Privacy and Personal Data Protection Policy

 

This Privacy Policy is supplemented by the Terms and Conditions of Use.

  1. Who are we?

In compliance with the General Data Protection  Regulation (Regulation (EU) 2016/679, of the European Parliament and of the Council, of 27/04/2016) and  Law No. 58/2019, of 8/08, which establish new rules on the protection, processing and free movement of Personal Data of Natural Persons, we must inform, first of all,  that the entities that own this website are NBI – Natural Business Intelligence, NIPC 515935239, headquartered at Régia Douro Park 5000 – 033 Andrães, Vila Real, Portugal, contact info@nbi.pt, hereinafter also referred to as NBI, and L.C.S.D – Data CoLAB Association – Collaborative Laboratory for Data-Driven Innovation Services, NIPC 516 540 068, headquartered at Avenida de Cabo Verde, Lote 1, 4900-568 Viana do Castelo, hereinafter also referred to as Data CoLAB.

Both of these Entities (NBI and Data CoLAB) are the owners of the www.nvp.pt and www.app.nvp.pt domains.

  1. Who is responsible for processing your data?

The entities responsible for the Processing of your Personal Data are  NBI – Natural Business Intelligence, NIPC 515935239, headquartered at Régia Douro Park 5000 – 033 Andrães, Vila Real, Portugal, contact info@nbi.pt, hereinafter also referred to as NBI, and L.C.S.D – Data CoLAB Association – Collaborative Laboratory for Data-Driven Innovation Services, NIPC 516 540 068, headquartered at Avenida de Cabo Verde, Lote 1, 4900-568 Viana do Castelo, hereinafter also referred to as Data CoLAB.

  1. Why a privacy policy?

For us, trust and transparency are fundamental pillars in our relationship with customers, which is why we are committed to protecting the privacy and personal data of customers and users of these websites, and why we have prepared and adopted this policy and the practices described herein.

This Policy explains how your Personal Data that is necessary for the provision of services that are available through these websites is collected and processed, describing the practices adopted for this purpose, so we recommend that you read its content in full.

  1. What is Personal Data?

Personal Data is any information relating to a person, which identifies or makes him or her identifiable, regardless of the nature and medium of the information, including the sound and image of the person.

Identifiable means a person who can be identified, directly or indirectly, by reference to an identification number or other elements specific to his or her physical, physiological, psychological, economic, cultural or social identity.

  1. How will we use your Personal Data?

Mindful of protecting the privacy and integrity of registering and processing Personal Data, we enhance physical and digital security measures, ensuring strict compliance with legal requirements.

The processing of Personal Data we undertake serve as an essential tool for User satisfaction and website functionality. This processing adheres to applicable legislation and aligns with best practices.

The Personal Data of users will not be reused for purposes other than those previously identified or without relevance to the original purposes for which they were initially collected.

  1. Applicable Fundamental Principles
  • In the context of processing Personal Data, we undertake to observe the following fundamental principles:
  • Principle of loyalty, lawfulness and transparency: Personal Data will be processed lawfully, fairly and transparently in relation to the data subject;
  • Principle of purpose limitation: Personal Data will be collected for determined, explicit and legitimate purposes, and will not be further processed in a way that is incompatible with those purposes;
  • Principle of data minimization: Personal Data will be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
  • Principle of accuracy: Personal Data will be accurate and updated whenever necessary, and all appropriate measures will be taken to ensure that inaccurate data, taking into account the purposes for which it is processed, is erased or rectified without delay;
  • Principle of storage limitation: Personal Data will be kept in a manner that facilitates the identification of data subjects only for the duration necessary to fulfill the purposes for which the data is processed;
  • Principle of integrity and confidentiality: Personal Data will be processed in a manner that ensures its security, including protection against unauthorized or unlawful processing, as well as safeguarding against accidental loss, destruction, or damage. We will implement suitable technical and organizational measures to ensure the integrity and confidentiality of the data.
  1. How do we collect your Personal Data?

Your Personal Data will be collected via the forms present on the websites, the communication you make with your computer, as explained  below, as well as through e-mail messages you send us.

Your Personal Data is collected via your device as follows:

  • Via your browser;
  • Via cookies;
  • Via pixel tags and other similar technologies;
  • Via your IP address;
  • Via your User data.

We are committed to processing your data in accordance with the law and in a lawful manner.

We will not sell, rent, or share your Personal Data to/with third parties, except as explicitly outlined in this Privacy Policy.

  1. What are the purposes, grounds and retention periods of the data collected?

The Personal Data collected is only that which is necessary and appropriate for its respective purposes.

