The group Mainside, S.A., hereinafter referred to as Mainside, is aware of the implications and its responsibility to comply with the changes made regarding the protection of personal data, in particular with the execution of the General Data Protection Regulation, adopted by Regulation (EU) No. 2016/679 of 26 April 2016 – applicable as of 25 May 2018 – and Law No. 58/2019 of August 8.
Mainside, thus, undertakes to ensure the protection of all personal data made available to it, assuming security measures – technical and organizational – adopted in order to protect personal data against any form of unlawful treatment.
Mainside also makes a commitment to continuously improve the set of procedures and techniques implemented so far for the protection of personal data, counting on with all the suggestions that users of this website may shall make as well. These Privacy Terms and Conditions apply exclusively to the processing of personal data collected by Mainside through its website or through commercial and promotional activities.
1. Data Collection and Processing
Personal data is requested when the user requests a contact and/or newsletter submission.
Personal data is collected exclusively for the following purposes:
Response to a contact request;
Improvement or customization of our services;
Sending newsletters and other promotional actions. Customers can unsubscribe from the newsletter service by email by clicking on the newsletter link we send by email.
2. Personal Data Collected
Depending on how you contact us (online, and/or in person), we collect various types of information about you, as described below:
Personal contact information: this includes information that you provide to us and allows us to contact you, such as your name, email address, phone and mobile phone numbers.
Website/communications usage information: When browsing and interacting with our websites or newsletters, we use automatic data collection technologies to collect certain information about your activity. This includes information such as the links you click, the pages or content you view, and for how long, as well as other similar information and statistics about your interactions, such as content response times, download errors, and duration of your visits to certain pages. This information is captured through automated technologies such as cookies (browser cookies, flash cookies), and is also collected through third-party tracking services (such as Double Click, Google Analytics, Adobe Dynamic Tag Management and/or Omniture). If you do not wish, you may oppose the use of such technologies.
3. Subcontracted Entities
These subcontracted entities may not transmit your data to other entities without Mainside having previously and in written given authorization for this and is prevented from hiring other entities without Mainside’s prior authorization.
Mainside is committed to subcontracting only entities that offer maximum security in the execution of appropriate technical and organizational measures in order to ensure the defense of the User’s rights.
After the collection of personal data, Mainside provides the User with information about the categories of subcontracted entities that, in the present case, may carry out data processing on its behalf.
4. General Principles Applicable to the Processing of User Data
In terms of general principles relating to the processing of personal data, Mainside undertakes to ensure that the User Data by itself processed are:
Subject to treatment in accordance with the law, loyal and transparent in relation to the User;
Collected for certain objectives and legitimate purposes and are not subsequently treated in a contrary way;
Appropriate, justified and limited to what is necessary and for the purposes for which they are dealt with;
Accurate and up-to-date when necessary, providing all necessary measures to make sure that inaccurate data, taking into account the purposes for which they are processed, are erased or corrected without delay;
Retained in a way that allows the identification of the User only during the period necessary for the purposes for which the data is processed;
Treated in a manner that ensures their safety, including protection against their unauthorized or illegal treatment and against their loss, destruction or unforeseen damage, by adopting appropriate technical or/and organizational measures.
Data processing carried out by Mainside is allowed and legal when at least one of the following situations occurs:
You have given without any doubt your consent for the processing of your data for one or more specific purposes;
Data processing is necessary for the implementation of a contract in which the User is a party, or for pre-contractual procedures at the request of the User;
Data processing is necessary for compliance with a legal obligation to which Mainside is subject;
Data processing is necessary for the defense of fundamental interests of the User or another individual person;
The processing is necessary for the purposes of the legal interests pursued by Mainside or by third parties (unless the interests or fundamental rights and freedoms of the User are prevailing, thus requiring the protection of personal data).
Mainside undertakes to ensure that the processing of User Data is only done under the above conditions and with respect to the above principles.
When the processing of User Data is carried out by Mainside based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent, however, does not compromise the legality of the treatment carried out by Mainside, based on the consent previously given by the User.
5. Conservation Period
The period of time during which the data is stored and conserved varies according to the purpose for which the information is handled.
