This Privacy Policy outlines how we handle your personal data. It explains how we collect, use, and manage

your personal information and how we comply with our legal responsibilities towards you. Your privacy is

important to us, and we are committed to protecting and securing your personal data.

Please take a moment to review our privacy practices. If you have any questions, feel free to contact us via

mail at Rua do Polo Norte Nº 14, Piso 1.2, 1990-266 Lisboa or by email at dl-drh@nimber.pt.

We aim to make this Privacy Policy as clear as possible, but if you encounter any unfamiliar terms or have

questions, do not hesitate to contact Nimbertech – IT Solutions, Lda. for further clarification.

From time to time, we may update this Privacy Policy. To stay informed, please visit this page regularly, as

all changes will be posted here.

The processing of any personal data collected by Nimber, or provided to us, is the responsibility of

Nimbertech – IT Solutions, Lda., a private limited company, with legal entity number 517157721, and its

registered office at Rua do Polo Norte Nº 14, Piso 1.2, 1990-266 Lisboa. Contact details are provided later

in this Privacy Policy (hereinafter referred to as "Nimber" or "we").

Please note that you are not required to provide any personal data that Nimber may request (you have the

right to object at any time), but should you choose not to provide such data, we may not be able to offer you

our services, process your application, or respond to any inquiries.

Nimber may collect your personal data in several ways, including when you subscribe to our newsletters,

submit spontaneous applications, register for job fairs, provide references for employees or former

employees, participate in workshops or partnerships to be contacted by Nimber, enter into a contract with

us (employment, service provision, or otherwise), complete a customer form, or communicate with our

customer support teams.

If you are a candidate seeking the best job opportunities and/or services tailored to your needs, we must

handle certain information about you. We only request data that is relevant to us, such as your name, age,

contact information, educational background, employment history, emergency contact, immigration status,

financial details (if we need to verify financial context), and social security number (you may also choose to

share other relevant information with us). When applicable and as required by law, we may also collect data

on any criminal convictions.

If you are a customer, we need to collect and use information about you or your company’s employees for

the provision of our services to ensure a complete service and to maintain a smooth contractual relationship.

In this context, we may request personal data such as names, email addresses, job titles, and relevant

employee contact numbers for the purpose of delivering services.

If you are a supplier, we only require a small amount of personal data to ensure everything runs smoothly.

We will need contact details for certain individuals within your company to communicate with you, along with

other information such as your bank account details for payment purposes (if such payment terms are part

Data Protection Policy V1 2025of the agreement). We may also store information that someone in your company has chosen to share with

us.

When we refer to suppliers, we include any companies (including independent traders) and atypical service

providers, such as independent contractors and freelance workers, who provide services to Nimber. In

certain situations, Nimber may subcontract services provided to customers to external suppliers working on

behalf of Nimber. In this context, suppliers who are independent contractors or collaborators of the supplier

will be treated as candidates for data protection purposes. Please note that Nimber requires suppliers to

inform their collaborators about the relevant sections of this Privacy Policy (specifically those aimed at

candidates).

Certain categories of personal data, such as those revealing racial or ethnic origin, political opinions,

religious or philosophical beliefs, union membership, genetic data, biometric data used to unambiguously

identify an individual, health data, sexual life, or sexual orientation, are classified as "special categories of

personal data" and receive additional protection under the General Data Protection Regulation ("GDPR").

Nimber limits the collection and processing of these special categories of data to the greatest extent possible,

and only does so when we have obtained your consent.

The purposes and grounds for processing your personal data depend on your status as a candidate,

employee, or supplier.

If you are a candidate (including suppliers who are independent traders, freelance workers, or supplier

collaborators), please note that your personal data is collected and processed for the following purposes:

Recruitment: includes recruitment activities for service provision or back-office functions, such as research

and selection. For service provision, this involves outreach to current and potential Nimber customers to find

placement opportunities, as well as related activities. In this scope, salary processing and human resource

management data may also be handled;

Contract execution: includes activities such as entering into contracts with Nimber and partners, and

communication with third parties involved in those contracts (e.g., insurance companies, beneficiaries,

intermediaries);

Service development and improvement: includes necessary activities for the development and enhancement

of Nimber's services, activity analysis, and processing for potential future opportunities.

If you are a supplier or customer, your personal data will be processed for the following purposes:

Contract execution: involves all activities necessary for the execution of service provision contracts, including

payment processing;

Communications: includes necessary communications related to our contracts with you;

Data Protection Policy V1 2025Service development and improvement: includes activities aimed at developing and enhancing services

provided to or by Nimber, activity analysis, processing for statistical and scientific purposes, and offering or

obtaining services from you;

Compliance with legal obligations;

In certain circumstances, to assist with the assertion, exercise, or defense of a legal right.

Nimber may engage third-party external service providers who operate on Nimber's behalf, such as

companies hosting and managing the Nimber website, processing payments, analyzing data, providing

customer services, and other collaborators. These third-party providers will process your personal data in

accordance with this Privacy Policy and applicable laws.

When we collect your personal data for the purposes outlined above, we will inform you in advance or at the

time of collection, and we will seek your consent where necessary to legitimize the processing of your data.

If you have consented, you have the right to withdraw that consent at any time.

However, there may be cases where consent is not the legal basis for processing your data. In such cases,

the processing will be based on one of the following grounds:

Contractual necessity: when processing is necessary to enter into or perform a contract with you;

Compliance with legal obligations: when processing is required to fulfill legal obligations that Nimber is

subject to;

Legitimate interests: when processing is necessary for legitimate interests pursued by Nimber, provided

these do not override your rights and freedoms. This legal basis will only be used if there is no less intrusive

way to process your personal data. Nimber will maintain a record of such processing, and you have the right

to request this information;

Legal claims: when processing is necessary for the declaration, exercise, or defense of legal claims.

Nimber takes all necessary steps to ensure the confidentiality and security of your personal data,

implementing appropriate measures to protect against misuse, unauthorized access, loss, alteration, or

disclosure.

These measures include strict access controls to ensure data is encrypted, pseudonymized, and

anonymized whenever possible.

Access to your personal data is restricted to those who need it to perform their duties, and we impose strict

contractual confidentiality obligations when third parties process your data.

Although internet data transmission cannot guarantee complete security against intrusions, Nimber and its

service providers make every effort to implement and maintain physical, electronic, and procedural

safeguards to protect your personal data in accordance with applicable data protection laws.