top of page

Privacy Policy

 

I take safeguarding online privacy seriously. I treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy.

 

This privacy policy informs you about the type, scope and purpose of the processing of personal data within my website, the web pages, functions and content connected to it, as well as any other web page that links to this privacy policy (hereinafter collectively referred to as "website" or "online offer"). The privacy policy applies regardless of the domains, systems, platforms and devices (e.g., desktop or mobile) on which my online offer is accessed.

 

The controller

The entity responsible for processing your personal data in the sense of the Portuguese Data Protection Act No. 10/91 and the General Data Protection Regulation (GDPR) is:

 

Teresa Bonito

Lisbon, Portugal

info@teresabonito.com

https://www.teresabonito.com/

TikTok: https://www.tiktok.com/@teresabonito_va

Pinterest: https://www.pinterest.pt/teresabonito_va/

Instagram: https://www.instagram.com/teresabonito_va/

Facebook: https://www.facebook.com/teresabonitoVA/

LinkedIn: https://www.linkedin.com/in/teresabonito/

Definitions

For more information on the terms used, such as "personal data" or their "processing", please refer to Article 4 of the General Data Protection Regulation (GDPR).

 

The term "users" includes all categories of data subjects. They include my business partners, customers, interested parties and other visitors to my online offer.

Processing of personal data

The personal data of users processed within the scope of this online offer includes inventory data (e.g., names, contact information and addresses of customers), contract data (e.g., services used and payment information), usage data (e.g., the websites visited on my online offer, interest in my services) and content data (e.g. entries in the contact form or Google Forms).

 

The purpose of the processing includes the provision of the online offer, its functions and content, answering contact requests and communication with users, security measures and range measurement as well as marketing.

 

I process users' personal data only in compliance with the relevant data protection regulations. This means that the users' data is only processed with legal permission.

 

This means, in particular, if the data processing is necessary or legally required for the provision of my contractual services (for example, the processing of orders and online services), the user's consent is given. In addition, the users' consent is also given on the basis of my legitimate interests (for example, interest in the analysis, optimisation and economic operation and security of the online offer within the meaning of Art. 6 Para. 1 lit. f. of the GDPR, in particular in measuring reach, creating profiles for advertising and marketing purposes and collecting access data and using third-party services).

 

I'd like to point out that the legal basis for consent is Art. 6 para. 1 lit. a. and Art. 7 GDPR, the legal basis for the processing for the fulfilment of my services and implementation of contractual measures is Art. 6 para. 1 lit. b. GDPR, the legal basis for the processing to fulfil our legal obligations is Art. 6 para. 1 lit. c. GDPR and the legal basis for the processing to protect our legitimate interests is Art. 6 para. 1 lit. f. GDPR.

Security

I take organisational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and thus to protect the data processed by me against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. The security measures include in particular the encrypted transmission of data between your browser and my server.

Transfer of data to third parties and third-party providers

Data is only passed on to third parties within the framework of legal requirements. I only pass on users' data to third parties if, for example, this is necessary for contractual purposes on the basis of Art. 6 (1) b) GDPR or on the basis of legitimate interests in accordance with Art. 6 (1) f) GDPR. GDPR in the economic and effective operation of my business.

 

If I use third-party providers to provide my services, I take appropriate legal precautions and corresponding technical and organisational measures to ensure the protection of personal data in accordance with the relevant legal provisions.

 

If content, tools or other means from other providers (hereinafter collectively referred to as "third party providers") are used within the scope of this privacy policy and their named registered office is located in a third country, it is to be assumed that a data transfer to the third-party providers' countries of domicile takes place. Third countries are countries in which the GDPR is not directly applicable law, i.e., countries outside the EU or the European Economic Area. The transfer of data to third countries takes place either if there is an adequate level of data protection, the consent of the users, or otherwise legal permission.

Contact with me

If you contact me, the data you provide will be stored for a maximum of six months for the purpose of processing your enquiry and in case of follow-up questions. Of course, I will not pass on this data without your consent. However, it is also possible to use my website without providing personal data. As far as personal data (e.g., name, address or e-mail address) collected on my online offer (e.g. newsletter or free promotional material), this is always done on a voluntary basis, as far as possible. This data will of course not be passed on to third parties without express consent.

 

I would like to point out that data transmission on the Internet (e.g., communication by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

 

When contacting me, the user's details are processed for the purpose of handling the contact request and its processing in accordance with Art. 6 Para. 1 lit. b) GDPR.

