Last updated: October 29, 2024
Privacy and GDPR
Introduction
At Horta da Maria, we value the trust our users and customers place in us when they provide us with access to their personal information. This Privacy Policy describes how we work to maintain that trust and protect that information.
Specifically, this Privacy Policy describes how the personal and non-personal data you provide to Horta da Maria is collected, used, and disclosed when you access or use Codebehind Lda's online and/or mobile services and websites or in connection with such services or websites (collectively, the “Site”).
When you read “we”, “our website”, “Online Store”, “Horta da Maria” in the text, it refers to the company Ateneya Lda, which is responsible for managing this online store.
Horta da Maria is an online store that sells a variety of food-related items.
When you read “users” or “visitors” in the text, this refers only to visitors who are not registered on the website; “Customers” are users who have already registered with the Online Store.
When the text reads "data subject," it refers to the customer's/user's personal data. When the text reads "GDPR," it refers to European data protection law.
About the Data Protection Law
In accordance with the European General Data Protection Regulation (GDPR), which comes into effect on May 25, 2018, and replaces the current data protection directive and law, we provide all of these clarifications. However, we always recommend that users consult their rights in more detail. For more information, please visit the following websites:
https://www.cnpd.pt/bin/rgpd/rgpd.htm
Horta da Maria has updated its privacy policy to make the information provided to its users/customers more transparent, and is committed to complying with and implementing all necessary measures to comply with it.
Horta da Maria does not (and will not) aim to process, sell or exchange personal data, but due to its online activity, it is responsible for the security of such data, for informing its users/customers, and for complying with the new rules in force.
What is considered Personal Data
– first and last name;
– residential address;
– email address, such as [email protected];
– identification card number;
– location data (e.g. the location data function on a mobile phone);
– IP (Internet Protocol) address;
– Cookie ID;
– your phone’s advertising identifier;
– data held by a hospital or doctor, which may be a symbol that uniquely identifies a person;
What is not considered Personal Data
– company registration number;
– email address, such as [email protected];
– anonymous data;
Other changes to the law now include the right to:
Right to portability
The data subject, “customer”, can now request access to the data on our website and this is done upon request.
Horta da Maria has no way to import any data from another website.
Right to be forgotten
The data subject, “customer”, can now request that their personal data be removed.
Horta da Maria will have to inform customers about what data it retains and for what purpose, if requested.
You will also have to create and implement technology that can give users the right to Opt-Out / Opt-In in the transmission of such data (Newsletters / Notifications)
All customers can request that Horta da Maria delete all their customer data. This measure applies only to customers and must be completed within 20 days of the request.
The data to be deleted depends on the customer's use of the Horta da Maria website, i.e., whether they placed orders, made comments, used coupons, etc., and whether they are considered personal data or not (in the case of Companies).
Note: If you have placed orders, all promotions associated with your account will also be deleted.
Note: Invoicing is not done online, but through management software, which, under national law, must maintain invoices. This data includes mandatory information such as Name and Address, and optional information such as Telephone Number and Tax Identification Number (NIF) if provided by the customer.
Right of access
The holder of personal data has the right to obtain confirmation from Horta da Maria as to whether or not data concerning him or her are being processed and, if applicable, to access his or her personal data and access the information provided for by law.
If you require more than one copy of your personal data being processed, Horta da Maria may charge a fee for administrative costs.
Right of Rectification
The holder of personal data has the right to obtain from Horta da Maria, without undue delay, the rectification of inaccurate or incomplete data concerning him/her.
Right to restriction of processing
The data subject has the right to obtain from Horta da Maria the restriction of processing, if, in particular, one of the following situations applies:
a) Contest the accuracy of personal data, for a period that allows Horta da Maria to verify its accuracy;
b) The data processing is lawful and the data subject opposes the erasure of his/her personal data and requests, instead, the limitation of its use;
c) Horta da Maria no longer needs the personal data for processing purposes, but such data is required by the holder for the purposes of declaring, exercising or defending a right in legal proceedings;
d) If you have objected to the processing, until it is verified that the legitimate reasons of the controller prevail over those of the data subject.
Right of opposition
1. In cases where data processing is carried out for the purposes of legitimate interests pursued by Horta da Maria;
2. When data processing is carried out for direct marketing purposes;
3. The data subject may also, at any time, object to the processing of his or her personal data;
Registration Data
Please note that the entire website is encrypted with a Security Certificate, meaning that data sent between the server and the user is secure.
We begin by providing information about the personal data a user provides and which is collected when registering with Horta da Maria:
Required Fields:
– First and Last Name;
- Household;
- City;
– District;
– Postal Code;
- Country;
– Email address;
- Telephone;
– Password (encrypted);
– Privacy Policy Acknowledgment Visa;
Optional Fields:
– Tax Information (Name, NIF);
– Receive Newsletter;
The Mandatory Fields collected on the registration page are intended for sending orders and contacting the customer.
Your data will be kept for this purpose for 2 years of inactivity.
When registering at Horta da Maria, it is now mandatory to indicate that you have read our privacy policy.
