INTRODUCTION
The privacy policy described below offers you a general overview of how Monte Flora Farmhouse Inn Lda. processes your personal data and your rights in this matter, in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and the Council – General Data Protection Regulation (“GDPR”) and other applicable legislation on privacy and data protection as the managing entity of Monte Flora Farmhouse Inn. The specific personal data that will be processed and the way in which they will be used depend to a large extent on the services requested by you and agreed with you.
This privacy policy applies to the personal data of our Website Users, Customers, Suppliers and Candidates, whenever they are natural persons.
Each time you use the Site you are subject to the application of the Privacy and Cookies Policy in force at each time, so we suggest that you read these Policies carefully to check whether you agree with the respective terms.
From time to time, we may change this Privacy Policy. If you want to stay up to date, please visit this page, as all changes will be published here.
For the purposes of applicable data protection legislation, the company responsible for processing your personal data is Monte Flora Farmhouse Inn Lda., hereinafter referred to as “MFI”.
MFI websites may occasionally contain links, banners or other hypertext links to websites and services of other companies, which have their own privacy policies, and/or services provided by third parties installed on your device may allow access to information contained therein. We recommend that our Site Users carefully read the privacy policies of such third parties before submitting any personal data to these websites. MFI has no control over the content of these websites, and is therefore not responsible for the content of the privacy policies of these third parties nor for the processing of your personal data carried out by them.
CUSTOMER DATA – We only collect the data necessary for the preparation, fulfillment and execution of any contract concluded between the Customer and MFI, as well as to respond to any subsequent complaints regarding the same. Normally, we only need to have your contact details (such as name, telephone number, email address, address and postcode) to enable us to ensure that our relationship runs smoothly. We also have information related to your online engagement, which we use to ensure that the marketing communications we send you are relevant and timely, in accordance with your consent. If, for any reason, we require any additional personal data, you will be informed.
SUPPLIER DATA – We only collect the data necessary for the preparation, fulfillment and execution of any contract concluded between the Supplier and MFI, as well as to respond and manage any complaints related to them. We will collect data from contact people, including those from your company, such as names, telephone numbers and email addresses. We will also collect bank details so that we can pay you.
SITE USERS – We only collect the data necessary to guarantee a good experience when using the Site and to allow you to take advantage of all the potential and capabilities provided by it, as well as to help us manage the services we provide. This includes information such as how you use our website, how often you access it, your browser type, your IP address, the location from which you visit our website, the language you choose to use. view and the times when our website is most popular, as well as other information better described in our cookie policy below. If you contact us through the website, or subscribe to our newsletter, we will collect any information you provide, such as your name and contact details.
In addition to the aforementioned, registration via social media (implies the use of your social media credentials such as your login information as a Facebook, Instagram and Google + user to create your MFI account and log in with it) also allows us to collect personal data: when you use the social media login option, MFI will limit itself to using public profile information that is necessary to create your MFI account.
MFI will not process any information that is irrelevant to this purpose that it receives from social networks. Once the account is created, the user will have the opportunity to complete it with any information that they wish to share with us and that will improve the experience when interacting with us. Any additional information you provide to us will only be used for the purposes set out in this privacy policy.
As part of our commercial or employment relationship, you will have to provide the personal data necessary to establish and create that relationship and to comply with the pre-contractual and contractual obligations and procedures derived from it, as well as those that we are legally obliged to collect. Without this data, we will, as a general rule, have to refuse to conclude or execute the contract or we will not be able to maintain the contract and will have to terminate it.
If you do not provide us with the necessary information and documentation, we will not be able to establish or continue the commercial or employment relationship you intend, or comply with the requests you make to us.
HOW WE MAY COLLECT TOUR PERSONAL DATA?
We may collect your personal data from the information received directly from you, if you proactively contact us by phone, email or through our “Contact Us” form. There are several ways to share your information with us. These may include:
– Entering your details on the MFI Website using the form as part of the registration process;
– Sending your CV by email or leave a copy of your CV on paper;
– Participating in a competition through a social network channel, such as Facebook or Twitter, Instagram, Pinterest or another; or
– Registering for our newsletter or one of our events.
