PRIVACY POLICY OF THE WEB SITE https://www.naturisnor.com FOR PERSONAL DATA – IN ACCORDANCE WITH THE GENERAL DATA PROTECTION REGULATION AND OTHER APPLICABLE LEGISLATION

  1. INTRODUCTION:

When you use our services or browse our website, you are entrusting us with information. In order to protect your personal data, this policy clarifies the purpose and limits on the data processed. The present policy aims to clarify how you can use the data, export it and delete it.

There are data that are essential for the site to function correctly, others that optimise its use, and still others that we will never use, since they are of particular sensitivity and are not processed, unless the activity carried out by the user requires it. But in this case, all rules and regulations are strictly observed to protect you from purposes to which you have not consented, respecting the inviolability of individual autonomy, freedom of choice and clarified consent.

On the other hand, data processing is tracked in time: we only use the data in exact proportion to the navigation you perform.

Our data protection policy is rigorous, safeguarding the principles of confidentiality, integrity, availability and regulatory compliance.

The ultimate goal is to strike a balance between digital security and the protection of the rights, freedoms and guarantees of individuals who are entitled to the protection of their personal data and the collective rights of companies and other institutions

 

  1. CONCEPTS:

For the purposes of this Privacy Policy and the General Data Protection Regulation (GDPR), the following shall mean:

“personal data” means information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, electronic identifiers or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Sensitive personal data“, This is a specific category of personal information, related to topics such as confidential medical facts, racial or ethnic origins, political or religious beliefs, or sexuality.

“Processing” shall mean any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

“limitation of processing” means the marking of stored personal data with the aim of limiting their processing in future;

“profiling” means any form of automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning the natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

“pseudonymisation” means the processing of personal data in such a way that they can no longer be attributed to a specific data subject without the use of further information, provided that such further information is kept separately and subject to technical and organisational measures to ensure that personal data cannot be attributed to an identified or identifiable natural person;

File” shall mean any structured set of personal data, accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;

controller” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data;

processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; ‘recipient‘ means a natural or legal person, public authority, agency or other body which receives personal data communications, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or U.S. law shall not be regarded as recipients; the processing of such data by those public authorities shall comply with the applicable data protection rules according to the purposes of the processing;

third party” means a natural or legal person, public authority, service or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process personal data;

Consent” of the data subject means a freely given, specific, informed and explicit indication of his or her wishes by which the data subject signifies his or her agreement to personal data relating to him or her being processed by way of a statement or unequivocal affirmative act;

Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

Algorithm“, A process or a set of rules that a computer follows when performing problem solving operations.

Browser web storage“, Browser web storage allows websites to store data in device browsers. When used in “local storage” mode, it allows you to store data from multiple sessions. This allows data to be retrieved even after closing and re-opening the browser. One technology that facilitates storage on the web is HTML 5.

Application Data Cache“, The application data cache is a repository of data on devices. For example, it can allow a web application to run without an Internet connection and improve the performance of that application by providing faster content loading.

“Cookies“, A cookie is a small file with a string of characters that is sent to your computer when you visit a website. When you visit the site again, the cookie allows the site to recognise your browser. Cookies may store user preferences and other information. You can set your browser to refuse all cookies or indicate when a cookie is being sent. However, some features or services of websites may not function properly without cookies.

Device“, For example, desktop computers, tablets, smart speakers and smartphones are all considered devices.

IP address“, Every device connected to the Internet is assigned a unique number, known as an Internet protocol (IP) address. These numbers are generally assigned in blocks based on geographic area. An IP address can usually be used to identify the location from which a device connects to the Internet.

Pixel tag“, a pixel tag is a type of technology placed on a Website and or in the body of an email for the purpose of monitoring a particular activity, such as the views of a Website and or when an email is opened. Pixel tags are often used in combination with cookies.

“Unique identifiers“, a unique identifier is a string of characters that can be used to uniquely identify a browser, an application or a device. The difference is that different identifiers vary depending on how long they are kept, whether they can be reset by users and how they are accessed.

Unique identifiers can be used for various purposes, including security.

Server logs,” Like most Web sites, our servers automatically record the page requests made when you visit our site. These “server logs” typically include your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.

  1. DATA TYPE:

When you enter our site, you provide us with a range of personal information including, for example, your name, passwords, telephone number , email address, IP number, location data, date of birth ,civil identification number, tax identification number, social security identification number, height, weight and age, household composition, iris pattern and fingerprint, physical, physiological, genetic, mental, economic, cultural or social identity elements, social media profiles and information collected by cookies, banking information and Tax Information.

 

  1. Methodology in data processing:

This includes the collection, recording, organisation, structuring, storage, adaptation, alteration and retrieval of personal data. In other words, we organise the content data you create, upload or receive from others when you use our services, namely

  • We collect information about the applications, browsers and devices you use to access the services, including the IP address, crash reports, system activity and the date, time and URL referrer of your request.
  • We collect information about your device and the connection to our services. This information includes, for example, device type, operator name, fault reports.
  • We collect information about your location.
  • We also use your information to ensure that our services are working as expected, such as monitoring service interruptions or resolving problems you have reported to us.
  • In addition, we use your information to make improvements to our services and products.
  • We use the information collected on existing services to help us develop new services.
  • We use the information collected to personalise our services to you, including providing recommendations, personalised content and customised search results.
  • Advertisements
  • We use data for analysis and evaluation to understand how our services are used. Namely through statistical tracking of site activity, pages visited, number of visits etc,
  • We use information to help improve the security and reliability of our services. This includes detecting, preventing and responding to fraud, abuse, security risks and technical problems that could harm the site owner, our users or the public.

