PRIVACY POLICY
- WHY?
- PERSONAL DATA CONTROLLER
- PERSONAL DATA
- PERSONAL DATA WE COLLECT
- CATEGORIES OF PERSONAL DATA WE PROCESS AND PURPOSES OF PROCESSING
- PERIOD OF STORAGE OF PERSONAL DATA
- DESCRIPTION OF THE PROCESSING OF PERSONAL CUSTOMER DATA
- WEBSITE USERS
- RIGHTS OF DATA SUBJECTS
- SECURITY MEASURES ADOPTED BY AREA
- CIRCUMSTANCES IN WHICH DATA IS TRANSFERRED TO OTHER ENTITIES
- CIRCUMSTANCES IN WHICH DATA MAY BE SUBJECT TO INTERNATIONAL TRANSFERS
- CONTACT US
- CHANGES TO OUR PRIVACY POLICY
AREA INFINITAS - DESIGN DE INTERIORES, S.A. needs to collect some personal data from its customers, suppliers and partners for the supply of its products and services.
In this respect, this Privacy Policy aims to help our customers, suppliers and partners understand the type of personal data we collect, how and why we use them, to whom we disclose them and how we protect their privacy when using our products and services.
WHY?
AREA is committed to protecting the security and privacy of its customers, suppliers, partners and users of its website www.areastore.com. We have therefore prepared this Privacy Policy, in order to affirm our commitment and respect for the rules of privacy and personal data protection.
We want data subjects to be aware of our general privacy rules and the terms for the processing of the data we collect, in strict compliance with the applicable law on this matter, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016 ("General Data Protection Regulation").
AREA seeks to comply with the best practices in terms of security and protection of personal data by promoting actions and improving systems in order to ensure the protection of the data provided by data subjects
The completion of our forms and contractual documents, the use and navigation of the website and the provision of data, directly or indirectly, by the data subjects imply acknowledgment and acceptance of the terms of this Policy and of any other specific terms, policies and conditions regarding the provision of our products and services. By providing your personal data, you are authorising their collection, processing, use and disclosure in accordance with the rules set out herein.
PERSONAL DATA CONTROLLER
References in this Privacy Policy to "AREA INFINITAS - DESIGN DE INTERIORES, S.A.", "AREA" or "we" shall mean AREA INFINITAS - DESIGN DE INTERIORES, S.A. (company registered in Portugal, with head office in Lisbon, Av. Eng. Duarte Pacheco, Torre 1, 8º andar, Sala 7, 1070-101 Lisboa, and Legal Entity No. 502580097), being considered for this purpose as the Controller, in accordance with the General Data Protection Regulation.
PERSONAL DATA
"Personal data" means any information, of whatever nature and regardless of its support, including sound and image, concerning an identified or identifiable natural person (Data Subject).
PERSONAL DATA WE COLLECT
We collect and process your personal data to supply our products, provide our services and manage our contractual relationships with customers, suppliers and partners.
Please see the table below for detailed information regarding the purposes of the processing carried out by AREA, the lawfulness of this processing and/or the storage periods for the personal data collected.
CATEGORIES OF PERSONAL DATA WE PROCESS AND PURPOSES OF PROCESSING
Customers' personal data are generally used for the purposes of supplying products and providing and managing the contracted services. The processing of customer data will, in most cases, be justified by the contractual relationship established between AREA and the data subject and, in certain situations, for compliance with the company's legal obligations.
The personal data of suppliers (i.e., natural persons representing or collaborating with AREA's suppliers and service providers) to which AREA has access for the supply or provision of services are processed for the purpose of managing the contractual relationship. This processing is justified by the performance of the contract established between AREA and the supplier, and, in certain situations, for compliance with the former's legal obligations.
As regards the relationship with partners, i.e., natural persons and their employees with whom AREA establishes a partnership, and for the data necessary for AREA's management of that partnership, the processing is justified by the performance of the contract established between AREA and the partner, and, in certain situations, for compliance with AREA's legal obligations.
Promotional and direct marketing communications can be made using any communication channel, through email, SMS, MMS or other forms of automatic calls, where it is guaranteed that the information given is covered by the promotion of products similar to those purchased by the customer and therefore excludes the need to obtain consent. Customers must note that we do not share their personal data with other companies for marketing purposes.
With regard to the management of mailing lists used for marketing requiring consent, if the customer does not wish to receive further marketing communications from us, they are free to terminate the service by simply selecting Opt-out in the communication received.
PERIOD OF STORAGE OF PERSONAL DATA
The personal data collected will be stored by AREA for the duration of its relationship with the customer, supplier or partner, and may be stored for a longer period, as established by law or for the defence of rights/interests in legal claims.
DESCRIPTION OF THE PROCESSING OF PERSONAL CUSTOMER DATA
Below is a description of the processing of personal customer data, in order to ensure transparency of the respective processing carried out by AREA.
