In this document, we try to explain what personal data we collect, for what purposes we can use it, how we treat it, who we share it with, how long we keep it, as well as ways to contact us and exercise your rights.
We suggest consulting the pages dedicated to the Terms and Conditions of Use of Digital Platforms and the Cookies Policy, which updates will be made available on Rissolaria’s digital platforms and here, with a direct link: www.rissolariatradicional.com/terms-and-conditions/?lang=en and www.rissolariatradicional.com/cookies-policy/?lang=en.
What is “Data Protection / Processing”?
The GDPR sets out the rules concerning the processing, by a person, a company or an organization, of personal data relating to persons in the European Union (EU). This Community Regulation, already carried over to national legislation, protects personal data regardless of the technology used to process such data.
The protection is technology-neutral and applies to both automated and manual processing, as long as the data is organized according to predefined criteria (for example, in alphabetical order). It is also irrelevant how the data is stored, in a computer system, through video surveillance, or on paper; in all these cases, personal data are subject to the protection requirements set out in the GDPR.
What is Personal Data?
Personal data is the information related to an identified or identifiable person. A person who can be identified directly or indirectly is considered identifiable.
Personal data is also the set of different information that can lead to the identification of a particular person.
Examples of personal data:
- Name and Nickname;
- Address of a residence;
- E-mail address;
- Number of an identification card;
- Location data (eg location data function on a mobile phone);
- IP address (internet protocol);
- Your device’s advertising identifier;
- Data held by a hospital or doctor, which make it possible to unequivocally identify a person;
- Sound or image.
Personal Data Categories
Examples (not exhaustive):
|Main identifications||Name, civil or tax identification number, Passport number, date of birth, marital status, address, telephone, email address, nationality, photos and files on the mobile device, data related with family, data relating to kinship.|
|Complementary identifications||IBAN, geolocation, education level, gender, occupation, socioeconomic data, personal ID, IP address, social network addresses, mobile device type, operating system, operating system version.|
|Special protection||Personal data of children under 13 years old.|
|Special Categories||Biometric or genetic data, racial or ethnic orientation, political opinion, union affiliation, philosophical or religious belief, data relating to a person’s health or sexual life or sexual orientation.|
What type of information does the Traditional Rissolaria collect and how?
TRADITIONAL RISSOLARIA collects two types of information:
- personal information;
- anonymous information.
The collection of anonymized information takes place while the holder of personal data visits our digital platforms and aims to improve their operation, including the management and prioritization of content and the adaptation of RISSOLARIA TRADICIONAL’s products to the type of its customers.
The collection of personal information happens when we collect personal data directly from the user, namely when the user directly contacts RISSOLARIA TRADICIONAL, for example, requesting products, directly purchasing, via the website, the products or services provided by RISSOLARIA TRADICIONAL, applying for positions professionals, download or use TRADITIONAL RISSOLARIA products, services and applications.
The collection of personal data can be done orally, in writing, by filling in forms, sending communications by e-mail, or by using RISSOLARIA TRADICIONAL’s digital platforms.
This collection can also result indirectly, when the data is communicated to us by third parties, our partners or commercials.
Personal information is sometimes collected automatically (namely your IP address which will be used for analysis/improvement of our services).
The data collected by RISSOLARIA TRADICIONAL on its digital platforms are processed automatically, and the information collected from the holder of personal data is encrypted and managed using advanced security measures.
For what purpose?
Personally identifiable information will be requested when the Client requests contact or information through one of our web forms or live chat.
When you visit the RISSOLARIA TRADICIONAL website, information known as “clickstreams” (browser, domain name, etc.) will be collected. This information allows us to optimize site navigation, usability and accessibility, in order to improve the user experience.
Examples (not exhaustive) of data collected for various purposes:
|Sale of products||Collection of data for billing and shipping of purchased products, including means/method of payment with bank details provided by the Customer. That is: full name, delivery address, payment details and tax identification.|
|Sending newsletters||Collection of data to enable the sending of newsletters to data subjects who subscribe to them.|
|Subscription of alerts/notifications||Collection of data to send alerts and notifications of subscribed services by users for advertising and/or marketing purposes with promotional campaigns (among others).|
|Participation in contests and competitions||Data collection by filling out online forms for submitting requests for registration in contests or special promotions organized by Rissolaria Tradicional.|
|Management of contacts with Providers||Data collection by filling out online forms for submitting applications for enrolment in internship programs promoted by Rissolaria Tradicional or as a proposal for a work contract.|
|Application management||Registration and management of spontaneous applications for recruitment processes.|
|Development of marketing actions||Analysis of the use of Rissolaria Tradicional digital platforms and services, target audience definition in event preparation, brand activation, market studies.|
|Placement of cookies, web beacons or unique device identifiers||Collection of data to determine the number of users and to understand how they use digital platforms and what kind of products or services of Rissolaria Tradicional they purchase, and to identify the route taken within them, with a view to continuous improvement so that it is possible to provide an optimized experience.|
|Definition of profiles||Design of navigation profiles on the digital platforms of Rissolaria Tradicional, with a view to provide content and generating personalized suggestions.|
|Complaints and Suggestions||Technical responses and complaints.|
What is the basis for the Treatment of your Personal Data?
