DATA PROTECTION AND COOKIES POLICY
1 INTRODUCTION
The General Data Protection Regulation (GDPR) on the protection of individuals with regard to the processing of personal data and the free movement of such data came into force on 25 May 2016 and repealed Directive 95/46/EC.
The aim of the Regulation is to give citizens back control of their personal data, preventing the dissemination and misuse of their personal information.
As it is a Community Regulation, it is directly applicable in all Member States, thus guaranteeing legislative harmonisation in terms of Data Protection.
This Regulation has created a new legal framework that changes the paradigm in the way organisations process personal data, the impact of which varies depending on the size of the organisation, the area of activity, the nature of the data collected and the way in which the personal data is processed. It lists the rights of data subjects who are the object of processing, reinforcing the need for consent in processing situations that are not legitimised by any other lawful basis, the right to easy access and rectification of data, the right to information, the right "to be forgotten", the right to object to the use of personal data and the right to data portability.
It also provides for general obligations for data controllers and processors, including the obligation to implement technical and organisational measures, taking into account the risk inherent in personal data processing operations. These measures must be appropriate and necessary to ensure compliance with the Regulation.
The provisions of this Policy apply to the relationships that MOYO Concept - Arquitectura e Design de Interiores, Unipessoal, Lda. maintains with its Clients, Suppliers, Partners and other professionals involved in its commercial activity.
This Policy applies to transactions carried out in Portugal or using Portuguese data.
2. IDENTIFICATION
The online shop www.moyo-shop.com and the website www.moyo.pt are the property of Moyo Concept - Arquitectura e Design de Interiores,Lda, NIF 508708168 , a company that provides interior decoration services and sells interior decoration products from a variety of decoration brands in its online shop www.moyo-shop.com. Moyo Concept - Arquitectura e Design de Interiores, Unipessoal, Lda. is based in Porto, at Rua do Freixo, 1071, 15 - 4300-219 Porto and can be contacted:
- By e-mail to: moyo@moyo.pt
- Via the form available on the website www.moyo-shop.com
Telephone: - +351 220938702 - (Price of a fixed landline call) - Working days from 10.00-13.00H | 14.30-19.30H
Brands commercialised:
All brands and brand-related services are the property of Moyo Concept - Arquitectura e Design de Interiores, Lda. or their respective owners, who grant Moyo Concept - Arquitectura e Design de Interiores, Lda. the right and licence to use the respective Brand.
3. PRIVACY POLICY
This data protection policy explains how MOYO Concept - Arquitectura e Design de Interiores, Unipessoal Lda. (hereinafter referred to as MOYO), legal person no. 508708168 with registered office at Rua do Freixo, 1071 Sala 15 4300-219, Porto, processes the personal data of customers, suppliers and employees and collects, processes and discloses personal data.
If you have any questions regarding the processing of your personal data, please contact us using the following methods:
Telephone: - +351 220938702 - (Price of a fixed landline call) - Working days from 10.00-13.00H | 14.30-19.30H
Address: Rua do Freixo, 1071, 15 - 4300-219 Porto
Email: moyo@moyo.pt
At Moyo Concept - Arquitectura e Design de Interiores, Lda. we respect your privacy and thank you for the trust you place in us. In this Privacy Policy we explain who we are, for what purposes we may use your data, how we process it, who we share it with, how long we keep it, as well as how to contact us and exercise your rights.
Your data will be processed by Moyo Concept - Arquitectura e Design de Interiores, Lda. legal person number 508708168, with Rua do Freixo, 1071, 15 - 4300-219 Porto, hereinafter "MOYO" or "we". This company is responsible for processing personal data within the meaning of the General Data Protection Regulation.
MOYO undertakes to respect the User's privacy and to process their personal data in a careful and confidential manner, in accordance with the laws applicable under the General Data Protection Regulation. The data will not be processed for any purposes other than those specified herein.
MOYO reserves the right to update or modify its Privacy Policy at any time, in particular in order to adapt it to legislative changes. Users are therefore advised to visit this page regularly.
4. RIGHTS OF PERSONAL DATA SUBJECTS
MOYO guarantees the rights of customers, suppliers and employees with regard to data protection and has taken the necessary measures to provide information and any communication regarding data processing in a concise, transparent, intelligible and easily accessible manner, using clear and simple language. This information is provided in writing or electronically or, if requested, may be provided orally.
MOYO has taken steps to ensure that the person requesting the personal data is the data subject. If the company has reasonable doubts about the identity of the natural person making the request, it may request additional information that is necessary to confirm the identity of the data subject.
If the company does not comply with the request, it must inform the data subject of the reasons for not taking action and of the possibilities for the data subject to complain to a supervisory authority or even take legal action, within one month of receiving the request. The information and communication of measures must be provided free of charge. However, if the requests are unfounded or excessive, the company may:
i) or demand payment of a reasonable fee taking into account its costs;
ii) or refuse to comply with the request.