We process Personal Data based on specific grounds, which vary depending on the intended purposes. The information will be retained for the duration strictly necessary for the respective purposes, as outlined in this Privacy Policy.

For everything that is not duly stipulated in this Policy (“omitted cases”), the provisions of the General Data Protection Regulation (GDPR) – Regulation (EU) no. 679/2016, of 27 April, shall apply.

Your Personal Data will not be repurposed for uses unrelated to the original purposes for which it was collected or not previously identified.

The following table outlines the processing purposes, collected data, corresponding legal bases, and data retention periods or criteria for reference.

Purpose

Foundation

Data Collected

Retention Period

For the fulfilment of contractual obligations or pre-contractual steps at your request (for example, provision of services or others)

Art. 6.º GDPR

For example: full name, email, nationality, telephone number, username and password, usage data.

For the legal period stipulated for this purpose.

As a result of your consent

Art. 6.º GDPR

For example: comercial activity.

For the legal period stipulated for this purpose.

If you have any doubts about the purpose of any data collected that is not properly listed in the table, please contact: info@nvp.pt

Should the law mandate a specific duration different from what is presented in the table above, the legally stipulated period will prevail as the data retention timeframe.

  1. Deletion of data and storage period

In accordance with the GDPR, we only store your personal data for the time strictly necessary to fulfil the purposes indicated in this policy or for the retention period stipulated in the applicable legislation. After the expiry of the aforementioned periods, the personal data will be duly deleted as soon as possible.

At the end of the retention period, all Personal Data collected will be deleted.

In the event of a data breach, we will inform the data subjects and report the incident to the competent authorities in accordance with applicable law.

  1. How do we protect your Personal Data?

We ensure the security of your Personal Data by implementing a range of technical and organizational measures. Access to Users’ Personal Data is restricted to employees who require it, following established rules and based on the necessity for access.

While we implement comprehensive precautions to safeguard Personal Data, it is essential to acknowledge that no security system is entirely impenetrable.

  1. How can you exercise your rights?

You have the right to ask us to exercise the following rights:

  • Access: the right to obtain confirmation as to whether or not the Personal Data concerning you is being processed and, if so, the right to access your Personal Data;
  • Rectification: the right to obtain the rectification of inaccurate Personal Data concerning you and to have your incomplete Personal Data completed;
  • Erasure: the right to have your Personal Data erased when one of the grounds listed in the law applies;
  • Restriction of processing: the right to restrict the processing of your Personal Data if one of the situations listed in the legislation applies;
  • Opposition: the right to object at any time to the processing of Personal Data concerning you;
  • Portability: the right to receive Personal Data concerning you in a structured, commonly used and machine-readable format;
  • Complaint: you also have the right to lodge a complaint with the competent supervisory authority (in Portugal, the National Data Protection Commission in www.cnpd.pt).

To exercise the rights indicated above, you must contact us at the following email address: info@nvp.pt.

If you ask us to delete some or all of your Personal Data, some of the services you have requested may not be provided to you for legal/contractual reasons.

  1. Communication of Data to Third Parties

We may use third parties to provide certain services, in terms of maintenance, technical support, marketing, billing or payment management, and these entities may have access to some Personal Data, namely, the data necessary for the contractual purposes.

We ensure that the entities that have access to the data are credible and offer high guarantees of protection, and that data is never transmitted to them beyond what is necessary for the provision of the contracted service. In this case, we will always be responsible for the Personal Data provided.

  1. Third-Party Websites

This website may contain links to other external websites, which may collect and process your Personal Data. Such processing is the sole responsibility of the owners of these websites.

  1. Transfer of Data Outside the European Union

In the event that data may be transferred to countries outside of the European Union, we will comply with the legal rules. This includes assessing the adequacy of the destination country with regard to the protection of personal data and the requirements that are applicable to these transfers. Personal data will not be transferred to jurisdictions that do not offer guarantees of safety and security.

  1. Sensitive Personal Data

Please do not send or disclose to us any sensitive Personal Data, i.e. information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic information, biometric information, data relating to health or data relating to sex life or sexual orientation.

If you provide or disclose these specific categories of Personal Data, it will be deleted immediately.

  1. Cookies

You can set your browser to refuse all or some cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of these domains may be inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy.

  1. Changes to the Privacy Policy

We reserve the right to edit or change this Privacy Policy at any time, and such changes will be duly publicized.

  1. Our contact details

If you have any questions or concerns regarding this Privacy Policy, please contact us in writing at info@nvp.pt.

 

Last Release Date: November 15, 2023