Privacy Policy

The present Privacy Policy aims to clarify and inform the data subject about the manner in which their personal data is collected, used, processed, and disclosed on the website www.flowertowers.pt, according to the Regulation (EU) 2016/679 of the European Parliament and of the Council, dated April 27, 2016 (General Data Protection Regulation, hereinafter referred to as "GDPR"), and Law No. 58/2019, dated August 8, which ensures the implementation of the GDPR in the national legal order, as well as to transparently and intelligibly inform personal data of their rights and how they can exercise them.

 

INDEX

  1. Definitions
  2. Data controller
  3. What personal data is collected?
  4. Purposes, legal basis, and retention period
  5. Recipients of personal data
  6. Rights of personal data holders
  7. Security
  8. Changes to the present privacy policy

 

1. Definitions

To better understand the terms used in this Privacy Policy, we present the most relevant definitions:

Consent - a freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they agree, by a statement or clear affirmative action, to the processing of personal data concerning them.

Personal data - information related to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, electronic identifiers, or one or more specific elements of the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Definition of profiling - any form of automated processing of personal data consisting of the use of those personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning their professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

Recipient - an individual or legal entity, public authority, agency, or other body to whom personal data are disclosed, whether a third party or not.

Data Controller - an individual or legal entity, public authority, agency, or other body that determines the purposes and means of processing personal data.

Data Processing - an operation or set of operations performed on personal data, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or any other form of provision, alignment or combination, restriction, erasure, or destruction.

 

2. Data Controller

The entity responsible for the processing of personal data within the scope of the use of the website www.flowertowers.pt (hereinafter referred to as the "Website") is P1, Lda., with registered office at Rua Professor Carlos Alberto da Mota Pinto, No. 9, 4th floor, room B2, Edifício Amoreiras Plaza, 1070-374 Lisbon, with a share capital of € 5,000.00, a legal entity registered in the Commercial Registry Office under the unique registration and corporate identification number 515211370, and email address privacidade@vizta.pt (hereinafter the "Data Controller").

The Data Controller has a Data Protection Officer who can be contacted through the following email: manuel.ferreira@lexdata.pt

 

3. What personal data is collected?

Category of data subjects

Personal data collected

Purposes

Potential Clients

First Name, Last Name, E-mail, Telephone

Allowing response to information requests / contact requests / scheduling visits / meetings

Marketing (sending unsolicited communications/newsletters)

Processing of complaints

All categories indicated above

All data collected through the website

Compliance with the duty to cooperate with competent authorities.

Defense of the interests of the Data Controller in judicial or other proceedings and verification of compliance with contractual obligations.

 

4. Purposes, legal basis, and retention period

The personal data provided by the holder in the scope of using the Website are those only strictly necessary for the purposes described below, with full transparency and assurances of security and confidentiality in processing.

Purpose

Legal Basis

Retention Period

Allowing response to information requests / contact requests / scheduling visits / meetings

Execution of contract and/or pre-contractual measures.

While the contract remains in force or up to 3 years after the last contact, whichever occurs first.

Marketing (sending unsolicited communications/newsletters)

Consent

For 2 years after obtaining consent

Processing of complaints

Execution of contract and/or pre-contractual measures or legitimate interests of the Data Controller (improvement of customer service).

Until the complaint is resolved

Defense of the interests of the Data Controller in judicial or other proceedings and verification of compliance with contractual obligations

Legitimate interests of the Data Controller (ensuring defense in judicial or other proceedings and verification of compliance with contractual obligations).

3 years after the last interaction of the data holder with the Data Controller.

Compliance with the duty to cooperate with competent authorities

Compliance with a legal obligation of the Data Controller

Until the end of the longest retention period provided above for each category of data subjects

Data subjects have the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of the processing conducted based on the previously given consent.

 

5. Recipients of personal data

To fulfill the aforementioned purposes, the Data Controller will transfer the personal data of the data subjects to the following categories of recipients:

a) Communication agencies and marketing consultants

b) Consulting service providers

c) IT service providers

d) Judicial, administrative, supervisory, or regulatory authorities

e) Event organization entities

Personal data will not be transferred to a third country or international organization.

 

6. Rights of personal data holders

Data holders have the following rights:

  • Access (Article 15 of the GDPR): Obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, and if so, the right to access their personal data and the information listed in Article 15 of the GDPR.
  • Rectification (Article 16 of the GDPR): Obtain from the data controller without undue delay the rectification of inaccurate or incomplete personal data.
  • Erasure (Article 17 of the GDPR): Obtain from the data controller the erasure of their personal data without undue delay, in accordance with Article 17 of the GDPR.
  • Restriction of processing (Article 18 of the GDPR): Obtain from the data controller the restriction of processing, after which personal data can only be processed with the data holder’s consent, or for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.
  • Portability (Article 20 of the GDPR): The data holder has the right to receive the personal data concerning them, which they have provided to the data controller, in a structured, commonly used, and machine-readable format, and the right to transmit those data to another data controller without hindrance from the data controller, if the processing is based on consent or on a contract, and the processing is carried out by automated means.
  • Objection (Article 21 of the GDPR): The data holder has the right to object, on grounds relating to their situation, at any time to the processing of personal data concerning them based on the legitimate interests pursued by the data controller or for direct marketing purposes, including profiling. The data controller shall cease processing the personal data unless they demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.
  • Withdrawal of consent: Data holders have the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal.
  • You can request the exercise of the aforementioned rights by email: privacidade@vizta.pt.
  • If you believe that your personal data has been processed unlawfully, that this Privacy Policy or the legislation on the protection of personal data has been violated, you may file a complaint with the National Data Protection Commission (CNPD): https://www.cnpd.pt/.

 

7. Security

We are constantly implementing and updating technical, physical and administrative security measures that help us protect your personal data against unauthorized access, loss, destruction or alteration. Some of the safeguards we use to protect your information include firewalls, data encryption, and access controls to information. The Data Controller maintains a personal data breach response system, taking necessary measures to mitigate any potential harm to the rights and freedoms of the data subjects.

 

8. Changes to the present privacy policy

The Data Controller may modify this Privacy Policy at any time, and such changes will be posted on the Website, with a record of the last modification.

 

Last modification was made on July 19th, 2023.

for more information