We may also receive personal data from other sources, typically through commercial due diligence or other market information, including lists of participants in relevant events.
As you access our Site or read or click on an email from us, where appropriate and in accordance with local laws and requirements, we may also collect your data from you or automatically. When you visit our Site there is certain information that we may collect automatically, whether or not you decide to use our services. This includes your IP address, the date, time and frequency with which you access our website and the way you browse its content, all as set out in the cookie policy below. We will also collect data from you when you contact us through the Site.
We collect your data automatically through cookies, in accordance with your browser’s cookie settings. If you are also an MFI Client, we may use data from your use of our Sites to improve other aspects of our communications with you or the services we provide to you.
WHY DO WE PROCESS YOUR DATA (PURPOSE OF PROCESSING) AND ON WHAT LEGAL BASIS?
Supply of products and services:
MFI may use your personal data when necessary to execute the contract signed between you and MFI or the brands marketed and managed by it, as well as to identify you. We may also use your Personal Data to prevent and investigate possible incorrect use of it.
Marketing Activities
We may periodically send you information that we believe may be of interest to you, in particular, for the purposes listed below:
– Develop commercial or marketing actions, namely to promote actions to publicize new features or new products and services;
– Send you data on reports, promotions, offers, events and contact establishment;
– Provide you with information about certain discounts and offers to which you are entitled due to your relationship with MFI;
– Send newsletters, which may contain information regarding promotional campaigns, events, discounts, promotions and offers, invitations, reminders regarding your reservations, new products or services;
– Provide you with information about personalized and exclusive offers of products and services identified based on your personal preferences and behaviors, as well as from the use of products, services and navigation on our website.
When you have provided us with your electronic contact details in the context of the sale of a product or service, we may use them for marketing purposes of our own products and services or similar products and services. If you do not agree with our marketing approach, you may adhere from sending these communications.
Regarding the sending of any other type of electronic communication, we will first request your prior and express consent as might be required for some activities that are not covered by our legitimate interests (in particular, collecting data through cookies and providing direct marketing to you through digital channels). If you do not agree with our marketing approach, you have the right to withdraw your consent at any time.
While all of our marketing is based on what we think will best serve our Clients and Candidates, we are aware that we won’t always get it right. We may use your data to show you MFI advertisements and other content on other sites, such as Facebook. If you do not wish us to use your data in this way, you may disable the “Advertising Cookies” option (see our Cookies Policy).
Other purposes
– To store (and update when necessary) your information in our database, so that we can contact you in relation to the contracts you intend to enter into/have entered into with us;
– To offer you services or to obtain support and services from you;
– To comply with certain legal obligations;
– To help us appropriately target our marketing campaigns;
– To help us declare, exercise or defend a right (we may use your personal data if we consider it necessary to do so to defend our legitimate interests); and
– To defend the vital interests of the data subject.
MFI may use your personal data to develop its products and services. For this purpose, we will predominantly use and keep record of aggregated data and statistical information related to website visits, such as the pages that our customers visit, the computer or device (including mobile devices) used to access it, namely your IP address, the website through which you accessed our website, the type and language of your browser, operating system, cookies, the country from which you are accessing, referring and exit pages, URL, type of platform, the number of clicks made, domain names, landing pages, pages visited and the order in which you visited them, the time spent on a particular page, the date and time you accessed our website, access errors and other similar information that your browser sends us.
Communication
MFI may use your personal data to communicate with you, in particular, to send you news related to our products or services, or to provide you with assistance in aspects related to customer support, in particular to respond to and process user requests through the customer service channels, as well as monitoring the quality of our service. In this case, your full name, email address and telephone number are collected.
Subscribing to the MFI Newsletter may involve the use of personal data in order to carry out personalized advertising of our products and services available to the user via email, push notifications, or through any other electronic or third-party channel.
You can unsubscribe from the Newsletter at any time by following the information we provide in each communication.
MFI may use data that has been identified based on your personal and behavioral preferences, which we collect from your interactions with us, whether through the Website, helpline, as well as from the use of products, to send you personalized offers.
