VERDE PINO, MOURA E SILVA & FILHOS, LDA (hereinafter designated by this Entity or Verde Pino - Resort) is a legal person whose commercial activity may require the collection of personal data from their customers/users. Verde Pino – Resort takes into consideration customer privacy wherefore no personal information will be collected without prior consent from respective data subjects.
In regard to Verde Pino – Resort’s website browsing and use by their users, for purposes of browsing experience optimization and improvement, data are collected by means of cookies that may or may not be stored in user computers/devices.
This policy privacy intents do clearly explain data collection and the use of such Cookies, their purposes and protection of data collected during website use.
No personal data are collected automatically without prior consent while browsing the website.
Nevertheless, Verde Pino – Resort neither trades collected personal data in any way nor shares them with third parties without prior consent given by data subjects, except if required by law.
2. Data Controller
Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27th, 2016, designated by GDPR – General Data Protection Regime, the data controller is VERDE PINO, MOURA E SILVA & FILHOS, LDA, Rua do Leme, 8125-200 Vilamoura, TAX ID No. 501967176.
Despite not being required to appoint a Data Protection Officer (DPO), the above entity has a DPO available for handling all matters related to Personal Data Protection. To contact the DPO please send a registered letter to VERDE PINO, MOURA E SILVA & FILHOS, LDA., Rua do Leme, 8125-200 Vilamoura or use the email [email protected]
3. Definition of Personal Data
Any and all information in a written, magnetic or digital medium relating to an identified or identifiable natural person
During website browsing, whenever identification and personal data collection is required, users will be asked to authorize such collection by means of authorization mechanisms that may vary depending on the case – without prejudice to their clear purpose and intuitive use. For instance, contact forms will have a checkbox that users should check to authorize the collection and processing of personal data entered in the form and subsequent contact by Verde Pino – Resort. However, it should be clear that if users fail to grant such authorization, Verde Pino – Resort will have no way of contacting them.
5. Personal Data to collect
Only data required for corresponding processing purpose will be collected from users. Collection is made generically via a form that will specifically state collection purpose and authorization, if applicable. Depending on the purpose, data that may be required are: Name, Telephone, Email, taxpayer identification number, among others. Only those fields marked as mandatory are required and essential for our operation, while others are optional and depend on data subjects.
6. Collection purpose, data accuracy and data collection
Data subjects are exclusively responsible for the accuracy of provided data and Verde Pino - Resort cannot be held responsible for any error or inaccuracy.
Identification data are required for our operation and/or compliance of legal obligations and will be retained for the period required for their purpose or until data subjects exercise their right to object or right to erasure (‘right to be forgotten’) or until consent is withdrawn. Personal data processing is essential. Data subject consent must be obtained and the commercial relationship between Verde Pino – Resort and its clients will not be possible without this consent.
Examples of data processing purposes:
CRM (Customer Relationship Management): Contacts, information, customer, supplier management, market research, support requests, invoicing, collections and payments, among others.
Accounting management: Invoicing, accounting, tax information, submission of SAFT-PT file with tax authorities, among others.
Marketing: creation of consumption profiles (aggregate data), product and service analysis per profile, among others.
Network and systems management: monitoring, service support, remote support
Register Operators: data management with operators like ICANN, DNS.PT, EURID, among others; management of data from web service management profiles, management of data from supplementary service profiles like personal digital certificates, corporate digital certificates, etc.
Control and security management: access logs, incidents, physical and online security, physical and remote system surveillance. Management of protective measures, firewalls, intrusion detection system. Surveillance systems regarding employee access, information access levels and access logs.
Backup management: Backup policy, access, recovery, deletion or overwriting. Management of data redundancy and facility security.
Legal obligations: data sharing imposed by legal requirements.
Recruitment: personal data collection and processing is required for candidate selection. Such data will not be shared with any third party without data subjects’ consent.
7- Transmission of Personal Data to Third Parties
In general, collected data are not shared with any third party, except when required by law or due to being fundamental to company operation.
