PRIVACY POLICY
1. Introduction
The commercial company R.C. SANCHES II, LDA (hereinafter “Company”) has a core commitment to the proper processing of its Customers’ (hereinafter “Data Subjects”) personal data. It, thus, ensures that Data Subjects’ privacy is fully respected and that their personal data is completely shielded from external threats and internal misuse, in compliance with European Parliament and Council Regulation No. 2016/679, of 27 April 2016 (hereinafter “GDPR”).
Within the scope of their respective contract, Data Subjects are aware, and have the right to be informed, of how the Company obtains, organises, retains, consults, shares, uses, corrects, stores, processes, protects and deletes the Personal Data that Data Subjects provide.
These Personal Data are either provided through this website or through the provision of services.
The legitimate purposes for which the Personal Data is processed by the Company entail an obligation, under the relevant legislation, to ensure that it provides the proper legal conditions for processing the Personal Data of Data Subjects. In the specific case of the Company, the Data Subjects whose data will be processed are the Company’s Employees/Service Providers, for whom there is an internal privacy policy, and its Customers and Potential Employees.
Furthermore, Data Subjects also have the right to be informed about the processing of Personal Data for other purposes relevant to the Company’s business activity. The Company intends to inform Data Subjects of the circumstances of any such processing through the terms of this Privacy Policy.
The Company therefore publishes its privacy policy on this website, and any Data Subject may and should access and carefully analyse this privacy policy, which has been drafted in a clear and simple manner to facilitate Data Subjects’ understanding of the same and their exercise of the attendant rights (also referred to as ARCO Rights).
2. Scope of Application and Processing Responsibility
This privacy policy applies to Personal Data obtained through all the instruments at the Company’s disposal – website, restaurant – and directly or indirectly processed by the company as part of its business activity.
As part of the aforementioned processing of personal data, the Company may establish specific privacy policies that improve, develop or specify specific aspects of the processing of personal data, as these relate to the abovementioned purpose, or to new purposes that may be developed or promoted by the Company. In all such cases, the Company is obliged to ensure that such new developments of its business activity comply with the GDPR.
In compliance with the applicable legal provisions, such sectoral privacy policies shall be made known to the Data Subjects through the means agreed between the Parties and made available for this purpose, in compliance with applicable legal and contractual provisions.
If you have any question relating to this privacy policy, you can contact the Company’s Data Protection Officer through any of the following channels:
Email: rgpd@plateform.pt
Telephone (dedicated line): 218166590
Registered Post with Acknowledgement of Receipt: c/o the Data Protection Officer:
Plateform
Avenida D.João II, nº30, 4ºB
Parque das Nações 1990-092 Lisboa.
In addition to the foregoing, those responsible for data processing may, in specific and particular cases, governed by a sectoral privacy policy, subcontract third parties to process the personal data in question – for example, as part of the management and maintenance of the IT platforms. Any such arrangements will always ensure that, at all times, the rights of Data Subjects and the guarantees extended to the same are protected and that said subcontractors will comply with all applicable legal, regulatory and contractual obligations.
In this specific case, the Company outsources the management and maintenance of its IT platform and this website.
3. Processing Purposes and Legal Grounds
The Personal Data of Employees and Service Providers are processed by the Company in line with the Sectoral Privacy Policy in effect. These Data Subjects are made aware of this policy as part of the performance of their current employment or service provision contracts.
All the personal data obtained are appropriate, relevant and limited to the respective purposes, to ensure full compliance with the key principles of the GDPR.
The Company processes the Data Subject’s personal data in an automated manner, for the specific purposes and in strict and full compliance with the legal grounds established in the GDPR, as these apply to the specific situation.
Thus, and excluding the processing of Employee and Service Provider Personal Data, which is governed by an independent internal privacy policy, the purposes for which Personal Data are processed and the attendant legal grounds may be summarised as follows:
Purpose of the Processing | Legal Grounds |
Processing of Customer Personal Data as part of managing the provision of services by the Company, the legal relationship established with the Customer and the billing process | Performance of a contract or for pre-contractual diligences at the Data Subject’s request |
Processing of Customer Personal Data for marketing purposes, including but not limited to (i) providing news of the Relevant Company’s business activity (Newsletters), | Consent given by the Data Subject for these specific purposes. |
There may be other Data Subjects and other Personal Data may be subject to processing as part of the Company’s other business activities.
