A. Data Controller

The Data Controller of personal data is GREENVOLT NEXT HOLDING, S.A., with Tax Number 517292386, headquartered at Rua Luciana Stegagno Picchio, no 3, 1549-023 Lisboa, and with the following contacts:

Email: [email protected]

B. Data Protection Officer

The Data Controller has appointed a Data Protection Officer who can be contacted via [email protected].

C. Personal Data Processed

His information applies to all personal data collected by the Data Controller, including name of the data subject, job title, company, image, and voice through photographic or video recording.

D. Purpose of Processing and Legal Basis

The Data Controller will process the data manually and/or automatically, for specific purposes such as External and Internal Communication: ·

• Publication on Greenvolt Group’s external communication channels (Linkedin, Instagram, Facebook, Website, e-mail marketing)
• Use in corporate presentations conducted by the Data Controller
• Publication on the company’s internal channels (newsletter, sharepoint, email)

E. Data Recipients

The processing of personal data may be carried out by providers subcontracted by the Data Controller to ensure the provision of video editing which will process the personal data exclusively for the purposes established by the Data Controller in compliance with the instructions issued by it, strictly complying with the legal regulations on personal data protection, information security, and other applicable regulations. The Data Controller may communicate personal data to third-party entities that will process them for the purpose of collecting image and voice through photographic or video recording, with said entity becoming the Data Controller for these personal data processing operations.

F. Data Retention Period

The Data Controller will retain the personal data only for the time necessary to achieve the purposes for which they were collected, for which a period of 3 years is determined.

G. Exercise of Rights

The data subject may, at any time, request from the Data Controller access to the personal data concerning him/her, as well as their rectification or erasure, and the restriction of processing concerning the data subject, or the right to object to processing, and the right to data portability, in accordance with the laws governing the processing of personal data.

• The exercise of Rights must be done through the email [email protected] or directly with the Data Protection Officer, through the email [email protected].

The data subject may also enforce his/her rights with the National Data Protection Commission.

H. Withdrawal of Consent

The data subject’s acceptance that his/her data may be processed or transferred shall always be revocable, with no retroactive effect. To revoke the consent given, the data subject may contact the Data Controller through the contact means identified in point A.

I. Personal Data Protection Measures

The Data Controller applies various technical and organizational measures appropriate to protect the personal data of the data subjects that it considers sufficient and adequate to ensure the protection of personal data against their destruction, accidental loss, alteration, dissemination, or unauthorized access, accidental or unlawful, as well as the necessary, sufficient, and adequate measures to ensure the accuracy, integrity, and confidentiality of personal data and an appropriate level of technical and organizational security in relation to the risks inherent in the processing and nature of the personal data, including placing them in an encrypted folder with exclusive access by authorized Greenvolt members.