Legal Conditions


Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 ("General Data Protection Regulation" or "GDPR") has introduced significant changes to the data protection regime at the European Union level, following the growing concern about the protection of this data.
ADRENALINEQUATION Lda ("Dona Rosa") attaches great importance to the privacy and security of its customers. We strive to ensure respect for best practices in security and protection of personal data by promoting actions to this end and improving our systems in order to ensure the protection of the data provided to us.
Therefore, we want you to understand our data processing activities, the personal data we collect, the purposes for which we process the data and the steps we take to protect your privacy in all your contacts with us.
Dona Rosa has created and developed the Dona Rosa service (hereinafter, the "Service") which consists of intermediation between the customer and the service providers selected by Dona Rosa for the execution of an Order, as defined in Dona Rosa's Terms and Conditions (available here) (hereinafter, the "Service Providers").
After the presentation of an Order by the customer, the Service Providers will proceed directly, and without Dona Rosa's intervention, to collect the garments (hereinafter, the "Garments") from the customer's home or other address of their choice, under the terms described in the Terms and Conditions; to execute the Order itself; and to deliver the washed and/or ironed Garments to the customer's home or other address selected by the customer.
In order for customers of the Service to understand how Dona Rosa will treat their personal data in the context of the Service, we have developed this Privacy Policy (hereinafter, the "Policy"). Below you can find information regarding the personal data we collect, the purposes for which we process it and the steps we take to protect your privacy in all your contacts with us throughout the provision of the Service.
You may manage the personal data you provide us with, some preferences regarding the data processing operations we carry out and consult this Policy at all times through your user profile on the Dona Rosa Platform (hereinafter, the "Platform") on the Platform itself. As is common practice in this type of resource, we collect certain information about you on the Platform (e.g. through cookies) to ensure the proper functioning of the Platform and the development and improvement of its functionalities. In this regard, please see the section on DATA PROCESSING ON THE PLATFORM below.
In accordance with the RGPD, each processing of data must correspond to a specific and legitimate purpose and each purpose must have a legal basis. If you want us to process your data for certain purposes unrelated to the provision of the Service, such as sending information and marketing communications about Dona Rosa's products and services that are not related to the Service, we will need to obtain your express prior consent. We have a section in this Privacy Policy where you can explore this issue in more depth, called "LEGAL BASIS FOR THE PROCESSING".

Personal data
According to the RGPD, shall be considered personal data, any information of any nature and regardless of its support, including sound and image, relating to an identified or identifiable natural person (data subject). An identifiable person is one who can be identified directly or indirectly, in particular by reference to an identification number or to more specific elements of his/her physical, physiological, psychic, economic, cultural or social identity.
In the context of the Service, Dona Rosa does not collect personal data that has a more sensitive nature, classified by the RGPD as "special categories of data" (e.g. data about racial or ethnic origin, political opinions, religious or philosophical beliefs, biometric identifiers, sex life, sexual orientation or about your health).

Data subject - identified or identifiable natural person to whom the personal data refer;
Processing - operation or set of operations performed on personal data or on sets of personal data, by automated or non-automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, erasure or destruction;
Controller - a natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Data subject's consent - a freely given, specific, informed and explicit indication of his or her wishes by which the data subject signifies his or her agreement to personal data relating to him or her being processed, either by a statement or by an unambiguous affirmative act;
Processor - a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Supervisory authority - an independent public authority established by a Member State, with responsibility for monitoring the application of the GDPR in order to protect the fundamental rights and freedoms of natural persons in relation to processing and to facilitate the free flow of data within the Union. In Portugal, the supervisory authority will be the National Commission for Data Protection ("CNPD");
Third party - a natural or legal person, public authority, service or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the personal data;
Profiling - any form of automated processing of personal data consisting in the use of such personal data to, inter alia, include a natural person in a particular category, concerning his or her professional performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
Personal data breach - a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
Pseudonymisation - the processing of personal data in such a way that they can no longer be attributed to a specific data subject without the use of further information, provided that such further information is kept separately and subject to technical and organisational measures to ensure that personal data cannot be attributed to an identified or identifiable natural person;
Anonymisation - a technique resulting from the processing of personal data in order to remove sufficient detail from the data to no longer be able to identify the data subject irreversibly. More precisely, the data must be processed in such a way that they can no longer be used to identify a natural person using "all the means likely reasonably to be used", whether by the controller or by a third party. The main techniques for anonymising personal data are randomisation and generalisation;

Person responsible for processing YOUR personal data
As the entity responsible for the Service, Dona Rosa makes the relevant decisions about the purpose for which your personal data is processed in the context of its provision, as well as about the means used to carry out such processing. As such, Dona Rosa is the data controller of your personal data.
Should you wish to obtain any clarification from Dona Rosa regarding the processing of your personal data, or exercise your rights under the GDPR, you may contact Dona Rosa and/or its Data Protection Officer using the contact details provided below (in the section HOW YOU CAN CONTACT US).

