Casa Ermelinda Freitas- Vinhos, Lda, hereinafter referred to as CEF, is aware of the implications and of its responsibility to comply with the rules regarding the protection of personal data - General Data Protection Regulation, approved by Regulation (EU) 2016/679 of 26 April 2016 and Law 58/2019, of 8 August.
CEF therefore undertakes to guarantee the protection of all personal data made available to it, having adopted in this sense several security measures, of a technical and organisational nature, in order to protect such personal data against any form of illegal processing.
CEF is also committed to continuously improving the set of procedures and techniques implemented for the protection of personal data, also counting towards this purpose with all the suggestions that the users of this website send us.
These Privacy Terms and Conditions apply exclusively to the processing of personal data by CEF collected through its website or commercial and promotional actions.
Personal data is requested when the User requests a contact and/or sending of newsletters.
Personal data is collected exclusively for the following purposes:
Response to contact request;
Commercial management;
Improvement or customisation of our services;
Sending of newsletters and other promotional actions. Customers can cancel their subscription to the email newsletter service by clicking on the link in the newsletter we send by email.
Depending on how you contact us (online, and/or in person), we collect various types of information about you, as described below:
Personal contact information: this includes information that the Customer provides us and that allows us to contact them, such as their name, email address, telephone and mobile phone numbers.
Information regarding use of website/communications: when browsing and interacting with our website or newsletters, we use automatic data collection technologies in order to collect certain information about your activity. This includes information such as the links you click on, the pages or content you view and for how long, as well as other similar information and statistics about your interactions, such as content response times, download errors and duration of visits to certain pages. This information is gathered through automated technologies, such as cookies (browser cookies, flash cookies), and is also collected through third-party tracking services, which may oppose the use of such technologies.
Within the scope of the processing of User Data, CEF uses or may use third parties, subcontracted by itself, in order to, on behalf of CEF and in accordance with the instructions given by it, proceed with the processing of user data, in accordance with the law and the terms of this privacy policy.
These subcontracted entities will not be able to transmit user data to other entities without CEF having previously authorised it in writing, and they are also prevented from contracting other entities without prior authorisation from CEF.
CEF is committed to only subcontracting entities that offer maximum security in the execution of the appropriate technical and organisational measures, in order to guarantee the defence of the User's rights.
All subcontracted entities are bound by CEF's privacy policy through a written contract which regulates, namely, the object and duration of the processing, the nature and purpose of the processing, the type of personal data, the categories of data subjects and the rights and obligations of the parties.
Thus, any subcontracted entity will have the obligation of adopting the necessary technical and organisational measures in order to protect personal data against accidental or unlawful destruction, accidental loss, alteration, dissemination or unauthorised access and any other form of illicit processing.
After the collection of personal data, CEF provides the User with information about the categories of subcontracted entities that, in the specific case, can carry out data processing on its behalf.
In terms of general principles regarding the processing of personal data, CEF is committed to ensuring that the User Data processed by it is:
The object of processing according to the law, loyal and transparent in relation to the User;
Collected for specific, objective and legitimate purposes, not subsequently being treated in a manner contrary to those purposes;
Adequate, justified and limited to what is necessary in relation to the purposes for which they are processed;
Accurate and updated whenever necessary, with all necessary measures being taken so that the inaccurate data, taking into account the purposes for which they are processed, are erased or corrected without delay;
Kept in a way that allows the User to be identified only for the period necessary for the purposes for which the data is processed;
Processed in a way that guarantees its security, including protection against unauthorised or illegal processing of it and against loss, destruction or unforeseen damage of it, taking appropriate technical or organisational measures;
Data processing performed by CEF is permitted and legal when at least one of the following situations occurs:
The User has given their consent, without any doubt, to the processing of User Data for one or more specific purposes;
The processing is necessary for the execution of a contract in which the User is a party, or for pre-contractual procedures at the request of the User;
The processing is necessary to fulfil a legal obligation to which CEF is subject;
The processing is necessary to defend the fundamental interests of the User or another individual;
The processing is necessary for the purpose of the legal interests pursued by CEF or by third parties (except if the fundamental interests or rights and freedoms of the User that require the protection of personal data prevail).
CEF undertakes to ensure that the processing of User Data is only carried out under the conditions listed above and with respect for the principles mentioned above.
When the processing of user data is carried out by CEF based on the User's consent, the User has the right to withdraw their consent at any time. The withdrawal of consent, however, does not compromise the legality of the processing carried out by CEF based on the consent previously given by the user.
The period of time during which the data is stored and preserved varies according to the purpose for which the information is processed and according to the applicable legal rules.
