Benfica Group Privacy Policy

Within the scope of their activities, the various entities that make up the Benfica Group (hereinafter "Benfica Group" or "Benfica") process personal data of several holders, namely members, supporters, volunteers, athletes, and their families, sports agents, users and users of the IT platforms provided — namely, the website www.slbenfica.pt (Benfica’s Official Website) and any other applications available for use on computers, tablets, cell phones, or other devices (hereinafter, "Platforms").

The Benfica Group is composed, namely, of: Sport Lisboa e Benfica Clube, NIPC 500276722; Sport Lisboa e Benfica - Futebol, SAD, NIPC 504882066; Sport Lisboa e Benfica SGPS, S.A. NIPC 505270048; Sport Lisboa e Benfica - Multimédia, S.A., NIPC 505564424; Benfica TV, S.A. NIPC 508517494; Benfica FM, S.A. NIPC 514631228; Benfica Estádio - Construção e Gestão de Estádios, S.A., NIPC 505813378; Parque do Benfica - Sociedade Imobiliária, S.A., NIPC 506807410; Clínica do SLB, Unipessoal, Lda. NIPC 508205360; Sport Lisboa e Benfica - Seguros, Mediação de Seguros, Lda. NIPC 508797404; Identiperímetro Sociedade Imobiliária, S.A. NIPC 508992770; Red Up Sports, Lda. NIPC 514395931; Fundação Benfica NIPC 509259740. Todas com sede no Estádio Sport Lisboa e Benfica, Avenida Eusébio da Silva Ferreira, 1500-313, Lisboa. Todas com sede no Estádio Sport Lisboa e Benfica, Avenida Eusébio da Silva Ferreira, 1500-313 Lisboa.

This Privacy Policy is intended to help people from whom we process data (hereinafter "Data Subjects") understand what personal data we collect, how and why we use it, to whom we disclose it, and how we protect their privacy.

Accordingly, the Benfica Group adopts the conduct and implements the necessary mechanisms to ensure strict compliance with the legislation relating to the protection of personal data that is, at all times, in force, namely Regulation (EU) No. 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (" GDPR") and Law No. 58/2019, of August 8, which ensures the execution, in the national legal order [Portugal], of the GDPR.

By using and browsing our Platforms, filling out our forms, and providing data directly or indirectly, you acknowledge and accept the conditions of this Policy, the Terms and Conditions and the Terms of Use and any other specific terms, policies, and conditions.

Additionally, and whenever specific questions arise as to the processing carried out by the following entities of the Benfica Group, please refer to the Privacy Policies specifically prepared for the processing of personal data carried out by these entities, which may be consulted at any time at the links below:

• Benfica TV, S.A. - Privacy Policy, available here

• Casas do Benfica - Privacy Policy, available here

• Clínica Benfica, Lda. - Privacy Policy, available here

References in this Privacy Policy to the "Benfica Group" or "Benfica", "we" or "our" mean the entity of the Benfica Group with which it has established a relationship and which in the appropriate context determines the purposes and means of data processing, being considered for this purpose the entity responsible for the processing, under the terms of the GDPR.

Personal data is any information of any nature and regardless of its support, including sound and image, relating to an identified or identifiable individual ("data subject"). A person is considered identifiable if he/she can be identified directly or indirectly, namely by reference to an identification number or more specific elements of his/her physical, physiological, psychic, economic, cultural, or social identity.

The Benfica Group collects and processes the personal data necessary for the processing purposes previously defined.

Categories of personal data we process, purposes, and grounds

The Benfica Group is especially concerned with the protection of the rights of minors, so the collection of personal data of people under 18 years of age is, in most cases, dependent on the consent of their parents/guardians.

The Benfica Group processes this data in accordance with the applicable legislation, for various purposes, including:

The personal data collected is processed in strict compliance with the applicable legislation and stored in a specific database created for this purpose.

The period for which data is stored and retained varies according to the purpose for which the information is used. There are, however, legal requirements that require data to be retained for a certain period. Thus, and whenever there is no specific legal requirement, the data will be stored and maintained only for the period necessary for the purposes for which they were collected, as identified above.

Under the terms of the applicable legislation, the data subject may request at any time the following rights:

• Right of access - Benfica ensures the existence of means allowing the data subject to have access to the personal data that the entity holds on the data subject


• Right to rectification - Benfica ensures the existence of means that allow the data subject to rectify their personal data, if they are incorrect/inexact, or complete them if they are incomplete.


