Privacy Policy
Introduction
The Privacy Policy was developed to support Joanna Patricia Ribeiro Unipessoal Lda., with tax number 517 043 661, headquartered at Rua Lúcia Lousada, 267, 4620-030 Lousada, hereinafter Joanna Store, in adapting its activity to the General Data Protection Regulation, approved by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”).
This policy is complemented by other security policies relevant to the company's business, which together describe Joanna Store's approach to information security and privacy.
This policy applies to all Joanna Store Professionals and Partners and, when identified, to third parties who access the company's assets.
The terms 'Privacy,' 'Data Privacy,' and 'Data Protection' can be used interchangeably, as they are associated with a complex set of legal requirements that apply to Personal Data, which go beyond data security and confidentiality. For example, it includes requirements regarding transparency in data use and retention.
Compliance with this policy is mandatory and, therefore, all Professionals and Partners have the individual responsibility to ensure their compliance with it and, if necessary, should request clarification from the leaders of their respective teams.
It is Joanna Store's responsibility to define the appropriate mechanisms to achieve compliance with this policy, and the teams are responsible for operational implementation, with the support of the Privacy Officer.
Compliance with this policy may be monitored through inspections, audits and/or requests for written confirmation of compliance, with all areas being responsible for regularly assessing their compliance with it within their area of responsibility.
Accordingly, any employee found to have violated this policy is subject to disciplinary action.
This policy is based on the specific principles of the GDPR. However, there are national differences in the applicability of Joanna Store's data protection and privacy when processing personal data outside the EU, obtaining personal data from outside the EU, or processing personal data of non-EU citizens.
If you have any questions, please contact Joanna Store using the contact details provided.
Data Protection Principles
As part of our business, we process Personal Data: whether we receive personal data during our business opportunities, our customer engagements, marketing activities, or a range of other related and support activities. The data is received directly from a Data Subject (for example, in person, via mail, email, telephone, or other sources), namely from our customers, partners, subcontractors, joint controllers of support services, and credit reference agencies.
All professionals and partners must only request personal data from a Data Subject that is relevant and necessary for specific compliance and business task.
Joanna Store is committed to complying with the personal data protection principles defined by the GDPR, namely:
Lawfulness, fairness, and transparency: This means we must have a legitimate reason for processing Personal Data, such as consent from the Data Subject or compliance with a legal obligation to which we are subject. It also means we must clearly inform the Data Subject about the processing;
Purpose Limitation: we must only request Personal Data for certain, explicit and legitimate purposes and not process it beyond the specific purpose for which it was requested;
Data minimization: the Personal Data subject to processing must be adequate, relevant and limited to what is necessary;
Accuracy: we have an obligation to ensure that Personal Data is accurate and to update it whenever necessary;
Retention limitation: we must not retain Personal Data for longer than is necessary for the specific purposes for which it is processed, although we may retain some for historical and statistical purposes;
Integrity and Confidentiality: we must have adequate security controls in place to protect data against unauthorized and unlawful processing, loss, destruction or damage, including technical and organizational measures such as defined processes, training and awareness;
Lawful transfer outside the European Economic Area: We only transfer Personal Data outside the EEA provided there are adequate safeguards, such as a contractual basis;
Data Subject Rights: Data Subjects have several rights that we must respect (for example, the right to access a copy of the data we hold and the right to withdraw consent given for direct marketing purposes).
Lawfulness and fairness in treatment
Whenever we collect personal data, we must have a legal basis for the processing. According to the GDPR, we must identify at least one of the following reasons for processing Personal Data:
Consent: The Data Subject has given consent for the Data to be processed for one or more specific purposes;
Contractual: Processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps prior to entering into a contract;
Legal: The processing is necessary to comply with a legal obligation, to which the Controller is subject;
Specific interests: Processing is necessary to protect the specific interests of the Data Subject;
Public interest: The processing is necessary for the performance of a task carried out in the public interest;
Legitimate interests: Processing is necessary for the legitimate interests of the Controller, except where the interests or fundamental rights and freedoms of the Data Subject prevail.
