A Política de Privacidade da Data Feliz apresenta as linhas orientadoras e os princípios adotados por esta empresa no âmbito da sua atividade que envolva ou tenha a virtualidade de envolver o tratamento de dados pessoais. Tais princípios e linhas orientadoras estão em conformidade com o Regulamento Geral sobre a Proteção de Dados (RGPD), a saber, o Regulamento UE n.º 2016/679, de 27 de abril de 2016, e exprimem, da parte da Data Feliz, as suas preocupações com a aplicação do RGPD, nomeadamente a observância e escrupuloso respeito pelos direitos fundamentais em geral e pelo direito à intimidade da vida pessoal, na dimensão de garantia de proteção dos dados pessoais, em particular.

1. According to the GDPR, “personal data” is any “information relating to an identified or identifiable natural person (“data subject”)”. Therefore, “identifiable” means a natural person who can be individually and concretely recognized, directly or indirectly, by reference to an identifier, such as a name, any identification number (tax, citizen, membership number of an association or institution), personal location data, online identifiers or through one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. The personal data collected and processed by Data Feliz are those specifically necessary and appropriate for fulfilling its mission, fulfilling the obligations legally assigned or imposed upon this company, and providing the services it provides to its customers and other data subjects. However, in compliance with the transparency regime arising from articles 12 et seq. of the GDPR, the information related to the processing, especially its purpose, will always be expressly indicated at the time of collection. In circumstances where it is necessary to use the data for purposes other than those indicated at the time of collection, data subjects will be promptly informed and, in cases where this is mandatory under the GDPR, the corresponding free, explicit, informed, and specific consent will be requested.

3. Data Feliz collects personal data exclusively as a result of its direct relationship with the respective data subjects; it does not use any computer mechanisms to automate the collection.

4. In accordance with international best practices, Data Feliz records access to its IT platforms for cybersecurity, registration, and access statistics purposes. Under normal circumstances, Data Feliz does not adopt mechanisms that correlate access data with the identification of its owners. However, in circumstances where access constitutes fraudulent actions, Data Feliz reserves the right, in strict compliance with current legislation, to adopt mechanisms for processing access data to identify and hold accountable the perpetrator of such actions.

5. Data Feliz may also collect cookie information for the sole purpose of improving the functionality and security of its IT platforms. If users choose to prevent the use of cookies, they may experience reduced functional availability on the IT platforms used by Data Feliz.

6. Data Feliz retains collected personal data for the period strictly necessary to carry out the corresponding processing stipulated in current legislation and regulations and to continue, in accordance with the principle of purpose, the actions referred to in II. After this period, the collected personal data is deleted. Data subjects or their legal representatives will be informed of the data retention periods and the basis for such time lapse.

7. Data Feliz does not provide personal data to third parties without the prior, specific, explicit, free, and informed consent of the data subject. The exception is compliance with legal requirements or compliance with contractual obligations to which Data Feliz may be bound.

8.Data Feliz respects the right to request access to and rectification of personal data granted by the GDPR to the respective data subjects. It also recognizes the other rights that arise from the GDPR for data subjects – such as the right to restrict processing, the right to object, the right to portability, and the right to erasure. However, Data Feliz is also aware that the exercise of these rights, specifically, is subject to the fulfillment of certain conditions arising from applicable legislation.

9. Only employees institutionally linked to Data Feliz, and only in the performance of their duties, with responsibility for processing data associated with the service to be provided to the data subject, are authorized to perform operations on the data. IT team professionals responsible for administering the computer systems may also process the data in operations that fall within their responsibilities. All are bound by the duty of data protection and confidentiality.

10.1 Data Feliz adopts appropriate administrative and technological measures to ensure an adequate level of security for personal data, taking into account, in particular, the risks of loss, accidental or unlawful alterations and unauthorized access and disclosure.

11. Data Feliz will report to the Supervisory Authority (CNPD) any breaches of personal data that may result in a risk to the rights and freedoms of its holders; it will also communicate these occurrences to the data holders or their representatives when the level of risk to the rights and freedoms of individuals is high, that is, what can be considered significant, according to criteria of specialized technical experience.

12. Data subjects may, at any time, withdraw consent they have given to Data Feliz for a specific processing of personal data, provided that such data is not essential and/or indispensable for the fulfillment of Data Feliz's legal obligations and purposes. However, processing already carried out may not be covered (precisely because it is a necessary and/or indispensable condition for the fulfillment of Data Feliz's contractual obligations and legal purposes) or because there are no technical conditions that allow such data to be completely reversed by the withdrawal of the data subject's consent.

13. Data subjects must exercise their rights over their personal data through Data Feliz. In many situations, data subjects can exercise these rights directly on the IT platforms in the profile management area.

14. In any circumstance, in particular, until the company's Data Protection Officer is appointed, data subjects always have the right to file a complaint with the Supervisory Authority, regardless of whether they also do so with the responsible bodies of Data Feliz, to the email geral.datafeliz@gmail.com (email access to which is guaranteed only to Data Feliz Management and for temporary use until the Data Protection Officer is appointed).

15. Data Feliz reserves the right to change its privacy policy at any time – while respecting the terms and legal requirements in force.

16. We use the “Real Cookie Banner” consent management tool to manage the cookies and similar technologies (tracking pixels, web beacons, etc.) used on this website, as well as consent for the processing of related data. You can find more information about how the “Real Cookie Banner” works at devowl.io/rcb/data-processing.

The processing of personal data carried out in this context has its legal basis in Article 6 (1) c) and f) of the GDPR. Our legitimate interest in processing lies in the need to manage the cookies and similar technologies used, as well as the related consent.

The provision of personal data is not contractually required nor necessary for the performance of a contract. Therefore, users of our website are not obliged to provide their personal data. However, if you do not authorize the collection and processing of this data, we will not be able to manage your consent.