Personal Data Protection Policy
Personal Data Protection Policy of the Multicert Website
The purpose of this personal data protection policy is to inform the user on how Multicert processes personal data while using Multicert Website (hereinafter "Website") and to comply with the provisions of the legislation on personal data protection, particularly, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, "GDPR"), regarding the information to be provided to the user, the data subject.
When using the Website, Multicert processes personal data as a Data Controller for its own purposes (as listed below).
- Identity and contact details of the Controller and Data Protection Officer.
- Name: Multicert - Serviços de Certificação Electrónica, S.A. ("Multicert")
- Head office Rua Soeiro Pereira Gomes, Lote 1, 1649-031 Lisboa, Portugal
- Share Capital: EUR 2.250.000,00
- Legal Person Number: 767.457
- Data Protection Officer: DataProtectionOfficer@sibs.com
- Purposes and legal basis of processing, personal data categories and retention periods.
When using the Website, Multicert collects personal data from the user (some of which are essential and mandatory and some of which are optional, otherwise some features will not work):
|
Purpose |
Legal basis |
Personal Data |
Retention period |
|
Customer support |
Performance of a contract (cf. Article 6(1)(b) GDPR) |
Email address |
Retention for the period necessary to prove compliance with legal obligations. |
|
Sending commercial electronic communications about news, offers or promotions of Multicert’s solutions. |
Consent of the data subject (see Article 6(1)(a) GDPR). |
Email address | Name |
5 years counting from the date on which the user has revoked its consent or the period necessary to prove compliance with legal obligations. |
|
Online Store - Sale of Multicert Products and Provision of Multicert Services. |
Performance of a contract to which the data subject is a party (Article 6(1)(b) GDPR). |
Address | Company name | Email address | Name | Tax identification number (NIF) | Telephone number |
Retention for the period necessary to prove compliance with legal obligations. |
|
Response to contact requests |
Performance of a contract (pre-contractual measures at data subject’s request) (see Article 6(1)(b) GDPR) |
Email address | Name | Telephone number | |
Retention for the period necessary to prove compliance with legal obligations. |
|
Security and resilience of the Website |
Legitimate interest in ensuring security and preventing fraud (Article 6(1)(f) GDPR) |
Activity or traffic data | Address | Device ID | Device name | IP address | Geolocation | Make and model of the user's device | Operating System of device| Service status |
5 years (Article 118(1)(c) of the Portuguese Criminal Code). |
|
Selection and recruitment (receipt of applications for employment positions and internships) |
Performance of a contract (pre-contractual measures at data subject’s request) (see Article 6(1)(b) GDPR) |
Email address | Name | Telephone number |
Retention for the period necessary to prove compliance with legal obligations. |
The user can withdraw consent at any time (without affecting the lawfulness of the processing conducted on the basis of the consent previously given).
Multicert only stores personal data in order to allow the identification of data subjects for the period necessary or required for the fulfilment of the purposes indicated.
- Data recipients.
In order to comply with legal obligations Multicert may have to share personal data with third parties, e.g. judicial or administrative authorities, as well as supervisory or regulatory bodies.
- Service providers.
Multicert may use other Multicert Group companies, or third parties to provide certain services involving the processing of personal data on the Website, exclusively according to prior documented instructions given by Multicert.
- International data transfers.
Personal data is processed within the territory of the European Union/European Economic Area (EU/EEA). Multicert may transfer personal data outside the EU/EEA in a secure and legal manner, ensuring that data is only transferred under the mechanisms provided for in Chapter V of the GDPR.
- Data processing security.
Multicert has implemented the appropriate technical and organisational security measures to ensure the security of the personal data provided to it, in order to prevent its alteration, loss, processing and/or unauthorized access to it, taking into account the current state of the technology, the nature of the data processed and the risks to which they are exposed, and the user being aware that security measures are not impregnable.
- Exercise of data subject rights.
Under the applicable terms of the legislation on the protection of personal data, the user may exercise, free of charge and at any time, the rights of: access; rectification; erasure ("right to be forgotten"); restriction; portability; object; by a written request addressed to the Multicert Data Protection Officer to the address indicated above, or to the following e-mail address: DataProtectionOfficer@sibs.com.
- National supervisory authority.
The user has the right to lodge a complaint regarding personal data protection to Comissão Nacional de Proteção de Dados (CNPD).
- Third-party websites and social networks
The Website may contain advertising, hyperlinks or other content that redirects the user to partner or third-party websites and/or social networks.
Multicert does not control the content of these websites and/or social networks and is therefore not responsible for it, or for the practices of said websites or social networks. Multicert therefore recommends users to consult the personal data protection policy of these websites, or social networks, and their terms and conditions of use.
Due to the way Internet communication standards work, access to websites may involve the use of cookies. Multicert is responsible for cookies and the processing of data obtained through the use of cookies on its Website, which can be its own cookies, or third-party cookies, and decides the purpose, content and use of the processing of the data collected for the purposes explained below.
