PRIVACY POLICY 

Absent, Lda., is the controller responsible for the processing of personal data carried out on the Site (hereinafter “Data Controller”). 

In order to reinforce its commitment to the protection of Personal Data, the Data Controller has appointed its respective Data Protection Officers, who may be contacted at the following e-mail addresses: 

Shalini Choudhary: shalini@absent.tech 

Mara Kesnere: mara@absent.tech 

Access to and browsing the Site does not necessarily require the provision of Personal Data. However, certain features may involve the sharing of such data, in particular the submission of a message via the contact form available at www.absent.tech. 

The Data Controller collects and processes Users’ Personal Data for the purposes for which they were collected, for example, to analyze messages sent by Users through the contact form provided. For this purpose, the following data are collected: 

- Identification data: name; 

- Contact data: e-mail; 

- Any other categories of data that Users may voluntarily include in the “subject” and “message” text fields. 

Please note that, at a later stage, additional Personal Data may be collected where necessary or appropriate for any initiatives of the Data Controller. In such cases – for example, contests or other initiatives related to the subject-matters covered by the Site – the processing of data will be duly described in the specific rules governing those initiatives. 

Cookies may also be collected; further information is available in our Cookie Policy. 

In general terms, the Data Controller uses the Personal Data of the User for the following purposes:

1.
Purpose: Contact management 
Description: Processing of data to respond to requests made via the contact form
Lawful basis: Consent 
Retention period: 6 months after the request is closed 

2.
Purpose: Site management and visit tracking 
Description: Development of content adapted to user requests and profiles in order to improve search capabilities and Site functionality, and to obtain aggregated or statistical information about the typical user profile 
Lawful basis: Consent and Legitimate Interest (where applicable) 
Retention period: In accordance with the periods set out in our Cookie Policy 

The Personal Data collected will not be shared with third parties without the User’s consent, except in the following situations: 

1. Disclosures required by law, in compliance with a legal obligation to which the Data Controller is subject; 

1. Service providers that provide services necessary for the provision of services by the Data Controller. 

A processor is an entity that processes personal data on behalf of and for the account of the Data Controller. This entity acts under the instructions of the aforementioned organization for the purpose of providing services, ensuring the implementation of appropriate technical and security measures that, at all times, meet the requirements of current legislation and safeguard the rights of Users. 

In the context of the processing of User data, the Data Controller may use third-party entities subcontracted by it to process User data on its behalf and in accordance with its instructions, in compliance with the principles set out in this Policy and in line with applicable data protection legislation, in order to provide support services for the Data Controller’s activities. 

These subcontracted entities may not transmit the User’s data to other entities without the Data Controller having previously given written authorization to do so, and they are also prevented from contracting other entities without prior authorization from the Data Controller. 

Where applicable, the Data Controller undertakes to subcontract only entities that offer maximum security in the implementation of appropriate technical and organizational measures, so as to guarantee the protection of the User’s rights. 

A. COMPLIANCE WITH DATA PROTECTION PRINCIPLES 

With regard to the general principles relating to the processing of Personal Data, the Data Controller undertakes to ensure that the User’s data processed is: 3 

1. Processed lawfully, fairly and transparently in relation to the User; 

2. Collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes; 

3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed; 

4. Accurate and kept up to date where necessary; all appropriate measures are taken to ensure that inaccurate data, having regard to the purposes for which they are processed, are erased or rectified without delay; 

5. Kept in a form which permits identification of the User only for as long as is necessary for the purposes for which the data are processed; 

6. Processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
   
   

B. IMPLEMENTATION OF TECHNICAL AND ORGANISATIONAL MEASURES 

The Data Controllers may adopt various technical and organizational security measures to protect Users’ Personal Data against loss, dissemination, alteration, unauthorized or improper processing or access. The general measures adopted by the Data Controller may include the following: 

1. Regular audits to assess the effectiveness of the technical and organizational measures implemented; 

2. Awareness-raising and training of personnel involved in data processing operations; 

3. Pseudonymization and anonymization of Personal Data; 

4. Adoption of mechanisms capable of ensuring the ongoing confidentiality, availability and resilience of information systems; 

5. Mechanisms to ensure the rapid restoration of information systems and access to Personal Data in the event of a physical or technical incident; 

6. Implementation of rules for the use and storage of strong, secure passwords (e.g. containing numbers, special characters, upper- and lower-case letters, and regular changes); 

7. Storage of data on internal systems accessible only to authorized employees and third parties, protected by remote access mechanisms (e.g. VPN); 

8. Automatic backups of work folders when equipment is connected to the entity’s network; 

9. Physical access controls, with date and time logging, to premises where personal data are stored; 

10. Destruction of documents using dedicated paper-shredding equipment; 

11. Blocking access to websites that may pose a security risk; and 

12. Verification of the defined security measures, ensuring they are effective and updating them regularly, especially when processing or circumstances change, including those implemented by processors. 

