Privacy Policy

PRIVACY AND DATA PROTECTION

Introduced on: 11/23/2020

Last update: 06/17/2024

1. Introduction

This Privacy Policy aims to explain how our company collects, uses, discloses and protects the personal data of its customers and users, in accordance with article 35 of the Constitution of the Portuguese Republic, Regulation 2016/679 of the European Parliament and of the Council (GDPR), and Law 58/2019 of August 8, which ensures the implementation of the GDPR in Portugal.

The purpose of this document is to inform all interested parties, in particular those who may be subject to data processing, about:

a) what data and in what form is collected and processed by Xolyd

b) with whom such data may be shared or communicated

c) how data is protected and process security is ensured

d) what rights the holder of personal data has and how he/she can exercise them

For the purposes of this document, the expression “personal data” as well as any other expressions, terminology or concepts related to data protection, have the meaning given to them by national and European Union legislation.

2. Data Controller

Our company is the controller of personal data as defined in the GDPR. For any questions related to this Privacy Policy or the processing of your personal data, you can contact us at the following email address: dpo@xolyd.com.

3. Personal Data Collected

We collect different types of personal data from the following data subjects:

Representatives of companies to whom we provide services
Representatives of companies from which we contract services or purchase goods and/or services.
People who register for events organized by Xolyd, or voluntarily on our digital channels to receive information about products and/or services sold, or information of another nature disseminated by Xolyd
Employees
Candidates in recruitment processes.

The personal data that we may collect as part of these activities include, in particular:

Name
Address
Contact details such as:

Phone number
Email address

Payment details
Information about your use of our website

Under no circumstances do we collect, process or treat data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as the processing of genetic data, biometric data, data relating to health or data relating to the sexual life or sexual orientation of the holder.

4. Purposes of Data Processing

The personal data collected will be used for the following purposes:

Order processing and service provision
Communication with customers for support and service purposes
Sending information and updates about products and services
Improving our services and our website
Compliance with legal obligations

5. Data Subject Rights

In accordance with the GDPR and Law 58/2019, data subjects have the right to:

Access your personal data
Rectify incorrect or incomplete personal data
Erase your personal data, right to be forgotten
Restrict the processing of your personal data
Data portability
Object to the processing of your personal data
Withdraw consent at any time, without compromising the lawfulness of the processing carried out based on the consent previously given
To exercise any of these rights, you must contact us using the email address provided in Section 2.

6. Accidental destruction, loss or disclosure

We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access in accordance with Article 32 of the GDPR.

7. Data Retention

We only retain personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting obligations.

8. Security measures adopted

Xolyd is committed to ensuring the protection and security of data, whether personal or otherwise, entrusted to it and to this end has established rules and implemented measures, and all employees are informed of the criticality of these measures and the obligation to which they are subject in ensuring compliance with them.

These measures include:

Internal security regulations, which establish internal procedures in terms of information security, such as adopting long passwords with a minimum required of a certain number of characters, mandatory double authentication mechanisms, corporate password management software, among others.
Periodic training and awareness-raising actions for all employees, specifically on the topic of privacy and data protection.
Technological measures, such as encryption of data at rest and during communications
Organizational measures to limit access to data to only those employees who need it to perform the actions mentioned in point 4 of this document.
Physical security measures such as limiting access to facilities to authorized persons only.

9. International Data Transfers

Personal data may be transferred to and processed outside the European Economic Area (EEA). In such cases, we ensure that international data transfers are carried out in compliance with the provisions of the GDPR and that appropriate safeguards are implemented to protect personal data.

10. Changes to the Privacy Policy

We may update this Privacy Policy at any time. Any changes will be published on our website and, where appropriate, notified to data subjects by email.

11. Contact and exercise of the right to complain

If you have any questions or concerns about our Privacy Policy or the processing of your personal data, please do not hesitate to contact us at the following email address: dpo@xolyd.com.

If the answers obtained are still not satisfactory, you have the right to complain to the competent entity, which in the Portuguese system is the CNPD – National Data Protection Commission, which can be contacted through the following channels:

CNPD - National Data Protection Commission

Av. D. Carlos I, 134, 1º

1200 - 651 Lisbon

Telephone: (+351) 213 928 400

Email: geral@cnpd.pt

Website: https://www.cnpd.pt

Sergio Baptista

Managing Partner