In fact, there are legal requirements that require us to retain the data for a minimum period of time. Thus, and whenever there is no specific legal obligation, the data will be stored and retained only for the minimum period necessary for the purposes that motivated its collection or subsequent treatment and, in its culmination, they will be deleted.
6. Data Security
6.1. Technical, Organizational and Safety Measures Implemented
To ensure the safety of User Data and maximum confidentiality, Mainside treats the information you have provided to us in an absolutely confidential manner, in accordance with its internal security and confidentiality policies and procedures, which are updated periodically according to the needs, as well as with the terms and conditions legally provided for.
Depending on the nature, scope, context and purposes of data processing, as well as the risks arising from the compliance with the Rights and Freedoms of the User, Mainside undertakes to apply, both at the time of setting the means of treatment as at the time of treatment itself, the necessary and appropriate technical and organizational measures to the protection of User Data and the compliance with legal impositions.
It also undertakes to ensure that, by default, only the data that are necessary for each specific purpose of the treatment are processed and that such data are not made available without human intervention to an unspecified number of persons.
Communication between your device and Mainside’s website is done through secure channels and communications that use the HTTPS protocol and the SSL security standard.
Nevertheless, in terms of general measures, Mainside adopts the following:
Regular audits to identify the competence of the technical and organizational measures implemented;
Awareness and training of personnel involved in data processing operations;
Pseudonymization and coding of personal data;
Mechanisms capable of ensuring the permanent confidentiality, availability and resilience of information systems;
Mechanisms that ensure a quick restoration of the information systems and access to personal data in the event of a physical or technical incident.
6.2. Sharing Personal Data
In the course of its activity, Mainside may use third parties to provide certain services.
Sometimes the delivery of these services implies the access by these entities to our Customers’ personal data, whereby Mainside shall be responsible for the personal data it makes available.
When this happens, appropriate measures are taken to ensure that the entities with access to the data are trustable and offer the highest guarantees security wise, which will be duly enshrined and safeguarded in a contract to be signed between the two parts.
Thus, any entity subcontracted shall have the obligation to take the necessary technical and organizational measures in order to protect personal data against accidental or unlawful destruction, accidental loss, alteration, dissemination or unauthorized access and against any other form of unlawful treatment.
7. User Rights (Data Subjects)
7.1. Information provided to the User (when the data is collected directly from the User):
Mainside’s identity and contacts, as responsible for the treatment;
The purposes of the processing for which personal data are intended, as well as, when applicable, the legal reasons for processing;
If data processing is based on Mainside’s legitimate interests;
If applicable, the recipients or categories of recipients of personal data;
Period of retention of personal data;
The right to request Mainside for permission to personal data, as well as its correction, deletion or limitation, the right to oppose the processing and the right to access the data;
If the data processing is based on the user’s consent, the right to withdraw it at any time, without compromising the legality of the processing carried out on the basis of the consent previously given;
The right to lodge a complaint with the CNPD (National Commission for Data Protection) or another supervisory authority;
Indication whether the communication of personal data constitutes a legal or contractual obligation, or a necessary requirement to enter into a contract, as well as whether the data subject is obliged to provide personal data and the consequences of not providing such data;
When applicable, the existence of automatic decisions, including profiling, and information relating to the basic concept, as well as the importance and consequences of such processing for the data subject.
In the event that user data is not collected directly by Mainside with the User, in addition to the information referred to above, the User is also informed about the categories of personal data subject to processing and, as well, about the origin of the data and, if they are from publicly accessible sources.
7.2. Procedures and Measures implemented in order to comply with the right to information
The information referred to in 8.1. is provided in written (including by electronic means) by Mainside to the User prior to the processing of personal data concerned. Under applicable law, Mainside is not obliged to provide the User with the information mentioned in 8.1 when (and to the extent that) you are already aware of it.
Upon request, Mainside will provide the User, free of charge, with a copy of the User’s Data that is in the process. The provision of other copies requested by the User may incur administrative costs.
