Privacy and Cookies Policy
WHO ARE WE?
The Personal
Data Protection Act (hereinafter "PDPA") and the General Data Protection
Regulation (Regulation (EU) 2016/679 of the European Parliament and of the
Council of 27 April 2016, hereinafter "GDPR") ensure the protection
of natural persons concerning the processing of personal data and the sharing
of such data.
The present privacy and data protection policy ("Privacy Policy") relates to the processing of personal data carried out by ROLA WINES and collected through the website WWW.ROLAWINES.COM
From now on, this website shall be referred to as the "Platform":
ROLA WINES is committed to protecting the personal data ("Personal Data") of its customers and users, hereinafter referred to as "Users" or individually as "User", made available on the Platform, by adopting a policy subject to high standards in matters of privacy and which is based on the strict maintenance of confidentiality, loyalty, and integrity of the Personal Data.
To this end, the Privacy Policy, which is intended to inform Users of the situations in which Personal Data is processed, namely how and why it is collected, to whom it is disclosed, how privacy is protected when navigating or using the services provided on the Platform, as well as their rights in relation to the processing of Personal Data carried out.
The collection and processing of Personal Data carried out by ROLA WINES complies with the provisions of the personal data protection legislation in force, in particular with the GDPR and PDPA.
WHAT IS PERSONAL DATA?
Personal Data shall mean any information, of whatever nature and whatever its medium, including sound and image, concerning an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to other factors specific to his physical, physiological, mental, economic, cultural, or social identity.
OTHER IMPORTANT DEFINITIONS:
Supervisory authority - an independent public authority established by an EU Member State with responsibility for monitoring the application of the GDPR and PDPA in order to protect the fundamental rights and freedoms of natural persons in relation to processing and to facilitate the free movement of data within the European Union. In Portugal, the supervisory authority is the Comissão Nacional de Proteção de Dados ("CNPD").
Consent - free, specific, informed, and explicit expression of will, by which the data subject accepts, by means of a declaration or unequivocal positive statement, that the Personal Data concerning him/her may be processed for a specific purpose.
Data Protection Officer ("DPO") - a person or entity appointed to ensure, within an organisation, the compliance of personal data processing with the GDPR, ensuring efficient communication with the Personal Data subjects and cooperation with the supervisory authorities concerned.
Controller - a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing of Personal Data.
PDPA - Law no. 58/2019, of 08 August, ensures the implementation, in the national legal order, of Regulation (EU) 2016/679 of the Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data
GDPR - General Data Protection Regulation (EU) of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
Sub-processor - a natural or legal person, public authority, agency, or other body which processes personal data on behalf of ROLA WINES as the data controller.
Holder of Personal Data - an identified or identifiable natural person to whom the Personal Data collected on the Platform refer, i.e., the Users of the Platform.
Processing - operation or set of operations which is performed upon personal data or sets of personal data, by automated or non-automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or compiling, restriction, erasure, or destruction.
Third Party - a natural or legal person, public authority, service, or body other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or the processor, are authorised to process the Personal Data.
WHO IS RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA?
ROLA WINES is Responsible for the Processing of your Personal Data collected through the website, under the terms of the GDPR.
The data controller reserves the right to subcontract other entities to carry out such Processing on its behalf.
1. PROTECTION OF THE PRIVACY OF PERSONAL DATA IS A COMMITMENT OF ROLA WINES
The protection of personal data privacy is a fundamental commitment of ROLA WINES to the personal data subject (also, "data subject") who uses ROLA WINES digital platforms and email marketing management services. This document serves to explain what personal data we collect, for what purposes we use it, how we treat it, with whom we share it, how long we keep it, as well as ways to contact us in order to exercise your rights.
2. DATA PROTECTION OFFICER
The Provider of email marketing used by ROLA WINES has a Data Protection Officer (DPO or Data Protection Officer), who provides information and advice on issues related to the treatment of data and cooperating with the CNPD (Comissão Nacional de Proteção de Dados, the Portuguese National Commission for Data Protection). Request via email to access to the ROLA WINES Data Protection Officer at WINE@ROLAWINES.COM
3. WHAT KIND OF INFORMATION DOES ROLA WINES COLLECT?
ROLA WINES collects information in two different contexts:
1. Anonymous data is stored while the personal data subject or the ROLA WINES management team visits the digital platforms, with the aim of improving the operation of the platforms, including content optimisation and prioritisation.
2. Personal data is provided voluntarily by the holder at the time of registration or subscription. These are processed automatically, and the personal data holder's information is collected in encrypted form and managed securely in a data centre in Portugal.
4. WHO IS RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA?
The data subject is the natural/collective person to whom the data relates, who uses and/or has used the digital platforms and/or web marketing services offered by ROLA WINES via the email marketing platform and to whom the natural/collective person has authorised the respective data management.