Purpose of the Processingo | Legal Grounds |
(ii) granting of promotional discounts and (iii) other institutional information | |
Processing of Customer Personal Data for statistical analysis and commercial management of the Company | Processing necessary for the protection of legitimate interests pursued by the Company |
Processing of Customer Personal Data for the purposes of Complaints | Compliance with the Company’s legal obligations |
Processing of Technological Personal Data (cookies) | Consent to this specific purpose given by the Data Subject |
In making a request, the Data Subject is providing the Company and its partners with their Personal Data, which will be used for the following purposes:
The Company does not require consent from Data Subjects to carry out processing that is necessary to fulfil the Company’s contractual obligations to the Data Subject. When the Data Subject makes an order/purchase via this website, the payment is processed online via the payment processing partner.
The Company and its partners undertake not to access or store the Data Subject’s credit card / payment details.
4. Communication of the Personal Data
The Company grants subcontracted third parties access to the Personal Data of the Data Subjects for the sole purpose of providing the services required for the management and maintenance of this website, more specifically for the management of the programmes included in the said platforms and the current and future developments of the same.
In the areas described above, and given the nature and risks inherent in the processing of Personal Data, the Company, in compliance with the applicable legal and regulatory obligations, requires that these subcontracted entities, or entities that are part of the same Business Group, undertake to implement all the security measures required to protect the security of the Personal Data provided by the Data Subjects and, in particular, to ensure, as far as possible, that it is not distorted or corrupted or accessed by unauthorised third parties.
5. Subcontractors
The Company grants subcontracted third parties access to the Personal Data of the Data Subjects for the sole purpose of providing the services required to manage and maintain this website, as indicated in Point 4.
In the areas described above, and given the nature and risks inherent in the processing of Personal Data, the Company, in compliance with the applicable legal and regulatory obligations, requires that these subcontracted entities, or entities that are part of the same Business Group, undertake to implement all the security measures required to protect the security of the Personal Data provided by the Data Subjects and, in particular, to ensure, as far as possible, that it is not distorted or corrupted or accessed by unauthorised third parties.
6. International Transfers of Personal Data
The processing of the Personal Data of the Data Subject by the Company and the entities described in Point 5 above may involve the international transfer of the Personal Data between Portugal and the United Kingdom, given that the business partner responsible for the management and operation of this website is based in the United Kingdom.
7. Retention Period
The Company will only retain the Personal Data of the Data Subjects for the time required to achieve the purpose for which they were obtained. Such Personal Data will be deleted following an express and independent request to the effect made by the Data Subject in accordance with the terms established in the following Point.
In general, and except for the defence of the Company’s legitimate interests, the retention periods in force are as follows:
Purpose of the Processing | Retention Period |
Processing of Customer Personal Data as part of managing the provision of services by the Company, the legal relationship established with the Customer and the billing process | In compliance with legal obligations and the Company’s legitimate interests, the Personal Data obtained shall be kept for the period required to meet any applicable tax obligations. Personal Data provided via the App, including activity history, shall be retained until the Data Subject requests the deletion of the same or until the account has been inactive for more than 5 years. |
Processing of Customer Personal Data for marketing purposes, including but not limited to (i) providing news of the Relevant Company’s business activity (Newsletters), (ii) granting promotional discounts and (iii) other institutional information | Customer Personal Data used to fulfil the said purpose shall be kept until the Data Subject requests the deletion of the same or until the account has been inactive for more than 5 years. |
Processing of Customer Personal Data for statistical analysis and commercial management of the Company | Customer Personal Data used to fulfil the said purpose shall be kept until the Data Subject requests the deletion of the same or for the period necessary to ensure the Responsible Parties are able to meet their legal obligations. |
Processing of Customer Personal Data for the purposes of Complaints | Customer Personal Data used to fulfil the said purpose shall be kept until the Data Subject requests the deletion of the same or for the period necessary to ensure the Responsible Parties are able to meet their legal obligations. |
Processing of Technological Personal Data (cookies) | Customer Personal Data used to fulfil the said purpose shall be kept until the Data Subject requests the deletion of the same or for the period necessary to ensure the Responsible Parties are able to meet their legal obligations. |
8. ARCO Rights of Data Subjects
Any Data Subject providing Personal Data to the Company may, at any time and free of charge
– in compliance with the applicable legislation – exercise their right to access, rectify, delete (or deindex) their personal data or, depending on the applicability of such an option, their right to limit or oppose the processing and portability of their Personal Data.
