The Data Controller of the personal data collected and processed in connection with the website, in compliance with the General Regulation on the Protection of Personal Data and the complementary national legislation on the protection of personal data (referred to as the "Regulation"), is Joana Maria Soares de Oliveira da Rosa Garoupa with Tax ID Number 210609630, with its registered office at Rua Sousa Pinto, 11, Lisboa (referred to as the "Controller").
The contact details of the Controller are:
- e - mail: firstname.lastname@example.org
- tel.: +351964006843
What is personal data?
Personal data is any information relating to an individual which identifies that person or makes it identifiable.
Collection of personal data
What are Cookies?
- Cookies are small information files that help you identify your browser and can store information, for example, User settings and preferences.
- The Controller will store cookies on your device to personalize and facilitate browsing as much as possible, but also for troubleshooting, statistics, quality assurance, and to monitor system security.
- With the exception of cookies specifically required for the performance of the website, the storage of other cookies will always depend on the User's acceptance and consent, and this consent may be withdrawn at any time through specific browser tools.
- To find out more about the cookies we use, please see our Cookies Policy.
What are the purposes and legal basis for processing the personal data we collect?
The personal data that the Controller processes has specific legal basis according to the purposes for which they are intended.
In the following table you can see which foundations and purposes are pursued:
What personal data we collect?
The personal data that the Controller collects and processes is only that which is necessary and appropriate for the abovementioned purposes.
The Controller will collect and process the following personal data:
Data storage period
In the event that the law provides for a specific or mandatory period, the data will be kept for that period. In all other cases, personal data will be kept for a maximum of the times indicated above, periods that the Controller deems as sufficient to fulfill its purposes.
At the end of the conservation period, all collected personal data shall be deleted.
When do we communicate personal data to third parties?
The Controller may use third parties to provide certain services, such as website maintenance, database hosting, technical support, marketing, and they may have access to some of the personal data, namely, the data necessary for the contracted Purposes.
The third parties that process customers' personal data are data processors, hired by the Controller. The services of data processors are essential for the normal operation of the website.
For example, for the purpose of providing website analytics services, the Controller has Google Analytics as a data processor.
The Controller ensures that the entities that have access to the data are credible and offer protection guarantees, never having any data transmitted to them beyond what is necessary to provide the contracted service, remaining, however, the Controller as responsible for the personal data provided.
Data transfers outside the European Union
In the event that data transfers may occur to third countries outside the European Union, the Controller will comply with the legal rules, particularly with regard to the suitability of the destination country in relation to the protection of personal data and requirements, which are applicable to these transfers, not being transferred personal data to jurisdictions that do not offer guarantees of security and protection.
Third Party Websites
The website may contain links to other websites which may collect and process your personal data and, such processing is the exclusive responsibility of the owners of these websites, and the Controller shall not be liable for their policies and/or practices.
Example of such third parties is Facebook, LinkedIn or Instagram, through the buttons that are available on the website.
The website is not directed to minors under 16 years old, so we request that minors do not provide us with personal information through the website, application, social media and/or emails.
What your rights are and how you can exercise them
Before we explain how you can exercise your rights, you should know what they are. Thus, the law grants you the right to request us to exercise the following rights:
- Access: the right to obtain confirmation as to whether or not personal data concerning you are being processed and, if so, the right to access your personal data and to request further information as to how we process your personal data;
- Rectification: the right to obtain the rectification of inaccurate or outdated personal data concerning you and to have incomplete personal data completed;
- Erasure: the right to obtain the erasure of one's personal data when one of the grounds listed in the legislation applies, in particular when: the data are no longer necessary, the data subject has withdrawn consent, the data subject objects to their processing, the data are unlawfully processed, erasure is necessary in order to comply with a legal obligation, or the data have been collected in connection with the provision of information society services;
- Restriction of processing: the right to obtain the restriction of processing where one of the situations listed in the law applies, namely where the accuracy of the data is contested, where the processing is unlawful but the data subject opposes their erasure and requests restriction of use, where the controller no longer needs the data but the data are necessary for the establishment, exercise or defence of legal claims or where the data subject has objected to the processing;
- Objection: the right to object at any time to the processing of personal data concerning you;
- Portability shall mean the right to receive personal data concerning him/her in a structured, commonly used and machine-readable format.
You also have the right to withdraw or change, at any time, the consent you have given us to process your personal data, in cases where such consent has been requested.
If you request us to delete some or all of your personal data, some of the services requested may not be provided to you and the Controller will retain only the personal data necessary to comply with the legal obligations to which it is bound.
To exercise your personal data protection rights or to ask any questions about the processing of your personal data, please contact the Controller at email@example.com.
If you are dissatisfied with how we use your personal data or with our response to your request to exercise your rights, you may file a complaint with the National Commission for Data Protection (CNPD) - https://www.cnpd.pt.
Security of personal data
Your personal data are kept secure by means of various technical and organizational security measures deemed necessary and appropriate for the protection of personal data.
The Controller has taken technical precautions to protect the spaces where data is stored, in particular by protecting computer access with a password, using antivirus software and regularly maintaining the computer. Furthermore, the Controller ensures that only those employees who are entitled to access the personal data, in accordance with the rules created for this purpose, have access to the personal data.
To protect your personal data we only use data center providers who provide us with adequate and documented security measures, including guarantees that your personal data is stored on servers that are maintained in controlled environments with limited access.
Similarly, when browsing the WEBSITE, we protect your data through the use of encryption, such as Transport Layer Security (TLS).
Although we take all necessary precautions we deem appropriate to protect the personal data you provide to us and we collect, one must be aware that no security system is impenetrable.
When submitting a contact request on the website, the customer/user is asked to read the respective privacy notice, which informs him specifically and more clearly about the conditions of collection and processing of his data and enables him to consent to the data processing concerned.
If you consent to these conditions, you must check the applicable checkbox on the order form.
These Rules come into force on March 31, 2023.
Last update: March 31, 2023