The holders of personal data may also request that their data be completely erased from the company's databases without undue delay and, to this end, MOYO will proceed to erase it.
This right may only be granted by MOYO in the following situations:
a. The personal data is no longer necessary for the purpose for which it was collected or processed;
b. The holder of the personal data has withdrawn the consent on which the processing of the personal data is based, and there is no other legal basis justifying the processing of the data;
c. The data subject exercises the right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her when the lawful basis is legitimate interest, provided that there are no other overriding legitimate grounds;
d. The data subject exercises the right to object to processing when personal data is processed for direct marketing purposes;
e. There is a legal obligation to delete the personal data;
f. The personal data has been collected in the context of offering information society services;
g. When the retention period defined for the data has been exceeded.
However, MOYO will not favour deletion when processing proves necessary:
a. The exercise of freedom of expression and information;
b. The fulfilment of a legal obligation requiring processing provided for by the law of the European Union or of a Member State to which the Data Controller is subject, the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
c. For archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes, insofar as the right referred to is likely to render impossible or seriously jeopardise the achievement of the purposes of such processing; or
d. For the purposes of establishing, exercising or defending a right in legal proceedings.
The data subject also has the right to have the company rectify inaccurate data without undue delay.
They also have the right to lodge a complaint with the National Data Protection Commission.
5. EXERCISE OF RIGHTS
The right of access, the right to rectification, the right to erasure, the right to restriction, the right to portability and the right to object may be exercised by the data subject by contacting MOYO at moyo@moyo.pt.
MOYO will respond in writing (including by electronic means) to the data subject's request within a maximum period of one month from receipt of the request, except in cases of particular complexity, where this period may be extended up to two months.
If the requests made by the data subject are manifestly unfounded or excessive, particularly due to their repetitive nature, MOYO reserves the right to charge administrative costs or refuse to comply with the request.
If you wish, at any time, to no longer be included in the MOYO database, you can exercise this right by contacting us using the following means:
E-mail: moyo@moyo.pt
Telephone: +351 220938702 - (Price for a landline call) - Working days from 10.00-13.00H | 14.30-19.30H
MOYO Concept - Architecture and Interior Design, Unipessoal, Lda.
Rua do Freixo, 1071 Sala 15
NIF: 508708168
4300-219, Porto
If you do not request the removal of your data, it will remain in our database for a maximum period of 10 years.
6. TYPE OF DATA COLLECTED
MOYO collects data on its customers, suppliers and employees, including name, email address and telephone number.
7. CONSENT
If consent is legally required for the processing of personal data, the data subject has the right to withdraw consent at any time, although this right does not compromise the lawfulness of the processing carried out on the basis of the consent previously given or the subsequent processing of the same data based on another legal basis, such as the fulfilment of the contract or legal obligation to which MOYO is subject.
By using this website, you consent to the collection and use of information.
MOYO may at any time modify, add or delete any of the privacy policies on its website (www.moyo.pt or www.moyo-shop.com ) by updating the content of this page.
If you wish to withdraw your consent, you can contact us by letter, telephone or e-mail at moyo@moyo.pt.
8. PURPOSE OF COLLECTING THE USER'S PERSONAL DATA
The data collected by MOYO is intended for the provision of the contracted services and communication with customers, in particular the processing of requests for information, statistical analysis, questions about products, management of complaints and questions of a general nature such as:
- Customer management
MOYO provides interior decoration services which you can consult at www.moyo.pt and sells interior decoration products from a variety of decoration brands in its online shop www.moyo-shop.com. The processing of your data is necessary for the fulfilment of the contract of sale or provision of services between you and MOYO, or to carry out pre-contractual steps at your request.
Your data will be kept for this purpose for 2 years of inactivity.
- Email and chat management
Emails and online chat messages will be kept for administrative support purposes for a period of one year.
- Marketing
MOYO may process your data to send you information about its products and services.
This data processing will only be carried out with your consent, given at the time of registration via the enquiry form or sent by any means. If you consent, you will receive marketing communications via e-mail and SMS. MOYO may also share your data with third parties that manage social networks, such as Facebook, for the purpose of carrying out marketing campaigns via social networks.
Consent to the processing of personal data for direct marketing purposes can be revoked at any time.
Your data will be kept for this purpose for 2 years of inactivity.
- Profiling
MOYO carries out profiling based on information related to your purchases. Whenever you shop at www.moyo-shop.pt, you record the products purchased, amounts paid, date and time and choose the method of collection.
