In Raizes Inquietas, Lda. (commercially called RAIZ) we understand that the use of your personal data requires your trust.
RAIZ is determined to guarantee the respect for the basic principles of the data protection being not only subject to the highest privacy standards, but also declaring that we will use your personal data for the clearly identified purposes and in accordance with the rules legally set out for data protection.
The confidentiality and integrity of your personal data are one of our main concerns.
RAIZ digital platforms
RAIZ is represented in the digital channels through raiz.store
Who is responsible for the processing of your personal data?
RAIZ is responsible for the processing of the personal data of its clients and/or potential clients which proceed to the filling of their data and submit the Authorization Form for Marketing Communications from RAIZ.
RAIZ, through the Marketing Department, will be also responsible for the processing of the clients’ personal data in the digital platforms above referred and in case you have authorized its communication in the terms of the Authorization Form for Individual Communication of RAIZ.
RAIZ complies with the rules foreseen to the processing of personal data, which are presently foreseen in Regulation (UE) 2016/679, of the European Parliament and the Council of 27th April 2016 (hereafter GDPR)
How do we collect your personal data
Your personal data will be collected and processed in the following situations:
- If you submit the Authorization Form or subscribe specific information in the RAIZ digital platforms, and/or
- If you purchase and/or use a product or service in the digital platforms of RAIZ.
For which purposes and on what ground can your personal data be used?
Your personal data will be collected and used for purposes of Client Support (birthday parties or group bookings), and Marketing (communication of information, RAIZ services and products) in the strict terms selected by you on the authorization Form for Individual Communication of RAIZ.
Your personal data will only be used for the purposed above referred.
Your data will not be transmitted to others, nor will be used for different purposes of those you previously authorized.
In the terms of the data protection legislation in force in the European Union as from the 25th of May 2018 (GDPR) the use of personal data must be justified under, at least, one legal ground for the processing of personal data. You may read the explanation regarding the scope of each of those grounds*.
*Legal grounds for the processing of personal data:
- When you have given consent for the processing of your personal data (for this effect you will be presented a consent form for the use of your personal data, this authorization can be removed afterwards);
- When the processing is necessary to celebrate a contract or to proceed to its execution;
- When the processing is necessary for the compliance of the legal obligations to which RAIZ is subject to;
- When the processing is necessary to reach a legitimate interest and our reasons for its use prevail over your rights of data protection;
- When the processing is necessary to declare, practice or defend a right in a legal proceeding against you, us or a third party.
Which personal data can be collected?
DATA COLECTED BY RAIZ:
- Name, address, email address, telephone contact, fiscal number, company name.
- Offers received; purchase date, registration date, order date, delivery date; details of the purchase of products and accessories; history of campaigns/replies; complaints’ history.
Apps, internet page and social media data
If the client has registered or certified himself/herself, it is possible the use of the following data: average use of the app (behavior within the apps); location information; use of online entertainment; use of the RAIZ page; use of RAIZ social media (for example, visits and posts in digital platforms).
RAIZ digital platforms data
In case you have registered yourself in the RAIZ digital platforms (online store), it is possible the use of the following data: details of how you used the platform, date and time and nature of the requests, your IP address, data regarding the device that you use to interact with the used platform.
How do we maintain your personal data safe?
We use a diversity of security measures, including encryption and authentication tools, to help protect and maintain the security, integrity and availability of your personal data.
Although the transmission of data through the internet or website cannot guarantee total security against intrusions, we and our services providers and commercial partners endeavor the best efforts to implement and keep security measures destined to protect your personal data in accordance with the legal data protection regulations. Among others, we have implemented the following measures:
- Strict personal access to your personal data based on the “need to know” criteria and only in the scope of the communicated purposes;
- Transference of data collected only in encrypted form;
- Storage of highly confidential data (such as information regarding credit card) only in encrypted form;
- Protection of the IT systems through firewalls, aiming to prevent the unauthorized access to your personal data; and
- Permanent monitoring of the accesses to the IT systems aiming to prevent, detect and avoid the misuse of your personal data.
In case RAIZ outsources services that involve the processing of personal data, those entities will be obliged to adopt the necessary technical and organizational measures in order to guarantee the protection of personal data against the destruction, loss, change, disclosure, unauthorized access or any other sort of unlawful processing.
How long we will keep your personal data?
We will only keep your data for as long as necessary, considering the purpose for which those were collected, applying withholding information criteria appropriate to each processing and in line with the legal and regulatory obligations applicable.
In the terms of the applicable legislation, personal data that have been turned anonymous – the person is no longer identifiable or stops being identifiable – are not considered personal data. Note that for the data to be truly anonymized, the anonymization must be irreversible.
Therefore, once the maximum deadline is finished, your data will turn anonymous or, in alternative, properly destroyed.
With whom can we share your personal data and how do we keep them safe
We guarantee that your personal data that will be exported outside the EEA will be processed in accordance with the appropriate security measures.
Certain countries outside the EEA, such as Australia, was already recognized by the European Commission (EC) as offering an adequate level of data protection, therefore, regarding these, will not be necessary additional measures.
Your personal data will be transferred to services providers located in the USA (United States of America) who have adhered, near the United States Department of Commerce, to the Privacy Protection Shield UE-USA.
Please contact us (see following item) if you wish to request the availability of information of the specific safeguards that were applied to the export of your data to suppliers/services providers located outside EEA.
Your data is stored in the protected servers of our suppliers / services providers, being accessed and used exclusively under our policies and standards (or equivalent policies and standards of our suppliers/services providers).
Responsible for Data Protection and Client Support
How can you change or remove your consent? – Digital platforms
The consent can be removed at any time. Please notice that the revocation is only applicable to the future, it does not have retroactive effects. Therefore, the data processing occurred before the revocation is not covered by it.
To make any change to your data (annulment or edition) submitted to RAIZ you are provided a link in all electronic mail communications. The last Authorization Form submitted to RAIZ will prevail over all the previous ones.
Right of access, rectification, deletion, processing limitation, opposition to processing, request the portability of your data
You have the right, whenever you want and free of charge, to ask RAIZ to:
- access the data
- ask the rectification of your data
- ask the deletion of your data
- ask the limitation of your data processing
- oppose to the processing of your data
- request the portability of your data to an entity informed by you
Please note that in case there is a rule or obligation legally imposed that overwrites to these rights, RAIZ will inform you of the impossibility of performing the request, referring the respective ground.
If you have any question related with our use of your personal data you must, contact our client support service. In addition, you may contact the Data Protection Responsible.
Should you consider that your data is not being processed in accordance with the applicable legislation, namely european and national, we remind you that you have the right to present a complaint to a control authority (ex. Comissão Nacional de Proteção de Dados – CNPD | Rua de São Bento, nº 148, 3º, 1200-821 Lisboa | Tel.: +351 213928400 |Fax: +351 213976832 | e-mail: email@example.com).
Last update: 15.10.2020