Privacy Policy

Privacy Policy

This Privacy Policy establishes the commitment of Garoupa INC with Website Users on the protection of their personal data, intending to contribute to strengthening and consolidating the relationship of trust and proximity that it has with them, through clear and transparent communication of what it does with such data and what rights it recognizes to the data subjects, as well as how they can exercise them.

Garoupa INC acts in strict compliance with the principles described in this policy, Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR") and applicable data protection legislation, in all personal data processing activities under its responsibility. The Privacy Policy is framed in the regulatory body of personal data protection of Garoupa INC , which includes standards and procedures for the management of security and privacy of personal data.

General conditions

  1. The Data Controller of the personal data collected and processed in connection with the website, in compliance with the General Regulation on the Protection of Personal Data and the complementary national legislation on the protection of personal data (referred to as the "Regulation"), is Joana Maria Soares de Oliveira da Rosa Garoupa with Tax ID Number 210609630, with its registered office at Rua Sousa Pinto, 11, Lisboa (referred to as the "Controller").

  2. The contact details of the Controller are:

    1. e - mail: geral@garoupainc.com
    2. tel.: +351964006843

What is personal data?

Personal data is any information relating to an individual which identifies that person or makes it identifiable.

Collection of personal data

The Controller will collect your personal data through your filling out the forms on the website, but also through the normal operation of the website and the communication it makes with your equipment, namely, through your browser, the use of cookies, pixel tags and/or other similar technologies.

What are Cookies?

  • Cookies are small information files that help you identify your browser and can store information, for example, User settings and preferences.
  • The Controller will store cookies on your device to personalize and facilitate browsing as much as possible, but also for troubleshooting, statistics, quality assurance, and to monitor system security.
  • With the exception of cookies specifically required for the performance of the website, the storage of other cookies will always depend on the User's acceptance and consent, and this consent may be withdrawn at any time through specific browser tools.
  • To find out more about the cookies we use, please see our Cookies Policy.

What are the purposes and legal basis for processing the personal data we collect?

The personal data that the Controller processes has specific legal basis according to the purposes for which they are intended.

In the following table you can see which foundations and purposes are pursued:

PurposesLegal Basisento
For website management operations.Consent for this specific purpose (cookies); Legitimate interests pursued by Controller.
For commercial purposes, such as data analysis, audits.Consent for this specific purpose (cookies); Legitimate interests pursued by Controller.
For fraud prevention and information systems’ security.Legitimate interests pursued by Controller.
For the adaptation, improvement and modification of services, namely by identifying usage trends or by determining the effectiveness of promotional campaigns.Consent for this specific purpose (cookies); Legitimate interests pursued by Controller.

What personal data we collect?

The personal data that the Controller collects and processes is only that which is necessary and appropriate for the abovementioned purposes.

The Controller will collect and process the following personal data:

PurposesData
For website management operations.Cookies, IP address
For commercial purposes, such as data analysis, audits.Cookies, IP address
For fraud prevention and information systems’ security.Cookies, IP address
For the adaptation, improvement and modification of services, namely by identifying usage trends or by determining the effectiveness of promotional campaigns.Cookies, IP address

Data storage period

Your personal data will be kept for as long as necessary for the purposes for which they are intended, as listed in this Privacy Policy. Thus:

PurposesStorage Period
To analyse and respond to your messages, customer support and inquiries1 year
To keep track of your contact details.1 year
For website management operations.2 years
For commercial purposes, such as data analysis, audits.2 years
For fraud prevention and information systems’ security.2 years
For the adaptation, improvement and modification of services, namely by identifying usage trends or by determining the effectiveness of promotional campaigns.2 years

In the event that the law provides for a specific or mandatory period, the data will be kept for that period. In all other cases, personal data will be kept for a maximum of the times indicated above, periods that the Controller deems as sufficient to fulfill its purposes.

At the end of the conservation period, all collected personal data shall be deleted.

When do we communicate personal data to third parties?

The Controller may use third parties to provide certain services, such as website maintenance, database hosting, technical support, marketing, and they may have access to some of the personal data, namely, the data necessary for the contracted Purposes.

The third parties that process customers' personal data are data processors, hired by the Controller. The services of data processors are essential for the normal operation of the website.