In principle, the processing operations associated with Users’ interaction with the Site will not involve the transfer or processing of data outside the European Economic Area. 

However, if it becomes necessary to transfer your data outside the European Economic Area (for example, in the context of using certain IT support service providers), the Data Controller will implement the necessary measures to ensure that such transfers comply with applicable legislation, in particular Chapter V of the GDPR, and that an essentially equivalent level of protection is guaranteed for the personal data of data subjects. This may be achieved, for example, by ensuring the existence of an Adequacy Decision by the European Commission for the destination country or by 

Users, as data subjects, are granted the following rights: 

1. Right of Access: the right to obtain confirmation as to whether or not Personal Data concerning them are being processed and, if so, the right to access their Personal Data and certain related information. 

2. Right to Rectification: the right to obtain the rectification of inaccurate Personal Data concerning them or to have incomplete Personal Data completed. 

3. Right to Erasure: the right to obtain the erasure of their Personal Data without undue delay, provided there are no valid grounds for retaining them (e.g. where they must be kept to comply with a legal obligation or because legal proceedings are ongoing). 

4. Right to Restriction of Processing: the right to obtain restriction of processing of their Personal Data, in the form of suspension of processing or limitation of the scope of processing to certain categories of data or processing purposes. 

5. Right to Data Portability: the right to receive the Personal Data concerning them and which they have provided in a structured, commonly used and machine-readable format and/or the right to have those data transmitted to another controller. 

6. Right to Object: the right to object at any time to the processing of data concerning them, unless there are overriding legitimate grounds for the processing that override the User’s interests, rights and freedoms, or for the establishment, exercise or defense of legal claims. 

The User may also withdraw their consent in cases where processing is based on consent, without such withdrawal affecting the lawfulness of processing carried out while the consent was valid. 

Requests to exercise rights by data subjects should be addressed to the email address of any of the Data Protection Officers. 

The Data Controller will respond using the same channel through which the User exercised their right, within a maximum period of one month from receipt of the request, except in particularly complex cases, where this period may 5 

be extended up to two months, with due justification provided by the Data Controller. 

Finally, and without prejudice to the possibility of submitting complaints directly to the Data Controller using the contacts provided for this purpose, the data subject may complain directly to the Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados – CNPD) using the contacts made available by that authority at www.cnpd.pt. 

For more information about the cookies collected by the Data Controller, please consult our Cookie Policy. 

In the event of a personal data breach and to the extent that such breach is likely to result in a risk to the rights and freedoms of the User, the Data Controller undertakes to report the breach to the competent supervisory authority (in Portugal, the National Data Protection Commission – CNPD) without undue delay and, where feasible, no later than 72 hours after having become aware of it. 

In addition, the Data Controller will notify the User of the breach when it is likely to result in a high risk to their rights and freedoms, and will do so without undue delay. By law, notification to the User is not required in the following cases: 

1. If the Data Controller has implemented appropriate technical and organizational protection measures and those measures were applied to the personal data affected by the breach, in particular measures that render the personal data unintelligible to any person not authorized to access it, such as encryption; 

2. If the Data Controllers has taken subsequent measures which ensure that the high risk to the User’s rights and freedoms is no longer likely to materialize; or 

3. If notification to the User would involve disproportionate effort for the Data Controller. In that case, the Data Controller will issue a public communication or take a similar measure whereby the User will be informed. 

The Data Controllers reserve the right to amend this Privacy Policy at any time. In the event of a substantial change, a notice will be posted on the Site. 

Any disputes arising from the validity, interpretation or performance of the Privacy Policy, or that are related to the collection, processing or transfer of Personal Data, shall be submitted exclusively to the jurisdiction of the courts of the district of Lisbon, without prejudice to mandatory legal provisions. 

Date of last update: 11 December 2025