Categories of personal data we process and means and timing of collection
We collect your data directly when you create a user account on the Platform, when you edit or add certain personal data to your user profile, when you place, modify or cancel an Order, when you ask us questions through the Platform or the other means we make available to you or when you make a payment for the Service. In this regard, your personal data includes identification and contact details, as well as data relating to your consumption of the Service, the addresses from which you wish us to collect or deliver Parts, the characteristics of your Parts and your payment details. For the complete list of personal data Dona Rosa processes in the context of the Service, as well as the times at which Dona Rosa collects it, please see the table below.

The provision of the aforementioned personal data is a contractual obligation arising from the Terms and Conditions that you accepted when you subscribed to the Platform, under penalty of Dona Rosa not being able to provide the Service.

The personal data described in the previous section are processed by Dona Rosa for the provision of the Service.
Dona Rosa also processes the personal data collected about you in the context of the Service in order to draw up your profile as a consumer, taking into account the preferences and interests you express on the Platform, namely by analysing your consumption history.
Thus, Dona Rosa uses your personal data for the following purposes:


Provision of Services
In order to provide the Service, in addition to your identification and contact details, we need to process data relating to your orders, your consumption and payments, as well as some data collected through cookies that is strictly necessary to provide the service (namely to guarantee the security of access to the platform).
Profiling and predictive analyses
Dona Rosa may also process the personal data collected about you in the context of the Service in order to draw up your profile as a consumer, taking into account the preferences and interests you express on the Platform, namely by analysing your consumption history. Through this profile, Dona Rosa may make certain forecasts about the behaviour of the customers of the Service, useful for planning new commercial initiatives. If you object to your personal data being processed for this purpose (see sections "YOUR RIGHTS" and "HOW YOU CAN CONTACT US"), Dona Rosa will anonymise your personal data when you intend to process it for this purpose.
Sending direct marketing communications related to services similar to the Services provided under the Platform
Dona Rosa may process the contact details you have provided to us under the Service in order to send you promotional communications relating to services similar to the Services provided under the Platform (e.g. to promote another similar initiative by Dona Rosa). In any case, you will always be guaranteed the possibility of objecting to the use of your contact details for this purpose when you join the Platform, as well as on the occasion of each marketing message received. Please see the sections entitled "YOUR RIGHTS" and "HOW YOU CAN CONTACT US".
Other Activities and Support
We may also process your personal data for the purposes of administrative and financial management, the performance of audits, fraud detection and analysis, for the declaration, exercise and defence of rights in legal proceedings, as well as for the development and maintenance of information systems
Compliance with legal obligations
In particular, the obligation to provide your personal data to the Tax and Customs Authority, as well as to Courts, solicitors and criminal police bodies, in the exercise of their powers and duties (to learn more about the categories of recipients of your personal data, see the section "DATA COMMUNICATIONS TO THIRD PARTIES", below).

We always process your personal data in strict compliance with the law. In accordance with the GDPR, in order for it to be lawful to process your data, Dona Rosa must always have a suitable basis for doing so.
In the table below, you will find the legal grounds that legitimise the processing of personal data for the purposes we have indicated above (see section "Purposes of Processing").

Provision of the Service
Execution of the contract entered into between you and Dona Rosa, i.e. the Terms and Conditions you accepted when joining the Platform (cf. article 6, no. 1, paragraph b) of the RGPD)
Profiling and predictive analysis
Necessity of processing for the purposes of pursuing Dona Rosa's legitimate interests, namely the interest of planning its new commercial initiatives based on the preferences and interests of its customers (cf. article 6, no. 1, paragraph f) of the RGPD)
Sending direct marketing communications related with services similar to the Service provided under the Platform
Necessity of processing for the purposes of pursuing Dona Rosa's legitimate interests, in particular the interest of disseminating services similar to the Service provided under the Platform to its customers (cf. article 6, no. 1, paragraph f) of the RGPD)
Other activities and support

Necessity of processing for the purposes of the pursuit of Dona Rosa's legitimate interests, namely the interest of ensuring the compliance of its commercial activity and the security of its information systems (cf. article 6, paragraph 1, point f) of the GDPR), and necessity of processing for compliance with legal obligations applicable to Dona Rosa (cf. article 6, paragraph 1, point c) of the GDPR)
Compliance with legal obligations
Necessity of the processing for compliance with legal obligations applicable to Dona Rosa (see article 6, no. 1, paragraph c) of the RGPD)

