Privacy policy — Quinta da Lapa

Privacy Policy

1. FRAMEWORK

AGROVIA – SOCIEDADE AGRO-PECUÁRIA S.A., is a company whose purpose is the development of agricultural activity, transformation and commercialization of the respective products, import and export of products and raw materials related to the activity, rental of agricultural and industrial machinery and tourist activity in rural areas, as well as the purchase and sale of properties and resale of those acquired for this purpose, leasing of properties or parts thereof, civil construction, the promotion, commercialization and operation of real estate, tourist and hotel establishments, the development of social support activities for the elderly, with accommodation and operation of a beverage restaurant and events. This company thus has a diversified offer of products and services, assuming the protection of personal data as a key aspect for its activity, present and future, identifying it as a differentiator and generator of business, due to the importance of customer trust, partners and collaborators have in its activity.

1.1. GOALS

This personal data protection policy was developed with the aim of making AGROVIA's customers, partners and employees aware of the principles, rights and obligations to be complied within terms of personal data protection and the way in which they must be complied with in the context of any business activities in which the processing of personal data takes place.

1.2. STRUCTURE AND CONTACTS

AGROVIA is represented by the board of directors whose registered office and main contact is:

Quinta da Lapa-Arrifana-Manique do Intendente

2065-360 Manique do Intendente

 

Email: geral@quintadalapa-wines.com

 

1.2.1. DATA PROTECTION OFFICER

Given that AGROVIA's main activities do not currently involve the regular and systematic control of data subjects on a large scale, nor the processing of special categories or data on a large scale, the requirement of mandatory designation of a data protection officer does not apply to it.

1.3. RESPONSIBILITY

AGROVIA is responsible for complying with all legal obligations regarding the processing of personal data in which it participates, to the extent that

participation (level of responsibility established individually for each processing of personal data).

AGROVIA is responsible for any violations of binding rules applicable to companies, committed by entities involved that are not established in the EU, except when the fact that caused the damage is not attributable to AGROVIA.

AGROVIA verifies, in relation to entities involved in the processing of personal data under its responsibility, the provision of sufficient guarantees for the implementation of technical and organizational measures appropriate to the risks of such processing.

1.4. DATA CHARACTERIZATION AND MAIN PROCESSING

1.4.1. DATA PROCESSING

AGROVIA maintains data on:

  • Clients: individuals who perform functions in client companies, with a direct relationship with AGROVIA;
  • Partners: individuals who perform functions in partner companies, with a direct relationship with AGROVIA;
  • Collaborators: individuals with a contract established directly with AGROVIA;
  • Contacts: individual people who, although not falling into the previous categories, may in the future fall into one of these categories (e.g. candidate, potential client).

The processing of personal data carried out in this perspective mainly results from:

  • Legal obligation: compliance with legal provisions with public bodies and services;
  • Contract execution: formation and execution of contracts with workers, subcontractors, partners and customers;
  • Legitimate interest: institutional communication,  commercialization of products and services.

There are also treatments based on vital interests and consent.

AGROVIA maintains and processes only adequate, relevant and limited personal data to what is necessary for its purposes.

AGROVIA does not process data from special categories or convictions/offences, except in the following cases:

  • Racial or ethnic origin, to the extent that this can be identifiable through the image (e.g. photograph) of the holder;
  • Biometric (identifying) data, used exclusively to control access to facilities and to control attendance (when applicable) by AGROVIA and/or its partners/clients;
  • Health data, when required by legal obligation, for the vital interests of the holder or third parties or processed under consent;
  • Convictions/offences, when required by legal obligation or treated under consent.

AGROVIA carries out activities outside the EU, respecting and ensuring compliance with the provisions applicable to each particular case.

1.4.2. TRANSFER AND PROVISION OF PERSONAL DATA

AGROVIA respects and enforces obligations to protect personal data when transferring data to third countries and international organizations, through:

  • Commission adequacy decision (rule of law, independent supervisory authorities, international commitments);
  • Adequate guarantees of enforceable rights and effective corrective legal measures (without authorization: legally binding instrument, binding rules, standard clauses, code of conduct, certification; with authorization: contractual clauses, provisions in administrative agreements).

1.4.3. RECORDS OF PERSONAL DATA PROCESSING ACTIVITIES

AGROVIA has records of the personal data processing activities in which it is involved, which contain the following elements:

  • Purpose of processing personal data (business process);
  • Conservation period, method of counting and final destination of the information;
  • Categories of holders, personal data and recipients;
  • Transfers of personal data and appropriate guarantees;
  • Prior risk assessment and reference for impact assessment and prior consultation with the control authority;
  • Technical and organizational measures appropriate to the risks.

1.5. DATA CONSERVATION AND COMPLEMENTARY TREATMENTS

The conservation of personal data and the additional treatments to which these data may be subject arise from specific aspects of the business context in which they were primarily processed. The protection of personal data in these phases requires a systematic approach, which can be applied consistently by all entities that participated in these main treatments or that had access to them as recipients.

1.5.1. APPLICATION OF MEASURES

In cases where there is a need to preserve personal data and if the holder expressly requests the exercise of the right to limit processing or erase personal data, the following measures may apply:

  • Limitation of treatment in conservation, aiming at the declaration, exercise or defense of rights in legal proceedings and/or archival purposes of public interest, scientific or historical research or statistics;
  • Pseudonymization: processing of personal data in such a way that it can no longer be attributed to a specific holder without the use of additional information, keeping such additional information separately and subject to appropriate technical and organizational measures.

In cases where there is no need to retain personal data, the following measures may apply:

  • Anonymization: processing of personal data in such a way that they can no longer be attributed to a specific holder;
  • Erasure: definitive deletion of personal data.

Given the need to maintain evidence about the execution of these operations, including for the declaration, exercise or defense of rights in administrative or judicial proceedings, anonymization and erasure may give rise to or require the maintenance of the holder's personal data.

 

In accordance with applicable legislation, all data subjects may exercise their rights, namely access to personal data concerning them, their rectification, elimination or limitation of their processing, the portability of their data, or to oppose the your treatment. To do so, you must request AGROVIA, using the contact details described above.

Any complaint related to the processing of data of the interested party may be presented to the National Data Protection Commission (CNPD).

 

Manique do Intendente, April 29, 2020.

 

The administration,

 

Note: You can consult AGROVIA's Personal Data Protection Policy at the following address: www.qintadalapa-wines.com

Please wait, we are validating your data.
Please do not close the window.