Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 ("General Data Protection Regulation" or "GDPR") has introduced significant changes to the data protection regime at the European Union level, following the growing concern about the protection of this data.
ADRENALINEQUATION Lda ("Dona Rosa") attaches great importance to the privacy and security of its customers in the shopping centres it manages. We strive to ensure respect for best practice in security and protection of personal data by promoting actions to that end and improving our systems to ensure the protection of the data that is made available to us.
Therefore, we want you to understand our data processing activities, the personal data we collect, the purposes for which we process the data and the steps we take to protect your privacy in all your contacts with us.
Dona Rosa has created and developed the Dona Rosa service (hereafter, the "Service") which consists of:
- collection of garments (hereinafter, the "Garments") from your home or other address of your choice, under the terms described in these Terms and Conditions;
- delivery of those Garments to service providers selected by Dona Rosa for the execution of an Order, as defined in the Dona Rosa Platform Terms and Conditions (available at [insert link]
- collection of the Parts from such service providers;
- delivery of the washed and/or ironed garments to the customer's home or other address selected by the customer.
You may manage the personal data you provide us with, some preferences regarding the data processing operations we carry out and consult this Policy at all times through your user profile on the Dona Rosa Platform (hereinafter, the "Platform"), on the Platform itself or through [insert link]. As is common practice with this type of resource, we collect certain information about you on the Platform (e.g. through cookies) to ensure the proper functioning of the Platform and the development and improvement of its functionalities. In this regard, please see the section on DATA PROCESSING ON THE PLATFORM below.
According to the RGPD, shall be considered personal data, any information of any nature and regardless of its support, including sound and image, relating to an identified or identifiable natural person (data subject). An identifiable person is one who can be identified directly or indirectly, in particular by reference to an identification number or to more specific elements of his/her physical, physiological, psychic, economic, cultural or social identity.
In the context of the Service, Dona Rosa does not collect personal data that has a more sensitive nature, classified by the RGPD as "special categories of data" (e.g. data about racial or ethnic origin, political opinions, religious or philosophical beliefs, biometric identifiers, sex life, sexual orientation or about your health).
Data subject - identified or identifiable natural person to whom the personal data refer;
Processing - operation or set of operations performed on personal data or on sets of personal data, by automated or non-automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, erasure or destruction;
Controller - a natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its appointment may be provided for by Union or Member State law;
Data subject's consent - a freely given, specific, informed and explicit indication of his or her wishes by which the data subject signifies his or her agreement to personal data relating to him or her being processed, either by a statement or by an unambiguous affirmative act;
Processor - a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Supervisory authority - an independent public authority established by a Member State, with responsibility for monitoring the application of the GDPR in order to protect the fundamental rights and freedoms of natural persons in relation to processing and to facilitate the free flow of data within the Union. In Portugal, the supervisory authority will be the National Commission for Data Protection ("CNPD");
Third party - a natural or legal person, public authority, service or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the personal data;
Profiling - any form of automated processing of personal data which consists of using such personal data to, namely, include a natural person in a certain category, with respect to their professional performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
Personal data breach - a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed;
Pseudonymisation - the processing of personal data in such a way that they can no longer be attributed to a specific data subject without the use of further information, provided that such further information is kept separately and subject to technical and organisational measures to ensure that personal data cannot be attributed to an identified or identifiable natural person;
Anonymisation - a technique resulting from the processing of personal data in order to remove sufficient detail from the data to no longer be able to identify the data subject irreversibly. More precisely, the data must be processed in such a way that they can no longer be used to identify a natural person using "all the means likely reasonably to be used", whether by the controller or by a third party. The main techniques for anonymising personal data are randomisation and generalisation;
Responsible for the processing of YOUR personal data
As the entity responsible for the Service, Dona Rosa makes the relevant decisions about the purpose for which your personal data is processed in the context of its provision, as well as about the means used to carry out such processing. As such, Dona Rosa is the data controller of your personal data.
Should you wish to obtain any clarification from Dona Rosa regarding the processing of your personal data, or exercise your rights under the GDPR, you may contact Dona Rosa and/or its Data Protection Officer using the contact details provided below (in the section HOW YOU CAN CONTACT US).
Categories of personal data we process and means and timing of collection
We collect your data directly when you create a user account on the Platform, when you edit or add certain personal data to your user profile, when you place, modify or cancel an Order, when you ask us questions through the Platform or the other means we make available to you or when you make a payment for the Service. In this regard, your personal data includes data relating to your consumption of the Service, the addresses from which you wish us to collect or deliver Parts and the characteristics of your Parts. For the complete list of personal data Dona Rosa processes in the context of the Service, as well as the times at which Dona Rosa collects it, please see the table below.