When we act as a data controller, we must ensure that we have a regular basis for storing and processing personal data.
In some situations, we may act as a Processor on behalf of our client, if it is the client's responsibility to ensure that there is a proper reason for processing Personal Data, of which they must share knowledge. However, it is advisable to take steps to ensure that our contract is clear about our responsibilities in this regard and that, if we process Personal Data directly from Data Subjects on the client's behalf, we have the basis for doing so legitimately.
When processing a Special Category of Data, there are additional conditions that must be met. Please contact Joanna Store for further guidance.
The GDPR requires Data Subjects to be provided with information about the processing to ensure fair and transparent processing. Whenever we collect Personal Data, we must ensure that we carefully explain why we need the information and how we will process it. When information is collected through our website, this information is provided through a 'Privacy Notice'.
Any other information required when collecting personal data must also be provided online. See our Privacy Policy and Cookie Policy for more information.
Treatment only for certain specifications
Whenever we collect and process Personal Data, we must ensure that we only use it for the specified purposes that have been communicated to the transferee.
Joanna Store must never process Personal Data for additional purposes that have not been communicated to the Data Subject. Only then will we be clear about the purpose of the processing and understand the purposes for which our customers may have collected the Personal Data, or contact the Privacy Officer.
Adequate, relevant and limited treatment
When we collect and process Personal Data, we must follow the principle of data minimization. This means we must retain only the minimum Personal Data necessary to perform a specific task.
Furthermore, we must ensure that we have an adequate amount of personal data to perform a specific task effectively. For example, we must only store the data necessary to identify a person.
This also applies to any sharing and other processing activities. It's important to minimize the data held and processed; we must ensure that when we share data internally or externally or use it in activities such as testing, we only recommend using/sharing the minimum amount in each case.
Accuracy of personal data
We are obligated to ensure that Personal Data is kept accurate and up-to-date. We must ensure that adequate processes are in place to maintain accurate data whenever necessary (for example, for professionals or current and potential clients by the relevant departments).
When acting as a controller in relation to a client, you will not be required to implement mechanisms to keep this data up to date; this will be the responsibility of the Controller, that is, our client.
Retention of Personal Data
Personal Data should not be retained for longer than necessary. This means we must define and enforce maximum retention periods for the Personal Data we process and implement processes to delete it upon expiration. Therefore, the following retention periods may apply:
(i) for as long as is necessary for the relevant activity or services;
(ii) any retention period required by law;
(iii) the end of the period in which disputes or investigations may arise in relation to the services; or
(iv) for the minimum period stipulated in the contract.
Data Subject Rights
The GDPR requires us to inform individuals about the Personal Data we collect, the specifics of which, and the means by which we process it. This information is provided in the form of a 'Privacy Notice'.
a) Right of Access
The Data Subject has the right to request to see the Personal Data we have about him/her, specifically the processing and the categories of data in question.
We must notify the Data Subject of the recipients with whom we will share their data, especially if the recipient is in another country or belongs to an international organization.
Where possible, we will define the data retention period to meet business purposes.
We must communicate to the Data Subject the existence of the right to object to processing and their right to rectification and deletion.
We must communicate to the Data Subject the existence of his or her right of consent to a Supervisory Authority.
When data is collected from someone other than the Data Subject, we must communicate the source of that data.
We must ensure that we have processes in place to identify and respond to Data Subject access queries without undue delay and within a maximum of one month.
b) Right of rectification
Data Subjects have the right to rectify inaccurate data, and Joanna Store will make every effort to do so immediately.
c) Right to payment
Data Subjects have the right to obtain erasure of their data from the Controller (the 'right to be forgotten'). Joanna Store is responsible for immediately deleting blocked data, except when there is a legal requirement to retain it. To receive a Data Subject request, please contact the Privacy Officer before deleting any data.
d) Children's rights
All individuals, including children, are protected by the GDPR. For children under 13, we must not process their Personal Data based on their consent, unless authorized by those holding parental responsibility.
e) Marketing
We may sometimes send our customers and partners marketing material to inform them of services, upcoming events or other activities of interest to them, in which case you may be required to indicate your right to withdraw consent at any time if you wish not to be contacted under these terms again.
