Privacy Policy
This document ("Privacy Policy") describes the privacy policy of the company Seginus Unipessoal Lda, hereinafter referred to as hitEcosystem, with tax identification number 515998427, headquartered at Rua da Estrada Velha, No. 393, 4900-691 Viana do Castelo, and aims to, in compliance with EU Regulation 2016/679, communicate to data subjects whose personal data the company processes, has processed, or may process in the future (hereinafter referred to as "DATA SUBJECTS"), as well as to the general community, its practices for processing personal data.
We have strived for the wording to be clear, with information divided into sections to facilitate reading, but if you have any doubts, please do not hesitate to contact us.
PERSONAL DATA
Information related to an identified or identifiable natural person, directly or indirectly ("data subject"). A natural person is considered identifiable if they can be identified, directly or indirectly, particularly through an identifier, such as a name, an identification number, location data, electronic identifiers, or one or more specific elements of the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
PROCESSING
Any operation or set of operations performed on personal data or sets of personal data, whether by automated or non-automated means. These operations include collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or any other form of provision, comparison or interconnection, limitation, erasure, or destruction.
LIMITATION OF PROCESSING
The insertion of a mark on personal data kept with the aim of limiting their future processing.
SUBCONTRACTOR
An individual or legal entity, a public authority, or another organization that processes personal data on behalf of the data controller.
CONSENT OF THE DATA SUBJECT
Consent of the data subject is a voluntary, specific, informed, and explicit expression of the data subject's will, by which they accept, through a declaration or unambiguous affirmative action, that their personal data pertaining to them will be processed.
1. Personal Data of Customers
The personal data of hitEcosystem's customers are processed because they are necessary for contract formation, service provision, the management of the system where data is stored and accessible, information security control, and compliance with legal requirements. Website registration will involve the creation of navigation profiles and the recording of order and purchase history for the purpose of providing customers with relevant information and promotions. The data is also processed to pursue legitimate interests of hitEcosystem, which may include various marketing and sales-related communications. However, the DATA SUBJECT can object to such processing, as described in section 5.
2. Personal Data of Non-Customers
Personal data provided in the context of inquiries about services, pre-contractual dealings, or direct subscription to communications are processed in good faith and in accordance with the purposes for which the DATA SUBJECT provided them to hitEcosystem. However, the DATA SUBJECT can object to such processing at any time, as described in section 5.
3. Data Processing Period
The personal data, whether of customers or non-customers, is retained for varying periods, depending on the nature of the DATA SUBJECT's relationship with hitEcosystem and the purpose for which the data was collected, always in compliance with legal requirements. Once the basis for collecting the data has ceased, they will be deleted unless there is a legal requirement to retain them.
4. Subcontractors and Other Entities with Access to the Data
Personal data can be accessed by subcontractors of hitEcosystem for purposes such as billing, order delivery, accounting, or legal support, among others, as specified to the DATA SUBJECT prior to processing and only with their conscious authorization. These entities are responsible for adopting measures to ensure the privacy and security of personal data and for preserving and upholding the rights of their DATA SUBJECTS. Data may also be accessed by government administrations and public bodies as required by fiscal, labor, judicial, or other applicable regulations.
5. Rights of the DATA SUBJECT Regarding Personal Data
The DATA SUBJECT has the right to access, amend, restrict processing, request data portability, and request the erasure of their personal data, all of which can be done through the customer area or by contacting hitEcosystem via email at [email protected]. hitEcosystem commits to promptly notify the DATA SUBJECT of any data security breaches or violations and to make every effort to resolve the situation diligently. Despite hitEcosystem's diligence, the DATA SUBJECT has the right to file a direct complaint with a supervisory authority.
5.1. Regarding the Right to Restrict Processing of Personal Data in Particular
The DATA SUBJECT can request the restriction of the processing of their personal data, including profiling, whenever they consider the processing to be unlawful or unnecessary. hitEcosystem has a duty to assess the situation and can only refuse to comply with the request if it is determined that its legitimate reasons outweigh those of the data subject.