Collection of access data and log files

I collect data on every access to my website on the basis of my legitimate interests as defined in Art. 6 para. 1 lit. f. GDPR, I collect data on every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

 

Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of seven days and then deleted. Data whose further storage is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.

Cookies

This site only sets the cookies that are indispensable for the operation of this website. I do not collect statistics about website visitors. Cookies are small text files that are placed on your device by your browser. They do not cause any damage. Cookies are used to make the website user-friendly. Some cookies remain stored on your end device until you delete them. They make it possible to recognise your browser on your next visit. If you do not wish this, you can set up your browser so that it informs you about the setting of cookies and only allows this in individual cases (for example, Firefox, Safari, Chrome, Internet Explorer). Stored cookies can be deleted in the system settings of the browser. If you deactivate cookies, the functionality of my website may be limited.

 

You can learn more about cookies in general at www.allaboutcookies.org and if you wish to learn more about the cookies used on my website please read my Cookie Policy.

 

Integration of services and contents of third parties

I use content or service providers within my online offer on the basis of my legitimate interests (the interest in the analysis, optimisation and economic operation of my online offer in the sense of Art. 6 para. 1 lit. f. GDPR) to integrate content or services offered by third-party providers, such as videos or fonts (hereinafter uniformly referred to as "content").

 

This always requires that the third-party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to the user's browser. The IP address is therefore necessary for the display of this content. I endeavour to only use content whose respective providers only use the IP address to deliver the content.

 

Third-party providers may also use so-called "pixel tags" (invisible graphics, also known as "web beacons") for statistical or marketing purposes. These pixel tags can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of my website, as well as being linked to such information from other sources.

 

Online appointment booking

I use the service of Calendly for the simplified booking of appointments. By using this service, data is transferred to Calendly. Calendly processes the following data of users on the basis of a commissioned data processing agreement pursuant to Art 28 GDPR.

 

The processing of the data entered via Calendly is thus exclusively based on a legitimate interest in simplified appointment arrangement and the customer according to Art. 6 para. 1 lit. f GDPR and on the basis of the order data processing agreement according to Art. 28 GDPR. The data entered by customers or interested parties via Calendly shall remain with me until the customer requests me to delete it or the purpose for storing the data no longer applies, in particular after the processing of an enquiry has been completed, whereby the necessity of retaining the data shall be reviewed once a year. Mandatory legal provisions - in particular retention periods - shall remain unaffected.

Online Meetings

I may use Online Meeting Tools (e.g., Zoom, Skype, Google Meets etc) to conduct online meetings and various types of data are processed when using an online platform for meetings. The scope of the data depends on the information you provide before or during participation in an online meeting. The legal basis for this is my legitimate interest in effective customer communication and, insofar as it concerns an enquiry to enter into or fulfil a contract. You can request information about the purpose of the processing, origin and, if applicable, recipients of your personal data from us free of charge at any time.

Deletion of data

The data stored by me will be deleted as soon as it is no longer required for its intended purpose and there are no legal obligations to retain the data. If the user's data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for reasons of commercial or tax law.

Your rights

You have the following rights in relation to me in respect of personal data relating to you:

 

Right to withdraw consent

If you have given your consent to the processing of your data, you may revoke it at any time. Such a revocation affects the permissibility of processing your personal data for the future after you have expressed it.

 

Right to information

In the event of a request for information, you must provide sufficient details of your identity and proof that the information in question is yours. The information concerns the following information:

 

  • the purposes for which the personal data are processed

  • the categories of personal data which are processed and

  • the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed

  • the planned duration of the storage of the personal data relating to you or, if specific information on this is not possible, criteria for determining the storage period

  • the existence of a right to obtain the rectification or erasure of personal data concerning you, a right to obtain the restriction of the processing by the controller or a right to object to such processing

  • the existence of a right of appeal to a supervisory authority

  • any available information on the origin of the data if the personal data is not collected from the data subject

  • the existence of automated decision-making, including profiling, and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject

 

Right to rectification or erasure

You have a right to rectification and/or completion if the personal data processed concerning you is inaccurate or incomplete. The controller must make the correction without delay.