Table 1 - Description of personal data processing involving customer data
| Purpose of Processing | Lawfulness of Processing | Categories of Personal Data | Period of Storage | Criterion | Categories of Data Recipients |
|---|---|---|---|---|---|
| Legal support | Performance of a contract | Identification data Contact Tax data Bank details Special category data (comments, procedural document) |
6 months | After limitation or prescription of rights | Counsel for third parties Lawyer Authority Public body |
| Audit and compliance | Legitimate interest of the company | Identification data Tax data Bank details Contact |
10 years | After collection | Auditor Consultant |
| Invoicing | Legal obligation | Identification data Tax Data Bank Details Contact Professional data Internal or external process identifier |
10 years | After collection | - |
| File management | Legitimate interest of the company | Identification data Tax data Bank details Professional data Contact Special category data (procedural document) Internal or external process identifier |
- | Pre-established period for each purpose | File management company |
| Customer management | Performance of a contract | Identification data Tax data Bank details Contact Special category data (comments) Professional data Internal or external process identifier |
10 years | After terminating the relationship with the customer | - |
| Management of correspondence | Legitimate interest of the company | Identification data Contact Tax data Bank details Professional data Internal or external process identifier Special category data (comments) |
5 years | After collection | Courier company Postal service platform |
| Order handling | Performance of a contract | Identification data Contact Tax data Special category data (comments) Internal or external process identifier |
10 years | After terminating the contract | - |
| Mailing list management for promotions/advertising | Consent | Identification data Contact |
- | Until withdrawal of consent | Mailing list platform |
| Complaints management | Legal obligation | Identification data Professional data Contact Tax data Bank details Internal or external process identifier Special category data (comments) |
10 years | After terminating the contract | Counsel for third parties Lawyer Authority Association Product supplier Public body Landlord |
| Non-life insurance management | Performance of a contract | Identification data Bank details Contact Special category data (comments) |
10 years | After terminating the contract | Counsel for third parties Lawyer Authority Insurance broker Public body Insurance company |
| Economic, accounting and financial management | Legal obligation | Identification data Tax data Bank details Contact Special category data (comments) |
10 years | After terminating the contract | Authority Bank Management services company Financial services company VAT recovery platform |
| Logistics management | Performance of a contract | Identification data Tax data Contact Internal or external process identifier |
10 years | After terminating the contract | Logistics operator Postal service platform Carrier Freight transporter |
| Direct marketing | Legitimate interest of the company | Identification data Contact |
10 years | After terminating the relationship with the customer | Message sending platform |
| On-premise security | Legitimate interest of the company | Special category data (video surveillance) | 30 days | After collection | Authority |
| Technological support | Legitimate interest of the company | Identification data Tax data Bank details Contact Special category data (comments) Internal or external process identifier |
- | Pre-established period for each purpose | Consultant Technology company |
WEBSITE USERS
AREA guarantees visitors to www.areastore.com ("User" or "Users") respect for their privacy. Visiting this website does not in itself imply the automatic registration of any personal data that identifies the User.
Data collection and processing
As a User, you can register on our website and take advantage of additional functionalities.
Security measures
AREA strives to protect the personal data of Users against unauthorised access via the Internet. To do that, we use security systems, rules and other procedures in order to guarantee the protection of the Users' personal data, as well as to prevent unauthorised access to the data, their improper use, disclosure, loss or destruction. We undertake to respect the legislation on the protection of the Users' personal data and to process these data only for the purposes for which they were collected, as well as to guarantee that they are treated with adequate levels of security and confidentiality.
AREA strives to guarantee the security of its Users; however, it is the Users' responsibility to ensure that the computer they are using is adequately protected against harmful software, computer viruses and worms. Additionally, they should be aware that, without adequate security measures in place (for example, secure browser configuration, updated antivirus software, security barrier software and non-use of software of doubtful origin), there is an increasing risk that personal data and passwords may be accessed by third parties without authorisation.
Cookies
AREA uses the following types of cookies on this website:
Strictly necessary
These cookies are necessary for the operation of the website and cannot be disabled. They are only added in response to user actions, such as language selection, currency, login and privacy preferences. You can set your browser to block these cookies, but the website may not work correctly.
Analytical and statistical
These cookies allow us to measure visitor traffic and identify their origin by collecting aggregated data. They also help us measure the popularity of products and campaigns.
Marketing and retargeting
These cookies are added by our marketing and advertising partners. They may be used to profile your interests, so that we can show you more relevant advertisements. If you do not allow these cookies, you will not receive advertisements tailored to your interests.
Functional
These cookies allow our website to offer additional functionalities and personal settings. They may be added by us or by third parties, such as service providers that have been included on our webpages. If you do not allow these cookies, these services may not work correctly.
RIGHTS OF DATA SUBJECTS
As provided by law, data subjects may at any time access their rights regarding their own personal data:
- Right to information: at the time their personal data are collected or after a reasonable period of time, in case the data are collected by another entity, but always arising from a direct relationship between the data subject and AREA, data subjects must be informed about:
- Name and contact details of the controller;
- Purposes for which the personal data are or will be processed;
- Categories of personal data used;
- Recipients of personal data;
- Whether there will be transfers to countries or organisations in third countries outside the European Union;
- Periods for which the personal data will be stored;
- Their rights;
- The right to lodge a complaint with the Supervisory Authority;
- The source of the personal data (if not collected directly); and
- Whether the processing involves automated decision-making.