 

  1. Data Subject Rights:
  • The general principle is that no data can be used without your consent.
  • As holders of personal data, users are guaranteed at any time the right to access, rectify, update, limit and delete their personal data
  • They have the right to transparency, access, information, rectification, erasure, limitation of processing, opposition, notification, not subjecting their data to automated robots and portability of their data.
  • The Data Subject may request a copy of their data, export their data, delete specific content, as well as be informed for what purposes and for how long their data is being used
  • The Holder is not obliged to provide the personal information requested, but if he/she chooses not to do so, he/she may not be able to access the services made available to him/her by Naturisnor, namely accessing the online electronic services available on the website as well as his/her reserved area on the Naturisnor Website, or answer any questions he/she may have.
  • Without prejudice to being able to submit complaints directly to Naturisnor through the contacts made available for this purpose, the Data Holder may complain directly to the National Control Authority, which is the National Commission for Data Protection (CNPD), using the contacts made available by this entity for this purpose.

 

  1. Data sharing: Rules and exceptions:
  • We do not share your personal information with companies, entities and individuals outside of the website;
  • Only with the express consent of the holder is information shared with third parties, information which is, as a rule, confidential;
  • The personal data collected may be processed by computer in automated or non-automated form, guaranteeing, in all cases, strict compliance with the legislation on the protection of personal data, being stored in specific databases created for the purpose and, under no circumstances, shall the data collected be used for any purpose other than that for which they were collected or consent was given by the data subject.
  • Naturisnor takes the security of its users’ personal information very seriously and rigorously. The online services provided by Naturisnor to its users ensure the protection of their personal data during the exchange of information through encryption, such as Transport Layer Security (TLS). At the same time, the data is stored using computer systems with limited access and housed in facilities subject to physical protection measures.
  • Naturisnor allows users to easily keep their personal information correct, complete and up-to-date
  • The personal information of each user  is retained for as long as necessary to fulfil the purposes outlined in this Personal Data Privacy Policy unless a longer retention period is required or permitted by law.
  • O user can help ensure that contact information and preferences are correct, complete and up to date by logging into their account on the website. Without prejudice to the provisions of the RGPD, the holder of the personal data may do so, directly or by written request, addressed to the respective Controller, through the contacts made available for this purpose in this document, as well as other contacts made available by Naturisnor.
  • Requests that are spurious or vexatious, endanger the privacy of others, are extremely difficult to fulfil or for which access is not otherwise required by law may be refused.
  • As a matter of course, domain administrators have access to personal data, but unless otherwise stated, they may only use such information for the purposes of creating and maintaining the site;
  • For legal reasons, the use, preservation or disclosure of this information is necessary to : comply with the law, regulation, executive order and for transparency issues with the regulatory bodies of the sector in accordance with the specific legislation of each Country;
  • Exceptionally, data has to be preserved and used, to protect the user himself from fraud, criminality, cyber-attacks or technical problems.

 

  1. RETENTION OF PERSONAL DATA

There are legal requirements that require data to be kept for a minimum period of time. Thus, and whenever there is no specific legal requirement, the data will be stored and kept only for the minimum period necessary for the pursuit of the purposes that motivated their collection or their subsequent processing, under the terms defined by law.

  1. DATA CONTROLLER:

The entity responsible for the processing of personal data is … which determines the purposes and means of processing them.

 

  1. DATA PROTECTION OFFICER
  • The Data Protection Officer (or DPO) plays a relevant role in the protection of personal data, ensuring, among other aspects, the compliance of processes with the legislation in force, also verifying compliance with the current Personal Data Privacy Policy and defining clear rules for the processing of personal data, ensuring that all stakeholders are aware of how Naturisnor handles such data and what rights they have in this regard.
  • The Data Protection Officer is also responsible for the contact between Naturisnor and the National Supervisory Authority, as well as between Naturisnor and its users in matters concerning the processing of personal data.
  • For this purpose, should the holder of the personal data need to contact the Naturisnor data controller, he/she may do so through the means and contacts indicated below: [email protected]

 

  1. CHANGES TO THE PERSONAL DATA PROTECTION POLICY:

Naturisnor reserves the right, at any time, to make readjustments or amendments to this Personal Data Privacy Policy.

 

  1. DISCLOSURE TO THIRD PARTIES

Occasionally and after obtaining consent (usually via opt-in on a web form), Naturisnor may make certain personal information available to strategic partners for the dissemination of the Congresses, events, trainings and Workshops. In this case, the only personal information made available is that to which the user has consented.

Naturisnor may also be required to disclose personal information of its users pursuant to legislation, legal process, dispute resolution and/or requests from public or government authorities, within or outside the user’s country of residence Information may be disclosed about the user  if it is determined that such disclosure is necessary or important, whether for national security, law enforcement, or other public interest purposes.

Naturisnor may have to disclose information about its  users in order to comply with the statutory obligations to which it is bound.

By selecting “Accept”, you authorize Naturisnor to use cookies, pixels, tags and similar technologies. We use these technologies to collect information about your device and browser so that we can monitor your activity for functional and marketing purposes, such as including personalized ads and improving the website. Naturisnor may share this data with third parties, including social media advertising partners such as Google, Facebook and Instagram, for marketing purposes.

 

  1. APPLICABLE AND SUBSIDIARY LEGISLATION:

The present privacy policy respects the provisions of the applicable legislation in the matter of privacy and treatment of personal data. In this sense, it may be revised at any time depending on changes in the legal regulations that support it, as well as the recommendations of national and international entities competent in the matter.

Approved by Naturisnor – Turismo de Natureza do Norte Unipessoal, Lda at 24th January 2023