2. WHICH IS THE PERSONAL INFORMATION COLLECTED AND PROCESSED BY EDITORIAL BLAU?
In the context of its commercial activity and in particular the provision of the website hosted in www.blaubookshop.com and the services and communications available there, Editorial Blau collects and processes information provided by the User that allows Editorial Blau to identify and/or contact the User ("Personal Data"). The Personal Data collected and processed consist of information relating to name, gender, date of birth, telephone, mobile phone, e-mail, address, tax identification number, although other personal data that may be necessary or convenient in the commercial activity of Editorial Blau may be collected, namely information relating to payments, purchase history, details of the recipient of the purchases, delivery addresses. Editorial Blau also collects and processes information about its hardware and software, as well as information about the pages visited by the User within the Web site. We use this information only to improve the quality of your visit to our Web site.
3. WHERE DO YOUR PERSONAL DATA COME FROM?
As a rule, the Personal Data are requested by Editorial Blau when the User registers in the Web site, requests a contact and/or the sending of newsletters, subscribes to a service, acquires a product or establishes a contractual relationship with Editorial Blau. The Personal Data can also be requested in the context of initiatives to promote books and reading (namely book fairs or others).
4. WHO IS ENTITLED TO COLLECT AND PROCESS YOUR DATA?
In accordance with EU Regulation 2016/679 on Personal Data Protection and other applicable legislation on the subject, Editorial Blau collects and processes Personal Data in the following main situations:
4.1. For the performance of a contract to which the Data Subject is a party, or for pre-contractual steps at the request of the Data Subject;
4.2. For the purposes of the legitimate interests pursued by Editorial Blau or by third parties in the context of the relevant relationship established with the Client, without prejudice to the fundamental rights and freedoms of the Holder and the right of opposition of the Holder of the Personal Data.
4.3. In accordance with EU Regulation 2016/679 on Personal Data Protection and other applicable legislation on the subject, the Data Holder's Data may also be collected and processed by Editorial Blau in the following situations:
(a) The processing is necessary for compliance with a legal obligation to which Editorial Blau is subject;
b) The processing is necessary for the defence of the vital interests of the Holder or of another natural person.
If none of the above situations apply, the Data of the Data Subject may only be collected and processed if the Data Subject has given his or her explicit consent to the processing of the Data of the Data Subject for one or more specific purposes. When the treatment of the Holder's details is carried out by Editorial Blau based on the Holder's consent, the Holder has the right to withdraw his/her consent at any time. The withdrawal of consent, however, does not compromise the lawfulness of the treatment performed by Editorial Blau based on the consent previously given by the Subject.
5. HOW DO WE PROTECT YOUR PERSONAL DATA?
To guarantee the security of our users' data and the maximum confidentiality, Editorial Blau undertakes to apply the technical and organisational measures necessary and appropriate to protect the user's data and to comply with the legal requirements according to the nature, scope, context and purposes of the data processing, as well as the risks arising from the processing for the rights and freedoms of the user. Editorial Blau is also committed to ensuring that, by default, only the data that is necessary for each specific purpose of the treatment is processed, and that this data is not made available without human intervention to an indeterminate number of people.
5.1. As seguintes medidas são adotadas em concreto pela Editorial Blau para garantir a segurança dos Dados dos nossos Utilizadores:
a) Awareness and training of the personnel involved in data processing operations;
b) Regular audits to evaluate the effectiveness of the technical and organisational measures implemented;
c) Personal data pseudonymisation and encryption;
d) Mechanisms to ensure the permanent confidentiality, availability and resilience of the information systems;
e) Mechanisms to ensure the timely restoration of information systems and access to personal data in the event of a physical or technical incident.
5.2. In terms of general principles regarding the processing of personal data, and in accordance with the EU Regulation 2016/679 on Personal Data Protection and other applicable legislation on the subject, Editorial Blau undertakes to ensure that the User Data it processes are:
a) Processed lawfully, fairly and transparently in relation to the User;
b) Collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with these purposes;
c) Adequate, pertinent and limited to what is necessary in relation to the purposes for which they are processed;
(d) accurate and updated when necessary, with every reasonable step being taken to ensure that inaccurate data, having regard to the purposes for which they are processed, are erased or rectified without delay;
e) Kept in a form which permits identification of the User only for as long as is necessary for the purposes for which the data is processed.
6. WHAT HAPPENS IN THE EVENT OF A DATA BREACH?
Under the terms of Regulation EU 2016/679 on Personal Data Protection and other applicable legislation on the subject, in the event of a data breach and insofar as such breach is likely to involve a high risk to the rights and freedoms of the User, EDITORIAL BLAU undertakes to communicate the personal data breach to the User concerned within 72 hours of becoming aware of the incident.
7. HOW LONG DO WE KEEP YOUR DATA?
The personal data will be kept for the time strictly necessary and appropriate for the pursuit of the purposes of the treatment. When the owners of data are registered in the digital platforms of Editorial Blau, the purposes of the treatment shall be considered to be exhausted 5 years after the last login, when Editorial Blau will refrain from continuing the treatment of personal data. Some personal details of the Clients or Users may be kept longer if they are necessary for the fulfilment of obligations arising from a contract between the Client or User and Editorial Blau. Likewise, Blau Publisher may keep such data if it is required by law, judicial decision or decision of a Control Authority.
8. ARE MY DETAILS SHARED WITH THIRD PARTIES?
9. WHAT RIGHTS DO DATA SUBJECTS HAVE?
9.1. Under the European Commission's General Data Protection Regulation, and other applicable legislation, data subjects have the following rights:
(a) the right to access their data and to ensure that their personal information is accurate;
b) Right to revoke at any time consent previously given for the processing of their personal information (revocation does not affect the legality of processing based on consent prior to its revocation)
c) Right to object to the processing of your personal information for any action or purpose, including for direct marketing purposes;
d) Right to request any correction of your personal data or the erasure of your personal information;
e) Right to request that the processing of your personal information be restricted (exercise of this right may impair or make it impossible for us to provide you with our goods and/or services, or information about them);
f) the right to transfer your personal information to another service provider by whom it will be processed on the basis of the data subject's consent; and subsequently, at your written request, to be provided with your relevant personal information in an appropriate format for the purposes of transferring it to another supplier of goods or service provider.
9.2. If you wish to exercise these rights or make a complaint about the way we manage your personal information, you may contact our Data Protection Officer at email@example.com who will investigate the matter and respond to you in a timely manner.
9.3. The owners of personal data shall, at all times, be entitled to lodge complaints with the National Data Protection Commission (https://www.cnpd.pt) regarding the processing of data carried out by EDITORIAL BLAU, by any of the means permitted by the aforementioned Control Authority.
10. WHAT IS THE APPLICABLE LAW?