General Scope
Golden Green is committed to protecting and ensuring the security of its customers’ information and privacy. This Privacy Policy aims to make known the general privacy rules and the terms of processing the data we collect, in strict respect and compliance with the applicable legislation in this area, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“General Data Protection Regulation” or “GDPR”).
1. Collection and processing of personal data
This Privacy Policy applies to all personal information collected and stored by the Golden Green website in paper and/or digital formats.
The personal data voluntarily provided by its owner, and whose processing is a contractual and/or legal obligation of Golden Green, are treated confidentially, by employees or subcontractors duly authorized for that purpose, who must follow the specific instructions of Golden Green.
Your data may be collected directly or by telephone, when you make a request for information or service, by opening a customer file, with the creation of a process number that identifies the file, when you visit or use one of the contact forms available on our website, for information requests or requests for quotes and services.
The personal information we collect is:
• Full name
• Email address
• Telephone number
• Address
• VAT number
Other supplementary information, not classified as personal.
When navigating the website, whenever it is necessary to identify and collect personal data, the user will have to authorize its collection through authorization mechanisms that may vary according to the case, but which will be clear in their objective and intuitive as to their use.
For example, on a contact form, there will be a box where the user must click to indicate that they consent to the collection and processing of the personal data entered into the form and subsequent contact by the Golden Green team. However, please note that you will not be able to send your message or contact Golden Green’s team through the website without consent.
The processing of personal data once authorized will be done in accordance with this Privacy Policy, and your authorization shall assume that it has been read and understood.
2. Purposes of collection and categories of data
Grounds (Article 6(1)(b), (c), (d), and (f) of the GDPR): Processing is necessary for the performance of a service to which the data subject is a party, or for taking pre-contractual steps at the request of the data subject; for compliance with legal obligations to which Golden Green is subject; for the protection of vital interests of the data subject; for the purposes of the legitimate interests pursued by Golden Green.
With regard to data processing carried out by Golden Green in the context of compliance with legal obligations, the lawful basis for carrying out such processing – mostly data communications to external entities – will be the necessity of the processing for the purpose of compliance with these legal obligations by the Controller.
We therefore collect your data to:
• Order processing
• Invoice management: issuing invoices for the purchase of goods and services
• Home deliveries: to be able to deliver your purchases to your home
• Customer service: We use your personal data to provide customer support
• Customer comments: We may use your contact details to invite you by email to write a review after your order. By doing so, you can help other customers to choose the most suitable product
• Marketing activities: we also use your data for marketing-related activities to the extent permitted by law. When we use your personal data for direct marketing purposes, such as commercial newsletters and marketing communications about new services and products or other offers we think you may be interested in, we include a link you can use if you do not want us to send messages in the future
• Other communications: There may be other occasions when we contact you by email, post, telephone, or text messages, depending on the contact details you share with us
• Legal scope: In certain cases, we need to use the information you provide, which may include personal data, to handle and resolve legal disputes or claims, for legal investigations, or to enforce agreements or comply with legal requests from competent authorities (for example, communications to SEF), to the extent required by law
If we use automated means to process personal data that produces legal effects or significantly affects you, we will implement appropriate measures to safeguard your rights and freedoms, including the right to obtain human intervention.
3. Data Communication
Golden Green will implement the necessary and adequate measures under the applicable law to ensure the protection of personal data subject to communication, strictly complying with the legal provisions regarding the requirements applicable to such communications, namely by informing the Customers.
In cases where Golden Green communicates personal data to third parties, it will define clear rules for contracting the processing of personal data with its subcontractors and will require them to adopt appropriate technical and organizational measures to protect your personal data.
The data may be provided to judicial or administrative authorities, as long as in compliance with legal obligations, as well as communicated to public and private bodies related to the activity of Golden Green. The data, depending on the purpose for which they were collected, may be provided to the following categories of recipients:
• Public entities
• Subcontracted service providers
• Other entities subcontracted by Golden Green whose object is essential for the pursuit of the purpose for which the data was collected.
4. Transfer of data to third countries
The information collected will not, in principle, be transferred to third countries. In the event of data transfers to countries outside the EU, priority will be given to countries that are covered by an adequacy decision issued by the EU under Article 45 of the GDPR.
Golden Green will take the necessary measures in order to ensure the privacy and security of your personal data under Article 46 of the GDPR and to use it only for the purposes for which it was collected.
5. Conservation of personal data
Your Personal Data is kept by Golden Green for as long as the existing relations between this Entity and the respective Holders remain in force, or for the legal term of conservation or for the purpose for which they were collected, in order to allow the identification of the Holders until such time as these relations or obligations have been definitively terminated.
The data collected will be destroyed at the end of its legal retention period. The period of time for which data is stored and retained varies according to the purpose for which the information is used. There are, however, legal requirements to retain data for a certain period of time.
6. Safety measures
Golden Green is committed to ensuring the confidentiality, protection, and security of its Customers’ personal data by implementing appropriate technical and organizational measures to protect their data against any form of improper or illegitimate processing and against any accidental loss or destruction of this data.
To this end, we have established procedures to prevent unauthorized access, accidental loss, and/or destruction of personal data, undertaking to comply with the legislation on the protection of Customers’ personal data and to process such data only for the purposes for which they were collected, as well as to ensure that such data is treated with adequate levels of security and confidentiality.
Access to your personal data will be limited to those who need to know it in order to carry out their functions, strictly to the extent necessary to fulfill the purposes of the processing.
Golden Green is not responsible for the data that the user makes available on social networks. The use of Golden Green’s social networks may involve the transmission of data to social network service providers, who may be based outside the European Union or the European Economic Area
7. Information storage
The data will be stored electronically on a server maintained and controlled by Golden Green, located in Portugal, and Cloud service providers based in the European Union.
Security is always monitored in terms of infrastructure and data access. Access is restricted and protected by various access management and encryption tools so that unauthorized third parties cannot gain access. The risk of loss/destruction is thus minimized, but not eliminated and there is always the possibility of illegal access to the data. In this case, leakage containment measures will be implemented.
8. Rights of the data subject
• Right to information – at the time of collection or processing, the holder of the personal data has the right to be informed about the purpose of the processing, the person responsible for the processing, the entities to which their data may be communicated, the conditions of access and rectification and which compulsory and optional data will be collected.
• Right of access – the holder of the personal data has the right to access them, without restrictions or delay, as well as to know what information is available about the origin of the data, the purposes of the processing, and the communication of the same to third parties.
• Right of rectification – the data subject has the right to demand that data about him or her is accurate and up to date, and may at any time request its rectification from the data controller.
• Right of erasure – the data subject has the right to have their data no longer processed, erased, and deleted, under certain conditions, in the event that:
• the data is no longer necessary for the purpose for which it was collected;
• the data subjects withdraw their consent or object to their processing;
• if the processing of the data does not comply with the legal provisions.
• Right to restriction of processing – the personal data subject has the right to have their data limited to what is essential for the purpose of the processing.
• Right to data portability (data transfer) – the data subject has the right to receive their data or to request the transmission of their data