Under the GDPR, the following procedures must be observed when transferring data to any third party: data subjects must be unambiguously informed about such transfer, they must give their consent (except when data transfer is required by law), and data transmission must be shielded to ensure adequate confidentiality, security and protection levels. Such third parties must be GDPR / Privacy Shield Act compliant, namely in terms of confidentiality, security and protection duties, and transferred data cannot be used for any other purposes or related to any other data in their possession.
Whenever possible, personal data must be processed inside the EU or in countries that are GDPR / Privacy Shield compliant.
8- Personal Data Retention Period
Data required for the identified purpose will be retained during contract or commercial relationship period, or 2 years after such period for control purposes. Tax or accounting data will be retained for the 10-year period required by law. In this matter, we will observe the directives of the CNPD and will retain data during the period that is strictly necessary for the purpose under which they were collected.
9- Data Processing Security
Data is stored on a server that is kept and controlled by Verde Pino – Resort. Server security, in terms of facility and data access, is monitored at all times. Access is restricted and protected by means of several access and encryption management tools with the goal of ensuring data are not accessed by unauthorized third parties. This way, security risks are minimized, but they are not extinguished, as there is always the possibility of illegal data access. In this case, there are GDPR-compliant data leak or disclosure prevention measures in place.
10. Data Subject’s Rights
Pursuant to the GDPR, data subjects may exercise their rights of access, rectification, opposition, erasure, restriction or data portability. To exercise their rights, they must send their requests in writing to Verde Pino – Resort’s DPO at Rua do Leme, 8125-200 Vilamoura or by email to [email protected].
As to written requests, for security reasons Verde Pino – Resort will proceed to authenticate the respective sender as the data subject. In case of doubt, requests will not be handled, and senders may proceed to authenticate themselves in another way.
Anyhow, requests may not be promptly replied to (due to legal requirements or others). In these cases, data subjects will be informed. Procedures are expected to be completed within a 1-month period.
In case of deletion (data erasure), data may be retained for subsequent processing if required by law and for the imposed period (e.g. 10 years for invoicing).
11- Right to lodge a complaint
Verde Pino – Resort, by means of its DPO, is available to clarify any question data subjects may have about data collection and processing via the email [email protected]
Data subjects may lodge a complaint with the supervisory authority CNPD – Comissão Nacional de Protecção de Dados, R. de São Bento 148, 1200-031 Lisboa concerning data collection and processing made by Verde Pino - Resort.
12- Cookies, what are they and which Cookies do we use
What’s a Cookie or Cookies?
“Cookies” are code files that are stored on your computer, tablet or mobile device by means of your browser that stores information related to your browsing preferences. Cookies allow to improve user browsing performance and experience by increasing response speed and efficiency and by eliminating the need to enter the same information repeatedly.
What are Cookies for?
Cookies are used to collect information that may, for instance, enable you to store your previously selected items on a shopping cart. This way, cookies store useful information of interest, and allow a swifter, more effective browsing, eliminating the need to enter the same information repeatedly.
Deleting or Disabling Cookies
Cookies retain information related to user preferences only. Users may be notified about the cookies via their browser at any time and they can also block them from entering the system.
To learn more about how to disable cookies in your browser, click here: https://cookies.insites.com/disable-cookies/
Types of cookies used in this website
– Session cookies: temporary cookies that are stored in your browser’s cookie file until you leave the website. Usually, this information is used to improve browser experience based on accessed data. They also allow to identify browsing problems, therefore enabling their resolution.
- Strictly necessary cookies: Allow you to browse the website and use its functions, as well as to access secure areas. Without these cookies you may not be provided with certain services you have requested;
– Analytical cookies: these are usually used to create aggregate, anonymous data about website use statistics;
– Functional cookies: these cookies allow the website to identify users and load their profiles based on such information. For example, a login that is kept when you return to the website, so you don’t have to sign in each time you visit the website.
By entering this website, users are expressly accepting all Access and Use Conditions described above.