Whenever there is no specific legal obligation, the data will be stored and preserved only for the minimum period necessary for the purposes that motivated its collection or its subsequent processing and at its end they will be eliminated, without prejudice to exercise, within the legal limits, the right to object, the right to erasure or withdrawal of consent.
7.1. Technical, organisational and security measures implemented
To ensure the security of User Data and maximum confidentiality, CEF processes the information you have provided to us in an absolutely confidential manner, in accordance with its internal security and confidentiality policies and procedures, which are periodically updated as necessary.
Depending on the nature, scope, context and purposes of processing the data, as well as the risks arising from the processing for the user's rights and freedoms, CEF is committed to applying, both when defining the means of processing as at the moment of the processing itself, the technical and organisational measures necessary and adequate to protect the user's data and to comply with legal requirements.
CEF also undertakes to ensure that, by default, only the data that is necessary for each specific purpose of the processing is processed and that this data is not made available without human intervention to an undetermined number of people.
8.1. Information provided to the user (when data is collected directly from the user):
CEF's identity and contacts, while responsible for the processing;
The purposes of the processing for which the personal data are intended, as well as, if applicable, the legal reasons for the processing;
If the processing of the data is based on CEF's legitimate interests;
If applicable, the recipients or categories of recipients of personal data;
The retention period of personal data;
The right to request permission from CEF for personal data, as well as its correction, deletion or restriction, the right to object to the processing and the right to access the data;
If the processing of data is based on the User's consent, the right to withdraw it at any time, without compromising the legality of the processing carried out based on the consent previously given;
The right to file a complaint with the CNPD or another supervisory authority;
The indication whether the communication of personal data constitutes a legal or contractual obligation, or a necessary requirement to conclude a contract, as well as whether the holder is obliged to provide personal data and the possible consequences of not providing such data;
If applicable, the existence of automatic decisions, including the definition of profiles, and information related to the basic concept, as well as the importance and expected consequences of such processing for the data subject.
If the User Data is not collected directly by CEF from the User, in addition to the information referred to above, the User is also informed about the categories of personal data being processed and, as well, about the origin of the data and, eventually, whether they are from publicly accessible sources.
8.2. Procedures and measures implemented to fulfil the right to information.
The information referred to in 8.1. it is provided in writing (including by electronic means) by CEF to the user prior to the processing of the personal data concerned. Under the terms of the law, CEF is under no obligation to provide the user with the information mentioned in 8.1 when and to the extent that the user is already aware of it.
Upon request, CEF will provide the User, free of charge, with a copy of the User Data that is being processed. The provision of other copies requested by the User may incur administrative costs.
8.3. Right of access to the personal data
CEF guarantees the means that allow the user to consult their personal data. The user has the right to obtain confirmation from CEF that the personal data concerning them is or is not subject to processing and, if applicable, the right to access their personal data and the following information:
The purposes for the data processing;
The personal data categories in question
The recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients established in third countries or belonging to international organisations;
The retention period of personal data;
Right to request CEF to correct, delete or restrict the processing of personal data, or the right to prevent such processing;
If the data has not been collected from the User, the information available on the source of such data;
Right to be informed about adequate guarantees associated with the transfer of data to third countries or international organisations.
8.4. Right to rectification of personal data
The user has the right to request, at any time, the rectification of their Personal Data and, as well, the right to have their incomplete personal data completed, including by means of an additional statement.
In case of rectification of the data, CEF communicates the respective rectification to each recipient to whom the data has been transmitted, unless such communication is considered impossible or implies a disproportionate effort for CEF.
8.5. Right to erasure of personal data (“right to be forgotten”)
The user has the right to obtain, via CEF, the deletion of his data when one of the following reasons applies:
User data is no longer necessary for the purpose that motivated its collection or processing;
The user withdraws the consent on which the data processing is based and there is no other legal basis for such processing;
The user opposes the treatment under the right of opposition and there are no prevailing legitimate interests that justify the processing;
In the event that user data is processed illegally or has to be deleted in order to comply with a legal obligation to which CEF is subject.
Under applicable legal terms, CEF is under no obligation to delete user data to the extent that processing proves necessary to fulfil a legal obligation to which CEF is subject or for the purpose of declaring, exercising or defending a right of CEF in a judicial process.
In case of data deletion, CEF communicates the respective deletion to each recipient/entity to whom the data has been transmitted, unless such communication proves impossible or involves a disproportionate effort for CEF.
When CEF has made user data public and is obliged to delete it under the right to deletion, CEF undertakes to ensure that measures are reasonable, including technical measures, taking into account available technology and data application costs, to inform those responsible for the effective treatment of personal data that the User has asked them to delete the links to such personal data, as well as copies or reproductions thereof.