We must also ensure that we have processes in place to ensure that all participatory hearings are recorded and respected.
Security of Retained Data
Joanna Store will maintain data security by protecting the Confidentiality, Integrity and Availability of Personal Data, as follows:
Confidentiality means that only authorized people can access the data;
Integrity means that Personal Data must be accurate and adequate for the specific purposes for which it is processed;
Availability means that authorized users must be able to access the data if they need it for the specifically authorized people.
Data Disclosure
All professionals and partners must avoid any inappropriate disclosure of Personal Data and comply with our general duties regarding Confidentiality.
It is allowed:
a) Disclose Personal Data to third parties only under instruction or where we have a legitimate basis to do so, and there are no restrictions in place.
b) Disclose Personal Data to third parties in the event that we sell or buy any business or assets, or where we form a joint controller, such as part of a joint venture.
c) Sharing Personal Data with a third party that you process data on our behalf, or which may include transferring data to a third country.
Generally, Personal Data may be disclosed:
a) To Professionals or Agents so that they can perform their functions as such.
b) In cases where non-disclosure could improve the prevention or detection of crimes, the prosecution of offenders, or the assessment or collection of any taxes or duties. Joanna Store must have adequate grounds for disclosing data under this category to avoid criminal prosecution. All disclosures must be justified and documented.
For legal purposes, data may be disclosed if:
a) Required by law, statute or court order.
b) For the purpose of obtaining legal advice;
c) Within the scope of or for the purposes of legal proceedings or when necessary to defend a legal right.
d) To safeguard national security.
International Transfer of Personal Data
Joanna Store may transfer any Personal Data to a third country or international organization. The Personal Data we hold may also be processed by employees operating in a third country or for one of our suppliers.
We must ensure that at least one of the following conditions applies:
a) The country to which the Personal Data is transferred ensures an adequate level of protection for the rights and freedoms of Data Subjects, by decision of the EU Commission.
b) Important safeguards are provided (e.g. standard data protection clauses).
c) The Data Subject has given explicit consent to the transfer after having been informed of the possible risks.
d) The transfer will be necessary for one of the reasons provided for in the GDPR, including the execution of a contract between Joanna Store and the Data Subject, or the protection of the interests relevant to the Data Subject.
e) The transfer will be lawfully carried out for important reasons of public interest or for the filing of legal actions or defense thereof.
Log information, cookies, and web beacons
The Joanna Store website uses cookies to distinguish its users. Joanna Store collects standard internet log information, including the user's IP address, browser type and language, access times, and referring website addresses.
To ensure our website is well managed and to facilitate navigation, Joanna Store or its service information may also use cookies (small text files stored in the user's browser) or web beacons (electronic images that allow our website to count visitors who access a website and certain cookies) to collect aggregated data.
Professional Information
Collection and Conservation
Joanna Store, as an employer, collects, processes, and maintains personal data of employees, contractors, consultants, and candidates. The Human Resources Department and other departments that process employees' Personal Data must verify and document the legal basis for their processing. Employees' Personal Data should only be processed when there is a valid and legitimate purpose.
We collect personal data relating to our employees through a variety of channels and formats, such as: application forms; electronic web forms (e.g. during the recruitment process); data records; CCTV images; photographs of staff, including identification cards; data from other sources (for example, as set out above); credit checks and security checks; etc.
The creation and storage of personal data related to our professionals occurs through various channels and formats, such as: payment receipts; evaluation records; employment contracts; emails; sickness records; etc.
Training and Awareness
We are committed to providing appropriate personal data protection training to all professionals. If necessary, we will provide personalized training and awareness-raising for those involved in your roles.