PURPOSES OF PROCESSING
The personal data described in the previous section is processed by Dona Rosa for the provision of the Service.
Dona Rosa also processes the personal data collected about you in the context of the Programme in order to draw up your profile as a consumer, taking into account the preferences and interests you express on the Platform, namely by analysing your consumption history.
Thus, Dona Rosa uses your personal data for the following purposes:
|Purpose||In order to be able to provide the Service To this end, in addition to your identification and contact details, we need to process data relating to your Orders, your consumption and payments, as well as some data collected through cookies that is strictly necessary to provide you with the Service (namely, to ensure secure access to the Platform).|
|Provision of Services|
|Profiling and predictive analysis||Dona Rosa may also process the personal data collected about you in the context of the Service in order to draw up your consumer profile, taking into account the preferences and interests you express on the Platform, in particular by analysing your consumption history. Through this profile, Dona Rosa may make certain forecasts about the behaviour of the customers of the Service, useful for planning new commercial initiatives. Should you object to your personal data being processed for this purpose (see sections "YOUR RIGHTS" and "HOW YOU CAN CONTACT US"), Dona Rosa will anonymise your personal data when you intend to process it for this purpose|
|Sending direct marketing communications related to services similar to the Services provided under the Programme||Dona Rosa may process the contact details you have provided us with in connection with the Service in order to send you promotional communications relating to services similar to the Service provided on the Platform (e.g. to promote another similar Dona Rosa initiative). In any case, you will always be guaranteed the possibility of objecting to the use of your contact details for this purpose when you join the Platform[ 1] , as well as on the occasion of each marketing message received[ 2] . Please see the sections "YOUR RIGHTS" and "HOW YOU CAN CONTACT US".|
|Other activities and support||We may also process your personal data for the purposes of administrative and financial management, conducting audits, fraud detection and analysis, asserting, exercising and defending our rights in legal proceedings, and developing and maintaining information systems|
|Compliance with legal obligations||In particular, the obligation to provide your personal data to the Tax and Customs Authority, as well as to Courts, solicitors and criminal police bodies in the exercise of their powers and duties (to learn more about the categories of recipients of your personal data, please see the section "DATA COMMUNICATIONS TO THIRD PARTIES", below).|
LEGAL GROUNDS FOR PROCESSING
We always process your personal data in strict compliance with the law. In accordance with the GDPR, in order for it to be lawful to process your data, Dona Rosa must always have a suitable basis for doing so.
In the table below, you will find the legal grounds that legitimise the processing of personal data for the purposes we have indicated above (see section "Purposes of Processing").
|Provision of Services||Execution of the contract entered into between you and Dona Rosa, i.e. the Terms and Conditions you accepted when joining the Platform (cf. article 6, no. 1, paragraph b) of the RGPD)|
|Profiling and predictive analysis||Necessity of the processing for the purposes of the pursuit of the legitimate interests of Dona Rosa (cf. Article 6(1)(f) of the RGPD)|
|Sending direct marketing communications related to services similar to the Services provided under the Programme||Necessity of the processing for the purposes of the pursuit of the legitimate interests of Dona Rosa (cf. Article 6(1)(f) of the RGPD)|
|Other activities and support|
|Compliance with legal obligations|
Staff authorised to access your data
Dona Rosa attaches great importance to the privacy and security of its customers. Therefore, we have implemented a robust access control system to ensure that your data will only be accessed in the pursuit of the purposes and grounds listed. Access is on a need-to-know basis, both by Dona Rosa's employees and its subcontractors, all of whom are bound by appropriate confidentiality obligations.
To learn more about the subcontractors Dona Rosa relies on to process the personal data it collects in the context of the Platform, see the section "DATA COMMUNICATIONS TO THIRD PARTIES", below.
Periods for storing data
The conservation period of your personal data will vary according to the purpose for which they are processed. Dona Rosa keeps the personal data collected on the Platform for as long as you remain subscribed to the Platform. However, in certain cases, there may be legal obligations to which Dona Rosa is bound that oblige us to keep your data for a longer period. For example, applicable fiscal and commercial legislation obliges us to keep certain information for a period of 10 years.
We also take as a reference for determining the appropriate retention period the various deliberations of the European data protection control authorities, in particular the CNPD, especially with regard to the retention of data used for the purpose of sending marketing communications.
Additionally, we may keep certain personal data for a longer period of time when they are necessary for the purposes of the declaration, exercise or defence of the rights of Dona Rosa in a legal action underway (until the judgment is final, plus a period of 6 months), or when the personal data are necessary for Dona Rosa to prove compliance with contractual or other obligations, in which case the data will be kept until the expiration of the corresponding rights.
