In compliance with current regulations on the protection of personal data, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), Law No. 58/2019, of 8 August, which ensures its implementation, in the national legal system regarding the protection of natural persons with regard to the personal data processing and the free movement of such data, we communicate the Personal Data Protection Policy of SOGEVINUS FINE WINES, S.A.
1. Who is Responsible for the Personal Data Processing?
The person responsible for the processing is SOGEVINUS FINE WINES, S.A. (“SOGEVINUS”), with legal person number 500000026 and with registered office at Avenida Diogo Leite n.º 344, 4400-111 Vila Nova de Gaia, Portugal.
SOGEVINUS has a Personal Data Protection Officer, formally appointed and the respective communication channel: firstname.lastname@example.org
2. What is the origin of personal data and what personal data is processed?
2.1 Website users:
A. Data directly provided by the user
Browsing our website does not require prior registration. However, when you visit our website, our web servers, by default, store information such as the IP address and domain from which access is obtained, the date and time of the visit, etc.
On the other hand, some features of our website need to provide additional information through the respective form (e.g., to request customized information about the products offered or to make inquiries about the Uva Wine Shop or its products). If the data protection policy of the aforementioned services differs from the website’s general data protection policy, you shall be informed in advance.
b. Data indirectly provided by the user
When you browse, different cookies may be installed on your device in accordance with the provisions of our Cookies Policy.
2.2 SOGEVINUS customers:
The customers provide the data themselves within the scope of the formalization and performance of contractual relationships with SOGEVINUS.
a. Data provided by the customers themselves: Identification data (name, citizen card, address, telephone number and e-mail and economic and financial data.
b. Data generated about the customer from the management, development, and maintenance of contractual relationships with SOGEVINUS.
3. Why do we process personal data and what is its legitimacy?
Next, we inform about the different types of personal data processing for which SOGEVINUS is responsible, based on the legitimacy and purpose of each of them.
3.1 Processing required for browsing the website.
Personal data is only used to allow browsing our website and, in case of acceptance of our Cookies Policy, for browsing analysis and behavioural advertising purposes.
3.2 Processing required for the performance of your contractual relationships with SOGEVINUS.
In order to perform the contractual relationships that you establish with SOGEVINUS and, in order to be able to provide you with the services and products that are the object of these relationships, we shall process your personal data for the formalization, maintenance and fulfilment of your contractual relationships which include placing online orders and their execution.
3.3 Processing conducted to comply with legal obligations.
Compliance with legal obligations: when processing is required for the fulfilment of a legal obligation. This includes, for example, the communication of data to public (national and community), fiscal or judicial bodies.
3.4 Processing conducted for the legitimate interest of SOGEVINUS.
We process your personal data based on the fulfilment of SOGEVINUS’ legitimate interest and to the extent that your own interests, rights, freedoms, and guarantees are not affected, in order to be able to offer you information about products and services similar to those that may come to be hired. At any time, you may exercise your right to object the aforementioned information being sent, communicating that to the SOGEVINUS Personal Data Protection Officer (email@example.com).
3.5 Processing conducted with your consent.
Exclusively in case we have requested and obtained your consent, we may conduct the following processing of personal data:
3.5.1 Send you advertising information tailored to your profile about products and services from other companies in the SOGEVINUS Economic Group
We shall process your personal data to send you, via regular mail, telephone contact, email or social media, information about products and services of other companies in the SOGEVINUS Economic Group.
3.5.2 Transfer your personal data to companies in the ABANCA Economic Group so that they can offer you advertising information about their products and services.
We shall share your personal data with other companies in the ABANCA Economic Group (Spain and Portugal) in order to offer them advertising information about the products and services they sell at any given time; information that, as a result, the mentioned companies shall send you directly and via email, text messages and other equivalent electronic means of communication.
4. To whom do we communicate the Users data?
In order to fulfil the mentioned purposes, it is necessary to give access to your personal data to third parties that provide us with support in the services we provide and with which we have entered into outsourcing agreements, such as:
- Financial entities,
- Providers and employees of services related to marketing and advertising.