The processing of data for the purpose of preparing profiles and market studies is also based on the legitimate interest of MFI. To this end, MFI considers the interests and rights of interested parties, and the measures adopted by the person responsible to comply with its general obligations in terms of proportionality and transparency, having concluded that:
a) The impact on people’s fundamental rights, freedoms and guarantees is reduced;
b) The said processing can be reasonably foreseen by the interested party;
c) The processing of data for the above purposes does not give rise to exclusion, discrimination, defamation or situations that put the holder’s reputation and/or negotiating power at risk.
If you consider that the aforementioned treatment may generate some type of emotional repercussion, you may exercise your right of access, opposition and/or voluntarily exclude yourself without the need for justification. We inform you that you can limit this purpose by exercising your right to object by writing an email to [email protected] or by filling and submitting our “Contact Us” form.
WHO DO WE SHARE YOUR PERSONAL DATA WITH?
Where appropriate and in accordance with local laws and requirements, we may share your personal data in various ways and for various reasons with the following categories of parties:
– In the course of an investigation, complaint or procedure, to the tax and audit authorities, the Administration, Public Bodies, the Court, Foreigners and Borders Services (“SEF”) and the Security Forces, who are responsible for the matter and , internally, to the areas or departments of the MFI that collaborate in collecting information and communicating facts to the competent authority;
– Third-party service providers who perform functions on our behalf (including external consultants, business partners and professional advisors such as lawyers, auditors and accountants, recruitment companies,
technical support and IT consultants who carry out testing and development work on our company’s technology systems);
– Third party providers of outsourced IT and document storage services, in cases where we have an appropriate processing contract (or similar protections);
– Marketing technology platforms and providers;
– In the event of the acquisition or disposal of businesses or assets, we may share your personal data with the potential acquirers of those businesses or assets
– In the case of payments, credit entities and other payment service providers, as well as technological service providers related to payment services to whom the data is transmitted to carry out the transaction, and who may be obliged by State legislation where they operate, or through agreements concluded by them, to provide information on transactions to the authorities or official bodies of other countries, located both inside and outside the European Union, within the scope of the fight against the financing of terrorism, serious forms of organized crime and prevention of money laundering.
Our website and application provide you, in certain circumstances, with social plugins from different social networks. If you decide to interact with a social network such as Facebook, Instagram, Twitter, Google + (for example, by registering account), your activity on our website or in our app will also be available to the respective social network. If you are connected to one of these social networks during your visit to our website or application or if you are interacting
Through one of the aforementioned social plugins, the social network may include this information in your profile on said social network, in accordance with your privacy settings. If you wish to prevent this type of data transfer, log out of your social network account before accessing our website or application or change your privacy settings whenever possible. We advise you to read the privacy policies of the social networks you use to obtain detailed information about the collection and transfer of personal information, learn about your rights and which privacy settings should be selected for your profile.
HOW DO WE SAFEGUARD YOUR PERSONAL DATA?
We are committed to taking all reasonable and appropriate measures to protect the personal information we hold from misuse, accidental or unlawful alteration, loss and unauthorized disclosure or access. For this purpose, MFI uses security systems, rules and other procedures, in order to guarantee the protection of your personal data, as well as to prevent unauthorized access to data, improper use, disclosure, loss or destruction.
If you suspect misuse, loss or unauthorized access to your personal information, please inform us immediately.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We only keep your personal data for as long as necessary to achieve the purpose for which we collected it, to respond to your needs, the requests you make to us, or to comply with our contractual and legal obligations.
To determine the period for which we keep your data, we use the criteria mentioned below. If several criteria apply simultaneously, we will retain your personal data in accordance with the criteria that implies the retention of your personal data for the longest period.
a) When purchasing products and services, we will retain your personal data for the duration of our commercial relationship, including any complaints that may arise, as well as for a period of ten 10 years after the termination of such relationship, without prejudice to the fulfillment of obligations legal requirements of the person responsible for the treatment;
b) When you contact us to ask questions, request information and clarifications, we will keep your personal data for the period necessary to resolve your question/provide you with the requested information and/or clarifications;
c) When you create a customer account, that is, when you register on our website, we will keep your data until you ask us to delete it or after a period of inactivity of two years;
d) When you have consented to the sending of direct marketing, we will keep your personal data as long as the determining purpose of collection remains or until you unsubscribe or ask us to delete it;
e) Regarding data collected in the recruitment process, for a maximum period of five [5] years after the end of the recruitment process;
f) Regarding the use of cookies, we keep them as long as necessary to achieve their inherent purposes, as detailed in the Cookies Policy;
g) The period provided for in applicable legislation; or
h) Until the specific purpose applicable to certain data ceases to exist.