10. Cookie
To facilitate and provide a better browsing experience through the Website, Multicert informs you that it uses Cookies or other files with similar functions (hereinafter referred to as “Cookies”).
10.1 What are Cookies
Cookies are small text files containing relevant information sent by websites and stored on the user's device.
Cookies are used to manage the operation of the Website, to increase its efficiency, to provide information to Multicert regarding the usability of the Website and/or recognize users and direct their browsing according to their interests and preferences, thus improving their browsing experience.
Cookies are essential to the operation of the Website, and do not damage the user's equipment or device and, if activated in the browser configuration, help to identify and resolve possible operational and functional Website errors.
Consent to the use of certain cookies is optional, however if cookies are not accepted, users will not be able to access certain functionalities on the Website, which may not function correctly.
The data provided when the use of cookies is accepted, will not be disclosed or communicated to third parties by the data controller.
Users can deactivate and manage their cookie preferences in their browser, or in the cookie banner.
10.2 Use of cookies
Multicert uses cookies on its Website to manage user browsing, which may be managed directly by Multicert or by third parties, particularly for the purposes of statistical analysis of use of Website.
Multicert uses Cookies for the purposes identified below.
Essential cookies
Essential cookies are essential for the correct functioning of the Website, enabling basic functions such as navigation and access to the webpage to protect certain areas of the Website. The Website may not function properly if these cookies are not used. Use of these cookies is therefore not subject to user consent.
|
Name |
Supplier |
Purpose |
Expiration |
Type |
|
1.gif |
Cookiebot |
Used to count the number of sessions to the website, necessary for optimizing CMP product delivery. |
Session |
Pixel |
|
AWSALB |
Byside |
Registers which server-cluster is serving the visitor. This is used in context with load balancing, in order tooptimize user experience. |
7 days |
HTTP Cookie |
|
AWSALBCORS |
Byside |
Registers which server-cluster is serving the visitor. This is used in context with load balancing, in order to optimize user experience. |
7 days |
HTTP Cookie |
|
AWSALBCORS |
Byside |
Registers which server-cluster is serving the visitor. This is used in context with load balancing, in order tooptimize user experience. |
7 days |
HTTP Cookie |
|
AWSALBTG |
Byside |
Registers which server-cluster is serving the visitor. This is used in context with load balancing, in order to optimize user experience. |
7 days |
HTTP Cookie |
|
AWSALBTGCORS |
Byside |
Registers which server-cluster is serving the visitor. This is used in context with load balancing, in order tooptimize user experience. |
7 days |
HTTP Cookie |
|
AWSALBTGCORS |
Byside |
Registers which server-cluster is serving the visitor. This is used in context with load balancing, in order to optimize user experience. |
7 days |
HTTP Cookie |
|
CookieConsent |
Usercentrics GmbH |
Stores the user's cookie consent state for the current domain |
1 year |
HTTP Cookie |
|
JSESSIONID |
Multicert |
Preserves users states across page requests. |
1 day |
HTTP Cookie |
|
rc::a |
gstatic |
This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to makevalid reports on the use of their website. |
Persistent |
HTML Cookie |
|
rc::c |
gstatic |
This cookie is used to distinguish between humans and bots. |
Session |
HTML Cookie |
|
eg_params |
E-Goi |
Presentation and captcha protection for web forms. |
3 months |
HTTP Cookie |
|
eg_params |
Multicert |
Presentation and captcha protection for web forms. |
3 months |
HTTP Cookie |
Marketing cookies
Marketing cookies are used to track visitors while browsing the Website. The aim is to provide users with advertisements according to their interests and preferences.