5. Rights of the personal data subject
ROLA WINES guarantees Users, as Holders of Personal Data and at any time, the right to access, rectify, update, limit and delete their Personal Data, the right to object and to withdraw their consent, without this compromising the lawfulness of the processing carried out under that consent, as well as the right to data portability:
1. Right to information: ROLA WINES clearly explains its policy at the time of account creation and/or registration or on any type of form.
2. Right to access and rectification: you can access and edit your data directly and autonomously by following the "edit" link available or request this action be performed by the ROLA WINES management team for this purpose.
3. Right to limit or oppose the processing of your data: you have in each message the possibility to limit/oppose with the link "remove".
4. Right to be forgotten: you must request the total removal of your data by sending an email message to WINE@ROLASWINES.COM with your identification and a request for removal.
5. Right to portability: You may request to receive the Personal Data you have provided in a structured, commonly used and machine-readable format. You also have the right to request that the Data be transmitted to another Data Controller, provided that this is technically possible.
In such cases, ROLA WINES shall cease to process the Personal Data, unless it has legitimate reasons to carry out such Processing, and these take precedence over the interests of the Users.
Right to withdraw the Consent given: Where Processing is contingent on Consent, the User may withdraw their consent at any time.
Right to lodge complaints with the Supervisory Authority: Should the User wish to lodge a complaint regarding matters relating to the Processing of Personal Data, he/she may do so before the Portuguese Data Protection Authority, the competent supervisory authority in Portugal.
For more information, please visit www.cnpd.pt.
6. IN WHAT CIRCUMSTANCES DO WE SHARE PERSONAL DATA OF USERS?
ROLA WINES uses other entities to provide certain services. Eventually, this provision of services may involve access, by these entities, to Users' personal data. This will be the case for suppliers or service providers of ROLA WINES (e.g., entities that provide services such as email marketing platforms, consulting professionals and others that may be subcontracted to establish contacts in accordance with the user's consents).
In such cases, ROLA WINES ensures, through contracts and clauses for Processing Personal Data, that any Subcontractor that processes Personal Data on behalf and on its behalf provides guarantees for the execution of appropriate technical and organizational measures, so that the Processing meets the requirements made by the GDPR and PDPA or other law applicable to the matter, ensuring confidentiality and data security, including compliance with the rights of the Personal Data Holders.
ROLA WINES may also transmit Users' Personal Data to third parties where they deem such data communications to be necessary or appropriate (i) under applicable law, (ii) in compliance with legal obligations/judicial orders, (iii) to respond to requests from public or government authorities and other administrative authorities, (iv) where it is necessary in order to comply with a legal, regulatory or other obligation, as well as (v) to ensure the security of the Personal Data Holders, or otherwise prevent fraudulent conduct.
As a rule, Users' Personal Data is not transferred to third countries (outside the European Union) but kept on servers located within the European Union. However, should Subcontractors transfer data to third countries, ROLA WINES shall implement the necessary and appropriate measures under applicable law to ensure the protection of the Personal Data subject to such a transfer, in strict compliance with the legal provisions.
7. HOW DOES THE WEBSITE AND WEB MARKETING PLATFORM HIRED BY ROLA WINES PROCESS DATA?
1. Information we collect
a) Information voluntarily submitted on certain parts of our website or web marketing platform. For example, we may ask for your name, email address, mobile phone and/or other information that identifies you to the platform in order to register for an authorised account with the company that provides ROLA WINES' web marketing services or to subscribe to an online form. We may also collect information such as your opinion, occupation, and contact details when you participate in events, surveys or publicity/marketing actions. In these cases, you can always choose to add additional information on an optional basis, and we keep a copy of the data provided in these interactions. The personal information we request and the reason we do so will be made clear at the time of the request.
b) The Information we automatically collect through our website: when you visit our Website we automatically collect certain information from your device, which for the purposes of this treatment is anonymous data. The information we collect may include IPs, operating system, browser type, browser activity and other information relating to aspects of the infrastructure used and how it interacts with our services/website. This can be collected in log form or in the form of cookies (see 7.4).
c) Information we automatically collect when sending communications (e.g., email, SMS, push, etc): when you receive a message from us, or from our web marketing platform, we may automatically collect information to identify your interactions with it. The information we collect may include IPs, operating system, browser type, browser activity and other information related to aspects of the infrastructure used, for example mobile operator, time of receipt on the mobile phone and terminal type. This can be collected in log form or in the form of cookies (see 7.4).
2. Use of personal information
a) The web marketing platform used by ROLA WINES may use the information it collects for various reasons:
In processing transactions and making accounts available via ROLA WINES
In responding to your requests to provide information or access to services when requested by you
To manage the website, administration, and security systems
To improve the navigation and content of the platform/website
To identify problems in servers, networks, or IT equipment
To provide, operate, optimise, and maintain our services
To send you marketing information, considering your preferences - in recruitment processes, if you have applied for a position with ROLA WINES
To compile statistical data on the use of our services in order to provide a better understanding of users' preferences
To carry out research to develop/improve our products and services
To customise content on the website and authorised platform
In the execution of contracts or other legal requirements
In addition, we may combine personal information with other information in order to provide better targeting and personalisation of the messages sent by the platform or a better browsing experience.
