We ensure compliance with the obligations arising from Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter “GDPR”), Law No. 58/2019 of 8 August (Personal Data Protection Law) and other applicable legislation on personal data protection.
Respect for your privacy, the protection of your personal data and compliance with the applicable legal obligations in this matter is a priority for us, which is why we undertake to only process your personal data that is strictly necessary to provide you with the best service, ensuring respect for your privacy, transparency in information and application of the best practices in the field of security and protection of personal data.
Whenever your personal data is processed by contracted entities, we will require them to present the same level of security and privacy guarantee in personal data protection matters.
The Data Controller for the personal data of Users is Campante & Abreu, Lda., with headquarters at Rua Sá da Bandeira, n.º 706, 3rd Floor, 4000-432 Porto, with a share capital of € 1,000.00, registered in the Commercial Registry Office of Porto under the unique registration number and tax identification number 516 298 801.
If you need to contact us, you can do so via the following email: firstname.lastname@example.org.
In this context, the processing of your personal data has the following purposes, legal bases, and retention periods:
The computer systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.
This data (such as, for example, domain names, IP addresses, operating systems used, type of device, and browser used for connection) is not accompanied by any additional personal information and is used to: i) obtain anonymous statistical information about the use of the site; ii) manage the control requirements of the methods of use of the site, iii) determine responsibility in case of hypothetical computer crimes.
The processing of this personal data is necessary to allow the correct use of the website, based on the performance of a contract governed by the Terms and Conditions, and in the absence of these, by the general principles of law.
Creating an online account is optional. You can make purchases or browse our website without the obligation to create an account.
If you create an online account, the processing of your personal data is necessary for you to enjoy the features of your account, namely, making remote purchases and accessing your purchase history. The processing of personal data is based on your consent.
Your personal data, including login data, will be retained until you request deletion.
Whenever you make a purchase, we will need to process personal data to manage and distribute it. The processing of personal data is based on the performance of a contract governed by the Terms and Conditions, and in the absence of these, by the general principles of law or pre-contractual measures at the request of the data subject.
Your data will be retained for up to 2 (two) years after the end of the contract.
The personal data provided by the user through the form is collected and processed for the periodic sending, by email, of newsletters and advertising material; and to receive updates about our activities and reports on the publication of our articles on the blog.
The processing of personal data is based on the user’s consent at the time of subscribing to Campante’s electronic communications.
At any time, you may withdraw your consent by opting out, available in the newsletters you receive by email, at which point Campante will no longer retain your personal data for this purpose.
Contact Management, Complaints:
The processing of this data is necessary to receive, analyze, follow up, and respond to requests for information and/or complaints. This processing is based on Campante’s legitimate interest in properly addressing your requests and complying with legal obligations.
Your data will be retained for up to 1 (one) year after the last contact interaction in the case of information requests and for a period of 3 (three) years for complaint management.
The data is retained only for the time strictly necessary for the management and fulfillment of the purposes for which it is collected, in accordance with current regulations and legal obligations. In any case, Campante adopts procedures that prevent data from being retained indefinitely, limiting the retention period in accordance with the principle of data minimization and limitation of retention. At the end of the defined retention period, we undertake to delete, destroy, or anonymize your personal data, except for data that we are legally required to retain for a longer period.
In the context of the stated purposes, we only process the data strictly necessary for their pursuit, namely:
– Personal identification and contact data (e.g. full name, email, phone, address); and/or
– Billing data (e.g. address, tax identification number);
– Traffic data (through Cookies).
Campante does not process sensitive categories of data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data to uniquely identify a person, data concerning health or data concerning a person’s sex life or sexual orientation.
The processing of the collected data is carried out by internal employees designated for this purpose and authorized to process the data in accordance with specific instructions given in compliance with current legislation.
In certain cases, we may disclose your personal data, to third-party entities that provide us with services (“Subcontractors”), strictly necessary for the purposes mentioned above, under service contracts entered into with them.
If your personal data needs to be shared with service providers located outside the European Union, we ensure that your personal data benefits from a high level of protection under applicable data protection laws, promoting the transfer under a decision of adequacy from the European Commission or data protection standard contractual clauses (or similar) approved by the European Commission.
Your data may also be communicated to authorities when the transmission is carried out in the context of fulfilling a legal obligation, a decision of the National Data Protection Commission (“CNPD”), another relevant supervisory authority, and/or to comply with a court order.
Under no circumstances will Campante process personal data of Users for purposes not provided for in this Policy and/or without a lawful basis supporting its processing, in accordance with applicable law.
In accordance with applicable legislation, the User, as the data subject, may at any time exercise their right to access, rectify, erase their personal data, restrict processing, data portability, object and not to be subject to automated decisions, as applicable.
In cases where the User has given consent to certain processing of their personal data, they may withdraw it at any time.
To exercise any of these rights, the User must make a request through the following email:
Without prejudice to any other administrative or judicial remedy, the User may also file a complaint with the CNPD (www.cnpd.pt) if they believe that the processing of their personal data by us violates the current legal framework.
We have a variety of information security measures, aligned with the best national and international practices, in order to protect your personal data, including technological controls, administrative, technical, physical measures, and procedures that ensure the protection of your personal data, preventing its improper use, unauthorized access to data, disclosure, loss, improper or inadvertent alteration, or destruction.
In terms of information security, we are committed to continuous improvement, as we do in our daily activities.
Among others, we highlight the following measures:
– Restricted access to your personal data;
– Storage and transmission of your personal data in a secure manner;
– Protection of information systems through devices that prevent unauthorized access to your personal data;
– Implementation of mechanisms that ensure the safeguarding of the integrity and quality of your personal data;
– Permanent monitoring of information systems, with the objective of preventing, detecting, and preventing the improper use of your personal data;
– Protection of storage, processing, and communication equipment for personal data, to prevent loss of availability.
However, it is the responsibility of the Users to ensure that the devices and equipment used to access this website are adequately protected against harmful software, computer viruses, and worms.
We may provide hyperlinks to other websites of interest, social networks, and others.
The User acknowledges that by accessing other websites through the provided hyperlinks, the entities managing those websites may collect information about them. We recommend that the User carefully review all information and conditions prior to accessing other websites.
Last updated: 03/08/2023.