We may also retain some of your personal data to the extent necessary to comply with our legal obligations, as well as to administer or enforce our rights, namely through judicial or administrative proceedings.
In any of the aforementioned situations, if there is a pending judicial or administrative proceeding, the data will be kept for the duration of the proceeding and up to six months after the final decision has been rendered.
After the aforementioned retention periods have expired, personal data will be deleted and/or erased in an absolutely secure manner.
HOW CAN YOU ACCESS, ALTER OR REMOVE THE PERSONAL DATA YOU HAVE PROVIDED TO US?
One of the main objectives of the GDPR is to protect and clarify the rights of EU citizens and people in the EU when it comes to data privacy. This means that you have several rights in relation to your data, even when we have been provided by you. They are described in more detail below.
We will aim to deal with your request without undue delay and, in any event, within one month (subject to any extensions permitted by law). Please note that we may keep a record of your communications to help us resolve any issues you may raise.
Right to object: this right allows you to object to our processing of your personal data, for reasons related to your particular situation when your personal data is processed for one of the following reasons: (i) our legitimate interests; (ii) to enable us to perform a task in the public interest or exercise official authority; (iii) to send you direct marketing materials, including profiling; and (iv) scientific, historical, research or statistical purposes.
If you exercise your right to object, we will terminate the processing of the data to which you objected, unless:
– We can demonstrate that we have compelling legitimate reasons for the processing that override your interests; or
– We are processing your data for the declaration, exercise or defense of a right.
Right to withdraw consent: If we have obtained your consent to process your personal data for certain activities (for example, for marketing purposes), you can withdraw this consent at any time and we will no longer carry out the specific activity to which you previously consented, unless we consider that there is an alternative reason to justify our continued processing of your data for this purpose, in which case we will inform you of this condition.
Data Subject Access Requests: You can ask us, at any time, to confirm the information we have about you, as well as request additional information about the purposes of the processing, the period for which we retain your data, the existence of automated decisions, the recipients to whom the data is disclosed, among other information provided for in article 15 of the GDPR. We may ask you to verify your identity and further information about your request. If we grant you access to the information we hold about you, we will not charge for that access unless your request is “manifestly unfounded or excessive”. If you ask us to provide additional copies of this information, we may charge you a reasonable administrative fee where legally permitted. Where we are legally permitted to do so, we may refuse your request. If we refuse your request, you will always be informed of the reasons for doing so.
Right to be forgotten/erased: In certain circumstances, you have the right to request that we erase your personal data. Normally, the exercise of this right must comply with one of the following criteria:
– The data is no longer necessary for the purpose for which we originally collected and/or processed it;
– When you have withdrawn your consent for us to process your data and there is no other valid reason for us to continue processing it;
– If you oppose the processing and there are no prevailing legitimate interests that justify it;
– The data was processed unlawfully (i.e. in a way that does not comply with the GDPR); or
– It is necessary for the data to be deleted in order to comply with our legal obligations as data controller.
This right, however, does not apply, and, therefore, MFI may continue to process your data legitimately, when necessary:
– To exercise the right to freedom of expression and information;
– To comply with legal obligations or to perform a task of public interest or the exercise of official authority;
– For public health reasons in the interest of the public;
– For archival, research or statistical purposes; or
– For the exercise or defense of a right.
When complying with a valid data erasure request, we will take all reasonable practical steps to erase the data.
Right to restrict processing: In certain circumstances, you have the right to restrict our processing of your personal data. This means that we can only continue to store your data and cannot carry out further processing activities with it until: (i) one of the circumstances listed below is resolved; (ii) we have obtained your consent; or (iii) additional processing is necessary for the assertion, exercise or defense of a right, the protection of the rights of another person or grounds of important public interest of the EU or a Member State.