5.2. Regarding the Right to Data Portability in Particular
The right to data portability is the DATA SUBJECT's right to receive the personal data being processed by hitEcosystem, or to have that data directly sent to another data controller at the DATA SUBJECT's request, in a structured, commonly used, and machine-readable format. Data portability does not entail the erasure of data from hitEcosystem's systems - this process must be requested separately, as described in section 5.3. Requests for data portability must be made through the customer area. An email link will then be sent to the DATA SUBJECT's email address for downloading the data file, available for 48 hours.
5.3. Regarding the Right to Erasure of Personal Data in Particular
The DATA SUBJECT can request the deletion of their personal data from hitEcosystem's systems, provided this does not contradict any legal obligations. The request should be made through the personal area or by contacting hitEcosystem via email at [email protected].
6. Security Measures
hitEcosystem is committed to implementing technical and organizational measures within its reach to protect personal data against accidental or unlawful destruction, accidental loss, alteration, unauthorized access, disclosure, and against any other form of unlawful processing, particularly when data transmission is involved. Security procedures following best practices in terms of information security have been adopted, including the use of firewalls and intrusion detection systems, the existence of restricted physical and logical access, logging of operations, monitoring and auditing, and the secure collection and transmission of personal data.
7. Cookie Policy
Cookies are small text files stored on the computer of the Customer or User when visiting websites. In some cases, they are deleted after the visit, while in others, they are retained for subsequent visits. The use of cookies when accessing websites is a common practice, and various web browsers allow each Customer or User to refuse their use and delete cookies that have already been created. The hitEcosystem website uses cookies to enhance the navigation experience for Users or Customers, making it faster and more straightforward. The cookies used by hitEcosystem adhere to the principles of anonymity and confidentiality, with the sole purpose of recognizing the user, without being used for personal data collection. Users can activate cookies and/or select certain usage functionalities in a pop-up window upon entering the site, and they can also learn more about the use of cookies by hitEcosystem. It should be noted that important features of the hitEcosystem website will not function if cookies are blocked. To block cookies, users can do so at any time through their web browser, including:
- Chrome
- Safari
- Firefox
- Microsoft Edge
8. Contact for Additional Questions
Any questions regarding the processing of personal data that have not been addressed in this document can be sent via email to the following address: [email protected].
We have strived for the wording to be clear, with information divided into sections to facilitate reading, but if you have any doubts, please do not hesitate to contact us.
PERSONAL DATA
Information related to an identified or identifiable natural person, directly or indirectly ("data subject"). A natural person is considered identifiable if they can be identified, directly or indirectly, particularly through an identifier, such as a name, an identification number, location data, electronic identifiers, or one or more specific elements of the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
PROCESSING
Any operation or set of operations performed on personal data or sets of personal data, whether by automated or non-automated means. These operations include collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or any other form of provision, comparison or interconnection, limitation, erasure, or destruction.
LIMITATION OF PROCESSING
The insertion of a mark on personal data kept with the aim of limiting their future processing.
SUBCONTRACTOR
An individual or legal entity, a public authority, or another organization that processes personal data on behalf of the data controller.
CONSENT OF THE DATA SUBJECT
Consent of the data subject is a voluntary, specific, informed, and explicit expression of the data subject's will, by which they accept, through a declaration or unambiguous affirmative action, that their personal data pertaining to them will be processed.
1. Personal Data of Customers
The personal data of hitEcosystem's customers are processed because they are necessary for contract formation, service provision, the management of the system where data is stored and accessible, information security control, and compliance with legal requirements. Website registration will involve the creation of navigation profiles and the recording of order and purchase history for the purpose of providing customers with relevant information and promotions. The data is also processed to pursue legitimate interests of hitEcosystem, which may include various marketing and sales-related communications. However, the DATA SUBJECT can object to such processing, as described in section 5.
2. Personal Data of Non-Customers
Personal data provided in the context of inquiries about services, pre-contractual dealings, or direct subscription to communications are processed in good faith and in accordance with the purposes for which the DATA SUBJECT provided them to hitEcosystem. However, the DATA SUBJECT can object to such processing at any time, as described in section 5.