7.3. Right of Access to Personal Data
Mainside guarantees the means that allow the User to consult his Personal Data. You have the right to obtain from Mainside the confirmation that the personal data concerning you is or is not subject to processing and, when appropriate, the right to access your personal data and the following information:
The purposes of data processing;
The categories of personal data in question;
The recipients or recipients’ categories to whom personal data have been or will be disclosed, in particular, recipients established in third countries or belonging to international organizations;
The retention period of personal data;
Right to request Mainside to correct, delete or limit the processing of personal data, or the right to prevent such processing;
Right to lodge a complaint with the CNPD (National Data Protection Commission) or another supervisory authority;
If the data has not been collected from you, the information available about the origin of that data;
The existence of automated decisions, including profiling, and information relating to the underlying logic, as well as the importance and consequences of such processing for the data subject;
Right to be informed of the appropriate guarantees associated with the transfer of data to third countries or international organizations.
Upon request, Mainside will provide the User, free of charge, with a copy of the User’s Data that is in the process. The provision of other copies requested by the User may incur administrative costs.
7.4. Right of Rectification of Personal Data
You have the right to request, at any time, a rectification of your Personal Data and, as well, the right to have your incomplete personal data completed, including by means of an additional statement.
In the event of rectification of the data, Mainside shall communicate to each recipient to whom the data has been transmitted its rectification, unless such communication is deemed impossible or involves a disproportionate effort for Mainside.
7.5. Right of Destruction of Personal Data (“Right to Be Forgotten”)
You have the right to obtain, by Mainside, the deletion of your data when one of the following reasons is applied:
User Data are no longer necessary for the purpose that motivated its collection or treatment;
The User withdraws consent on which the processing of the data is based and there is no other legal basis for such processing;
The User opposes treatment under the right of opposition and there are no prevailing legitimate interests justifying the treatment;
If your Data is treated illegally;
If your Data must be deleted to comply with a legal obligation to which Mainside is subject;
Under applicable legal terms, Mainside is not obliged to delete User Data to the extent that the processing proves necessary to comply with a legal obligation to which Mainside is subject or for the purpose of the declaration, exercise or defense of Mainside’s right in court proceedings.
In the event of the destruction of the data, Mainside shall communicate to each recipient/entity to whom the data has been transmitted, unless such communication proves impossible or involves a disproportionate effort for Mainside.
If Mainside has made public user data and is obliged to delete it under the right of such deletion, Mainside undertakes to ensure reasonable, including technical, measures, taking into account the technology available and the costs of its application, to inform those responsible for the effective processing of personal data that the User requested them to erase the links to such personal data, as well as copies or reproductions thereof.
7.6. Right of Limitation of the Processing of Personal Data
The User has the right to obtain, by Mainside, the limitation of the processing of user data, if one of the following situations is applied (the limitation is to insert a mark into the personal data stored in order to limit its processing in the future):
If you dispute the accuracy of personal data for a period allowing Mainside to verify its accuracy;
If the processing is unlawful and the User opposes the deletion of the data, requesting, on the other hand, the limitation of its use;
If Mainside no longer needs User Data for processing purposes, but such data is required by the User for the purpose of declaring, exercising or defending a right in a judicial process;
If the User has opposed the treatment, until it is found that Mainside’s legitimate reasons prevail over those of the User.
When User’s Data is restricted, they may only, with the exception of conservation, be treated with the user’s consent or for the purpose of declaring, exercising or defending a right in a judicial process, defending the rights of another natural or legal person, or for reasons of legally provided public interest.
The User who has obtained the limitation of the processing of his/her data in the above cases will be informed by Mainside before the limitation to treatment is voided.
In the event of limitation of data processing, Mainside shall communicate each recipient to whom the data has been transmitted to its limitation, unless this communication proves impossible or involves a disproportionate effort for Mainside.
7.7. Right of Portability of Personal Data
You have the right to receive the personal data concerning you and who has provided Mainside in a structured, current and automatic reading format, and the right to transmit such data to another data processer if:
Treatment is based on consent or a contract to which the User is a party;
Treatment is carried out by automated means.
The right of portability does not include inferred data or data derived, i.e., personal data that is generated by Mainside as a consequence or result of the analysis of the data subject to processing.
You have the right to have your personal data transmitted directly among those responsible for the processing, when technically possible.