Your consent must be express, whether in writing, orally or by validating an option, prior, freely given, informed, specific and unambiguous.
As examples: your consent for Rissolaria TRADICIONAL analyse the use of our services and purchase of our products and to make consumption profiles.
If expressly authorized by the holders, RISSOLARIA TRADICIONAL may also use the data provided for the purposes of marketing communications, namely, sending leaflets related to promotional campaigns, making new products and services known.
In particular: consent by minors (13 years old)
In the case of the processing of personal data of minors, Rissolaria Tradicional will demand that consent be given by the holders of parental responsibilities, namely for the purpose of participating in hobbies or in radio and television programs that involve the recording of their voice and image.
Contract execution and pre-contractual diligence
When the processing of personal data is necessary for the execution and management of contracts with Rissolaria Tradicional, for example, for the acquisition of products or provision of services.
Compliance with legal obligation
When the processing of personal data is necessary to comply with an obligation with a legal framework to which Rissolaria Tradicional is subject, such as, for example, the communication of identification data to police, judicial, tax or regulatory entities, or location data for ensure services.
The processing of personal data by Rissolaria Tradicional can be justified by reasons of legitimate interest related to the performance of tasks related to its activity as a company, such as the processing of data to improve the quality of service.
Vital interest of data subjects
The processing of personal data by Rissolaria Tradicional can also be justified when it is necessary to protect an interest essential to the life of the data subject or any other natural person, for example if the processing is necessary for humanitarian purposes, including the monitoring of epidemics and its spread or in humanitarian emergencies, in particular in situations of natural or man-made disasters.
Who is Responsible for Data Processing?
Rissolaria Tradicional – Rosa Maria Carvalho Lda, headquartered at Rua da Raposa, 923, 4415- 313 Pedroso – Vila Nova De Gaia, Portugal, NIPC No. PT 506 821 501, registered at the Lisbon Commercial Registry Office under the same number, is the responsible for the personal data processing, within the scope of the GDPR.
Data Protection Officer
Rissoria Tradicional has a Data Protection Officer (DPO – Data Protection Officer), who:
(i) Provides information and advises the controller, the subcontractor, as well as the workers who process the data, on their obligations in terms of privacy and data protection;
(ii) Controls compliance of data processing with applicable standards;
(iii) Provide advice, when requested, with regard to the data protection impact assessment and monitor its implementation;
(iv) It is a point of contact for the holder of personal data for clarification of questions relating to the treatment of their data by RISSOLARIA TRADICIONAL;
(v) It is also the point of contact for the supervisory authority (National Data Protection Commission – CNPD) on issues related to the processing, cooperating with this entity.
RISSOLARIA TRADICIONAL’s Data Protection Officer can be contacted at firstname.lastname@example.org
How long does Rissolaria Tradicional handle and keep your Personal Data?
RISSOLARIA TRADICIONAL processes and preserves your personal data according to the purposes for which they are processed and only for the period of time necessary to fulfill the purposes that motivated their collection and conservation, and always in accordance with the law, guidelines and the decisions of the CNPD, or, as applicable, until the holder exercises the right of opposition, right to be forgotten or withdraw the consent previously given (when applicable).
However, there are situations in which the law determines the retention of data for a minimum period of time, namely the duty to retain commercial correspondence for 10 years or the duty to retain relevant data for tax purposes, for periods of up to 12 years.
After the respective conservation period has elapsed, RISSOLARIA TRADICIONAL will delete or anonymize the data whenever they should not be kept for a different purpose that may subsist.
Rights of the Personal Data Subject
Within the scope and terms of the GDPR and other applicable legislation, the holder of personal data enjoys the following rights:
(i) Right to information, access and rectification or deletion of personal data;
(ii) Right to data portability;
(iii) Right to limit or oppose the processing of is own data (when applicable).
The holder may also withdraw, at any time, the consent he has given for the processing of his personal data. The revocation of consent will not affect the lawfulness of the processing of personal data that up to that date has been carried out based on the consent that you have previously given.
The holder also has the right to file a complaint regarding the processing of his/her data, addressed to the CNPD.
