With this privacy and personal data protection policy, WE INNOV – Tecnologia e Inovação, Limitada, private limited company, registered in the Commercial Registry Office of Faro, under the unique registration and tax identification number 501 817 263, with headquarters at Zona Industrial – Fase III – Lotes 12/13, 8700-281 Olhão (hereinafter “We Innov” only), aims to inform its clients in general and the users of its website https://weinnov.pt of the policies and procedures adopted, regarding the collection, use, processing and disclosure of any personal data transmitted on it, directly or indirectly. We Innov respects the privacy of its customers and the users of its website, and is committed to protecting the information it collects, as well as to complying with the legal rules in force defined by the General Data Protection Regulation and by national legislation.
Trade relations with We Innov, either directly or through its website, including the subscription of the services and products it provides, imply the agreement, acceptance and binding of customers and users to this privacy and data protection policy.
- Licitude of treatment, purpose and legal basis
1.1. For the purposes of this privacy and data protection policy, personal data shall mean information relating to an identified or identifiable individual, an identifiable individual being one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, electronic identifiers, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
1.2. We Innov assumes towards its customers and users of its website that their personal data will be processed in a lawful, fair and transparent manner and collected for specified, explicit and legitimate purposes, in accordance with the provisions of article 6, 1st, al. a) and b) of the General Data Protection Regulation, as they are necessary not only for the conclusion and performance of contracts with We Innov, but also for the possible need to protect the interests of the data subject in accordance with and for the purposes of Article 6, 1st, al. d) of the General Data Protection Regulation.
2.1. Customers and users of We Innov’s website, when transmitting their personal data, expressly declare that they agree and accept the terms of this privacy and data protection policy with regard to their personal data, in particular with regard to the collection, use, processing and transmission of them.
2.2. The transmission of any personal data is optional, although sometimes necessary to allow the conclusion of contracts or to activate certain functionalities of the website, namely, the sending of contract proposals or even to answer any questions that the Client and/or User may wish to clarify.
- Type of personal data gathered
We Innov may collect the following information:
- Contact information such as name, e-mail address, mailing address, telephone number and tax number;
- Unique identification data such as username and password, IP address;
We Innov, collects personal data through direct contact with the customer; through its website; through credit reporting agencies; credit insurers and other suppliers, or through social networks. The data may be collected for the purpose of submitting contractual bids, or for the renewal of contracts already signed.
- Collection, use, and recipients of personal data
4.1. By contacting We Innov directly, or by accessing its website, namely by wanting a contract proposal to be presented, with or without guarantee, certain personal data may be requested from the Customer and/or User, necessary for the same purpose.
4.2. Thus, under the terms of this privacy and personal data protection policy, the Customer and/or User agrees and consents:
- All personal data provided shall be integrated into We Innov’s proprietary database;
- We Innov transmits the data referred to to companies in the same group, or which are partly owned by the same entity, always in strict compliance with the legally established limits;
- We Innov will make available to its Partners/Suppliers the personal data of the Client and/or User necessary for the conclusion and execution of the contract between We Innov and the Partner/Supplier, so that the Client and/or User can have access to the contracted services and products;
- The data may also be used for internal reasons such as audits, data analysis and research aimed at improving the services and products marketed by We Innov;
- We Innov will process all personal data provided by the Customer and/or User electronically;
- The use of the website, the sending of personal data to We Innov or the subscription of services or products made available by We Innov implies the acceptance by the User/Client of the terms of this privacy and personal data protection policy as described.
- Responsible for treatment
It is We Innov’s responsibility, as responsible for processing the personal data of its Customers and/or Users, to determine the purposes and means of processing the personal data. If you have any questions or concerns regarding the processing of data, you may contact We Innov directly at firstname.lastname@example.org
- Security/personal data protection
We Innov respects the security and protection of personal data of its Customers and/or Users. The data used through the computer platform is securely sent through the 128-bit encryption process by the TLS protocol (“Transport Layer Security”), through which an encrypted connection is created between the User/Client’s browser and our servers. Thus, the transmission of confidential personal information entered by the Client and/or User in We Innov forms is encrypted.
- Right of access by the holder of personal data
7.1. The data subject shall have the right, upon express request, to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed and, where appropriate, the right of access to his or her personal data and to the following information:
- The purposes of data processing;
- The categories of personal data concerned;
- The recipients or categories of recipients to whom the personal data have been or will be disclosed, recipients established in third countries or belonging to international organisations;
- If possible, the planned storage period for personal data, or, if not, the criteria used to set that period;
- The existence of the right to ask the controller to correct, delete or limit the processing of personal data regarding the data subject, or the right to object to such processing;
- The right to lodge a complaint with a supervisory authority;
- If the data have not been collected from the holder, the information available on the origin of that data;
- The existence of automated decisions, including profiling and, at least in such cases, useful information concerning the underlying rationale as well as the importance and expected consequences of such processing for the data subject.
7.2. When personal data are transferred to a third country or an international organisation, the data subject shall have the right to be informed of the adequate safeguards.
7.3. When requested by the Client and/or User, the controller provides a copy of the personal data being processed.
7.4. If the data subject submits the application by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic format.
- Rectification and erasure
8.1. The data subject shall have the right to obtain without undue delay from the controller the rectification of inaccurate personal data relating to him/her. In view of the purposes of the processing, the data subject is entitled to have his incomplete personal data supplemented, including by means of an additional declaration.
8.2. The data subject also has the right to obtain from the controller the erasure of his personal data without undue delay, and he is obliged to erase the personal data without undue delay where one of the following reasons applies:
- The personal data are no longer necessary for the purpose for which they were collected or processed;
- Where the lawfulness of the processing is based on consent, the data subject withdraws it, and there is no other legal basis for the processing;
- The data subject opposes the processing in accordance with the law, and there are no overriding legitimate interests justifying the processing;
- Personal data has been processed unlawfully;
- Personal data must be erased in order to comply with a legal obligation under the law of the European Union or of a Member State to which the controller is subject;
- Personal data has been collected in the context of provision of the information society services to children.