7.8. Right of Objection of Processing
You have the right to object at any time, for reasons relating to your particular situation, to the processing of personal data concerning you founded on the exercise of legitimate interests pursued by Mainside or when the processing is carried out for purposes other than those for which personal data has been collected, including profiling, or when personal data is processed for statistical purposes.
Mainside will terminate the processing of user data, unless it presents urgent and legitimate reasons for such processing that prevail over the interests, rights and freedoms of the User, or for the purpose of the declaration, exercise or defense of a Mainside’s right in court proceedings.
When Your Data is processed for the purposes of direct marketing, you have the right to oppose at any time the processing of the data concerning you for the purposes of such marketing, which covers profiling, to the extent that it is related to direct marketing. If you object to the processing of your data for the purposes of direct marketing, Mainside terminates the processing of the data for that purpose.
You also have the right to not to be subject to any decision taken solely on the basis of automated processing, including profiling, which takes effect on your legal sphere or which affects you significantly in a similar manner, unless if the decision:
It is necessary for the conclusion or execution of a contract between you and Mainside;
It is authorized by legislation to which Mainside is subject or
It is based on your explicit consent.
Please note that you have the right to lodge any complaint with the supervisory authority – National Data Protection Commission (CNPD) through the following contacts: Tel. +351213928400, Fax. +351213976832; email: email@example.com.
8. Link to Partner’s Sites
Mainside can contain links to third-party/partner sites. The sites referred to are not under Mainside’s control and are, therefore, not responsible for the content of any of these sites. Users of Mainside’s website are recommended to consult pages that, within these sites, refer to their privacy policies.
When you visit our website, a small text file (Cookie) is created and recorded in your computer’s disk, and as a result, when browsing the website, you are accepting the installation of this text file on your device. This file will allow you greater ease and speed in accessing the Site, as well as your customization according to your preferences.
By browsing our Site, you are allowing the collection and storage of small text files called cookies, which contain information and that are downloaded to the Users’ computer or other devices through a server. These text files will permit a more personalized and efficient browsing experience. On each visit to the Site, your internet browser sends these cookies back to the Site, allowing recognition and memorization of users’ identity, as well as their usage preferences.
9.1. What are Cookies?
“Cookies” are small software files that are stored on your device through the browser, retaining your browsing status information, and recording your browsing activity as well. They may also be used to recall information relating to the User that was previously entered on the website.
9.2. What type of Cookies are used?
9.2.1. Cookies necessary to:
Allow navigation on the website;
Take advantage of its features, namely access safe areas and exclusive access content for registered Users.
9.2.2. Functional Cookies to:
Record information about our Users’ options;
Make it possible to customize our Site to their needs, in particular, to memorize the language of origin.
9.2.3. Performance Cookies to:
Monitor how Users individually access our Site and how regularly.
We also, directly or indirectly, use analytical services to measure the effectiveness of our content and user preferences, which allow us to contribute to the optimization of the operation of this Site.
9.2.4. Browser Controls:
The vast majority of browsers allow Users to view cookies hosted as well as delete or block them.
Whenever cookies are deleted, some purposes of the Site may be affected.
If you want to learn more about how Cookies operate, you can consult the AboutCookies.org or Cookiecentral.com.
9.2.5. Cookies Safety:
Since Cookies can be intercepted or changed, the following security actions are taken:
The sensitive information such as passwords or personal data such as the customer’s address or phone number is not stored;
No unsafe requests (HTTP) are sent when cookies are sent to the browser in plain text and may be intercepted.
10. Personal Data Violations
In the event of a data breach and to the extent that such breach is likely to entail a high risk to the rights and freedoms of the User, Mainside undertakes to report the breach of personal data to the User concerned within 72 hours after the incident.
In legal terms, communication to the User is not required in the following cases:
If Mainside has applied appropriate protective measures, both technical and organizational, and such measures have been applied to the personal data affected by the personal data breach, especially measures that make personal data incomprehensible to any person not authorized to access such data, such as encryption;
If Mainside has taken subsequent measures to ensure that the high risk to the rights and freedoms of the User is no longer likely to materialize; or if communication to the User involves a disproportionate effort for Mainside. In this case, Mainside will make a public communication or take a similar measure through which the User will be informed.
11. Final Notes
11.2. Applicable Law
11.3. Changes in the Terms and Conditions Policy