The holder can exercise his rights through the following contacts:
Care of :Data Protection Officer
Rua da Raposa, 923
4415-313 Pedroso-V. N. Gaia
+ 351 22 713 72 43
The exercise of rights is free of charge, except in the case of a manifestly unfounded, excessive or unjustifiably repeated request, in which case a reasonable fee may be charged, taking into account the costs incurred in carrying out the requested operations.
RISSOLARIA TRADICIONAL seeks to respond to requests expeditiously, without undue delay, within one month reception of the request.
In the case of a particularly complex request or in exceptional circumstances, this period can be extended up to two months when necessary, taking into account the complexity of the request and the volume of requests received in the meantime.
As part of your request, you may be asked to provide proof of your identity in order to ensure that personal data is only shared with the respective holder.
The exercise of some rights mentioned above depends on the verification of certain circumstances provided for in the GDPR and other applicable legislation.
Thus, some requests for the exercise of rights may not be satisfied because the respective legal requirements are not met. Some examples:
As for the right to erasure (“right to be forgotten”), we emphasize that it is not applicable whenever the processing of personal data proves necessary for the exercise of tax obligations, which covers an important part of the activity of RISSOLARIA TRADICIONAL;
Regarding the exercise of the right to data portability, under the terms of the applicable legislation, the same is only applicable in relation to data collected based on your consent.
Transmission of Personal Data
The use of some of the services on our website presupposes the provision of personal data and their processing. RISSOLARIA TRADICIONAL will only use these data when they are provided by their holders, only for the purposes that were provided and always with the consent of their holders.
Personal data may be transmitted to subcontractors so that they can be processed in the name and on behalf of RISSOLARIA TRADICIONAL, and these will only be shared with third parties when necessary for the purpose of fulfilling the supplies/services.
In this case, RISSOLARIA TRADICIONAL will take the necessary contractual measures to ensure that the subcontractors respect and protect the holder’s personal data under the terms of the law.
The data may also be transmitted to third parties – entities other than RISSOLARIA TRADICIONAL or subcontractors – such as companies operating within RISSOLARIA TRADICIONAL facilities, companies with which RISSOLARIA TRADICIONAL develops partnerships, in case the holder has consented, or entities to which data must be communicated by force of law, such as the Tax Authority, judicial authorities, criminal police bodies, among others.
The data provided by you will NEVER be publicly disclosed and will only be provided to third parties in the exceptional and mandatory cases provided for herein or with their prior knowledge.
RISSOLARIA TRAICIONAL may occasionally have to transfer your personal data to a third country outside the EU space and which is not part of the list of countries that the EU has already considered to have adequate levels of personal data protection. In these cases, RISSOLARIA TRADICIONAL will ensure that data transfers are carried out safely, in strict compliance with the applicable legal norms.
Data Processing in the context of the development of Advertising Activities and Behavior Analysis in the Rissolaria Traditional Digital Platforms
About the collection, use and processing of personal data of users within the scope of the analysis of the use of RISSOLARIA TRADICIONAL’s digital platforms and insertion of advertising, please consult the Cookies Policy.
In these cases, RISSOLARIA TRADICIONAL is not responsible for the data processing activities carried out by third party service providers, which must assume this responsibility entirely.
RISSOLARIA TRADICIONAL takes all the necessary and legally required precautions in order to guarantee the privacy of personal data processed and/or transmitted through its digital platforms. These precautions ensure the security of this information online and offline.
To ensure the security of your personal data and information, RISSOLARIA TRADICIONAL has established a series of technical and organizational security measures, created in order to protect the personal data collected against inadvertent or intentional manipulation, loss or destruction, and protecting and preventing access data by unauthorized persons.
Security measures are constantly being improved in line with technological progress.
Your personal information is always stored on secure and properly encrypted networks, which can only be accessed by a limited number of people who have special access rights and are committed to respecting and maintaining the confidential nature of this information.
Whenever sensitive information is collected or used, the data will be encrypted using the SSL protocol. This technology called Secure Socket Layer is used to improve the security of data transmission over the Internet, encrypting and protecting data and sensitive information using the HTTPS protocol. SSL guarantees the holder of personal data that the data will not be fraudulently intercepted and that all information is treated with maximum security.
RISSOLARIA TRADICIONAL declines any responsibility when these acts result from criminal or unlawful conduct, in which case the responsibility should be attributed to the respective agents.
Changes to our Privacy and Data Protection Policy
In the future, we may choose to modify or update this policy, either due to changes in legislation or to accommodate new Internet developments.
Therefore, we reserve the right to make any changes in this regard and we ask that you visit this page regularly, as such changes may affect you as a visitor to our website.
Vila Nova de Gaia, 07/04/2021