1. PERSONAL DATA CONTROLLER
As part of the provision of the website hosted at www.winetourism.sogrape.com
(“website”), Grape Ideas – Turismo, Comércio e Serviços, S.A. (“SOGRAPE”), under the fiscal identification number 510434606, with headquarters at Rua 5 de Outubro, n.º 4527, 4430 Avintes, may request the personal data owner ("User") to provide personal data, that is, information provided by the User that allows SOGRAPE to identify and / or contact the subject ("Personal Data"). For the purposes of this Policy, SOGRAPE is the personal data Controller.
3. GENERAL PRINCIPLES APPLICABLE TO PERSONAL DATA PROCESSING ACTIVITIES
In terms of general principles relating to the processing of Personal Data, SOGRAPE undertakes to ensure that the User’s personal data is:
Data processing carried out by SOGRAPE is lawful when at least one of the following situations occurs:
SOGRAPE undertakes to ensure that the processing of User’s personal data is only carried out under the conditions listed above and with respect for the principles above mentioned.
When the processing of the User's data is carried out by SOGRAPE based on the User's consent, the User has the right to withdraw consent at any time. The withdrawal of consent, however, does not compromise the lawfulness of the processing carried out by SOGRAPE based on the consent previously given by the User.
The period of time during which the data is stored and preserved varies according to the purpose for which the information is processed. Effectively, there are legal requirements that require data to be kept for a minimum period. Thus, and whenever there is no specific legal requirement, the data will be stored and preserved only for the minimum period necessary for the purposes that motivated its collection or further processing, after which they will be eliminated. For more information, please refer to the following point.
4. PERSONAL DATA PROCESSING ACTIVITIES
4.1 PERSONAL DATA CATEGORIES
SOGRAPE collects and processes personal data from users (customers and visitors) with a view to pursuing the purposes for which they were collected. Thus, the following data is collected:
4.2. PURPOSES, LAWFULNESS AND RETENTION PERIODS
In general, SOGRAPE uses User data for the following purposes:
Information on new products and services similar to those previously purchased
|Legitimate interest||5 years after data collection|
|Contact management||Data processing to respond to requests made via the contact form available on the website||Consent||6 months after request completion|
|Wine tourism management||Management of the wine tourism purchasing process (visit to SOGRAPE cellars and farms), as well as reservation management, billing and collection to the client and other relational communication||Execution of a contract||
10 years after termination of the contract (tax periods beginning on or after 1 January 2017) / 12 years (previous years)
5. PERSONAL DATA COMMUNICATION
User’s personal data is not shared with third parties without consent, except in the following situations:
5.1. DATA PROCESSORS
These subcontracted entities will not be able to transmit the User's data to other entities without SOGRAPE’s previously written authorization, being also prevented from contracting other entities without prior authorization from SOGRAPE.
SOGRAPE is committed to subcontracting only entities that present sufficient guarantees for the execution of the appropriate technical and organizational measures, in order to ensure the guarantee of the User's rights. All entities subcontracted by SOGRAPE are linked to the latter through a written contract which regulates, namely, the object and duration of the processing, the nature and purpose of the processing, the category and type of personal data, the categories of data owners, security measures adopted and the rights and obligations of the parties.
In the scope of this website, SOGRAPE, relies on the IP Consulting Agency (IP - Consulting - Gil Lobo Unipessoal Lda., with tax identification number 514728809), which is in charge of content management, website promotion and booking operation.
5.2. DATA RECIPIENTS
SOGRAPE, as mentioned above, may also communicate personal data to other third parties not qualified as Processors. When carrying out personal data processing activities, SOGRAPE will only communicate User’s data in situations where this is essential. Thus, the User's data may be communicated to:
6. TECHNICAL, ORGANIZATIONAL AND SECURITY MEASURES
In order to guarantee the security of the User's data and maximum confidentiality, SOGRAPE treats the information that it has provided to us in an absolutely confidential manner, in accordance with the internal security and confidentiality policies and procedures, which are updated periodically according to needs, as well as per the legally provided terms and conditions.
Depending on the nature, scope, context and purposes of processing the data, as well as the risks arising from the processing activities for the rights and freedoms of the User, SOGRAPE undertakes to apply, both when defining the means of processing as in the moment of the processing itself, the technical and organizational measures necessary and adequate to protect the User's data and to comply with legal requirements.
It also undertakes to ensure that, by default, only the data that is necessary for each specific purpose of treatment are processed and that this data is not made available without human intervention to an undetermined number of people.
SOGRAPE adopts the following general measures:
7. INTERNATIONAL TRANSFERS
SOGRAPE does not process data about minors, however if the website visitor is a minor and does not understand any content of this Policy, he / she should ask for support from his legal representatives (parents or legal guardians).
9. COOKIES’ USE
10. USER’S RIGHTS
The User has the following rights:
The User may also revoke his consent, in processing activities dependent on obtaining consent, without such revocation invalidating the processing of the data while the consent is in force.
User’s rights may be exercised through contact with SOGRAPE, through:
The communication must contain the following elements:
SOGRAPE will respond by means of which the User has exercised his right within a maximum period of one month from receipt of the request, except in cases of special complexity, in which this period may be extended up to two months by justification duly substantiated by part of SOGRAPE.
If the requests submitted by the User are manifestly unfounded or excessive, namely due to their repetitive nature, SOGRAPE reserves the right to charge administrative costs or refuse to proceed with the request.
If the User considers that SOGRAPE has not complied with the requirements set out in the GDPR or the applicable national data protection legislation, he / she may also exercise the right of complaint to the Supervisory Authority – Comissão Nacional de Proteção de Dados – through its website.
11. PERSONAL DATA BREACHES
In the event of a data breach and insofar as such breach is likely to imply a risk to the User's rights and freedoms, SOGRAPE undertakes to report the breach of Personal Data to the Supervisory Authority within 72 hours from knowledge of the incident. If the risk is high, SOGRAPE guarantees communication to Users, without undue delay, and by the means it deems necessary, taking into account the necessary mitigation measures.
13. APPLICABLE LAW AND JURISDICTION