Authorised staff to access your data
Dona Rosa attaches great importance to the privacy and security of its customers. Therefore, we have implemented a robust access control system to ensure that your data will only be accessed for the purposes and on the grounds listed. Access is made on a need-to-know basis, both by Dona Rosa's employees and its subcontractors, all of whom are bound by appropriate confidentiality obligations.
To learn more about the subcontractors Dona Rosa relies on to process the personal data it collects in the context of the Platform, see the section "DATA COMMUNICATIONS TO THIRD PARTIES", below.

Time limits for storing data
The period for which your personal data will be kept will vary according to the purpose for which they are processed. Dona Rosa will keep the personal data collected on the Platform for as long as you remain subscribed to the Platform, eliminating, in particular, the data relating to orders and consumption when the customer eliminates their user account on the Platform. However, in certain cases, there may be legal obligations to which Dona Rosa is bound that oblige us to keep your data for a longer period. For example, applicable fiscal and commercial legislation obliges us to keep certain information for a period of 10 years.
We also take as a reference for determining the appropriate retention period the various deliberations of the European data protection control authorities, namely the CNPD, especially with regard to the retention of data used for the purpose of sending marketing communications. Thus, unless you exercise your right to object to receiving these communications (see section "YOUR RIGHTS"), we will retain your contact details for this purpose for a maximum period of 1 year from the time of our last interaction.
In addition, we may keep certain personal data for a longer period when they are necessary for the purposes of the establishment, exercise or defence of the rights of Dona Rosa in a current judicial process (until the judgment is final, plus a period of 6 months), or when the personal data is necessary for Dona Rosa to prove compliance with contractual or other obligations, in which case the data will be kept until the expiry of the corresponding rights.

Your rights
In accordance with the applicable data protection legislation, the data subject may request, at any time, access to personal data concerning them, as well as their rectification, elimination or limitation of processing, the portability of their data, or may oppose their processing. You may exercise these rights by the means indicated below in the section "HOW YOU CAN CONTACT US".
Your rights under applicable data protection legislation consist of:

Right of access
Right to obtain confirmation as to which of your personal data are being processed, to request access to them, to obtain information about the processing, as well as to obtain a copy of your personal data being processed. The right to obtain such a copy does not prejudice the rights and freedoms of third parties (including Dona Rosa itself or its subcontractors), namely the commercial secret or intellectual property and particularly the copyright protecting the software
Right of rectification
Right to request that your personal data that is inaccurate be rectified or to request that incomplete personal data be completed
Right of erasure

Right to obtain the erasure of your personal data, including any links, copies or reproductions of such data, in certain cases, in particular if your personal data is no longer necessary for the purpose for which it was collected or processed, or if you oppose the processing and there are no overriding legitimate interests justifying it, and provided that there are no valid grounds for its retention. This right shall not apply, for example, when the processing of the data is necessary for compliance with a legal obligation to which Dona Rosa is subject or for the establishment, exercise or defence of legal claims.
Right to Limitation of Processing
Right to request the limitation of the processing of your personal data, in certain cases, notably if the processing is unlawful and if you oppose the erasure of the data, by requesting the suspension of the processing or the limitation of the scope of the processing to certain categories of data or purposes of processing
Right to portability
Right to receive the data you have provided to Dona Rosa in a digital format for current use and automatic reading or to request the direct transmission of your data to another entity that will become the new controller of your personal data, if the processing of your data is carried out by automated means and is based on your consent or the execution of a contract
Right to object
Right to object at any time, on grounds relating to your particular situation, to the processing of your data, in cases where the processing is based on the pursuit of the legitimate interests of Dona Rosa (see section "LEGAL GROUNDS FOR THE PROCESSING", above)

Under the terms of the law, you are also guaranteed the right to withdraw your consent, by the above-mentioned means, for data processing for which consent is the basis of legitimacy, such as the processing carried out for sending direct marketing communications related to services not analogous to the Service, or about products and services of other companies. To this end, you have the right to withdraw your consent at any time, which does not invalidate the processing carried out until that date on the basis of the consent previously given.
Should you consider that the manner in which we process your data does not comply with the data protection legislation in force, we inform you that, without prejudice to any other means of administrative or judicial recourse, you have the possibility of filing a complaint with the National Data Protection Commission or another control authority in this regard.

