DONUM STORE LDA, hereinafter referred to as DONUM, owner of www.donum.pt and www.donum.store, fulfils with all applicable Community and national legal rules in the scope of data protection, privacy and information security.
Within the scope of the Personal Data Protection and Information Security System, DONUM seeks to ensure regulatory compliance and the demonstration or evidence of institutional responsibility in terms of data protection and information security, implementing all the technical and organizational measures necessary to compliance with the current Data Protection legal regime.
"Personal data" means information about an identified or identifiable natural person. Personal identification elements are considered, for example, a name, an identification number, location data, identifiers electronically or one or more specific elements of that person's physical, physiological, genetic, mental, economic, cultural or social identity singular.
«Processing of Personal Data»
'Processing' means an operation or a set of operations carried out on personal data or on personal data sets, by automated or non-automated means, such as the collection, registration, organization, structuring, conservation, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, diffusion or any other form of availability, comparison or interconnection, limitation, erasure or destruction.
«Cookies» are small text files with information considered to be relevant that the devices used for access (computers, mobile phones or portable mobile devices) load through the internet browser (browser), when an online site is visited by the Customer or User.
Entity Responsible for Treatment
DONUM, headquartered at AEA BUSINESS CENTER, R. da Indústria 415, ZI EN 1 Norte, 3750-792, Trofa - AGD, PORTUGAL,in the city of Águeda, registered at the Commercial Registry Office of Águeda, under the unique registration number and Collective Person 515653969, is the entity responsible for the online website www.donum.pt and for the computerized applications, hereinafter referred to as channels or applications, through which Users, Service Recipients or Customers have remote access to DONUM services and products that are presented, marketed or provided, at any time, through them.
Data Controller - Responsible Contacts
For the purposes of contacting DONUM Data Protection Officer, please send an email to firstname.lastname@example.org, describing the subject of the request and indicating an email address, a telephone contact address or a mailing address.
Collection and Processing of Personal Data
DONUM proceeds to personal data processing to the strictly necessary for the provision of information and the functioning of its channels, according to the uses made by Users, Service Recipients or Customers. For that purpose, DONUM collects personal data:
- Directly from Users or Recipients who provide them for the purposes of registering orders or obtaining information;
- Directly from Customers for the purpose of subscribing to those
channels or through the use of services provided by DONUM, such as access, consultations, instructions, transactions and other records related to their use.
In particular, the use or activation of certain functionalities of the channels may imply the treatment of several direct or indirect personal identifiers, such as name, home address, contacts, device addresses or geographic location, whenever there is to this end, the express consent of the User, Service Recipient or Customer.
The personal data collected by DONUM is processed automatically, in certain cases in an automated way, including the processing of files or the definition of profiles and within the scope of the management of the pre-contractual, contractual or post-contractual relation with the Users, Service Recipients or Clients, in accordance with the national and community rules in force.
Categories of treated Personal Data
The categories or type of personal data object of treatment can be (among others that might show as necessary and be legitimate collected), the follow: full name, vat number, civil identification number, marital status, gender, date of birth, place of birth, address, place, post code, country, country code, phone number, e-mail, company you work for, etc.
In all cases, the Users, Service Recipients or Costumers will always be informed of the need in collect such information to access the functionalities of the channels.
All the personal data treatment operations comply with all legal principles of Personal Data Protection according about their circulation, lawfulness, loyalty, lucidity, function, minimization, conservation, accuracy, integrity and confidentiality, being DONUM available to demonstrate/ prove their responsibility towards the owner of the data or any other third party with a legitimate interest on the subject.
Fundamentals of Legitimacy
All data processing operations carried out by DONUM are based on legitimacy, namely, the consent of the data subject, the need to execute a contract or pre-contractual steps with the data subject, as well as the need to comply with a legal obligation or legitimate interests pursued by CIN or third parties.
Purpose of Personal Data Treatment
All personal data processed within the scope of DONUM channels are intended exclusively for the provision of information to Users, the management of the personal information of the Service Recipients considered necessary for the purposes of managing the relationship or communication, as well as the provision of services contracted by the Customers and, in general, the management of the pre-contractual, contractual or post-contractual relationship with Users or Customers.