For example, for the purpose of providing website analytics services, the Controller has Google Analytics as a data processor.

The Controller ensures that the entities that have access to the data are credible and offer protection guarantees, never having any data transmitted to them beyond what is necessary to provide the contracted service, remaining, however, the Controller as responsible for the personal data provided.

Data transfers outside the European Union

In the event that data transfers may occur to third countries outside the European Union, the Controller will comply with the legal rules, particularly with regard to the suitability of the destination country in relation to the protection of personal data and requirements, which are applicable to these transfers, not being transferred personal data to jurisdictions that do not offer guarantees of security and protection.

Third Party Websites

The website may contain links to other websites which may collect and process your personal data and, such processing is the exclusive responsibility of the owners of these websites, and the Controller shall not be liable for their policies and/or practices.

Example of such third parties is Facebook, LinkedIn or Instagram, through the buttons that are available on the website.

Minor

The website is not directed to minors under 16 years old, so we request that minors do not provide us with personal information through the website, application, social media and/or emails.

What your rights are and how you can exercise them

Before we explain how you can exercise your rights, you should know what they are. Thus, the law grants you the right to request us to exercise the following rights:

  • Access: the right to obtain confirmation as to whether or not personal data concerning you are being processed and, if so, the right to access your personal data and to request further information as to how we process your personal data;
  • Rectification: the right to obtain the rectification of inaccurate or outdated personal data concerning you and to have incomplete personal data completed;
  • Erasure: the right to obtain the erasure of one's personal data when one of the grounds listed in the legislation applies, in particular when: the data are no longer necessary, the data subject has withdrawn consent, the data subject objects to their processing, the data are unlawfully processed, erasure is necessary in order to comply with a legal obligation, or the data have been collected in connection with the provision of information society services;
  • Restriction of processing: the right to obtain the restriction of processing where one of the situations listed in the law applies, namely where the accuracy of the data is contested, where the processing is unlawful but the data subject opposes their erasure and requests restriction of use, where the controller no longer needs the data but the data are necessary for the establishment, exercise or defence of legal claims or where the data subject has objected to the processing;
  • Objection: the right to object at any time to the processing of personal data concerning you;
  • Portability shall mean the right to receive personal data concerning him/her in a structured, commonly used and machine-readable format.

You also have the right to withdraw or change, at any time, the consent you have given us to process your personal data, in cases where such consent has been requested.

If you request us to delete some or all of your personal data, some of the services requested may not be provided to you and the Controller will retain only the personal data necessary to comply with the legal obligations to which it is bound.

To exercise your personal data protection rights or to ask any questions about the processing of your personal data, please contact the Controller at geral@garoupainc.com.

If you are dissatisfied with how we use your personal data or with our response to your request to exercise your rights, you may file a complaint with the National Commission for Data Protection (CNPD) - https://www.cnpd.pt.

Security of personal data

Your personal data are kept secure by means of various technical and organizational security measures deemed necessary and appropriate for the protection of personal data.

The Controller has taken technical precautions to protect the spaces where data is stored, in particular by protecting computer access with a password, using antivirus software and regularly maintaining the computer. Furthermore, the Controller ensures that only those employees who are entitled to access the personal data, in accordance with the rules created for this purpose, have access to the personal data.

To protect your personal data we only use data center providers who provide us with adequate and documented security measures, including guarantees that your personal data is stored on servers that are maintained in controlled environments with limited access.

Similarly, when browsing the WEBSITE, we protect your data through the use of encryption, such as Transport Layer Security (TLS).

Although we take all necessary precautions we deem appropriate to protect the personal data you provide to us and we collect, one must be aware that no security system is impenetrable.

Final provisions

When submitting a contact request on the website, the customer/user is asked to read the respective privacy notice, which informs him specifically and more clearly about the conditions of collection and processing of his data and enables him to consent to the data processing concerned.

If you consent to these conditions, you must check the applicable checkbox on the order form.

The Controller reserves the right to adjust or change this Privacy Policy at any time, and these changes will be publicized.

These Rules come into force on March 31, 2023.

Last update:  March 31, 2023

Sitemap

Contacts

Social Media