Data treatment in the PLATFORM
This Privacy Policy applies in full to all users of the Platform. Given the specific nature inherent to the use of the Platform, this section aims to inform you about the treatment of personal data and the collection of information that Dona Rosa carries out in the context of the management of the Platform.
It is not possible for us to provide you with access to the Service without you creating a user account on the Platform, which implies that Dona Rosa processes certain personal data.
It should be noted that, as the data circulates on an open internet network, it is not possible to totally eliminate the risk of unauthorised access and use of such personal data, and it is your responsibility to guarantee and ensure that the devices and equipment used to access the Platform are adequately protected against harmful software, computer viruses and worms. Dona Rosa suggests that you always keep your browser, operating system and antivirus software up to date. Additionally, you should not share, under any circumstances, your access credentials to your user account on the Platform with third parties. Dona Rosa will not be held responsible for any undue access that occurs due to such sharing.

When accessing the Platform, small files called cookies or connection cookies may be installed on your computer or mobile device. The use of cookies is standard practice on most modern websites.
To be able to provide you with a better browsing experience and update the Platform with relevant functions, Dona Rosa uses cookies and other similar tracking technologies to distinguish you from other users when using the Platform.

What are cookies?

The construction of modern websites depends on the implementation of a set of minimum functions that allow them to meet the navigation expectations of users. Among others, it is expected that for a certain period of time, websites memorise the actions and preferences of users, namely their username, the language in which they want to navigate on the site or other relevant settings related to the interface of the websites. Cookies are small information files that are stored on the device you use to access the internet through your browser and enable the implementation of the aforementioned functionalities.

What are cookies used for?
It is through the use of cookies that your browser is identified with the server, being possible to store information on your device for future use. Dona Rosa uses this technology to, among other things, help determine the usefulness, interest and number of hits (clicks) and unique visitors to the Platform. In this way, we can provide you with the best browsing experience by producing useful content in a user-friendly way, without the need to repeatedly enter the same information.
In most modern browsers, the default setting is to accept all cookies. However, it is possible to easily configure the browser to refuse all cookies or, alternatively, to alert the user when a cookie is sent.
If you browse the Platform without configuring your browser to reject all cookies, your browser will be recognised by our server the next time you visit us. In this way, when you browse the pages of the Platform or visit us again, you do not, in principle, have to re-enter your preferences or enter data you had previously supplied.

What type of cookies are there?
There are different types of cookies.
Considering the lifetime of the cookies, these can be:
Session cookies - these are temporary cookies that are deleted from the cookie file when the browser or application used to access the website is closed. Through this type of cookies it is possible to analyse web traffic patterns, allowing us to identify problems and provide a better browsing experience.
Permanent cookies - These differ from session cookies in that they are not deleted when the browser or application closes, but remain stored on the user's devices. They are used whenever a new visit is made to the Platform, allowing us, among other functions, to personalise the browsing experience according to the user's interests and provide a more individualised service.
Considering, in turn, the domain to which they belong, cookies may be:
own cookies - are cookies sent to the user's device through equipment or domains managed by Dona Rosa and from which the service requested by the user is provided.
Third-party cookies - cookies that are sent to the user's device from a device or domain managed by a third party entity over which Dona Rosa has no control. In these cases it is this third party entity that processes the data collected through the cookies.
Finally, according to their purpose, cookies can be:
strictly necessary cookies - these cookies are essential to ensure the operation of the Platform and/or the provision of its functionalities that are expressly requested by the user (e.g. to store information on the choice of language in which to view the content). They are also used to store the user's preferences regarding browsing the Platform, whenever the user uses the same device and requests this.
personalisation cookies - these are accessory cookies (i.e. they are not necessary for the functioning of the websites or applications, but may improve their performance) and are used to personalise the user's browsing experience, even if not expressly requested by the user.
Analytical cookies - also of an accessory nature, these cookies collect statistical information in order to analyse the use of the websites and applications and to better understand the involvement of users with them. These cookies may also be used, together with some advertising cookies, to measure interactions with the ads displayed on the websites' pages;
Advertising cookies - these are other type of cookies with an accessory nature, which aim to make advertising more attractive to users and advertisers by selecting advertisements based on the preferences expressed by the user, in order to improve reports on campaign performance and avoid showing advertisements that the user has already seen or has marked as not relevant.

What cookies do we use and for what purpose?
The cookies identified below are necessary to provide the service that you request and to measure the audience of the Platform.

