your preferences, they are grouped into three categories:
a) Required: These are essential for the website to function correctly, ensuring basic functionality and security features. These cookies cannot be disabled.
b) Functional: These enable advanced features and personalisation of the user experience. Disabling them may affect certain features of the Platform. You may refuse cookies and other local storage mechanisms in this category.
c) Analytical: These enable us to assess how users interact with the Platform, based on anonymised data, with the aim of improving the services provided. These cookies are only enabled with your consent. You may refuse cookies and other local storage mechanisms in this category.
The table below summarises information regarding the various types of cookies used on the Platform and the purpose of each:
Cookies (Processed in the browser):
| Source | Type | Purpose | Expiry |
|---|---|---|---|
| Identity Server – First-party cookies | Required | Active session management (SSO) and detection of sessions in other windows. | Session Cookies. |
| Identity Server – First party Cookies | Required | Stores authentication state to prevent stale pages. | Only during the login flow. (Session Cookies) |
| Security Service – First party Cookiers | Required | Detection of automated access (bots) during registration. | Session Cookies. |
| Platform – First party Cookies | Required | Persists the language choice (EN/PT) selected by the user. | Persistent Cookies (Until cleaned by the user). |
| Google Analytics – Third party Cookies | Analytical | Collection of statistical information on platform usage (e.g.: pages visited, browsing time, traffic source), with the aim of improving performance and user experience. | Persistent up to two years. |
2. Local storage
| Source | Type | Purpose | Expiry |
|---|---|---|---|
| Application (Language) – First party Cookies | Required | Persists the language choice (EN/PT) selected by the user. | Persistent Cookies (Until cleaned by the user). |
| Session Manager (OIDC) – First party Cookies | Required | Stores access tokens to maintain login without constantly requesting the password. | Until the session is terminated or the session expires. (Session Cookies) |
| Application (User Guide) – First party Cookies | Functional | Prevents user guides from being displayed when they have already been previously viewed by the user, ensuring a more efficient and less redundant browsing experience. | Persistent Cookies (Until cleaned by the user). |
When you access this Platform for the first time, you will be asked to indicate your preferences regarding the use of cookies and other local storage mechanisms. You may accept the three categories described, or you may set your preferences differently.
In the preferences settings, you are provided with more specific information about these mechanisms that may be stored in your browser. In the case of the ‘Statistics’ and ‘Third-party content’ categories, you will be asked for your express consent to their use.
Your usage preferences will remain valid, subject to your consent (which can be changed by accessing the settings), from your last visit.
Furthermore, we would like to inform you that it is possible to block the creation of cookies by enabling a browser setting, which in turn will allow you to refuse the creation of some or all cookies. Below you will find links to the help pages of the main web browsers.
However, blocking all cookies (including session cookies) may limit or prevent access to some content on the OpenSyllo Platform.
Should APS make changes to the Platform that include modifying the set of cookies and other local storage mechanisms used, you will be asked to set your usage preferences again.
15. Changes to the Privacy and Personal Data Protection Policy
This Privacy and Personal Data Protection Policy was last updated on 23 June 2026. Any significant changes to this Policy will be communicated with the same level of publicity as was used for the initial release, and consent will be sought again.
16. General provisions
This Privacy and Personal Data Protection Policy forms an integral part of the Terms and Conditions of Use of the OpenSyllo Platform.
17. Governing law and jurisdiction
This Policy, as well as the collection, processing or transfer of personal data, is governed by the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and by the applicable laws and regulations in Portugal.
Any disputes arising from the validity, interpretation or enforcement of the Privacy Policy, or relating to the collection, processing or transmission of the data subject’s data, shall be submitted exclusively to the jurisdiction of the courts of the district of Setúbal, without prejudice to any applicable mandatory legal provisions.
18. Questions and contact details
For further information or if you have any queries regarding our Privacy and Personal Data Protection Policy, please contact us at epd@apsinesalgarve.pt.