In accordance with the applicable data protection legislation, the data subject may request, at any time, access to personal data concerning them, as well as their rectification, elimination or limitation of processing, the portability of their data, or may oppose their processing. You can exercise these rights by the means indicated below in the section "HOW YOU CAN CONTACT US".
Your rights under applicable data protection legislation consist of:
|HOLDER'S RIGHTS||Right to obtain confirmation as to which of your personal data are being processed, as well as to obtain a copy of your personal data being processed. The right to obtain such a copy does not prejudice the rights and freedoms of third parties (including Dona Rosa itself or its subcontractors), including commercial secrets or intellectual property and, in particular, the copyright protecting software|
|Right of Access|
|Right of Rectification||Right to request that inaccurate personal data concerning them be corrected or to request that incomplete personal data be completed|
|Right to Erasure||Right to obtain the erasure of your personal data. This right shall not apply, for example, where the processing of the data is necessary for compliance with a legal obligation to which Dona Rosa is subject or for the establishment, exercise or defence of legal claims|
|Right to Limitation of Treatment||Right to request the restriction of the processing of their personal data by requesting the suspension of processing or the limitation of the scope of processing to certain categories of data or purposes of processing|
|Right to Portability||The right to receive the data you have provided to Dona Rosa in a digital format for common use and automatic reading or to request the direct transmission of your data to another entity that becomes the new controller of your personal data, if the processing of your data is based on your consent or the execution of a contract|
|Right to Opposition||Right to object to data processing where the processing is based on the pursuit of the legitimate interests of Dona Rosa (see section "LEGAL GROUNDS FOR PROCESSING", above)|
In accordance with the law, you are also guaranteed the right, by the above-mentioned means, to withdraw your consent for data processing for which consent is the basis of legitimacy, such as processing carried out for sending direct marketing communications related to services not analogous to the Service, or on products and services from other companies. To this end, you have the right to withdraw your consent at any time, which does not invalidate the processing carried out until that date on the basis of the consent previously given.
Should you consider that the manner in which we process your data does not comply with the data protection legislation in force, we inform you that, without prejudice to any other means of administrative or judicial recourse, you have the possibility of filing a complaint with the National Data Protection Commission or another control authority in this regard.
Data processing on the PLATFORM
It is not possible for us to provide you with access to the Service without you creating a user account on the Platform, which implies that Dona Rosa processes certain personal data.
It should be noted that, as the data circulates on an open internet network, it is not possible to totally eliminate the risk of unauthorised access and use of such personal data, and it is your responsibility to guarantee and ensure that the devices and equipment used to access the Platform are adequately protected against harmful software, computer viruses and worms. Dona Rosa suggests that you always keep your browser, operating system and antivirus software up to date. Additionally, you should not share, under any circumstances, your access credentials to your user account on the Platform with third parties. Dona Rosa will not be held responsible for any undue access that occurs due to such sharing.
What are cookies?
The construction of modern websites depends on the implementation of a set of minimum functions to meet the browsing expectations of users. Among other things, it is expected that, for a certain period of time, websites will memorise the actions and preferences of users, namely their username, the language in which they wish to browse the site or other relevant settings related to the interface of the websites. Cookies are small information files that are stored on the device you use to access the internet through your browser and enable the implementation of the aforementioned functionalities.
What are cookies used for?
In most modern browsers, the default setting is to accept all cookies. However, it is possible to easily configure the browser to refuse all cookies or, alternatively, to alert the user when a cookie is sent.
If you browse the Platform without configuring your browser to reject all cookies, your browser will be recognised by our server the next time you visit us. In this way, when you browse the pages of the Platform or visit us again, you do not, in principle, have to re-enter your preferences or enter data you had previously supplied.
What type of cookies are there?
There are different types of cookies.
Considering the lifetime of the cookies, these can be:
- Session cookies - these are temporary cookies that are deleted from the cookie file when the browser or application used to access the website is closed. Through this type of cookies it is possible to analyse web traffic patterns, allowing us to identify problems and provide a better browsing experience.
- Permanent cookies - These differ from session cookies in that they are not deleted when the browser or application closes, but remain stored on the user's devices. They are used whenever a new visit is made to the Platform, allowing us, among other functions, to personalise the browsing experience according to the user's interests and provide a more individualised service.
Considering, in turn, the domain to which they belong, cookies may be:
- Own cookies - are cookies sent to the user's device through equipment or domains managed by Dona Rosa and from which the service requested by the user is provided.
- Third-party cookies - cookies sent to the User's device from a device or domain managed by a third party entity over which Dona Rosa has no control. In these cases it is this third party entity that processes the data collected through the cookies.