Dona Rosa
30 days
Strictly necessary cookie
Do not force the user to log in each time they close the application
Does not collect data. Session token

How to change cookie settings?
You can, if you wish, change your browser settings to disable or enable acceptance of cookies. You can also customise the websites from which you wish to accept cookies and those from which you wish to reject.
Modern browsers offer you tools that allow you to flexibly manage cookies by accepting, rejecting or deleting them by selecting the appropriate settings. We draw your attention to the fact that if you choose to restrict the use of cookies that are strictly necessary or have your browser's privacy set to "High", you may see your experience on the Platform partially affected, and you may not be able to use some functionalities. The level of personalisation and quality of your browsing experience may also be diminished.
If you access the Platform using a device configured by your employer or an entity with which you collaborate and encounter difficulties, you may need to ask your system administrator to change the corporate security settings on your device.

Communication of data to third parties
Dona Rosa uses Subcontracting entities to provide certain services that involve the processing of the personal data we collect in the context of the Platform. All our relations with Subcontractors are contractually formalised and respect all the requirements of the applicable legislation. These entities may access and process your data on our behalf and are at all times bound to strictly follow our instructions. Furthermore, we ensure that these third parties provide sufficient guarantees to implement appropriate technical and organisational measures so that the data processing they are required to perform complies with the requirements of the GDPR. In particular, Dona Rosa will use the Service Providers who carry out the execution of the Clients' Orders as its subcontractors, as well as the services of an external service provider, Velcroworks Lda., for the maintenance, support and hosting of the data collected on the Platform.
We may also transmit your personal data to third parties when we believe that such communications are necessary or appropriate (i) under applicable law, (ii) in compliance with legal obligations/judicial orders, (iii) to respond to requests from public or government authorities, in particular control authorities or (iv) when you have given us your consent.
In this sense, Dona Rosa may transmit your personal data to the Tax and Customs Authority, the CNPD, the Courts, solicitors, criminal police bodies or the Public Prosecution Service when notified to do so or when necessary to comply with legal obligations, as provided by law.
In any of the situations mentioned above, Dona Rosa undertakes to take all reasonable measures to ensure the effective protection of the personal data it processes.

Data transfers to third countries
Dona Rosa does not transfer personal data of its customers to third countries (which do not belong to the European Union or the European Economic Area - "EEA"), but stores and processes it within the EEA.
However, if and when a transfer of data is exceptionally and strictly necessary to ensure the maintenance and support of the Platform, Dona Rosa guarantees that said transfer to a third country will be based on an adequacy decision of the European Commission or, failing this, subject to the adequate safeguards provided by law, namely the conclusion of Contractual Clauses-Type of data protection and the adoption of adequate additional measures to ensure that the personal data enjoys a level of protection essentially equivalent to that existing in the European Union, where necessary.

Security measures taken

We use our best efforts to protect your personal data against unauthorised access. To this end, we have specialised teams, use security systems and have implemented rules and other procedures in order to guarantee the protection of personal data, as well as to prevent unauthorised access to data, improper use, disclosure, loss or destruction. Your data will always be handled in compliance with the legal regime in force and according to adequate standards in terms of security and confidentiality.
We know that the greatest weakness of any system is the human factor. As such, we seek to minimise as far as possible any vulnerability that may arise from this through appropriate awareness-raising of our employees. We seek to ensure that our employees are aware of the obligations imposed on us with regard to data protection. Furthermore, we ensure that our employees undertake not to disclose to third parties or use for purposes contrary to the law any information of which they have become aware through the performance of their duties. We also require our subcontractors to bind their own employees to identical confidentiality obligations.
In this regard, and taking into consideration the state of the art, the associated implementation costs and the nature, scope, context and purposes of the data processing, as well as the risks of varying likelihood and degree to the rights and freedoms of the data subjects, Dona Rosa and its subcontractors have adopted the appropriate technical and organisational measures with a view to ensuring a level of security adjusted to such risks, such as:
Logging of access, deletion and editing logs to the computer system;
Adequate and continuous training of employees with prerogatives of access to the computer system;
Carrying out periodic back-ups of the databases;
Use of complex passwords for access to the computer system, changed periodically;
The number of people who access the personal data collected in the context of the Platform is limited, and these are bound by appropriate confidentiality and personal data protection obligations.

How you can contact us
To exercise any of your rights under applicable data protection legislation (see section "YOUR RIGHTS" above), request clarification and make complaints to Dona Rosa, you may use one of the following means of contact:
Telephone: 938693832

Modifications to the Privacy Policy
We may implement changes or updates to this Policy at any time. Any changes we implement will be updated on our Platforms. Regular consultation of these platforms is recommended to keep abreast of any updates/changes.
Should the terms on which Dona Rosa intends to process the personal data it collects in the context of the Platform change substantially, Dona Rosa will notify you of the relevant changes to this Policy using the contact details you have provided.