This information is analysed to identify your consumption profile. This analysis allows MOYO to send you personalised information tailored to your profile. MOYO uses statistical information related to online shop customer profiles to improve communication with its customers and find the products best suited to their profile.
- Satisfaction survey
In order to improve the quality of its services, MOYO may contact the Customer by telephone and ask them to complete a quality and satisfaction survey.
The legal basis for contacting Clients and requesting their participation in the satisfaction survey is based on MOYO's legitimate interests in improving the quality of its services.
This survey will only be directed at MOYO Customers (who have previously purchased products and/or services), and will be anonymous, used and analysed for statistical purposes, with no personal data being collected from the Customer during the course of the survey.
- Recruitment
The personal data of candidates for recruitment by MOYO will be used for the period necessary for the recruitment process.
- Purchase or request for quotation from suppliers
Contacts with suppliers for the purpose of requesting prices or purchasing products or raw materials necessary for MOYO's activity.
- Employee data
Provision of legal information regarding the company's employees.
9. WHO HAS ACCESS TO THE USER'S PERSONAL DATA?
MOYO does not disclose any personal data of its Customers and Users to third parties without their consent.
MOYO adopts security measures to ensure that its employees or collaborators with access to personal data receive adequate training to process it correctly, in compliance with this policy and legal data protection obligations. In the event of non-compliance, MOYO will apply disciplinary sanctions to its employees and collaborators.
Whenever MOYO discloses the User's personal data, it will safeguard compliance with the General Data Protection Regulation, namely by providing for contractual provisions that guarantee that the third party uses the data received only for the purposes specified, and in accordance with the purposes described in this policy, and that it uses appropriate security means in order to protect the User's personal data against illegal or unauthorised processing as well as against accidental loss, destruction or other harmful actions. Your data will be processed within the European Union.
10. SECURITY OF PROCESSING
MOYO has implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk in order to prevent the accidental or unlawful destruction, accidental loss, alteration, dissemination or unauthorised access of data.
It is necessary to take into account the potential vulnerabilities of the system and forecast the impact they could have on people in order to assess the risks and define the best measures. Once the impact assessment has been carried out, the outcome can influence the measures that are adopted.
MOYO is free to choose the means it deems appropriate and the GDPR only establishes an obligation of result for those responsible for processing.
The measures that are taken, depending on what is considered necessary for each specific case, may be:
i) pseudonymisation and encryption of data;
ii) the ability to ensure the permanent confidentiality, integrity, availability and resilience of processing systems and services;
iii) the ability to restore availability and access to personal data in a timely manner in the event of a physical or technical incident;
iv) a process for regularly reviewing, assessing and evaluating the effectiveness of technical and organisational measures to ensure security in processing.
11. WHERE IS USER DATA STORED?
MOYO stores the data of its customers and Users on its servers.
These servers are protected and maintained in accordance with high security standards and in order to comply with applicable privacy laws.
12. WHAT ABOUT LINKS ON THE WEBSITE?
The MOYO website may contain links to other websites of companies not belonging to MOYO. This Privacy Policy does not apply to those websites.
If you use a link available on this website to another website and provide personal data on that site, the processing of the data will be subject to the privacy statement of that website.
13. GDPR Definitions
1. Personal Data: Information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.
2. Sensitive Data: Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data (understood as personal data relating to the genetic characteristics, whether hereditary or acquired, of a natural person, which give unique information about the physiology or health of that natural person and which result in particular from an analysis of a biological sample from the natural person concerned), biometric data (understood as personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person), physiological or behavioural characteristics of a natural person which allow or confirm the unique identification of that natural person, in particular facial images or dactyloscopic data) to uniquely identify a person, health data (understood as personal data relating to the physical or mental health of a natural person, including the provision of health services which reveal information about their state of health) or data relating to a person's sex life or sexual orientation.
3. Health Data: Personal data relating to the physical and mental health of the person, including medical prescriptions containing information about the patient's state of health.
4. Data Controller: The natural or legal person who determines the purposes and means of processing personal data. There may be joint controllers.
5. Processor: The natural or legal person who processes the data on behalf of the controller.
6. Data Subject: The natural person who holds the information processed or "to whom the information relates or is related".
7. Processing of Personal Data: any operation or set of operations concerning personal data, whether or not by automated means, such as collection, consultation, use, storage, retrieval, alteration, recording or disclosure.
8. Data Protection Officer: Person appointed by the organisation who will be involved in all matters relating to the protection of personal data and determines the purposes and means of data processing.
14. PRINCIPLES RELATING TO THE PROCESSING OF PERSONAL DATA
Principle of adequate, proportionate and necessary information ("data minimisation") (Article 5(1)(c) of the GDPR)
Personal data must be processed fairly, lawfully and transparently in relation to the data subject. The data is collected for certain explicit and legitimate purposes and cannot be used subsequently in a way that is incompatible with those purposes.
