- Symington Family Estates Vinhos S.A., as data controller, is fully committed to protecting your privacy and personal data.
- At Symington Family Estates we are aware of our legal duty to protect the personal data that we process, whether from our website users, employees, service providers, suppliers or customers, and we comply and enforce the terms of the General Data Protection Regulation of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR) and the Portuguese data protection legislation, Law 58/2019 of August 8th.
- Only authorized persons use personal data for legitimate purposes
- We understand that the security of your data is a priority that we periodically review according to technological evolution
- We know that the personal data is not ours, but of its data subjects
- We promote good practices in the field of Privacy, Data Protection and Information Security, which we continually review because we understand that we are part of a continuous improvement process of, where it is always possible to do more and better.
III. CONCEPTS AND INFORMATION TO THE DATA SUBJECT
1. What is Personal Data and its processing?
a) For the purposes of this Policy, we follow the definition adopted by the GDPR, i.e. any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
b) Similarly, processing shall mean any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2. How does Symington Family Estates collect your personal information?
a) As part of our activity we collect and process your personal data by various means, including by telephone, in writing and when you contact us in person.
b) The personal data we collect is only the strictly necessary for our activity and the provision of our services. Symington Family Estates may use automated means to collect information about you, the devices you use and your interaction with our website. These automated means include tracking technologies such as cookies and web server logs, which may collect information such as: IP address, device, operating system, domain and the web page address that brought you to our website.
3. What personal data does Symington Family Estates collect?
a) The categories of data we collect for the purpose of providing our services to our clients depend on the purpose for which we are processing them, including the following, as applicable:
- Identification details (e.g. name, civil identification number, date of birth, nationality)
- Contact details (e.g. telephone number, e-mail, address)
- Academic and professional data (e.g. CV, position)
- Data for invoicing (e.g. tax number)
- IP addresses, operating system, access device, language and other information (described above) collected by cookies
- Biometric data (fingerprint)
- Image, both because certain Symington facilities belonging are under video surveillance, so we can capture your image and for use on the intranet and documentation of activities, among others.
b) The personal data we collect are digitally processed and stored in databases, in strict compliance with the applicable data protection legislation and information security best practices.
c) We will only process your personal data in accordance with a specific and legitimate purposes determined at the time of collection and will not further process them in a way incompatible with those purposes, unless it is for the purposes of archiving in the public interest, scientific or historical research or for statistical purposes, in which case under the GDPR this incompatibility does not occur.
d) If we collect and process special categories of personal data (“sensitive data”), such processing shall only be carried out in accordance with the exceptions provided for in Article 9(2) of the GDPR.
e) If we collect and process special categories of personal data (“sensitive data”), such processing shall only be carried out in accordance with the exceptions provided for in Article 9(2) of the GDPR.
f) If personal data is collected from the data subject and the processing of special categories of data (“sensitive data”) is carried out on the basis of his/her consent, we will inform him/her of the right to withdraw the consent provided for in paragraph 2(d) above without, however, compromising the lawfulness of the processing carried out on the basis of the consent previously given.
4. For what purposes does Symington Family Estates process your personal information?
4.1. We process your personal data for the following purposes:
a) To be able to provide services and sell products to our customers
b) To process and manage orders
c) To book visits
d) To respond to request and provide the information
e) To monitor, comply with or evaluate:
f) To manage the contractual relationship, including:
g) To comply with legal obligations to which we are subject
h) For recruitment and selection purposes
i) To ensure access control and the facilities’ security
j) For statistical studies.
4.2. Depending on the circumstances, the processing of your personal data may be undertaken on the following legal basis:
vi. processing is necessary in order to protect the vital interests of the data subject or of another natural person.
4.3. If you wish to withdraw your consent, you can contact us at firstname.lastname@example.org
5. How long does Symington Family Estates keep your personal information?
a) The period for which personal data is stored and retained shall vary according to the purpose for which the information is processed.
b) There are legal obligations that require us to keep the personal data for a minimum period of time, which we will comply with.
c) Where there is no legal retention period, the personal data shall be stored and kept only for the minimum period necessary for the purposes for which they were collected and further processed, after which time they shall be properly disposed of and either destroyed or anonymized.
6. What are your rights as a data subject?
6.1 Under the provisions of the GDPR we guarantee you the exercise of your following rights as a data subject:
a) Right to Access – you have the right to request from us, among others, information regarding whether or not your data is being processed, what data we process and for what purposes.
You may also request a copy of your personal data processed by us. Further copies may be subject to payment of a reasonable fee, taking into account the administrative costs. If the request is submitted in an electronic format, and unless you indicate otherwise, the information will be provided by us in a commonly used electronic format.
b) Right to Rectification – you have the right to have inaccurate personal data concerning you rectified and incomplete data completed, without undue delay.
c) Right to Erasure – also referred to as right to be forgotten – you may request, under certain circumstances, that your personal data be deleted from our records, without undue delay, where any of the reasons set out in the GDPR apply.
d) Right to Object – you have the right to object, on grounds relating to your particular situation, to certain types of data processing determined in the GDPR, such as processing for the purposes of direct marketing, in which case we shall cease processing for that purpose.
e) Right to Portability – you have the right to transfer your personal data that we keep to another organization or to receive it in a structured, commonly used and machine-readable format.
f) Right to Restriction of Processing – the right to obtain the restriction of the processing of your personal data where you wish, for example, to contest the accuracy of your personal data for a period of time that enables us to verify its accuracy, where the processing is unlawful or where you have exercised your right to object.
g) Complaint –the data subject also has the right to lodge a complaint with a supervisory authority. The Portuguese supervisory authority is CNPD (Comissão Nacional da Proteção de Dados.
6.3 After sending your request, you will be sent the Data Subject Rights Exercise Form, which you must fill in and return to us.
6.4 Within 30 (thirty) days you will receive a duly substantiated communication from us.
7. What measures has Symington Family Estates implemented to ensure the security of your personal data?
We’ve implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, which we review and improve periodically, in order to ensure the security and protection of your personal, namely its availability, integrity and confidentiality, as well as measures designed to prevent its loss, misuse, alteration, unauthorized processing or access, and any other form of unlawful processing.
8. Does Symington Family Estates communicate your information to third parties?
8.1. In the course of our business we may engage data processors who process your data on our behalf, which implies access by these entities to such data. Where this is the case, we take appropriate measures, contractually determined, to ensure that these third parties provide sufficient and appropriate guarantees to adopt technical and organizational measures and that they will act only in accordance with our instructions.
8.2 We engage data processors namely to provide the following services: security of the premises, auditing, supply of software and dispatch of orders.
8.3 We may also share your personal data with third parties in strict compliance with legal obligations or when we have obtained your consent to do so.
9. Does Symington Family Estates carry out international transfers of your personal data?
a) We may have to communicate personal data to third countries or international organizations. In this case, we will strictly comply with the applicable legal provisions and submit the transfers to the appropriate mechanisms, depending on the level of protection of personal data guaranteed by the third country or international organization concerned.
b) In particular, when transferring personal data Symington Family Estates shall considered: a) security concerns; b) if the third parties are contractually bound and respect the confidentiality of the data received; c) if they are not using them under any circumstances for purposes other than those for which they were transmitted or for their own benefit or that of a third party.
If you have any questions or concerns about how we collect and process personal data, you can contact us through the following contacts:
Address: Travessa Barão de Forrester 86, Apartado 26, 4431-901 Vila Nova de Gaia
b) After such publication you are bound by the new terms when browsing our website and whenever you contact us.