WINE VENTURES BY THE GLASS, S. A.
1. DATA COLLECTION AND PROCESSING
As part of the provision of the website hosted at http://www.crimeofthecentury.eu (“Website”), and of the services and communications available there, Wine Ventures by The Glass, S. A. (“WVBTG”), legal person number 510 929 435, with registered office at Rua Júlio da Silva Pinto, No. 9, in Lisbon, may request Users to provide personal data, that is, information provided by Users allowing WVBTG to identify and / or contact him/her (“Personal Data”).
As a rule, Personal Data are requested when Users:
- register on the Website;
- request WVBTG to contact them through the form available on the Website;
The Personal Data collected and processed consist of information relating to the name, email address, and other personal information provided by Users.
WVBTG also collects and processes information related to Users hardware and software, as well as information about the webpages visited by Users within the Website. This information may include: their type of browser, domain name, access times, and the hyperlinks through which the User accessed the Website (“Usability Information”). Such information can only be used to improve the quality of Users visit to our Website.
These subcontractors will not be able to transfer any User Data to other entities unless WVBTG has previously given them written authorization to do so. They are also prevented from contracting other entities without prior authorization from WVBTG.
WVBTG undertakes to only subcontract entities that offer sufficient guarantees for carrying out the appropriate technical and organizational measures, in order to ensure the protection of User rights. All entities subcontracted by WVBTG are bound by the latter through a written agreement regulating, in particular, the object and duration of the data processing, the nature and purpose of such processing, the type of Personal Data, the categories of data subjects, and the rights and obligations of the parties involved.
3. GENERAL PRINCIPLES APPLICABLE TO THE PROCESSING OF USER DATA
In terms of general principles relating to the processing of Personal Data, WVBTG undertakes that all User Data it processes are:
- Subject to lawful, fair and transparent processing regarding the User;
- Collected for specific, explicit and legitimate purposes, not subsequently being processed in a manner incompatible with such purposes;
- Adequate, relevant and limited to what is strictly necessary for the purposes for which they are processed;
- Accurate and updated whenever necessary, taking all appropriate measures so that inaccurate data, taking into account the purposes for which they are processed, are deleted or rectified without delay;
- Kept in such a way that the User will only be able to be identified during the period required for the purposes for which the data are processed;
- Processed in a way that ensures their total security, including protection against unauthorized or illicit processing, and against their loss, destruction or accidental damage, thus taking all appropriate technical or organizational measures.
Data processing by WVBTG is lawful when at least one of the following situations occurs:
- The User has given its explicit consent to the processing of User Data for one or more specific purposes;
- Processing is required for the performance of an agreement to which the User is a party, or for pre-contractual steps at the User’s request;
- Processing is required to fulfil a legal obligation to which WVBTG is subject;
- Processing is required to protect the User’s vital interests or those of another natural person;
- Processing is required for the purpose of the legitimate interests pursued by WVBTG or by third parties (unless the User’s fundamental interests or rights and freedoms requiring the protection of Personal Data prevail).
WVBTG undertakes to ensure that the processing of User Data is only carried out under the conditions listed above, while fully respecting the above-mentioned principles.
Whenever User Data is processed by WVBTG based on User consent, Users have the right to withdraw their consent at any time. However, withdrawal of consent does not compromise the lawfulness of any data processed by WVBTG based on the consent previously given by such Users.
The period of time during which the data is stored and kept varies according to the purpose for which the information is processed.
Data will be stored and kept only for the minimum period required for the purposes that led to its collection or its further processing, after which it will be deleted.
a. USE AND PURPOSES OF USER DATA PROCESSING
In general, WVBTG uses User Data for the following purposes:
- To market and provide WVBTG products and services;
- To inform Users about new products and services, through any means of communication, being the legitimate interest of WVBTG to do so, without prejudice to the data subject’s right to oppose such processing at any time;
- To offer access to restricted Website areas, according to previously established terms;
- For service provision, and for other purposes, such as mailing of newsletters, opinion surveys, or other information or products requested or consented by Users;
WVBTG may also contact representatives of business customers, for the purpose of presenting its products and services, translating into a legitimate interest of WVBTG to doing so, without prejudice to the data subject’s right to oppose such processing at any time.
Under applicable legal terms, WVBTG may convey or communicate User Data to other entities in the event that such conveyance or communication is required for executing the agreement established between the User and WVBTG, or for pre-contractual steps at the User’s request, if required for the fulfilment of legal obligations to which WVBTG is subject or if required for the purpose of pursuing WVBTG’s legitimate interests or those of a third party.
b. TECHNICAL, ORGANIZATIONAL AND SECURITY MEASURES ALREADY IMPLEMENTED
To ensure the security of User Data and maximum confidentiality, WVBTG processes all information it is provided in an absolutely confidential manner, in accordance with its internal security and confidentiality policies and procedures, which are updated periodically as needed, as well as in accordance with all legally provided terms and conditions.
Depending on the nature, scope, context and purposes of data processing, as well as on the risks arising from processing, namely with regards to Users rights and freedoms, WVBTG undertakes to apply – both when defining the means of processing and at the time of processing itself – the technical and organizational measures required and appropriate for protecting User Data and for complying with legal requirements.
Cookies are small information files that are sent to one’s computer or smartphone when visiting a given website. Cookies are sent back to the originating website on each subsequent visit or to another website that recognizes such cookie. Cookies are useful as they allow a website to recognize the user’s device, allowing it to efficiently browse through the webpages, also remembering the User’s preferences and improving its experience in general.
Other cookies are used to remember when a given user returns to a website, and have a longer duration period.
The ability to enable, disable or delete cookies can also be performed in one’s own browser. To this end, one has to follow the instructions in one’s browser (usually located under the options “Help”, “Tools” or “Edit”). Deactivating a cookie or a category of cookies does not delete the cookie from one’s browser, for this purpose, one has to manually delete it.
By blocking or deleting cookies, one may not be able to fully enjoy the website’s features.
4. USER RIGHTS (DATA SUBJECTS)
a. PROCEDURES FOR EXERCISING ONE’S USER RIGHTS
Users can exercise their access, rectification, deletion, limitation, portability, and opposition rights by contacting WVBTG via email email@example.com.
WVBTG will respond in writing (including by electronic means) to the User’s request, within a maximum period of one month from receipt of the request, except in especially complex cases, where this period may be extended to up to two months.
If requests submitted by Users are manifestly unfounded or excessive, namely due to their repetitive nature, WVBTG reserves the right to charge administrative costs or refuse to carry out the request.
b. PERSONAL DATA BREACH
In the event of a data breach, and to the extent that such breach is likely to imply high risks to User rights and freedoms, WVBTG undertakes to report any breach of Personal Data to the User concerned within 72 hours from becoming aware of the incident.
Under legal terms, notification of Users is not required in the following cases:
- If WVBTG has applied appropriate protection measures, both technical and organizational, and such measures have been applied to the Personal Data affected by the breach of Personal Data, especially measures that make Personal Data incomprehensible to any person accessing such data without authorization, such as encryption;
- If WVBTG has taken subsequent measures to ensure that any high risks to User rights and freedoms are no longer likely to materialize; or
- If notifying the User implies a disproportionate effort for WVBTG. In those cases, WVBTG will make a public communication or take a similar measure through which Users will be informed.
6. APPLICABLE LAW AND JURISDICTION