The data collected must be limited to what is strictly necessary and appropriate in relation to the purposes for which it is collected and processed. This is one of the new concepts introduced that must guide the entire process of processing personal data, Privacy by Default, which means that mechanisms must be introduced to ensure that, by default, only the necessary amount of personal data is collected.
MOYO processes personal data at various points in its activity. In this sense, the data requested from customers, suppliers and employees is restricted to the necessary purposes for which it is collected.
Principle of Purpose Limitation
Data is collected for certain purposes, which are explicit and legitimate, and is not subsequently processed in a way that is incompatible with those purposes. This principle, which is enshrined in Article 5(1)(b) of the GDPR, implies that when MOYO collects data for one or more purposes, this processing will be compatible with the purposes for which they were initially collected.
Principle of Accuracy
MOYO guarantees the updating and possibility of rectification of personal data, in order to guarantee the accuracy of the data in its databases.
In order to respect this principle, appropriate measures have been adopted so that data that is out of date or incorrect according to the purposes for which it is processed is deleted or rectified quickly.
Principle of Conservation Limitation
As the purpose limitation principle shows, the data being processed is collected for specific, specified and explicit purposes (Article 5(1)(e) of the GDPR). Once the time necessary for the purposes for which they are processed has elapsed, the data are deleted or anonymised.
Principle of Integrity and Confidentiality
Personal data is processed in a way that guarantees confidentiality and security, so as not to cause damage to the legal sphere of the data subject (Article 5(1)(f)).
Principle of Responsibility
MOYO, under the terms of Article 5(2) of the Regulation, is responsible for complying with all the principles listed above and must be able to prove it.
15. PERSONAL DATA BREACH
Personal data breaches are breaches of security that result in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.
The detection of an information security incident can originate from various situations.
A personal data breach may originate from:
a. Breach of confidentiality: whenever there is unauthorised or accidental disclosure of or access to personal data;
b. Breach of availability: whenever personal data is lost or destroyed in an unauthorised or accidental manner; and
c. Breach of integrity: whenever personal data is altered in an unauthorised or accidental manner. In the event of a personal data breach, the company must notify the competent supervisory authority without undue delay and, where possible, no later than 72 hours after becoming aware of the breach, unless the breach does not result in a criminal offence.
If this notification exceeds 72 hours, the company must give reasons for the delay.
If the company is a subcontractor, the notification is made to the person responsible for processing the personal data, without undue delay. In addition to notifying the competent supervisory authority, it may be necessary to communicate the personal data breach to the data subject. This communication is necessary when the personal data breach involves a high risk to the rights and freedoms of natural persons, and must therefore be carried out without undue delay.
In order to characterise the extent of the security incident, it will be necessary to take into account, for example, an estimate of the number of data subjects affected by the personal data breach, the time of the incident and the duration of the incident or permanent or temporary consequences.
MOYO, as the controller of personal data, must document any personal data breaches. This documentation includes the facts related to the violations, the effects and the measure that was adopted in order to allow the supervisory authority to verify compliance with these requirements.
On the other hand, MOYO must guarantee a corrective action plan in order to prevent a future repetition. MOYO is responsible for keeping a record of evidence of the corrective actions implemented.
Examples of technical and organisational resolution measures include, but are not limited to:
a. Changing passwords on operating systems and/or applications impacted by the personal data breach;
b. Revoking and generating new digital certificates;
c. Revoking user account sessions;
d. Communicating to users the duty to change credentials in systems and/or applications;
e. Formatting and reinstalling systems and applications on affected equipment;
f. Recovering information through backups.
16. COOKIES POLICY
In order to provide a better service to the user, the MOYO, www.moyo.pt and www.moyo-shop.com websites use cookies in certain areas. Cookies are files that store information on the User's hard drive or browser, allowing websites to recognise you and know that you have visited them before. All MOYO websites that ask the user for their password and name to enter, or that can be personalised, require cookies to be accepted in order to access all the available features.
Users can configure their browser to refuse cookies, but in this case the website or parts of it may not function correctly. Cookies are used to monitor and analyse the use of the website, allowing MOYO to better identify and serve the User.
MOYO does not share cookies with third parties, including external data providers or websites.
Temporary cookies are not associated with any personally identifiable information about you. In any case, you can limit or restrict the admission of cookies through your browser options.
DO YOU HAVE ANY QUESTIONS?
If you have any questions regarding the processing of your personal data, or wish to exercise any of your rights, please contact us:
By telephone: +351 220938702 - (Price of a fixed line call) - Working days from 10.00-13.00H | 14.30-19.30H
By e-mail: moyo@moyo.pt
From time to time, MOYO will update this Privacy Policy. We ask that you periodically review this document to keep up to date.