Similarly, and with regard to Personal Data processing to which the Data Subject has given their consent, the Company will ensure that Data Subjects are able to exercise their right to withdraw their consent, in line with all the applicable legal provisions. All the above rights may be exercised though any of the following channels, where technically possible:
Email: rgpd@plateform.pt
Telephone (dedicated line): 218166590
Registered Post with Acknowledgement of Receipt: c/o the Data Protection Officer:
Plateform
Avenida D.João II, nº30, 4ºB
Parque das Nações 1990-092 Lisboa.
The Company scrupulously complies and will continue to comply with all mandatory information rights enshrined in the applicable legislation, as these pertain to the binding contractual relations established between the Company and the Data Subjects.
The company undertakes, at all times and in all cases, to comply with the legally established fulfilment and performance deadlines ensuing from any Data Subject’s exercise of their ARCO rights.
The Company reserves the right to exercise, in line with the applicable legal and regulatory framework, all the rights of exception provided for in the applicable legislation, as these pertain to the Data Subject’s full / partial exercise of their ARCO rights.
In any event, if a Data Subject believes that the Company has or may have breached their legally enshrined data protection rights, they may file a complaint with the National Data Protection Commission.
9. Data Subject Responsibilities
When using this website or any of the technological tools provided by the Company, the Data Subject undertakes to make every effort to avoid any unauthorised access to their Personal Data, by securing their password and any information that may appear in their Personal Account (where they have such an account on the Platform).
If the Data Subject or any other user of this website or of any of the technological tools provided by the Company provides false or inaccurate information to the Companies, the Company may not be held liable for such circumstance.
10. Mandatory Request for Personal Data
Personal Data that are not duly identified as “optional” on the forms provided by the Company, must be entered if the respective purposes, as set out above, are to be fulfil.
Therefore, if the Data Subject does not provide the Personal Data necessary to fulfil the said purposes, the Company will not be able to comply with their request.
11. Personal Data Protection Measures
Given the Company’s considerable concern for and commitment to privacy protection, it employs a range of technical and organisational security measures that are designed to ensure that the personal data with which it is entrusted is not disseminated, lost, improperly used, altered, processed or accessed without authorisation or processed in any other illegal manner.
The forms used to obtain Personal Data are only available through encrypted sessions and all the Personal Data provided by Data Subjects is held securely in the systems contracted by the Company. Furthermore, the implementation of the physical and logical security measures deemed indispensable to the protection of Personal Data ensures that there are additional access controls and that the information cannot be downloaded.
For further clarification, please contact the Company’s Data Protection Officer, using any of the means identified in point 2 above.
12. Information pertaining to the Data Subject’s electronic device and Cookie Policy
The Company obtains technical information from the user’s device whenever the user visits this website using their mobile phone and/or computer. The information that is obtained pertains to browsing this website.
This website uses cookies. Learn more and accept or reject the use of these cookies.
For further clarification, please contact the Company’s Data Protection Officer, using any of the means identified in point 2 above.
13. Applicable Law
This Privacy Policy has been produced in accordance with Portuguese Law and the GDPR and is governed by the same.
14. Changes to the Privacy Policy
The Company reserves the right to change the Privacy Policy described herein or any terms and conditions of Sectoral Privacy Policies, but to always do so in full compliance with the applicable Portuguese and EU legislation.
Last Revision: November 2023