Privacy and Cookie Policy
At Dois Marias, we have an important responsibility and commitment regarding the security of our website and the protection of our customers' data and privacy, which justifies the implementation and availability of this Privacy Policy.
Dois Marias may, at any time and without prior notice, change its Privacy Policy, namely due to the need to adapt it to any legislative changes, particularly the General Data Protection Regulation (GDPR), or recommendations from the National Data Protection Commission (CNPD), in which case Dois Marias will make the introduced changes available in an area accessible to all its users.
Any changes to this policy will be immediately reflected in the Privacy Policy available on our website.
WHAT INFORMATION DO WE COLLECT?
Dois Marias may collect personal data provided by users, namely:
User data:
- Holder's data – name, gender, date of birth, identification document;
- Contact details – e-mail, mobile phone, telephone, and address;
- Billing data – tax ID, country, name of the credit/debit card holder, card number, its validity, and respective security code, among others;
Transactional data of customers associated with the purchase of our products – e.g. transaction date/time, transaction type, item, and quantities;
Operational data of clients related to the allocation of benefits in loyalty and discount campaigns – e.g. available balance, balance history;
All collected data is stored on a server in national territory, whose database is under the control of Dois Marias.
We may also collect other information about the user's experience on our site that contributes to the improvement of our service.
WHAT ARE COOKIES AND WHAT ARE THEY USED FOR?
A cookie is a small file sent to the user's computer and stored on their hard drive.
Cookies are also used so that our system can track the user's steps while browsing our website. If the user does not accept the use of cookies, they may not be able to use our website.
DESCRIPTION OF COOKIES
Site Cookies
wire: Essential cookie for the site. Stores and identifies the user's session.
Google Analytics Cookies
_ga: Used to distinguish users.
_gid: Used to distinguish users.
SECURITY
Dois Marias undertakes to protect user data, and this data will never be made available to third parties, except in duly authorized cases.
Dois Marias uses a server certificate, also known as a digital certificate, which ensures our identity, as well as an SSL (Secure Sockets Layer) encryption of transmitted data, to guarantee the security of the data entered by users on our website.
PROCESSING OF PERSONAL DATA
Dois Marias is responsible for the processing of its users' personal data, namely its customers, which consists of the set of operations performed on that personal data, by automated or non-automated means, such as collection, recording, and storage, organization, adaptation or alteration, consultation and use, disclosure, regardless of the form of availability, comparison or interconnection, and limitation, erasure, or destruction.
Dois Marias requires the personal data subject, in all cases, their free, specific, informed, and explicit consent for the processing of their data, through models created on a case-by-case basis, depending on the specific type and extent of said processing.
Dois Marias knows and complies with the rules for the processing of personal data, provided for in the GDPR, without prejudice to all national base legislation to which it is bound.
Dois Marias has an internal continuous and updated registration process of the personal data processing activities it carries out.
INFORMATION AND DATA ALTERATION
If the user does not wish to receive our newsletter or be contacted for other purposes, they can unsubscribe using the unsubscribe link always present at the bottom of the emails.
You also have the right to withdraw or change, at any time, the consent you have given us to use your personal data.
You may also request additional information, access, change, rectification, correction, erasure, portability, or deletion of your data stored at Dois Marias, as well as the limitation or opposition to their processing via email geral@doismarias.pt
In all cases, where there is a legally imposed rule or obligation that supersedes these rights, Dois Marias reserves the right not to execute the request (or for this request to be subject to restrictions or conditions, if and when applicable), always indicating the respective grounds to the interested data subject in all cases.
The personal data subject may submit any complaint to the CNPD, as the Supervisory Authority in Portugal, as defined in paragraphs 21 and 22 of Article 4 and in Article 51 of the GDPR.
DATA RETENTION PERIOD
Personal data will be retained for the period necessary to pursue its respective purpose, taking these into consideration and the legal grounds for processing mentioned above, as well as all legally defined requirements and deadlines, namely the limitation periods for corresponding rights.
Accordingly, in all cases where there is a legally imposed data retention period, the right to erasure provided for in Article 17 of the GDPR can only be exercised after that period has expired.
Dois Marias guarantees the retention of personal data for the period strictly necessary to fulfill the purpose of its specific processing, considering the legal grounds for this purpose mentioned above, as well as its erasure (or anonymization, if and when applicable/necessary) immediately after that period has elapsed and/or upon request from the respective data subject, always and in all cases considering the said legally defined requirements and deadlines, namely the limitation periods for corresponding rights.
TRANSFER OF PERSONAL DATA TO THIRD PARTIES AND INTERVENTION OF SUBCONTRACTORS
Transfer to third parties
Dois Marias, in the course of its activity, may transfer personal data in its possession to third parties, as defined in paragraph 10 of Article 4 of the GDPR, in compliance with legal, regulatory, pre-contractual, or contractual duties, namely to public authorities responsible for control and audit assignments and/or to activity, project, or service partners, provided that this is imposed by law or regulation or is indispensable for the pursuit of its activities.
For this purpose, Dois Marias will request the competent and prior consent from the data subjects whose personal data is subject to this type of processing, respecting all the requirements provided for in the GDPR for this purpose.
Intervention of subcontractors:
Dois Marias, in the course of its activity, may subcontract third parties (as defined in paragraph 8 of Article 4 of the GDPR) to process personal data on its behalf. Should this occur, Dois Marias will request the competent and prior consent from the data subjects whose personal data is subject to this type of processing, respecting all the requirements provided for in the GDPR for this purpose.
RESPONSIBILITY
Dois Marias disclaims any responsibility for damages suffered by users and caused or not by third parties, through illegitimate access to data transmitted by those users through its Internet portal and/or its IT infrastructure.
Dois Marias undertakes to notify the CNPD in accordance with the terms and deadlines provided for in Article 33 of the GDPR, should it become aware of any personal data breach event, as defined in paragraph 12 of Article 4 of the GDPR.