- Providers and employees of hardware, software, and servers maintenance services.
5. Are there any international transfers planned?
SOGEVINUS guarantees the application of technical, organizational, and legal security measures that are appropriate to the level of risk of processing personal data, regardless of the territory to which they are transferred.
Any data communication made with third parties located in countries outside the European Economic Area (EEA) shall be subject to an adequate level of protection that guarantees the security and legitimacy of data processing, in accordance with the provisions of the applicable regulation in force.
For more information on personal data international transfer, the Customer may contact the SOGEVINUS Personal Data Protection Officer via the following email address: firstname.lastname@example.org
6. How long is personal data stored?
6.1 Website users:
Personal data shall be retained exclusively for the period necessary to allow you to browse the website, analyse your browsing (in case of acceptance of the Cookies Policy), follow up on service requests or information that, if applicable, you submit through the website and maintain, develop and control the business relationships that may be established as a result of the mentioned requirements. When they are no longer necessary for the purposes for which they were obtained, and unless you have consented to their retention for a longer period, the data shall be cancelled in accordance with the provisions of the data protection regulation, which involves its blocking, being available only for the fulfilment of possible obligations arising from the data processing during the legal prescription periods (generally, up to 20 years by application of the Civil Code). After the blocking period has elapsed, the data shall be completely removed.
6.2 SOGEVINUS customers:
6.2.1 Processing based on the performance of contractual relationships and for the legitimate interest of SOGEVINUS.
The personal data provided is kept for the period during which the contractual relationship is maintained. If you decide to terminate the contract or it is terminated for another reason, the
personal data shall be immediately and securely blocked by SOGEVINUS, for the purposes of legal, administrative or tax actions, considering the legally established deadlines and shall be deleted as soon as the mentioned deadlines have elapsed.
6.2.2 Processing conducted for the legitimate interest of SOGEVINUS.
The personal data provided is kept for the period during which the contractual relationship is maintained. If you decide to terminate the contract or it is terminated for another reason, the personal data shall be immediately and securely blocked by SOGEVINUS, for the purposes of legal, administrative or tax actions, considering the legally established deadlines and shall be deleted as soon as the mentioned deadlines have elapsed.
6.2.3 Processing conducted with your consent.
The personal data provided are kept as long as your consent is not removed.
7. What are the Users’ rights?
The General Regulation on the Protection of Personal Data confers a set of rights related to the processing of personal data that our services require, and which shall now be listed:
- Right of Access: Know what kind of data we process and the type of processing we perform.
- Right to Rectification: The Users can request the rectification of their data when it is inaccurate
- Right to Data Portability: To be able to obtain a copy in an interoperable format of the data being processed.
- Right to Restrict Processing in the cases defined by law.
- Right to Object in relation to automated decision-making and profiling.
- Right to Erasure: Request data erasure when the processing is no longer necessary.
- Right to Object: Request the end of communications being sent in accordance with the provisions above.
- Right to withdraw consent given previously.
These rights can be exercised in writing by sending to the following address: Avenida Diogo Leite n.º 344, 4400-111 Vila Nova de Gaia, Portugal, or to the e-mail address email@example.com, indicating the right to be exercised.
A set of models is available on the website of the National Commission for Data Protection (CNPD) to help Users exercise their rights. There is also the right to file a complaint with the supervisory authority of the country where you are located (in Portugal, CNPD) when the User considers that there has been a violation of their rights.
8. SECURITY MEASURES
SOGEVINUS makes its best efforts to protect users’ personal data against unauthorized access via the Internet. For this purpose, it uses security systems, rules, and other procedures in order
to guarantee the protection of personal data, as well as to prevent unauthorized access to data, improper use, its disclosure, loss, or destruction. It is, however, the users’ responsibility to guarantee and ensure that the device used to access the Website is properly protected against harmful software, computer viruses and worms. Users should be aware that, without the adoption of adequate security measures (for example, the browser’s safe configuration, updated antivirus software, security barrier software and the no use of software of dubious origin), the risk of personal data and passwords being accessed by unauthorized third parties, is aggravated.
Last change date: 14 February 2022