8.3. When the controller has made public the personal data and is required to erase them as described above, he or she shall take reasonable steps, including technical steps, taking account of the available technology and the cost of implementing it, to inform the actual controllers of the personal data that the data subject has asked them to erase the links to such personal data as well as copies or reproductions.
8.4. The provisions of this Privacy and Data Protection Policy shall not apply to the extent that processing proves necessary:
- The exercise of freedom of expression and information;
- Compliance with a legal obligation to process provided for by the law of the European Union or of a Member State to which the controller is subject, to carry out a task carried out in the public interest or to exercise the public authority vested in the controller;
- On grounds of public interest in the field of public health as defined by law;
- For the purposes of archiving in the public interest, for scientific or historical research or for statistical purposes, in accordance with the law, insofar as such a right would make it impossible or seriously undermine the attainment of the purposes of such processing;
- For the purpose of asserting, exercising or defending a right in judicial proceedings.
8.5. The controller shall notify each recipient to whom personal data have been disclosed of any rectification or erasure of personal data or of any limitation on their processing unless such notification proves impossible or involves a disproportionate effort. If the data subject so requests, the controller shall provide him or her with information concerning those recipients.
- Right to limitation of processing
9.1. The data subject has the right to obtain from the controller the limitation of the processing if one of the following situations applies:
- Contest the accuracy of the personal data for a period enabling the controller to verify their accuracy;
- The processing is unlawful, and the data subject opposes the erasure of the personal data and requests instead the limitation of their use;
- The controller no longer needs the personal data for the purposes of processing, but they are required by the data subject for the purposes of declaration, exercise or defence of a right in legal proceedings;
- If it has objected to the processing in accordance with the law, until it is established that the data controller’s legitimate grounds prevail over those of the data subject.
9.2. Where processing has been restricted as described, personal data may, with the exception of storage, only be processed with the consent of the data subject, or for the purposes of asserting, exercising or defending the rights of another individual or legal person, or on substantial grounds in the public interest of the European Union or of a Member State.
9.3 The rightholder who has obtained the limitation of processing as referred to above shall be informed by the controller before the limitation to such processing is lifted.
- Right of portability of personal data
10.1 The data subject shall have the right to receive personal data concerning him/her which he/she has supplied to a controller in a structured, commonly used and automatically readable form and the right to pass such data on to another controller without the controller to whom the personal data have been supplied being able to prevent it, if the processing is based on the consent given or on a contract and if the processing is carried out by automated means.
10.2. In exercising his right to data portability in accordance with these terms, the data subject shall have the right to have personal data transmitted directly between the controllers where this is technically possible.
10.3. The exercise of the right to data portability applies without prejudice to the right to delete data (‘right to forget’).
10.4. This right does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
10.5. The right to data portability is without prejudice to the rights and freedoms of third parties.
- Right to object
11.1. The data subject has the right to object at any time on grounds relating to his particular situation to the processing of personal data relating to him for which the consent given is a legal basis, including the definition of profiles on the basis of those provisions.
11.2. The controller shall cease the processing of personal data unless he gives overriding and legitimate reasons for the processing which take precedence over the interests, rights and freedoms of the data subject or for the purposes of asserting, exercising or defending a right in judicial proceedings.
11.3. Where personal data are processed for the purposes of direct marketing, the data subject shall have the right to object at any time to the processing of personal data relating to him for the purposes of such marketing.
11.4. Where the data subject objects to the processing for the purposes of direct marketing, the personal data are no longer processed for that purpose.
- Changes to privacy and data protection policy
12.1. We Innov reserves the right to change this privacy and data protection policy in accordance with any technological or legal changes or the needs of its Users/Clients. Should there be any change to this privacy and data protection policy, We Innov will communicate it to its users/clients by posting it on the We Innov website and/or by email notification, should such changes consist of significant and relevant changes, with an impact on the interests of We Innov’s users/clients.
Any questions regarding this privacy and data protection policy may be directed to We Innov through one of the following contact channels:
Address: Zona Industrial – Fase III – Lotes 12/13, 8700-281 Olhão, PORTUGAL
- Period of retention of personal data
Personal data will only be kept for the time strictly necessary for the purposes for which it was processed, and best described in this privacy and data protection policy. Since in this case the transmission of personal data is based on a contractual basis, the reference storage period will correspond to the limitation period of contractual obligations. Nevertheless, data may be retained for a longer period, if necessary or permitted by law.
- Applicable law
This privacy and personal data protection policy fully complies with the provisions of the National Data Protection Act, Law No. 59/19 of 8th August, as well as the General Data Protection Regulation – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016, and shall be interpreted and integrated, and any loopholes filled and integrated in accordance with the provisions of those acts.
- Links to third party websites
- Data Monitoring
- Log Files
We Innov will automatically collect information that will be stored in log files. This information may include IP addresses (internet protocol), browser types, internet service provider (ISP), referring/exit pages, operating systems, date/time, and/or click control. In order to improve We Innov’s services and to improve data analysis and marketing as well as to improve the functionality of the website, this information collected in connection with log information may be combined with other personal information that is collected about the User/Client.
- Behavioural Advertising / Redirection
Any third-party website with an electronic link to or from the We Innov Website is not under the control of We Innov and We Innov is not responsible for any of the content referred to on the websites. We Innov provides you with some links solely for your convenience, and the inclusion of any link on the Website does not imply acceptance and support by We Innov of the content of such third party website, nor does it represent any relationship between We Innov and the owner of the website to which it may access.