I. PERSONAL DATA
The Madame Petisca, collective name Basilico Atividades Hoteleiras, Restauração e Catering Lda, with headquarters in Travessa das Pedras Negras nº 1, R/C 1100-404 LISBOA – Portugal, VAT 507 470 770, within the framework of its activities collects and treats personal data, such as:
• Email address
• Phone number
• Citizen ID / Passport
• VAT Number
• Photography and Image
• Questionnaires and inquiries
II. PERSONAL DATA PROCESSING
Personal data processing is performed by Madame Petisca through automated and/or analogical means (without prejudice of the provisions of chapter VIII), such as:
• Register and storage
• Search and use
• Dissemination, regardless of the disclosure means
• Comparison or interconnection
• Limitation, deletion or destruction
III. DATA SUBJECT CONSENT
Madame Petisca requires to the data subject, in all cases, the freely given, specific, informed and unambiguous consent for the processing of his/her personal data, using formal templates designed case by case, considering the type, scope and extension of said personal data processing.
Conditions applicable to child’s consent
According to Article 8 of the GDPR, all personal data belonging to children can only be processed under an express consent observing the rules of Article 6, number 1, point a) of the GDPR related to information society services when said children complete 13 years old.
For children with less than 13 years old, such processing shall be lawful only if and to the extent that consent is given or authorized by the holder of parental responsibility for the child, preferably through the use of electronic certification means, such as Citizen Card or Digital Authentication Key.
IV. GDPR COMPLIANCE
Madame Petisca is fully compliant with EU rules concerning personal data protection, approved by the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter GDPR), as well as with the full body of internal legislation if force.
Madame Petisca is responsible for the personal data processing, under automated and analogical means, since its collection, through its organization and storage, up to its deletion.
Madame Petisca keeps a continuous and thorough registry of all its personal data processing activities.
V. LAWFULNESS OF PROCESSING
Personal data shall be processed only according to a bundle of lawful purposes, which include:
• Performance of Madame Petisca’s statutory goals and activities
• Compliance with legislation in force and generic legal rules and obligations
• Book-keeping and document integrity legal rules
• Performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract
• Project auditing activities, especially those object of public funding
• Quality certification procedures
• Control and users registry of premises and equipment
• Security and integrity of premises and equipment
• Madame Petisca’s role as a subcontractor, as defined in number 8, Article 4 of the GDPR
VI. DATA STORAGE PERIOD
Personal data will be stored for the period defined by legal rules or, in their absence, for the strict time needed for the fulfillment of the processing purpose, taking in consideration the legal basis for said processing, as well as all the remaining requisites and time periods determined by law, namely the lapse terms for legal actions based on the correlated rights.
Accordingly, in all cases where a mandatory storage period is determined by law, the right to erasure of personal data as stated in Article 17 of the GDPR can only be exercised by the data subject after the said period lapses.
Madame Petisca shall store the personal data for the strict period of time needed for the fulfilment of the data processing purpose, as well as its erasure (or anonymization, if and when applicable/needed) immediately after said period and/or upon the data subject’s request, always considering the above-cited exceptions and all legally defined terms.
VII. DATA SUBJECT RIGHTS
The data subject has the right, at all time, to require Madame Petisca, free of charge:
• The access to his/her personal data
• The rectification and correction of his/her personal data
• The erasure of his/her personal data (the “right to be forgotten”) (the conditions defined above in VI. on personal data storage may apply
• The limitation of his/her data processing (idem)
• The opposition of his/her data processing
• The portability of his/her personal data to an appointed third entity provided that said data are stored exclusively in electronic form
In every case, if a legal rule or legal obligation is in force which supersedes these data subject rights, Madame Petisca reserves the right of denial of the data subject request (and/or to determine restrictions to said request, if and when applicable), duly communicating to the data subject the respective grounds of said decision.
The data subject is entitled to file complaints to Comissão Nacional de Proteção de Dados (hereinafter, CNPD), the Portuguese Controller Authority, according to the definitions duly stated in numbers 21 and 22 of article 4 and article 51 of the GDPR.
VIII. PROCESSOR AND THIRD PARTY INTERVENTION
Madame Petisca, while conducting its undertakings, may authorize third parties (as defined in number 10 of article 4 of the GDPR) to process personal data which are under Madame Petisca’s domain, in order to comply with legal duties, pre-contractual or contractual obligations and/or as indispensable means of performance of Madame Petisca’s statutory goals. Said third parties can be public authorities, namely in charge of auditing tasks, project, activity or service partners.
In order to comply with the GDPR requisites, Madame Petisca shall require the previous and mandatory consent to the data subject for this specific processing.
Madame Petisca, while conducting its undertakings, may subcontract third entities (as defined in number 8 of article 4 of the GDPR) to process personal data on Madame Petisca’s behalf. In order to comply with the GDPR requisites, Madame Petisca shall require the previous and mandatory consent to the data subject for this specific processing.
X. Madame Petisca’S DUTY OF PROTECTION
Madame Petisca complies with the drafting, approval and implementation of all formal and technical proceedings needed for the security of data processing, as well as to assure the accurate and timely record of all processing activities. In addition, a prior assessment will be made with regard to all future data processing activities to be launched by Madame Petisca in the future, assuring that they will be fully RGPD compliant.
Madame Petisca will perform its best efforts to assure the proper operation of all available technical means to avoid the loss, improper use, unauthorized access and unlawful appropriation of personal data, regardless of the likelihood of failure of part of the Internet security measures in force.
Madame Petisca assumes no liability for any damages and losses suffered by any individuals due to illegitimate access to personal data transmitted by any data subject through Madame Petisca’s Internet portal and/or through Madame Petisca’s remaining informatics infrastructure.
Nevertheless, Madame Petisca shall notify CNPD according to the rules defined in article 33º of the GDPR, if and when acknowledges any event which constitutes a violation of personal data, as defined in number 12 of article 4 of the GDPR.
The data subject can exercise his/her rights of rectification, modification or canceling of his/her personal data or request any information related with said data underwritten form, directed to Madame Petisca to the address indicated above in I. or through the following specific email address: firstname.lastname@example.org.
XII. FINAL DISPOSITIONS
Madame Petisca is entitled to change this Policy without any prior notice, namely due to the need of its compliance with new legislation or CNPD recommendations. In the event of any change to this Policy, Madame Petisca will immediately publicize said changes through its public Internet portal.