- Right of access: it means that the data subject has the right to obtain confirmation from the controller that their personal data are or are not being processed and, as the case may be, the right to access said personal data and other information, such as the purpose of the processing, categories of personal data concerned, recipients to whom the data have been or will be disclosed, expected storage period, among others.
- Right to rectification: it means that the data subject has the right to obtain from AREA the rectification of inaccurate personal data concerning them, as well as to have incomplete personal data completed.
- Right to erasure (right to be forgotten): it means that you have the right to request the erasure of your data in certain cases, including, but not limited to, personal data that is no longer necessary for the purpose for which it was collected or processed, where the data subject withdraws consent on which the data processing is based, among others.
- Right to data portability: it means that in certain cases the data subject may request the personal data they have provided to AREA in a structured, commonly-used and machine-readable format and the right to transfer such data to another controller.
- Right to restriction of processing: it means that the data subject has the right to request the restriction of the processing of their data in certain cases, namely if the processing is unlawful and they oppose the erasure of their data, or if AREA no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise or defence of legal claims, among others.
- Right to object: the data subject may object to the processing of their data for reasons relating to their particular situation, and in cases where (i) the data are processed for the purposes of the legitimate interests pursued by AREA or by third parties, or for purposes other than those for which the data were collected and the processing is not carried out with the consent of the data subject or on the basis of provisions of Union or Member State law, or (ii) the personal data are processed for direct marketing purposes, or (iii) the personal data are processed for scientific or historical research or statistical purposes.
- Right to challenge automated decisions: the data subject shall have the right not to be subject to a decision taken solely on the basis of automated processing, including profiling, which produces legal effects for them or significantly affects them in a similar manner.
The data subject may exercise these rights by contacting the Data Protection Officer at dpo@areastore.com.
In accordance with the law, the data subject is also guaranteed the right, by the above-mentioned means, to withdraw their consent for the processing of data given on the basis of the legitimacy of the respective processing. To this end, the data subject has the right to withdraw their consent at any time, which shall not, however, invalidate the processing carried out up to that date on the basis of the consent previously given. Only minors aged 16 or over may give valid consent to the processing of personal data, otherwise consent shall only be considered lawful if and insofar as it is given or authorised by the holders of parental responsibilities of said minor.
Without prejudice to any other administrative or judicial remedy, the data subject also has the right to lodge a complaint with the Portuguese Data Protection Authority (CNPD) or another competent supervisory authority pursuant to the law, if they consider that their data is not being legitimately processed by AREA under the terms of the applicable legislation and of this Policy.
SECURITY MEASURES ADOPTED BY AREA
AREA is committed to protecting the personal data it stores from damage, loss, disclosure, misappropriation, alteration and destruction.
For this purpose, we implement security and access control measures of a technical and organisational nature aimed at mitigating the existing risks.
CIRCUMSTANCES IN WHICH DATA IS TRANSFERRED TO OTHER ENTITIES
AREA uses other entities to provide certain services. Such services may involve access by these entities to the personal data of its customers, suppliers, partners and website users.
Any AREA subcontractor shall process the personal data of the data subjects in the name and on behalf of AREA, in strict compliance with our instructions. AREA ensures that said subcontractors provide sufficient guarantees of implementation of appropriate technical and organisational measures so that the processing will meet the requirements of the applicable law and ensure the security and protection of the rights of the data subjects, under the terms of the subcontracting agreement concluded with such entities
In certain situations, the personal data of the data subjects may also be transferred to third parties where such data transfers are necessary or appropriate (i) in the light of the applicable law, (ii) in compliance with legal obligations/court orders, (iii) by determination of the CNPD or other competent supervisory authority, or (iv) to respond to requests by public or government authorities.
In any of the situations mentioned above, AREA undertakes to take all reasonable measures to ensure the effective protection of the personal data it processes.
CIRCUMSTANCES IN WHICH DATA MAY BE SUBJECT TO INTERNATIONAL TRANSFERS
The supply of products and services by AREA may involve the transfer of the personal data of data subjects to third countries (not belonging to the European Union or the European Economic Area).
In such cases, AREA will implement the necessary and appropriate measures under the applicable law to ensure the protection of personal data subject to such transfer, in strict compliance with the legal provisions regarding the requirements applicable to such transfers. This includes, in particular, informing you in this respect and ensuring that the recipients of the data implement all the technical and organisational measures according to a criterion defined by AREA and based on the maximum security of your personal data.
CONTACTS
The data subject may contact AREA for further information about the processing of their personal data, as well as any questions related to the exercise of their rights under the applicable law and, in particular, those referred to in this Policy, at: dpo@areastore.com
CHANGES TO OUR PRIVACY POLICY
AREA may need to modify its Privacy Policy, in particular as a result of legislative changes. We suggest that you check this website periodically to keep up to date.
Last updated on: 3 February 2022.