 

In addition, you may request the erasure of the personal data concerning you if one of the following reasons applies to you:

 

  • the personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed

  • you withdraw your consent on which the processing was based pursuant to your consent and there is no other legal basis for processing

  • you object to the processing and there are no overriding legitimate grounds for the processing, or you object to the processing

  • the personal data concerning you have been processed unlawfully

  • the erasure of the personal data concerning you is necessary for compliance with a legal obligation under which I'm subject

  • the personal data concerning you has been collected in relation to information society services

  • if I have made the personal data concerning you public and I am obliged to erase it, I will take all reasonable steps to also inform other data controllers that you have requested the erasure of all links to, or copies or replications of, that personal data

  • the right to erasure does not apply to the extent that the processing is necessary

  • for the exercise of the right to freedom of expression and information

  • for compliance with a legal obligation which requires processing under the law to which I'm subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in me

  • for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes, insofar as the right referred to is likely to render impossible or seriously prejudice the achievement of the purposes of such processing or

  • to assert, exercise or defend legal claims

 

Right to restriction of processing

Under the following conditions, you may request that I restrict the processing of personal data relating to you:

 

  • if you dispute the accuracy of the personal data relating to you for a period of time that enables me to verify the accuracy of your personal data

  • the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data

  • I no longer need the personal data for the purposes of processing, but you need them for the assertion, exercise or defence of legal claims or

  • if you have objected to the processing and it is not yet clear whether my legitimate grounds override your grounds

 

If the processing of personal data relating to you has been restricted, such data may - apart from being stored - only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.

 

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by me before the restriction is lifted.

 

Right to information

If you have asserted your right to rectification, erasure or restriction of data processing against me, I am obliged to inform all recipients of your personal data of the rectification, erasure or restriction of data processing. This only applies insofar as this notification does not prove impossible or would involve a disproportionate effort.

 

You have the right to know which recipients have received your data.

 

Right to data portability

You have the right to receive your personal data from me in a common, machine-readable format in order to have it transferred to another controller if necessary, provided that

 

  • the processing is based on consent pursuant to your consent or on a contract and

  • the processing is carried out with the help of automated procedures

 

When exercising your right to data portability, you have the right to have the personal data transferred directly from me to another controller, insofar as this is technically feasible.

 

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in me.

 

Right to object to processing

Insofar as I base the processing of your personal data on legitimate interest or on my part, you may object to the processing.

 

When exercising such an objection, I ask you to explain the reasons why I should not process your personal data as I have done. In the event of your justified objection, I will examine the merits of the case and either discontinue or adapt the data processing or show you my compelling legitimate grounds on the basis of which I will continue processing.

 

Right to complain to the competent supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

 

 

Use of social media plug-ins

This website uses so-called social media plug-ins ("plug-ins"). You can recognise the plug-ins by the providers' logo. When you visit my pages, direct connections are established between your browser and the servers of the services via the plug-ins. They thereby receive the information that you have visited my site with your IP address. If you click on one of the buttons while you are logged in to one of the services, the information that you have visited my site can be assigned to your user account with the respective service. If you are a member of one of these services and do not want the service providers to collect data about you via my website and link it to your membership data, you must log out of the respective services before visiting my website. I would like to point out that I, as the operator of this website, do not have any knowledge of the content of the transmitted data or its use by the individual services. For more information on which data is collected by the respective services when the social plug-ins are called up and how this data is used, please refer to the data protection provisions of the individual service providers.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content and enquiries that you send to me as the website operator, this website uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

Automated decision-making

I do not use automated decision-making or profiling.

Do Not Track

Do Not Track is a privacy preference you can set in most browsers. I support Do Not Track because I believe that you should have genuine control over how your info gets used and my website responds to Do Not Track requests.

Do Not Sell My Personal Information

I do not sell information that directly identifies you, like your name, address or phone records.

Accuracy

It is important that the data I hold about you is accurate and current, therefore please keep me informed of any changes to your personal data.

 

External links

My website contains links to the online offers of other providers. I hereby point out that I have no influence on the content of the linked online offers and the compliance with data protection regulations by their providers.

Changes to the privacy policy

I reserve the right to change the privacy policy in order to adapt it to changed legal situations or in the event of changes to the service and data processing. However, this only applies to declarations regarding data processing. If the consent of the users is required or parts of the privacy policy contain regulations of the contractual relationship with the users, the changes will only be made with the consent of the users.

 

Users are requested to inform themselves regularly about the content of the privacy policy.

Copyright © 2024 Teresa Bonito | Virtual Services. All Rights Reserved.

bottom of page