1. About us

OGMA – Indústria Aeronáutica de Portugal, S.A. (“OGMA”), headquartered at Parque Aeronáutico de Alverca, Alverca do Ribatejo, Portugal, is the entity responsible for processing your personal data.

Contact: geral@ogma.pt, phone: (+351) 21 958 1000.

2. Scope of application

This Policy applies to all personal data that OGMA collects and processes in the context of the OGMA.pt website and OGMA apps, as well as in the contexts of contractual relationships, recruitment, service provision, commercial and marketing communications, application preparation, among others.

3. What personal data we collect

We may collect, depending on the situation:

• Identification: name, address, identification number, date of birth.

• Contact: email, phone.

• Professional / contractual data: position, company, details of the service or role, work history, training.

• Browsing data: IP, cookies, pages accessed, duration of the visit, approximate geolocation (if applicable).

• Application data: résumé, experience, references.

4. Purposes of processing

We use your data to:

• Enter into and execute employment or service contracts.

• Respond to applications and carry out staff selection.

• Manage the relationship with customers, suppliers, and partners.

• Comply with legal and regulatory obligations.

• Send commercial communications related to our products, services, events, and news (when you have given consent or when legally permitted).

• Produce statistics and improve content and the website.

• Protect our legitimate interests (e.g., security, fraud prevention, identity verification).

5. Legal basis for processing

Depending on the case, processing is based on:

• Freely given, specific, informed, and explicit consent.

• Performance of a contract to which the data subject is a party.

• Compliance with legal obligations.

• OGMA’s legitimate interest, provided that such interest does not override your fundamental rights and freedoms.

6. Data recipients / data sharing

Your data may be shared with:

• Suppliers / subcontractors that support our services (e.g., IT services, data hosting, system maintenance, digital marketing).

• Public, judicial, tax, or regulatory authorities, when legally required.

• Partner entities, if you have given consent or if it is necessary to fulfil contractual obligations.

If any recipient is located outside the European Union, we ensure that adequate data protection safeguards are in place, in accordance with the GDPR (such as standard contractual clauses, adequacy decisions, etc.).

7. Data retention

We process the data only for as long as necessary for the purposes for which it was collected or as required by law. After this period, the data will be deleted or anonymised.

Examples of periods:

• Recruitment data: (e.g.) 1–2 years after the conclusion of the process.

• Customer / contract data: for the duration of the contract + x years (for tax or warranty obligations).

• Browsing data: in accordance with the cookie policy.

8. Rights of data subjects

Data subjects have the following rights, under the applicable legislation:

• Access to your data.

• Rectification of incorrect or outdated data.

• Erasure (“right to be forgotten”), when applicable.

• Restriction of processing.

• Objection to processing on legitimate grounds or for marketing purposes.

• Data portability.

• Withdrawal of previously given consent.

To exercise these rights, you may contact OGMA via the email geral@ogma.pt, or through any other contact provided in the policy.

9. Data security

OGMA applies appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or improper alteration.

This includes practices such as access control, system protection, backups, encryption when applicable, risk assessment, and periodic review of procedures.

10. Minors

If any personal data of minors is collected (where applicable), such processing will be carried out with the prior consent of their legal representatives, in accordance with the law.

11. Changes to the policy

This policy may be amended or updated in the future. Any changes will be published on this page, indicating the date of the last revision. We recommend that you check it regularly.

12. Applicable law and supervisory authority

• The processing of data is governed by Regulation (EU) 2016/679 (GDPR) and the applicable Portuguese legislation.

• The national supervisory authority is the Portuguese Data Protection Authority (CNPD – Comissão Nacional de Proteção de Dados).