Within the context of providing the website hosted at www.idart.pt and the services and communications made available on it, id.art, Lda. (‘idart’), corporate tax identification number 517 090 236, with headquarters at Estrada da Ribeira N°236, 2755-290 Alcabideche, Portugal, may require the User to provide personal information, i.e., information provided by the User that allows idart to identify and/or contact them (‘Personal Data’).
As a rule, Personal Data is required when the User requests contact or information and/or subscribes to newsletters, as well as when applying for job offers and/or submitting their portfolio. The Personal Data collected and processed consists of information relating to name and e-mail, although other Personal Data may be subsequently collected which may be provided by Users in their CVs or portfolios, or Personal Data that is necessary or appropriate for the provision of services by idart.
Through this Privacy Policy, idart provides the User with detailed information on the nature of the data collected and the purpose and processing of the Personal Data. idart also collects and processes information on hardware and software, as well as information on the pages visited by the User within the Site. This information may include: their browser type, domain name, access times and the hyperlinks through which the User accessed the Site (‘Usability Information’). We only use this information to improve the quality of the visit to our Site.
In this Privacy Policy, the Usability Information and Personal Data are called ‘User Information’.
To process the User Information, idart uses or may use third-party entities, subcontracted to process the User Information on behalf of idart and according to its instructions, in strict compliance with the law and this Privacy Policy. These subcontracted entities may not transfer the User Information to other entities.
idart promises to only subcontract entities that provide sufficient guarantees of suitable technical and organisational measures that ensure User rights are protected. All the entities subcontracted by idart are bound by a written agreement governing the purpose and duration of the processing, the nature and aim of the processing, the type of personal data, the categories of the data subjects, and the rights and obligations of the parties. When personal data is collected, idart provides the User with information on the categories of subcontracted entities that, in this context, may process data on behalf of idart.
idart may collect data directly (i.e., directly from the User) or indirectly (i.e., through partners or third parties). This may be done through the following channels: Direct collection: in person, by telephone, by e-mail and/or through the Site; Indirect collection: through partners or companies in the group and official entities.
In terms of general principles relating to the processing of personal data, idart promises to ensure that the User Information it processes is: Processed in a lawful, fair, and transparent manner as regards the User; Collected for specific, explicit, and legitimate purposes and not processed subsequently in a manner that is incompatible with these purposes; Suitable, relevant, and limited to what is necessary for the reasons behind its processing; Accurate and up-to-date wherever necessary, with all the suitable measures being taken to ensure that inaccurate information is immediately deleted or corrected, bearing in mind the reason it is being processed; Stored in a way that only allows the User to be identified during the period necessary to fulfil the purposes behind its processing; Processed in a manner that ensures its security, including protection from unauthorised or illegal processing and loss, destruction or accidental damage, with the suitable technical and organisational measures being adopted.
The processing of data by idart is legal if at least one of the following situations is observed: The User has given their explicit consent to process the User Information for one or more specific purposes; The processing is necessary for concluding an agreement to which the User is party or for pre-contractual measures at the User’s request; The processing is necessary for complying with a legal obligation to which idart is subject; The processing is necessary for protecting the User’s vital interests or those of another natural person; The processing is necessary for the legitimate interests pursued by idart or by third parties (unless the User’s interests or fundamental rights and freedoms take precedence and require the protection of their personal data).
idart promises to ensure that the User Information is only processed under the conditions listed above and with respect to the aforementioned principles.
If the User Information is processed by idart based on the User’s consent, the latter is entitled to withdraw their consent at any time. However, the withdrawal of consent does not compromise the lawfulness of the processing carried out by idart based on consent previously given by the User.
The period of time the data is stored and retained varies according to the purpose for which it is processed. Indeed, there are legal requirements that state that data must be kept for a minimum amount of time. Thus, provided there is no specific legal requirement otherwise, the data will be stored and retained only for the minimum period necessary for the purposes behind its collection and subsequent processing, at the end of which it will be deleted.
idart generally uses the User Information for the following purposes: Managing contact with the User; Sending newsletters or other information about products and/or services requested by the User; Recruitment and selection; Ensuring the Site meets the needs of the User, through the development and publication of content that is the most suitable possible to the type of User and their requests, improving the Site’s search capacity and functionality, and obtaining aggregated or statistical information on the User’s profile type (consumer profile analysis); idart may combine Usability Information with anonymous demographic information for research purposes and may use the result of this combination to provide more relevant content on the Site.
The User Information gathered by idart is not shared with third parties without the User’s consent, with the exception of the situations referred to in the following paragraph. However, if the User procures services from idart that are provided by other entities responsible for processing personal data, the User Information may be consulted or accessed by these entities, to the extent that this is necessary for providing the aforementioned services.
In accordance with the applicable laws, idart may transmit or communicate the User Information to other entities if this transmission or communication is necessary for implementing the agreement established between the User and idart, or for pre-contractual measures at the User’s request, if this is necessary to comply with a legal obligation to which idart is subject or if it is necessary for pursuing the legitimate interests of idart or a third party. If User Information is transmitted to third parties, we will make reasonable efforts to ensure the recipient uses it in a manner that is consistent with our Privacy Policy.
In order to ensure the security of the User Information and the utmost confidentiality, we process the information provided to us in a completely confidential manner, in accordance with our internal security and confidentiality policies and procedures, which are periodically updated as necessary, and in accordance with the legally established terms and conditions.
