The present Privacy Policy aims to clarify and inform the data subject about the manner in which their personal data is collected, used, processed, and disclosed on the website www.flowertowers.pt, according to the Regulation (EU) 2016/679 of the European Parliament and of the Council, dated April 27, 2016 (General Data Protection Regulation, hereinafter referred to as "GDPR"), and Law No. 58/2019, dated August 8, which ensures the implementation of the GDPR in the national legal order, as well as to transparently and intelligibly inform personal data of their rights and how they can exercise them.
INDEX
1. Definitions
To better understand the terms used in this Privacy Policy, we present the most relevant definitions:
Consent - a freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they agree, by a statement or clear affirmative action, to the processing of personal data concerning them.
Personal data - information related to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, electronic identifiers, or one or more specific elements of the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Definition of profiling - any form of automated processing of personal data consisting of the use of those personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning their professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
Recipient - an individual or legal entity, public authority, agency, or other body to whom personal data are disclosed, whether a third party or not.
Data Controller - an individual or legal entity, public authority, agency, or other body that determines the purposes and means of processing personal data.
Data Processing - an operation or set of operations performed on personal data, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or any other form of provision, alignment or combination, restriction, erasure, or destruction.
2. Data Controller
The entity responsible for the processing of personal data within the scope of the use of the website www.flowertowers.pt (hereinafter referred to as the "Website") is Nexity P1, Lda., with registered office at Rua Professor Carlos Alberto da Mota Pinto, No. 9, 4th floor, room B2, Edifício Amoreiras Plaza, 1070-374 Lisbon, with a share capital of € 5,000.00, a legal entity registered in the Commercial Registry Office under the unique registration and corporate identification number 515211370, and email address privacidade@nexity.pt (hereinafter the "Data Controller").
The Data Controller has a Data Protection Officer who can be contacted through the following email: manuel.ferreira@lexdata.pt
3. What personal data is collected?
Category of data subjects |
Personal data collected |
Purposes |
Potential Clients |
First Name, Last Name, E-mail, Telephone |
Allowing response to information requests / contact requests / scheduling visits / meetings |
Marketing (sending unsolicited communications/newsletters) |
||
Processing of complaints |
||
All categories indicated above |
All data collected through the website |
Compliance with the duty to cooperate with competent authorities. Defense of the interests of the Data Controller in judicial or other proceedings and verification of compliance with contractual obligations. |
4. Purposes, legal basis, and retention period
The personal data provided by the holder in the scope of using the Website are those only strictly necessary for the purposes described below, with full transparency and assurances of security and confidentiality in processing.
Purpose |
Legal Basis |
Retention Period |
Allowing response to information requests / contact requests / scheduling visits / meetings |
Execution of contract and/or pre-contractual measures. |
While the contract remains in force or up to 3 years after the last contact, whichever occurs first. |
Marketing (sending unsolicited communications/newsletters) |
Consent |
For 2 years after obtaining consent |
Processing of complaints |
Execution of contract and/or pre-contractual measures or legitimate interests of the Data Controller (improvement of customer service). |
Until the complaint is resolved |
Defense of the interests of the Data Controller in judicial or other proceedings and verification of compliance with contractual obligations |
Legitimate interests of the Data Controller (ensuring defense in judicial or other proceedings and verification of compliance with contractual obligations). |
3 years after the last interaction of the data holder with the Data Controller. |
Compliance with the duty to cooperate with competent authorities |
Compliance with a legal obligation of the Data Controller |
Until the end of the longest retention period provided above for each category of data subjects |
Data subjects have the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of the processing conducted based on the previously given consent.
5. Recipients of personal data
To fulfill the aforementioned purposes, the Data Controller will transfer the personal data of the data subjects to the following categories of recipients:
a) Communication agencies and marketing consultants
b) Consulting service providers
c) IT service providers
d) Judicial, administrative, supervisory, or regulatory authorities
e) Event organization entities
Personal data will not be transferred to a third country or international organization.
6. Rights of personal data holders
Data holders have the following rights:
7. Security
We are constantly implementing and updating technical, physical and administrative security measures that help us protect your personal data against unauthorized access, loss, destruction or alteration. Some of the safeguards we use to protect your information include firewalls, data encryption, and access controls to information. The Data Controller maintains a personal data breach response system, taking necessary measures to mitigate any potential harm to the rights and freedoms of the data subjects.
8. Changes to the present privacy policy
The Data Controller may modify this Privacy Policy at any time, and such changes will be posted on the Website, with a record of the last modification.
Last modification was made on July 19th, 2023.