What cookies do we use and for what purposes?
The cookies identified below are necessary to provide the service that the user requests and to measure the audience of the Platform.
|COOKIE'S NAME||ENTITY RESPONSIBLE||VALIDITY/DURATION||TYPE OF COOKIE||REASON/PURPOSE||COLLECTED DATA||MAKING AVAILABLE TO THIRD PARTIES|
|Session||Dona Rosa||30 days||Strictly necessary cookie||Do not force the user to log in each time they close the application||Does not collect data. Session Token||No|
How do I change my cookie settings?
You can, if you wish, change your browser settings to disable or enable acceptance of cookies. You can also customise the websites from which you wish to accept cookies and those from which you wish to reject.
Modern browsers provide you with tools that allow you to flexibly manage cookies by accepting, rejecting or deleting them by selecting the appropriate settings. We warn that if the user chooses to restrict the use of strictly necessary or functionality cookies or has the privacy of their browser set to "High", they may see their experience on the Platform partially affected and not be able to use some functionalities. The level of personalisation and quality of your browsing experience may also be reduced.
If you access the Platform using a device whose configuration is the responsibility of your employer or an entity with which you collaborate and you encounter difficulties, it may be necessary to ask the system administrator to change the corporate security settings of your device.
Communication of data to third parties
Dona Rosa may use subcontractors to provide certain services that involve the processing of personal data that we collect in the context of the Program. All our relations with subcontracted entities will be contractually formalized and will respect all the requirements of the applicable legislation. These third parties may access and process your data on our behalf and are at all times bound to strictly comply with our instructions. Furthermore, we ensure that these third parties provide sufficient guarantees to implement appropriate technical and organisational measures so that the data processing they are required to perform complies with the requirements of the GDPR. In particular, Dona Rosa will use the services of an external service provider, VelcroDesign, to maintain, support and host the data collected on the Platform.
We may also transfer your personal data to third parties where we believe that such communications are necessary or appropriate (i) under applicable law, (ii) to comply with legal obligations/judicial orders and (iii) to respond to requests from public or government authorities.
In this sense, Dona Rosa may transmit your personal data to the Tax and Customs Authority, the Courts, solicitors, criminal police bodies or the Public Prosecutor's Office when notified to do so or when necessary to comply with legal obligations as provided by law.
In any of the situations mentioned above, Dona Rosa undertakes to take all reasonable measures to ensure the effective protection of the personal data it processes.
Security Measures Adopted
We have developed our best efforts to protect your personal data against unauthorised access. To this end, we have specialised teams, use security systems and have implemented rules and other procedures in order to guarantee the protection of personal data, as well as to prevent unauthorised access to data, improper use, disclosure, loss or destruction. Your data will always be handled in compliance with the legal regime in force and according to adequate standards in terms of security and confidentiality.
We know that the greatest weakness of any system is the human factor. As such, we seek to minimise as far as possible any vulnerability that may arise from this through appropriate awareness-raising of our employees. We seek to ensure that our employees are aware of the damage protection obligations imposed on us. In addition, we ensure that our employees undertake not to disclose to third parties or use for purposes contrary to the law any information of which they have become aware through the performance of their duties. We also require our subcontractors to commit their own employees to the same confidentiality obligations.
In this regard, and taking into consideration the state of the art, the associated implementation costs and the nature, scope, context and purposes of the data processing, as well as the risks of varying likelihood and degree to the rights and freedoms of the data subjects, Dona Rosa and its subcontractors have adopted the appropriate technical and organisational measures with a view to ensuring a level of security adjusted to such risks, such as:
- Logging of access, deletion and editing logs to the computer system;
- Adequate and continuous training of employees with prerogatives of access to the computer system;
- Carrying out periodic back-ups of the databases;
- Use of complex passwords for access to the computer system, changed periodically;
- The number of people who access the personal data collected in the context of the Programme is limited, and they are bound by appropriate confidentiality and personal data protection obligations;
How can you contact us?
To exercise any of your rights under applicable data protection legislation (see section " YOUR RIGHTS" above), to request clarification and to lodge complaints with Dona Rosa, you may use one of the following means of contact:
Whatsapp: +351 938693832
We may implement changes or updates to this Policy at any time. Any changes we implement will be appropriately updated on our Platforms. Regular consultation of these platforms is recommended to keep abreast of any updates/changes.
Should the terms on which Dona Rosa intends to process the personal data it collects in the context of the Program change substantially, Dona Rosa will notify you of relevant changes to this Policy using the contact details you have provided.
Photos by Wayhomestudio (https://www.freepik.com/wayhomestudio)