The circumstances in which you have the right to request restriction of the processing of your personal data are:
– If you dispute the accuracy of the personal data we process about you. In this case, our processing of your personal data will be restricted for the period during which the accuracy of the data is verified;
– If you object to the processing of your personal data for our legitimate interests. In this situation, you can ask for the data to be restricted while we verify our grounds for processing your personal data;
– If our processing of your data is unlawful, but you prefer to restrict our processing of your data instead of deleting it; It is
– If we no longer need to process your personal data, but we need the data to declare, exercise or defend a right.
If we have shared your personal data with third parties, they will be notified of the restricted processing, unless this is impossible or involves a disproportionate effort. We will, of course, notify you before lifting any restrictions on the processing of your personal data.
Right to rectification: You have the right to request that we rectify any inaccurate or incomplete personal data we hold about you. If we have shared this personal data with third parties, they will be notified of the rectification, unless this is impossible or involves a disproportionate effort. Where appropriate, we will also disclose to you which third parties we disclosed inaccurate or incomplete personal data to. Where we consider it reasonable for us not to comply with your request, we will explain the reasons for our decision. It is important that the personal information we hold about you is accurate and current. Please inform us if there are changes to your personal information during the period we retain your data.
Right to data portability: If you so wish, you have the right to transfer your personal data between data controllers. In effect, this means that you can transfer your MFI account details to another online platform. To enable you to do this, we will provide you with your data in a password-protected, commonly used machine-readable format so that you can transfer the data to another online platform. Alternatively, we may directly transfer the data for you. This right to data portability applies to: (i) personal data that we process automatically (i.e. without any human intervention); (ii) personal data provided by you; and (iii) personal data that we process based on your consent or to fulfill a contract.
Right to lodge a complaint with a supervisory authority: You also have the right to lodge a complaint with your local supervisory authority, which in Portugal is the National Data Protection Commission. You can contact her in the following ways:
Email: [email protected]
Online information requests: https://www.cnpd.pt/bin/Duvidas/Duvidas_frm.aspx
Online complaints submission: https://www.cnpd.pt/bin/Duvidas/Queixas_frm.aspx
Address: Rua de São Bento, no 148-3o, 1200-821 Lisbon
If you wish to exercise any of these rights or withdraw your consent to the processing of your personal data (if consent is our legal basis for processing your personal data), please contact us. Please note that we may keep a record of your communications to help us resolve any issues you may raise.
HOW CAN YOU CONTACT US?
If you wish to exercise any of the above rights, suspect misuse, loss or unauthorized access or have any comments or suggestions regarding this Privacy Policy, you can contact us via our “Contact Us” form or by sending an email to [email protected].
HOW DO WE STORE AND TRANSFER YOUR DATA INTERNATIONALLY?
The transmission of data to other countries (countries outside the European Union) only occurs if this is necessary for the execution of your orders or requests (for example, payment orders or shipping of products), due to legal requirements or if we have granted express authorization for this purpose. If it is necessary to use service providers from third countries, they will be obliged to comply with the written instructions in this matter, by signing an agreement with the European Union standard contractual clauses, to comply with the level of data protection. applicable in the European Union. You will receive detailed information from us separately, whenever defined by law. We want to ensure that your data is stored and transferred securely. Therefore, we will only transfer data outside the European Economic Area or EEA (i.e. the Member States of the European Union, together with Norway, Iceland and Liechtenstein) when this complies with data protection legislation and the means of transfer provide adequate guarantees in relation to your data, for example:
– By means of a data transfer contract, which incorporates the current standard contractual clauses adopted by the European Commission for the transfer of personal data by data controllers in the EEA to controllers and processors in jurisdictions lacking data transfer laws. adequate data protection;
– By joining the EU-US Privacy Shield framework for the transfer of personal data from entities in the EU to entities in the United States of America or any equivalent agreement relating to other jurisdictions; or
– Transferring your data to a country where the European Commission has recorded an adequate level of protection in relation to that country’s data protection levels through its legislation.