• Right to erasure "Right to be forgotten" - Benfica ensures the existence of means that allow the data subject to request the "erasure" of their personal data when any of the following circumstances occur:
  
  • When the data is no longer necessary for the purposes for which they were collected or otherwise processed;
  • When the data subject withdraws his consent to the processing of his data and there is no other legal basis for the processing;
  • When the data subject exercises his right to object and no other legitimate grounds are prevailing for processing;
  • When personal data has been unlawfully processed;
  • When the data must be deleted to comply with a legal obligation applicable to the entity as a controller; or
  • When the data has been obtained in the context of the direct offer of information society services to minors.


• Right to object - Benfica ensures the existence of means that allow the data subject to object specific personal data processing for specific purposes listed below, without prejudice to directives or laws in force:
  • Performance of public interest tasks for the pursuit of a legitimate interest of the said controller or a third party;
  • Guarantee that the purpose of the processing is compatible with the purpose for which the data was initially collected, including the definition of profiles;
  • Sending marketing communications or processing for targeted advertising, based on the legitimate interests of Benfica.


• Right to restriction of processing - Benfica ensures the existence of means that allow the data subject to request the restriction of the processing of their personal data.


• Right to data portability - Benfica ensures the existence of means that allow the data subject to request that a copy of their personal data be sent to another controller. This data is transmitted in a digital and structured format.

Push notifications are pop-up notifications that appear on your screen, presented through applications installed on your mobile device or computer. These serve as a quick way to communicate and send short messages. They can also be web notifications, when they appear while surfing the Internet, regardless of which browser you have installed and use to surf the Internet.

Since push notifications are notifications displayed on the device or browser itself, if you want to stop being notified or want to manage the notifications you receive you can do so on the device or browser itself.

Regardless of the operating system of your mobile device/tablet and the browser you use, the settings for these notifications can be changed at any time, either specifically for certain applications or websites or for the entire device or browser.

The User can change the settings of his browser through the following links:

• Google Chrome
• Microsoft Edge
• Mozilla Firefox
• Internet Explorer
• Safari
• Opera

You can change the settings of your operating system through the following links:

• Android operating system
• iOS operating system

Data subjects may exercise their rights by written request addressed to the Benfica Group to the e-mail address linhabenfica@slbenfica.pt or to the address:
Estádio do Sport Lisboa e Benfica
Av. Eusébio da Silva Ferreira – Porta 18
1500-313 Lisboa

In accordance with the applicable legislation, you are also guaranteed the right to withdraw your consent for the processing of the data for which consent is the basis for the legitimacy of processing, through the above-mentioned contact details. To this end, you have the right to withdraw your consent at any time, which shall not, however, invalidate the processing carried out until that date based on the consent previously given.

Additionally, Data Subjects with a myBenfica account can exercise their rights directly through their account, as well as manage their consents.

Data Subjects may also contact the Benfica Group Data Protection Officer "DPO" at dpo@slbenfica.pt.

Without prejudice to any other means of administrative or judicial appeal, the data subject has the right to submit a complaint to the national supervisory authority (CNPD) or any other competent supervisory authority under the terms of the law, if he/she considers that his/her data is not being processed legitimately by Benfica, under the terms of the applicable legislation and this Policy.

This Privacy Policy applies in full to all users of the Benfica Group Platforms. However, given the specificity inherent to the usage of the referred digital platforms, it is important to regulate some particularly relevant issues within this scope.

Benfica Group is aware that communicating personal information is of great concern to users who use the Internet. Notwithstanding the security measures adopted by the Benfica Group, we alert all users that when accessing the Internet they should regularly take precautions and adopt additional security measures in this regard, namely by using an updated computer and browser, and being careful when using shared computers.

Through our Platforms, we provide links to third-party websites, which are subject to separate Privacy Policies. Please note that this Privacy Policy does not apply to such websites and Benfica Group is not responsible for the collection of your information by such third parties through their websites.

The Benfica Group does not have access to data regarding financial transactions namely credit card number, this information is made available directly to the online payment company that you have chosen for the payment processing - whose conditions can be found on the site of the entity that provides these services to the Benfica Group: https://stripe.com/en-pt or https://www.sibs.com/, however, if it is necessary to confirm the payment of the order or resolve any questions arising from it, it may have access to this data.

PFor more information about cookies and how the Benfica Group uses them on its websites or applications see the Cookies Policy.