|
Name |
Supplier |
Purpose |
Expiration |
Type |
|
#-# |
YouTube |
Used to track user’s interaction with embedded contente. |
Session |
HTML Cookie |
|
__Secure-ROLLOUT_TOKEN |
YouTube |
Used to track user interaction with embedded content. |
180 days
|
HTTP Cookie |
|
__Secure-YEC |
YouTube |
Stores the user's video player preferences using embedded YouTube video |
Session |
HTTP Cookie |
|
_ga |
Google Analytics |
Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devicesand marketing channels. |
2 years |
HTTP Cookie |
|
_ga_# |
Google Analytics |
Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels |
2 years |
HTTP Cookie |
|
_gat |
Google Analytics |
sed to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devicesand marketing channels. |
1 day |
HTTP Cookie |
|
_gcl_au |
Googletagmanager |
Used to measure the efficiency of the website’s advertisement efforts, by collecting data on the conversion rate ofthe website’s ads across multiple websites. |
3 months |
HTTP Cookie |
|
_gcl_ls
|
Googletagmanager |
Tracks the conversion rate between the user and the advertisement banners on the website - This serves tooptimise the relevance of the advertisements on the website. |
Persistent |
HTML Cookie |
|
_gid |
Google Analytics |
Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels. |
1 day |
HTTP Cookie |
|
iU5q-!O9@$ |
YouTube |
Registers a unique ID to keep statistics of what videos from YouTube the user has seen. |
Session |
HTML Cookie |
|
LAST_RESULT_ENTRY_KEY |
YouTube |
Used to track user’s interaction with embedded content. |
Session |
HTTP Cookie |
|
LogsDatabaseV2:V#||LogsRequestsStore |
YouTube |
Used to track user’s interaction with embedded content. |
Persistent |
IndexedDB Cookie |
|
NID |
|
Necessary to improve the browsing experience and the results in search results and ads. |
6 months |
HTTP Cookie |
|
remote_sid |
YouTube |
Necessary for the implementation and functionality of YouTube video-content on the website. |
Session |
HTTP Cookie |
|
ServiceWorkerLogsDatabase#SWHealthLog |
YouTube |
Necessary for the implementation and functionality of YouTube video-content on the website. |
Persistent |
IndexedDB Cookie |
|
TESTCOOKIESENABLED |
YouTube |
Used to track user’s interaction with embedded contente. |
1 day |
HTTP Cookie |
|
VISITOR_INFO1_LIVE |
YouTube |
Used to estimate user bandwidth to determine appropriate video quality (resolution). |
180 days |
HTTP Cookie |
|
YSC |
YouTube |
Used to record a unique session identifier, evaluate user behaviour, and detect fraudulent views. |
Session |
HTTP Cookie |
|
YtIdbMeta#databases |
YouTube |
Used to track user’s interaction with embedded content. |
Persistent |
IndexedDB Cookie |
|
yt-remote-cast-available |
YouTube |
Stores the user's video player preferences using embedded YouTube vídeo. |
Session |
HTML Cookie |
|
yt-remote-cast-installed |
YouTube |
Stores the user's video player preferences using embedded YouTube vídeo. |
Session |
HTML Cookie |
|
yt-remote-connected-devices |
YouTube |
Stores the user's video player preferences using embedded YouTube vídeo. |
Persistent |
HTML Cookie |
|
yt-remote-device-id |
YouTube |
Stores the user's video player preferences using embedded YouTube vídeo. |
Persistent |
HTML Cookie |
|
yt-remote-fast-check-period |
YouTube |
Stores the user's video player preferences using embedded YouTube vídeo. |
Session |
HTML Cookie |
|
yt-remote-session-app |
YouTube |
Stores the user's video player preferences using embedded YouTube vídeo. |
Session |
HTML Cookie |
|
yt-remote-session-name |
YouTube |
Stores the user's video player preferences using embedded YouTube video. |
Session |
HTML Cookie |
|
byside_cookie_service_level |
Byside |
Variable where the service level is defined, ‘required’ ‘functional’ “personalisation” ‘targeting’ depending on the level of cookies chosen. |
Persistent |
HTML Cookie |
|
byside_webcare_session_tid |
Byside |
Identification of the visitor on the first page request on the Website. |
Session |
HTTP Cookie |
|
byside_webcare_tuid |
Byside |
Identification of the visitor on the first page request on the Website. |
2 years |
HTTP Cookie |
|
visitId |
eGoi |
Track and measure visitor behaviour on the website. |
Persistent |
HTML Cookie |
|
visitId |
eGoi |
Track and measure visitor behaviour on the website. |
Persistent |
HTML Cookie |
|
Visitor_privacy_metadata |
Youtube |
Store the user's consent and privacy choices regarding their interaction with the website and track views on the website's videos. |
6 months |
HTTP Cookie |
|
Visitor_info1_live |
Youtube |
Track user preferences regarding YouTube videos embedded in websites and track their views. |
6 months |
HTTP Cookie |
Statistical cookies
Statistical cookies are used to measure visitor interaction while browsing the Website anonymously. The aim is to optimise the browsing experience on the Website.
|
Name |
Supplier |
Purpose |
Expiration |
Type |
|
_pk_id# |
Matomo (Piwik) |
Collects statistics on the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been read. |
1 year |
HTTP Cookie |
|
_pk_ses# |
Matomo (Piwik) |
Used by Piwik Analytics Platform to track page requests from the visitor during the session. |
1 day |
HTTP Cookie |
Preference cookies
Preference cookies are used to remember your preferences regarding the behaviour and appearance of the website, as well as your selected language.
|
Name |
Supplier |
Purpose |
Expiration |
Type |
|
slightbox-scrollbar-width |
Slightbox |
Registers if the website's scroll-depth detection is active - This function remembers how far the user has scrolledon the current session across the website's sub-pages. |
Persistent |
HTML Cookie |
|
langCookie |
Multicert |
Register the user's language |
Session |
HTTP Cookie |
10.3 Cookie Configuration
Information is provided to users, under the applicable legislation, about how they can configure their browser, and manage and protect their privacy and security in relation to Cookies.
The cookie settings can be changed in your browser preferences, by following the instructions in these links:
Essential cookies regarding activities that are strictly necessary for the operation of the Website, do not require the user's consent and are automatically installed when the user accesses the Website.
- Updating the Personal Data Protection Policy.
This personal data protection policy is reviewed and updated periodically and whenever necessary.
Updated on: 10/11/2025