This Policy aims to inform Clients/Users of the general rules governing the processing of personal data, which are collected and processed in strict compliance with the applicable personal data protection legislation — namely Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”).
SUCCESSPIGMENT LDA, tax identification number 510 771 840, is committed to protecting the personal data of its clients and users of its landing page, website and/or online store. To this end, it has drawn up this Privacy Policy in order to demonstrate its commitment to and respect for the rules relating to privacy and the protection of personal data collected and processed in accordance with the GDPR.
SUCCESSPIGMENT LDA follows best practices in the field of security and personal data protection and has adopted the necessary technical and organisational measures to comply with the GDPR, ensuring that the processing of personal data is lawful, fair, transparent and limited to authorised purposes, hereinafter referred to as contágio.
WHAT ARE PERSONAL DATA AND WHAT DATA DO WE COLLECT?
Personal data means any information, of any nature and regardless of the medium, including sound and image, relating to an identified or identifiable natural person, such as name, address, email address, etc.
An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to a name, identification number, location data, online identifiers, or one or more elements specific to their physical, physiological, genetic, mental, economic, cultural or social identity.
Within the scope of its activities, contágio processes the personal data necessary for the provision of services and/or supply of products, including data such as name, address, telephone number and email address, as further detailed information is provided to data subjects.
Without prejudice to compliance with legal rules relating to data retention and transmission for the purposes of investigation, detection and prosecution of serious crimes, as well as other legally required processing activities, the data provided will be processed by contágio insofar as they are necessary for the provision of the respective services.
Personal data relating to traffic, geographic location and profiles may also be processed for marketing purposes or for the promotion of goods or services by contágio, provided that the data subject has given the relevant consent.
contágio collects personal data via telephone, in writing and through its website, always ensuring, where required, the prior consent of the data subject.
Personal data may be processed electronically and in an automated or non-automated manner, ensuring full compliance with personal data protection legislation, and will be stored in specific databases created for this purpose. Under no circumstances will the data collected be used for purposes other than those for which they were collected or for which consent was given.
DATA SUBJECT RIGHTS
As a data subject affected by data processing activities, you have the following rights under Articles 15 et seq. of the GDPR:
Right of access – The data subject has the right to obtain confirmation from contágio as to whether or not personal data concerning them are being processed and, where that is the case, access to the personal data.
Right to rectification – The data subject has the right to obtain the rectification of inaccurate or incomplete personal data.
Right to erasure (right to be forgotten) – The data subject has the right to request the deletion of personal data where one of the following applies:
This right does not apply where processing is necessary to comply with a legal obligation.
Right to object – You may object to the processing of your personal data where such processing is carried out for direct marketing purposes.
The data subject also has the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal.
Where technically feasible, the data subject may request the portability of their data to another data controller. The data will only be retained for the purpose of exercising or defending legal claims.
For the same purpose (declaration, exercise or defence of rights in legal proceedings), data may also be retained when any of the above rights are exercised.
To exercise any of these rights, or for any questions regarding data protection, the data subject must contact the data controller in writing using the contact details below. Proof of identity will always be required.
If you believe that your rights have not been adequately safeguarded, you may lodge a complaint with the Portuguese Data Protection Authority (CNPD).
Further information is available at: https://www.cnpd.pt/
WHO IS RESPONSIBLE FOR DATA PROCESSING?
The entity responsible for processing personal data is contágio, which determines the purposes and means of processing.
For this purpose, data subjects may contact the data controller via:
WHO IS THE DATA PROTECTION OFFICER?
The Data Protection Officer ensures compliance with applicable legislation, monitors adherence to this Privacy Policy, and defines clear rules for personal data processing, ensuring transparency and awareness of data subject rights.
Data subjects may contact the Data Protection Officer at:
PURPOSES AND LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
We use personal data to provide access to our website, generate usage statistics, improve and develop our website, provide services, respond to enquiries, send newsletters (where subscribed), and analyse aggregated data for business analysis.
In accordance with Article 6 of the GDPR, personal data are processed where:
-
The data subject has given consent;
-
Processing is necessary for the performance of a contract or pre-contractual steps;
-
Processing is necessary to comply with a legal obligation;
-
Processing is necessary to protect vital interests;
-
Processing is necessary for legitimate interests, unless overridden by data subject rights.
DATA RETENTION PERIOD
Personal data are retained only for the minimum period necessary to fulfil the purposes for which they were collected, unless a longer retention period is required by law.
DATA SHARING AND INTERNATIONAL TRANSFERS
contágio may engage third parties to provide certain services, which may involve access to personal data. In such cases, appropriate measures are taken to ensure that these entities provide adequate data protection guarantees, duly safeguarded by contract.
Any subcontractor processes personal data on behalf of contágio and adopts appropriate technical and organisational security measures. contágio remains responsible for the personal data provided.
The provision of services may involve the transfer of data outside Portugal, including outside the European Union or to international organisations. In such cases, contágio ensures full compliance with applicable legal requirements, including adequacy decisions and appropriate contractual safeguards.