WARRANTIES AND WARNINGS
The user guarantees that the personal data communicated to MFI is correct and accurate and undertakes to notify any changes or modifications to them and assumes exclusive responsibility for losses and damages caused by erroneous, inaccurate or incomplete communication of data. The user is expressly warned that when revealing personal data on MFI’s public media such as Facebook, Google +, Twitter and Instagram, this information may be seen and used by third parties. MFI does not read any personal communications published on its clients’ own web pages.
COOKIE POLICY
What is a cookie?
A “cookie” is an information file that is stored on your computer’s hard drive and that records your navigation on a website so that, when you visit that website again, it can present personalized options based on the information.
stored about your last visit. We may also use cookies on our website to analyze traffic and for advertising and marketing purposes, which will not harm your system. If you want to check or change the type of cookies you accept, you can do so in your browser settings.
How do we use cookies?
We use cookies to track your use of our website. This allows us to understand how you use the site and track any patterns that arise individually or across larger groups, which will help us develop and improve our site and services in response to what our visitors want and need.
Cookies are:
– Session cookies: these are only stored on your computer during your web session and are automatically deleted when you close your browser – they normally store an anonymous session ID allowing you to browse a website without having to log in to each page, but do not collect any information from your computer;
– Persistent cookies: they are stored as a file on your computer and remain when you close your web browser. The cookie can be read by the website that created it when you visit that website again. We use persistent cookies from Google Analytics and Facebook;
– Strictly necessary cookies: They are essential to allow you to use the website effectively and cannot be disabled. Without these cookies, the services made available to you on the website cannot be provided. These cookies do not collect information about you that could be used for marketing;
– Performance cookies: These cookies allow us to monitor and improve the performance of our website. For example, they allow us to count visits, identify traffic sources and see which parts of the website are most popular;
– Functionality cookies: They allow our website to remember choices you make (such as your username, language or region where you are) and provide improved functionality. For example, we may provide you with relevant news or updates on our website. These cookies can also be used to remember changes you have made to the text size, font and other parts of web pages that you can personalize. They may also be used to provide services you have requested, such as viewing a video. The information these cookies collect is normally anonymized;
– Personalization cookies: These cookies are persistent (as long as you are registered with us) and mean that when you log in or return to the site you may see advertisements similar to those you browsed previously.
– Marketing Cookies- This website uses Google Analytics to collect information such as the number of visitors or the most popular pages.
We use Google Tag Manager to add advanced features like price comparison.
Concent to Cookies Policy:
Pursuant to Law No. 41/2004 of 18 August, the storage of information and the possibility of accessing information stored on a user’s terminal equipment (namely through cookies) are only carried out by MFI if the user has given their consent prior and expressly to the installation of cookies on your equipment, we therefore ask you, prior to using the websites, to accept this Privacy and Cookies Policy.
How can I prevent the use of Cookies?
The Customer has the right to withdraw consent to the use of cookies by MFI at any time, by deleting the cookies stored on your computer through the configuration options of your Internet browser.
Finally, if you wish to have greater control over the installation of cookies, you can install programs or add-ons to your browser, known as “do not track” tools, which will allow you to choose the cookies you wish to allow.
If the use of cookies is blocked or not authorized, no cookie will be stored on your equipment, but the proper functioning of our website is not guaranteed, meaning the customer will not be able to derive maximum benefit from the content available on MFI websites. With each new access to the website, you will always be asked for authorization to use cookies.
DECLARE, EXERCISE OR DEFEND RIGHTS
It may sometimes be necessary for us to process personal data and, where appropriate and in accordance with local laws and requirements, sensitive personal data in connection with the exercise or defense of rights. Article 9(2)(f) of the GDPR allows this processing when “it is necessary for the establishment, exercise or defense of a right in legal proceedings or whenever courts act in the exercise of their judicial function”.
This may arise, for example, where we need to obtain legal advice in relation to legal proceedings or where we are required by law to retain or disclose certain information as part of a legal process.
CHANGES TO THE DOCUMENT
MFI may occasionally change this statement and its Privacy Policy to reflect the company’s image and customer feedback. We encourage our customers to periodically review our Privacy Policy to be up to date with how MFI protects their information, without prejudice to informing you whenever there are relevant changes to our Privacy Policy.