Skip to main content
0

No products in the cart.

Privacy Policy

The Paiva Digital platform, managed by the Castelo de Paiva Commercial and Industrial Association, is committed to protecting the privacy of its users. This privacy policy describes how we collect, use, store, and protect personal data, in accordance with the General Data Protection Regulation (GDPR) and Law no. 58/2019.

1. Introduction

This policy applies to all personal data collected through our platform and mobile application. By using the platform, the user agrees to the collection and use of information as set out in this policy.

2. Collection of Personal Data

2.1. Types of Data Collected

The Paiva Digital Marketplace may collect the following personal data:

  • Identification Data: Name, surname, email address, phone number;
  • Account Data: Username, password;
  • Payment Data: Banking information (e.g., IBAN), data related to payment methods;
  • Browsing Data: IP address, cookies, geolocation;
  • Communication Data: Messages sent through customer support, notes, reviews, and product questions;
  • Satisfaction Data: Responses to satisfaction surveys.

2.2. Methods of Collection

Data collection occurs in the following situations:

  1. 1. Registration on the Platform: During the account creation process, users provide the necessary personal information;
  2. 2. Browsing and Use of Features: Through cookies and other technologies, the Marketplace collects data about users’ browsing behavior, including pages visited and time spent in each section;
  3. 3. Interaction with Customer Service: Information is collected during interactions with customer support, including calls, emails, and chats;
  4. 4. Responses to Surveys and Feedback: User satisfaction data is collected through questionnaires and feedback forms sent after purchases or interactions.

3. Purposes of Data Collection

The Paiva Digital Marketplace uses personal data for the following purposes:

  • Contract Execution and Management: Managing purchase and service contracts;
  • Order Processing: Managing and processing purchase orders;
  • Customer Communication: Responding to inquiries and communicating effectively with users;
  • Handling Information Requests: Responding to users’ additional information requests;
  • Complaint Processing: Managing complaints, including regulatory processes or legal rights claims;
  • Statistical Analysis Activities: Conducting statistical analyses to improve services offered;
  • System Development: System verification, maintenance, and development;
  • Direct Marketing Communications: Sending marketing communications, if consent has been provided;
  • Fraud Prevention and Control: Implementing measures to prevent and combat fraud;
  • Requesting Feedback: Requesting feedback on purchased products or services;
  • Conducting Satisfaction Surveys: Conducting surveys to assess customer satisfaction;
  • Event and Campaign Management: Managing and participating in events, contests, and promotional campaigns.

4. Who Has Access to the Data

The Management Team of the Paiva Digital Marketplace platform takes all necessary precautions to preserve the security of personal data against any loss, unauthorized access, modification, intrusion, alteration, disclosure, or destruction of the data held.

Access to Information:

  • Platform Management Team: The management team of the Paiva Digital Marketplace platform has access to information from both merchants and buyers, strictly for platform management and operational purposes.
  • Sellers: Sellers have access to buyer information but only to the extent required to process orders and deliver services. This access is strictly controlled, and sellers are not authorized to use personal data for any other purpose.

The Management Team of the Paiva Digital Marketplace platform cannot be held responsible for the risks associated with the Internet, which it does not control. Users are advised to be particularly cautious of data loss or confidentiality breaches during data transmission. The same applies in cases of force majeure or any event outside the control and responsibility of the Platform Management Team.

5. Permission Management

Permissions can be managed directly in the device settings or within the application.

6. Users’ Rights

In accordance with the General Data Protection Regulation (GDPR), users have the following rights:

  • Right of Access: Users may request information about the processing operations concerning them, such as the type of data and its source, and may also request a copy of all related information.
  • Right to Rectification: Users may update or correct their personal data when necessary, regardless of the legal basis for processing.
  • Right to Withdraw Consent: Users may withdraw their consent for data processing at any time.
  • Right to Restrict Processing: Users may request the restriction of the processing of their personal data.
  • Right to Data Portability: Users may request the transfer of their data, provided it is processed based on consent or contractual relationship, in a technically usable format.
  • Right to Object: Users may object to the processing of their data, especially when it is based on the controller’s “legitimate interest,” except when that interest is “overriding.”
  • Right to Erasure: If the data is processed based on consent or legitimate (non-overriding) interest, users may request the early deletion of their data.
  • Right to Post-Mortem Data Directives: Users may specify how their personal data should be handled after their death.

Users may exercise these rights through the Electronic Form (or email) made available for that purpose.

Data Retention

Users’ personal data is stored according to the following guidelines:

  • Payment Data: Stored for up to 3 years after the transaction date.
  • Contractual Relationship: Data is kept during the contractual relationship. If there is inactivity for more than 3 years, data will be deleted.
  • Exercise of Rights: Data related to rights requests are kept for 5 years after the response, then deleted.
  • Fraud Prevention: Data is kept for 7 years after response and archived for an additional 7 years.
  • Illegal Product Reports: Data related to reports are kept for 3 years after submission and then deleted.

7. Data Security

We implement appropriate technical and organizational measures to protect personal data. However, users should be aware that no internet transmission of data is completely secure.

8. Changes to the Privacy Policy

We reserve the right to update this policy and recommend that users regularly review this document for updates.

Paiva Digital
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.