The Benfica Group implements a set of procedural and technological measures to ensure the safety of the processing of personal data carried out by the Benfica Group or by companies hired by it.

Procedures and security controls are defined at both physical and digital levels, to ensure data integrity and access control and that only authorized users have access to the data.

Benfica adopts measures to safeguard the security of personal data, including protection against illegitimate access, appropriation, tampering and/or unauthorized disclosure, improper disposal, and dissemination of malicious software (computer viruses), adopting the appropriate technical and organizational measures for this purpose.

Benfica guarantees privacy and security in the transmission and storage of personal data, using SSL (Secure Sockets Layer) encryption of all information provided by the user.

In matters of privacy and personal data protection, Benfica's obligations towards the User, as the holder of personal data, are obligations of means (and not of result), for which reason, when accessing the Platforms and the Contents, the User recognizes and accepts, equally, to run the risks inherent to such activity in the digital and electronic environment, namely, the illegitimate access, appropriation, unauthorized tampering and/or disclosure, undue deletion and dissemination of malicious software (computer viruses).

The user recognizes and accepts, furthermore, that Benfica, its administrators, directors, and employees, cannot be held responsible for illicit acts practiced by third parties, including other users, namely those referred to in the previous number, even in cases where such acts cause damage, be it of a patrimonial or moral nature.

Any communication or message sent by the User by e-mail, the transmission of files, the inclusion of data, or any other form of unsolicited communication and, provided it does not contain instructions to the contrary, shall be considered non-confidential and free of any restrictions of use.

Benfica uses other entities for the rendering of certain services. This provision of services may eventually imply access, by these entities, to the personal data of the Data Subjects.

Thus, any processor of the Benfica Group will process the personal data of the data subjects in name and on behalf of Benfica under the strict obligation to follow our instructions. The Benfica Group shall ensure that such processors provide enough guarantees that appropriate technical and organizational measures are taken so that the processing complies with the requirements of the applicable legislation and ensures the safety and protection of the rights of the data subjects, under the data processing agreement executing with the processors.

For integrated management of members and control of the Sport Lisboa e Benfica brand, we inform you that your personal data may be communicated between the entities that compose the Benfica Group.

Benfica may also communicate personal data to third parties when it deems such communications necessary or appropriate (i) considering the applicable legislation, (ii) in compliance with legal/regulatory obligations/judicial orders, or (iii) to answer requests from public or governmental authorities, as well as (iv) in the scope of partnerships it has established.

In any of the situations mentioned above, Benfica undertakes to take all reasonable measures to ensure the actual protection of the personal data it handles.

Benfica undertakes to ensure the security and integrity of data in the cross-border transfer (outside the European Economic Area) and to inform the data subjects of this transfer whenever it occurs. Additionally, Benfica is responsible for implementing the necessary mechanisms to obtain the legal basis to execute any cross-border transfer, whenever applicable (for example, the celebration of the Standard Contractual Clauses approved by the European Commission).

In accordance with the provisions of Law No. 93/2021, dated December 20, which established the general regime for the protection of whistleblowers of offenses, transposing Directive (EU) 2019/1937 of the European Parliament and the Council, dated October 23, 2019, on the protection of individuals who report violations of Union law, the Benfica Group provides the Internal Whistleblower Channel SAD and the Internal Whistleblower Channel Club. These channels allow for the secure submission and tracking of reports, ensuring completeness, integrity, and preservation of the reports, as well as the confidentiality of the identity or anonymity of the whistleblowers and third parties mentioned in the report, with access restricted to authorized individuals.

The channel is made available to both Benfica employees and other categories of reporters as provided in Article 5 of Law No. 93/2021.

The companies of the Benfica Group covered by Article 8 of Law No. 93/2021 (the "obliged entities") process the personal data of employees and other categories of reporters, respectively, based on compliance with legal obligations and the pursuit of their legitimate interests.

You may contact the Benfica Group for further information on the processing of your personal data, as well as any questions related to the exercise of your rights under the applicable legislation and those referred to in this Privacy Policy, through the following contacts:

Telephone: 932 401 904
E-mail: linhabenfica@slbenfica.pt
Adress:
Estádio do Sport de Lisboa Benfica
Av. Eusébio da Silva Ferreira, Porta 18
1500-313 Lisboa, Portugal

Benfica reserves the right, at any time, to make changes or updates to this Privacy Policy and these changes are duly updated on our Platforms. We suggest that you check this Privacy Policy regularly to be aware of any changes.