Process design and change
For all proposed new business systems and procedures involving personal data, an assessment of the impact on privacy and information security must be considered to identify risks and controls.
Updated September 9, 2022
COOKIE POLICY
This website uses cookies to provide better user experience for its visitors and to ensure its functionality is fully functional. This Cookie Policy is part of our Privacy Policy, which you should consult for more information about us and how we protect user information. In order to provide a personalized and efficient service to our users, it is necessary to remember and store information about how this Website should be used. To this end, we use limited text files called cookies, which contain small amounts of information downloaded to our users' computers or other devices through a server. Your internet browser then sends these cookies back to the Website on each subsequent visit, allowing us to recognize and remember the identity of our visitors, particularly their usage details. You can find more detailed information about cookies and how they work here (aboutcookies.org). Browsing this Website allows the collection of information through the use of cookies and other technologies. By using this website, we accept the use of cookies as described in this Cookie Notice.
What types of cookies are used and why?
Some of the cookies we use are permitted to enable navigation on this website and to take advantage of its features, such as access to secure areas and content exclusively for registered users. Our website also uses functional cookies to obtain information about our users' choices and allow us to adapt our website to their needs; for example, remembering the user's native language or region or that a user has already completed a survey. The information recorded is anonymous and is intended solely for the purpose stated above. We may use, directly or indirectly, web analytics services to impact the effectiveness of our content and the opinions of our users, allowing us to contribute to optimizing the functioning of this website. Additionally, we use web beacons or tracking pixels to count the number of visitors and performance cookies to monitor how users access our website individually and with what frequency. This information is used solely for statistical purposes without identifying any particular user. However, registered users who are logged into the website may combine this information with data collected via web analytics services and cookies to analyze how visitors use this website in more detail. This website does not use targeting cookies to deliver targeted advertising to our visitors. If you would like detailed information about the cookies used on our website, please contact us by email.
How to control cookies?
Website users accept the introduction of cookies on their computers or devices under the terms set out above, without prejudice to the control and management available. We inform users that removing or blocking cookies may affect their user experience and may limit access to some areas of the website.
Browser controls
Most browsers allow users to view and delete cookies individually, or block cookies on a specific website or across all websites. Please note that any preferences you set, including opt-out preferences, are lost when you delete cookies. For more information, please visit cookiecentral.com or websites.
Analytical cookie management
Our users may choose to de-anonymize their browsing activity on websites monitored by analytical cookies. Below, we list services where you can obtain more information about their privacy policies and how to delete their cookies by clicking the following links:
Google Analytics: google.com/analytics/learn/privacy.html
Facebook Pixel: facebook.com/business/help/742478679120153
Managing local shared objects or flash cookies
A local shared object or flash cookie is similar to other browser cookies, differing in that it can store more types of information. These cookies cannot be controlled through the mechanisms identified above. Some areas of our website use this type of cookie to store user-selected media player functionality; without them, the content of some videos cannot be viewed in an integrated format. These cookies can be controlled manually by visiting the Adobe website.
Social buttons
We use social buttons to allow our users to share or bookmark pages. These buttons are related to social networks so we can obtain information about our visitors' online activities, including on our website. To understand how information is used and how you can opt out of collection, review the Terms of Use and Privacy Policies of these websites.
Email communications
To assess the relevance of our communications, we may use tracking technologies to determine whether our visitors have read, clicked on links, or forwarded certain email communications we send. If you disagree with this procedure, our users must unsubscribe, as it is not possible to send these emails without these active tracking mechanisms. Registered subscribers can update their communication preferences at any time by contacting us via email, or they can unsubscribe by following the instructions in the email we send to your email address.
This Cookie Policy may be revised at any time at our discretion. When such changes are made, the revision information at the top of the page will be updated. The revised Cookie Policy will take effect upon revision. We recommend that our website users review the Cookie Policy periodically to stay informed about our cookie management.
Contacts:
Email: geral@joannastore.te
Phone and WhatsApp: 916 933 648