The personal data collected may, still and eventually, be processed for statistical purposes, for information dissemination or promotional actions and for commercial or marketing actions, namely to promote actions to disseminate new features or new products and services, through of direct communication, whether by correspondence, by email, messages, telephone calls or any other communications service.
With the prior information and collection of express authorization always guaranteed, the Users or Customers can, at any time, exercise their right to oppose/cancel the use of their personal data for other purposes that go beyond the management of the contractual relationship, namely for marketing purposes, to send informational communications or to be included in informational lists or services, and, for this purpose, you must send a written request addressed to the DONUM Data Protection Officer, according to the procedures indicated below.
Data Retention Deadlines
Personal data will only be kept for as long as necessary for the purposes for which it was collected or further processed, and compliance with all applicable legal rules regarding archiving is guaranteed.
Communication of Personal Data to Other Entities
The provision of information or the provision of services by DONUM to its Users, Service Recipients or Customers through the channels may eventually imply the use of services from third parties, including entities based outside the European Union, for the provision of certain services, which may imply access, by these entities, to personal data of Users, Recipients of the Service or Customers.
In these circunstances and whenever necessary, DONUM will only resort to subcontracted entities that present sufficient guarantees for the execution of appropriate technical and organizational measures so that the treatment meets the requirements of the applicable standards, such guarantees being formalized in a contract signed between DONUM and each of these third parties.
Except as part of the fulfilment of legal obligations, in no case there will be communication of personal data of Users, Service Recipients or Customers to third parties that are not subcontracted entities or legitimate recipients, and no other communication will be carried out for other purposes besides the mentioned above.
International Transfer of Personal Data
Any transfer of personal data to a third country or an international organization will only be carried out within the framework of compliance with legal and guaranteed obligations, according with the applicable Community and national legal rules in this matter.
Taking into account the most advanced techniques, application costs and the nature, scope, context and purposes of the treatment, as well as the risks, of probability and varying severity, for Users, Service Recipients or Clients, DONUM and all the subcontracted entities apply for the appropriate technical and organizational measures to ensure a level of safety appropriate to the risk.
For this purpose, several security measures are adopted in order to protect personal data against its dissemination, loss, misuse, alteration, treatment or unauthorized access, as well as against any other form of illegal treatment.
It is the exclusive responsibility of Users, Service Recipients or Customers to keep access codes secret, not sharing them with third parties, and, in the particular case of computer applications used to access channels, maintain and preserve access devices in security conditions and follow the security practices recommended by the manufacturers and / or operators, namely regarding the installation and updating of the necessary security applications, such as, among others, antivirus applications.
If there is a need to subcontract services to third parties that may have access to the personal data of Users, Service Recipients or Customers, DONUM subcontractors will be obliged to adopt the security measures and protocols at the organization level and the measures of a technical nature necessary to protect the confidentiality and security of personal data, as well as to prevent unauthorized access, loss or destruction of personal data.
Exercise of the Rights of Personal Data Holders
Users, Service Recipients and DONUM Customers can, as holders of personal data, at any time, exercise their data protection and privacy rights, namely the rights of access, rectification, deletion, portability, limitation or opposition to treatment, under the terms and with the limitations provided for in the applicable rules.
Any request to exercise data protection and privacy rights must be addressed, in writing, by the respective owner, to the Data Protection Officer, according to the procedure and contact described below.
Reclamations, Suggestions and Incidents Communication
Users, Service Recipients and DONUM Customers have the right to present a reclamation by the registration of it in the Complaint Book, or by the presentation of the reclamation to the regulator entities, as well as proceed to the realization of suggestions by e-mail sending them to the Data Protection Responsible.
Communication of Incidents
DONUM has a system of management of incidents according to the data protection, privacy and security of the information provided.
In a case that any User, Service Recipients and DONUM Costumers pretends to communicate the occur of any situation of personal data violation, that leads, in an accidental or illegal way, to the destruction, loss, change, disclosure or the non authorized access to personal data
transmitted, kept or subjected to any other type of treatment, you can contact the Data Protection Officer.
Modification of the Privacy Politic
Express Consent and Acceptance
Data Protection Officer
For the exercise of any type of data protection, privacy, information security rights or any matter relating to data protection, privacy and information security issues, Users, Service Recipients and DONUM Customers can contact the Data Protection Officer by emailing email@example.com, describing the subject of the request and indicating an email address, a telephone contact or a correspondence address for reply.