8.6. Right to restrict the processing of personal data
The user has the right to obtain, via CEF, the restriction of their data when one of the following reasons applies:
If you challenge the accuracy of personal data, for a period that allows CEF to verify its accuracy;
If the processing is illegal and the user opposes the deletion of the data, requesting, in return, the restriction of its use;
If CEF no longer needs the user's data for processing purposes, but that data is required by the user for the purpose of declaring, exercising or defending a right in a judicial proceeding.
If the user has opposed the processing, until it is verified that the legitimate reasons of CEF prevail over those of the user.
When the user's data is subject to restriction, they may, with the exception of retention, only be processed with the user's consent or for the purpose of declaring, exercising or defending a right in a judicial proceeding, defending the rights of another natural person or collective action, or for reasons of public interest provided for by law.
The user who has obtained the restriction of the processing of their data in the cases referred to above will be informed by CEF before the restriction to processing is lifted.
In the event of a restriction of the processing of data, CEF will communicate the respective restriction to each recipient to whom the data has been transmitted, unless this communication proves impossible or implies a disproportionate effort for CEF.
8.7. Right to portability of personal data
The User has the right to receive the personal data that concerns them and that they have provided to CEF, in a structured, automatic reading format in common use, and the right to transmit that data to another controller, if the processing is carried out based on the consent or on a contract in which the User is a party or the processing is carried out by automated means.
The right to portability does not include inferred data or derived data, i.e., personal data that is generated by CEF as a consequence or result of the analysis of the data being processed.
The user has the right to have their personal data transmitted directly between the controllers, whenever this is technically possible.
8.8. Right to object to the processing
The user has the right to object at any time, for reasons related to their particular situation, to the processing of personal data concerning them based on the exercise of legitimate interests pursued by CEF or when the processing is carried out for purposes other than those for which the personal data was collected, including the definition of profiles, or when personal data are processed for statistical purposes.
CEF will finalise the processing of user data, unless it presents urgent and legitimate reasons for such treatment that prevail over the interests, rights and freedoms of the user, or for the purposes of declaring, exercising or defending a right of CEF in a judicial proceeding.
When user data are processed for the purpose of direct marketing, the user has the right to object at any time to the processing of data concerning them for the purposes of said marketing, which includes the definition of profiles insofar as it relates to direct marketing. If the User opposes the processing of their data for the purpose of direct marketing, CEF stops processing the data for that purpose.
The user also has the right not to be subject to any decision taken exclusively on the basis of automated processing, including the definition of profiles, which has an effect on its legal sphere or which significantly affects it in a similar way, unless the decision:
Is necessary for the conclusion or execution of a contract between the User and CEF, it is authorised by legislation to which CEF is subject or is based on the User's explicit consent.
The CEF site may contain links to third party/partner sites. The said sites are not under the control of CEF, and are therefore not responsible for the content of any of these sites.
When you visit our website, a small text file (Cookie) is created and saved on your computer's disk, therefore, when browsing the Site you are agreeing to the installation of this text file on your device. This file will allow you to access the Site more easily and quickly, as well as allow you to personalise it according to your preferences.
If you want to delete them or automatically block them, in the "Help" menu of your browser you will find how to adjust these settings. However, if you do not allow the use of cookies, there may be some features of the Site that you will not be able to use.
In the event of a data breach and insofar as such breach is likely to imply a high risk to the user's rights and freedoms, CEF undertakes to report the breach of personal data to the user concerned within 72 hours counting from the knowledge of the incident.
Under legal terms, communication to the user is not required in the following cases:
If CEF has applied appropriate protection measures, both technical and organisational, and these measures have been applied to the personal data affected by the personal data breach, especially measures that make the personal data unintelligible to any unauthorised person accessing that data, such as encryption;
If CEF has taken subsequent measures to ensure that the high risk to the user's rights and freedoms is no longer likely to materialise; or if the communication to the user implies a disproportionate effort for CEF, in which case a public communication will be made or a similar measure will be taken through which the user will be informed.
12.1. Changes to the privacy policy
CEF reserves the right to change this Privacy Policy at any time. In case of modification of the Privacy Policy, the date of the last change, available at the top of this page, is also updated. If the change is substantial, a notice will be posted on the Site.
12.2. Applicable law and jurisdiction
The Privacy Policy, as well as the collection, processing or transmission of user data, are governed by the provisions of Regulation (EU) 2016/679, of the European Parliament and of the Council, of 27 April 2016 and by Law 58/2019, of 8 August, as well as the other laws and regulations applicable in Portugal.
Any disputes arising from the validity, interpretation or enforcement of the Privacy Policy, or which are related to the collection, processing or transmission of user data, must be submitted exclusively to the jurisdiction of the judicial courts of the Setúbal district.
Updated on 15 May 2020