3. Data Processing Period
The personal data, whether of customers or non-customers, is retained for varying periods, depending on the nature of the DATA SUBJECT's relationship with hitEcosystem and the purpose for which the data was collected, always in compliance with legal requirements. Once the basis for collecting the data has ceased, they will be deleted unless there is a legal requirement to retain them.
4. Subcontractors and Other Entities with Access to the Data
Personal data can be accessed by subcontractors of hitEcosystem for purposes such as billing, order delivery, accounting, or legal support, among others, as specified to the DATA SUBJECT prior to processing and only with their conscious authorization. These entities are responsible for adopting measures to ensure the privacy and security of personal data and for preserving and upholding the rights of their DATA SUBJECTS. Data may also be accessed by government administrations and public bodies as required by fiscal, labor, judicial, or other applicable regulations.
5. Rights of the DATA SUBJECT Regarding Personal Data
The DATA SUBJECT has the right to access, amend, restrict processing, request data portability, and request the erasure of their personal data, all of which can be done through the customer area or by contacting hitEcosystem via email at [email protected]. hitEcosystem commits to promptly notify the DATA SUBJECT of any data security breaches or violations and to make every effort to resolve the situation diligently. Despite hitEcosystem's diligence, the DATA SUBJECT has the right to file a direct complaint with a supervisory authority.
5.1. Regarding the Right to Restrict Processing of Personal Data in Particular
The DATA SUBJECT can request the restriction of the processing of their personal data, including profiling, whenever they consider the processing to be unlawful or unnecessary. hitEcosystem has a duty to assess the situation and can only refuse to comply with the request if it is determined that its legitimate reasons outweigh those of the data subject.
5.2. Regarding the Right to Data Portability in Particular
The right to data portability is the DATA SUBJECT's right to receive the personal data being processed by hitEcosystem, or to have that data directly sent to another data controller at the DATA SUBJECT's request, in a structured, commonly used, and machine-readable format. Data portability does not entail the erasure of data from hitEcosystem's systems - this process must be requested separately, as described in section 5.3. Requests for data portability must be made through the customer area. An email link will then be sent to the DATA SUBJECT's email address for downloading the data file, available for 48 hours.
5.3. Regarding the Right to Erasure of Personal Data in Particular
The DATA SUBJECT can request the deletion of their personal data from hitEcosystem's systems, provided this does not contradict any legal obligations. The request should be made through the personal area or by contacting hitEcosystem via email at [email protected].
6. Security Measures
hitEcosystem is committed to implementing technical and organizational measures within its reach to protect personal data against accidental or unlawful destruction, accidental loss, alteration, unauthorized access, disclosure, and against any other form of unlawful processing, particularly when data transmission is involved. Security procedures following best practices in terms of information security have been adopted, including the use of firewalls and intrusion detection systems, the existence of restricted physical and logical access, logging of operations, monitoring and auditing, and the secure collection and transmission of personal data.
7. Cookie Policy
Cookies are small text files stored on the computer of the Customer or User when visiting websites. In some cases, they are deleted after the visit, while in others, they are retained for subsequent visits. The use of cookies when accessing websites is a common practice, and various web browsers allow each Customer or User to refuse their use and delete cookies that have already been created. The hitEcosystem website uses cookies to enhance the navigation experience for Users or Customers, making it faster and more straightforward. The cookies used by hitEcosystem adhere to the principles of anonymity and confidentiality, with the sole purpose of recognizing the user, without being used for personal data collection. Users can activate cookies and/or select certain usage functionalities in a pop-up window upon entering the site, and they can also learn more about the use of cookies by hitEcosystem. It should be noted that important features of the hitEcosystem website will not function if cookies are blocked. To block cookies, users can do so at any time through their web browser, including:
- Chrome
- Safari
- Firefox
- Microsoft Edge
8. Contact for Additional Questions
Any questions regarding the processing of personal data that have not been addressed in this document can be sent via email to the following address: [email protected].