This visa is associated with the account created.
The Optional Name / Tax Identification Number fields are for billing purposes.
This data provided to Horta da Maria is limited to internal use and is not shared with any external service, except for email, first name and surname if you choose to subscribe to the newsletter (see Section on data shared with third parties).
Other information collected:
Your IP;
The date of registration on the website / last access to the website;
Your device/browser data;
Why We Need This Data
This data collected by our website is crucial to both its functionality and security. It includes a cookie with the session ID, IP address, and device. It allows the online store to create, determine, and analyze whether a customer:
Used a discount coupon;
Placed Orders;
Contact requests or messages;
Location (IP – allows us to detect intrusions into reserved areas);
Device (Lets us know what type of view to show (smartphone, tablet, computer);
All this data is processed solely by Horta da Maria (Data Controller and Processor) for the operation of the Online Store. It lasts for the duration of the session initiated when you visit the website.
They also allow us to improve website navigation by understanding the type of devices/Operating System/screen resolution, in order to make the website available for viewing on them.
Note: The IP allows us to detect intrusion attempts by IPs to reserved areas of the website, so that we can block them.
Data shared with third-party websites
According to the regulation (GDPR), Horta da Maria has a data controller and if linked to third-party services, these are the actual data processors.
All of these services are reviewing and improving their privacy policies to comply with the GDPR.
Horta da Maria may process your data to send you information about its products and services.
This data processing will only be carried out with your consent, provided when registering your customer account on our website.
If you consent, you will receive marketing communications via email and/or SMS. Horta da Maria may also share your data with third parties that manage social networks, such as Facebook, for the purpose of conducting marketing campaigns through social media.
Consent to the processing of personal data for direct marketing purposes may be revoked at any time.
Your data will be kept for this purpose for 2 years of inactivity.
The Horta da Maria website is linked to services from MailChimp, Google, Facebook, Hipay, Compra Fácil, Paypal, and Stripe, which use their technologies as tools for data analysis or payment gateways.
The Horta da Maria website uses the PayPal platform as a gateway for payments also by Credit Card, to generate references for Multibanco, MB Way and payment by Credit Card we use the platform provided by HiPay.
No personal or sensitive data is sent by Horta da Maria to the PayPal, Hipay or Stripe payment platforms.
Payment is made outside the Horta da Maria website, on a secure platform duly accredited for this purpose.
Google Analytics
We're connected to Google services. Horta da Maria's website doesn't track tags like User ID or Emails. That is, we don't provide this data to any data processor (except at the user/customer's discretion in newsletters). To some extent, it provides anonymity, but according to the GDPR, this is no longer true, as IP addresses are now considered personal data.
As such, we have implemented a Cookie configuration that leaves it up to the Customer/Visitor to decide whether or not to accept them, as well as the option to revoke that decision at any time.
The information we have access to from these services includes data such as:
– Demographic data;
– Interests;
– Geographic Data;
This data is collected, whether from visitors or customers, who, for example, use Google services.
However, Horta da Maria doesn't use tracking tools like User IDs or other tags, such as email addresses, that would allow for a more in-depth analysis of user data. Therefore, there's no direct connection, nor do we have access to specific information, between a customer (their name or email address) and the data we obtain from Google. Instead, we have a more abstract data relationship via IP address: for example, whether our website visitors are predominantly male or female.
This data is important for any e-commerce website.
They allow data analysis for both promotional purposes in advertising campaigns, i.e., advertising our products to those interested in food, but also for the simple maintenance and improvement of the website itself, making it clear whether a particular page is slow, if images are missing, which pages are most visited, etc.
Cookies
See our Cookie Policy
We recommend clearing your cookies and configuring them.
When browsing the Horta da Maria website, you must consent or not to the use of these cookies, which presupposes acceptance of this Privacy Agreement.
Horta da Maria reserves the right to change this agreement without prior notice, and is obliged to notify its customers of any changes made.
Customer Communication
At Horta da Maria, communication with customers is preferably done by email, using the online store's email addresses.
Exchanged emails are saved until the matter in question is concluded and then deleted, both from the server and from email clients.
If you provide a telephone number, we may use this information to contact you more quickly, for example, if an ordered product is out of stock, to activate or help you complete payment for the product, or to expedite the shipping of your order.
Customer Notifications
We may send you emails with non-promotional content, such as new website features, changes to the privacy policy, changes to order status, abandoned cart reminders, and other promotional campaigns related to abandoned carts.
Data Controller and Personal Data Protection Officer
Our organizational structure includes a Personal Data Protection Officer (DPO) who will be available to provide you with any information regarding the processing of your personal data by Horta da Maria, including a list of our personal data protection subcontractors. You can contact the DPO by sending an email to [email protected], with the subject line DPO.
The computerized processing of data collected by Horta da Maria is carried out in compliance with Law No. 67/98 of October 26 (Personal Data Protection Law), and authorized by the National Data Protection Commission.
For any further questions or clarifications, please contact: [email protected]