3. Public information and third-party websites
a) Social media networks and widgets. Our website includes integrations with various social media networks, these may collect information such as IP or use cookie(s) in order to enable their correct functioning. We warn that, in this case, the use of data is not the responsibility of ROLA WINES, and no measure of privacy is guaranteed, given the technical impossibility of controlling third-party services.
b) Blog. We have our own blog and therefore a comments feature. Any information included in the comments is public domain and can be read by anyone with complete freedom. For any personal information you wish to have removed or altered, contact us to that effect.
c) Third party websites. Our site includes links to other websites, for which we do not accept any responsibility. We warn that the use of data by third parties is not the responsibility of ROLA WINES, and no measure of privacy is guaranteed.
4. Cookies
The ROLA WINES website records cookies (text files) on the user's computer, which are used to count and personalise the visit. These cookies do not collect personal information and are only saved for as long as is necessary for their intended purpose. The storage of our cookies on the user computer can always be controlled via the user's own browser.
a) On the website and services provided by the web marketing platform used by ROLA WINES, we use the following cookies:
Essentials - Without them, some features of our service (e.g., maintaining ongoing customer access to your ROLA WINES account) will not be able to function.
Performance and Functionality - These cookies are used to improve the performance and functionality of our website but are not essential to its use. However, without them some functionalities may become unavailable.
Personalisation and Navigation - These cookies aggregate the analysis of user navigation so that we can improve it and always present them with the most relevant information and help to understand the reactivity of communications. Typically, the data collected is anonymised.
Advertisers - Help to show personalised adverts to each user. For example, if you came to our site and showed interest in a certain feature, you may later see an advertisement about that feature on other websites or on your Facebook.
b) Other tracking technologies
The web marketing platform used by ROLA WINES uses similar technologies such as pixels ("clear gifs") in order to obtain a unique identifier. These small graphic elements allow us to recognise that someone has visited/viewed the website or communications sent by us. In addition, from time to time, we may also use technologies such as web beacons or others that help us identify usage/browsing patterns, facilitating performance improvements or the creation of new functionalities. While you do not have the ability to specifically turn off each of these tracking technologies, in general, they can be turned off by declining the use of cookies, thereby preventing their operation.
c) How can I control cookies?
Modern browsers allow you to block and delete installed cookies. Select your browser and check its instructions (Chrome, Firefox, Safari, etc). For other browsers, please consult their settings.
8. WHAT SECURITY PROCEDURES GUARANTEE THE PROTECTION OF YOUR DATA?
The email marketing platform used by ROLA WINES is designed so that whenever personal information is collected or used, the data is encrypted using the SSL protocol (Secure Socket Layer). This technology protects data, notably from fraudulent interception and as such minimises the associated risk.
The email marketing service used by ROLA WINES has a bug and vulnerability reward detection Program.
All maintenance/alteration and physical destruction are carried out by the employees and managers of the email marketing platform used by ROLA WINES. The physical Data Centre where the data and services provided are stored is certified with the Certificate of Compliance ISO/IEC 27001.
9. FOR HOW LONG DOES ROLA WINES PROCESS AND STORE YOUR PERSONAL DATA?
1. The period of time during which Personal Data is stored and maintained varies according to the purpose for which they are used, the rule being that they are retained only for the period necessary for each purpose. However, there are legal (e.g., tax) obligations that may require the retention of Personal Data for a longer period of time, and, in this case, the data will be retained only for the period necessary to comply with the legal obligation imposed.
The Personal Data collected is treated in strict compliance with the applicable legislation and is stored in specific databases created for this purpose. Such data shall be kept in a format which permits identification of the Data Subjects.
If Processing is based on Consent, ROLA WINES retains the User's Personal Data in accordance with the Consent given and/or until such Consent is revoked.
Therefore, the law determines the conservation of data for a minimum period, specifically:
a) for one year: traffic data, location data for the purpose of investigation, detection, and prosecution of serious crime.
b) for 10 years: data necessary to inform the Tax Authorities.
2. ROLA WINES processes personal data for legitimate reasons to:
a) improve, maintain, and develop new technologies.
b) ensure the security of our services and website.
c) market the company's activities.
ROLA WINES retains your personal data, always in accordance with the law, guidelines, and decisions of the CNPD or, depending on the aplicable law, until the data subject exercises the right to object, right to be forgotten or revokes consent. However, all legal and contractual obligations that define these periods will always be complied with.
10. QUESTIONS
To deal with matters relating to the protection of personal data, you should contact ROLA WINES via Email: WINE@ROLASWINES.COM