According to the nature, scope, context, and purpose of the data processing, as well as the risks involved with respect to the rights and freedoms of the User, idart promises to apply, when defining the processing means and during the processing itself, the suitable and necessary technical and organisational measures for protecting the User Information and complying with legal requirements.
It also promises to ensure that, by default, only the data necessary for each specific processing purpose is processed and that this data is not made available to an unspecified number of people without human intervention.
In terms of general measures, idart adopts the following: Regular audits aimed at assessing the effectiveness of the implemented technical and organisational measures; Educating and training staff involved in data processing operations; Pseudonymisation and encryption of personal data; Mechanisms capable of ensuring the continuous confidentiality, availability, and durability of information systems; Mechanisms that ensure information systems are re-established and personal data accessed in a timely manner in the event of a physical or technical incident.
The personal data collected and used by idart may be made available to third parties that are established outside the European Union. idart promises to ensure that the transfer complies with the applicable laws, particularly with respect to determining the suitability of the country as regards data protection and the applicable requirements for such transfers.
Cookies are small information files that are sent to your computer or mobile phone when you visit a website. Cookies are sent back to the site of origin on each subsequent visit or to another site that recognises this cookie. Cookies are useful because they allow a site to recognise the user’s device, allowing them to navigate the pages more efficiently and remembering their preferences, and generally improving the user experience.
Some cookies sent by the server will only last during the session and will expire when the browser is closed. Other cookies are used to remember when a user returns to a site and last for longer. Most browsers accept cookies automatically. You can change the settings in your browser to not accept them or to receive notifications every time a cookie is created.
To find out more about cookies, including how to see cookies that were created on your device and how to manage or delete them using different types of browsers, visit www.allaboutcookies.org. It is also possible to activate, deactivate, and delete cookies in your browser. To do this, follow the instructions in your browser (generally located in the ‘Help’, ‘Tools’ or ‘Edit’ options). Deactivating a category of cookies does not remove the cookie from your browser; to do this you must delete it manually.
Blocking or deleting cookies used by idart may prevent the website’s user functions from being enjoyed to the full.
Information provided to the User by idart (when the data is collected directly from the User): The identity and contact details of the person at idart who is responsible for processing the information and, if applicable, their representative; The purposes of processing the personal data as well as, if applicable, the legal grounds for processing it; If the data is processed in the legitimate interests of idart or a third party, an indication of these interests; If applicable, the personal data recipients or recipient categories; If applicable, indication that the personal data will be transferred to a third country or international organisation and whether a decision on adequacy is adopted by the Commission or a reference to appropriate and suitable transfer guarantees; Time period for retaining personal data; The right to request access to personal data from idart, and to correct, delete or limit it, as well as the right to object to its processing and the right to data portability; If the data is processed based on the User’s consent, the right to withdraw consent at any time, without compromising the lawfulness of the processing carried out based on consent given previously; The right to complain to the National Commission for Data Protection (CNPD) or another controlling authority; Indication of whether the communication of personal data constitutes a legal or contractual obligation or a necessary requirement for concluding a contract, as well as if the subject is obliged to provide the personal data and the possible consequences of not doing so; If applicable, the existence of automated decisions, including the definition of profiles and information relating to the rationale behind them, as well as the importance and consequences of the processing for the data subject; If the User Information is not directly collected from the User by idart, in addition to the information referred to above, the User is also informed of the types of personal data being processed and of the origin of the data and, possibly, if it derives from publicly accessible sources; If idart intends to process the User Information subsequently for a purpose other than that for which it was collected, before it does so it will provide the User with information on this purpose and any other relevant information, in accordance with the terms mentioned above.
Procedures and measures implemented with a view to compliance with the right to information: The information referred above is provided in writing (including by electronic means) by idart to the User before the personal data in question is processed. Under the applicable law, idart is not obliged to provide the User with the information mentioned in above when and insofar as the User is already aware of it. The information is provided by idart free of charge.
idart provides the User with the means to access their Personal Data.
The User is entitled to obtain confirmation from idart that their personal data is processed or not and, if it is, to access their personal data and the following information: The reasons for processing the data; The categories of personal data in question; The recipients or categories of recipients to which the personal data was or will be disclosed, in particular recipients that are established in third countries or that belong to international organisations; The length of time the personal data will be retained; The right to request that idart correct, delete or limit the processing of the personal data and the right to oppose its processing; The right to complain to the National Commission for Data Protection (CNPD) or another controlling authority; If the data is not collected from the User, the available information on the source of the data; The existence of automated decisions, including the definition of profiles and information relating to the rationale behind them, as well as the importance and consequences of the processing for the data subject; The right to be informed of adequate guarantees surrounding the transfer of data to third countries or international organisations.
Upon request, idart will provide the User, free of charge, with a copy of the User Information that is being processed. The provision of other copies requested by the User may incur administrative costs.
The User is entitled to request, at any time, that their Personal Data be corrected, and that any incomplete personal data be completed, including through an additional declaration.
In the case of correcting data, idart will inform each recipient of the data of the respective correction, unless this is impossible or entails unreasonable effort on the part of idart.
The User is entitled to request that idart delete their data for one of the following reasons: The User Information ceases to be necessary for the purposes of its collection or processing; The User withdraws the consent on which the data processing was based and there are no other legal grounds for processing it; The User opposes the processing under their right of opposition and there are no legitimate prevailing interests that justify the processing; If the User Information is processed illegally; If the User Information must be deleted to comply with a legal obligation to which idart is subject.
Under the applicable laws, idart is not obliged to delete the User Information insofar as its processing is necessary for implementing an agreement to which the data subject is a party or for complying with a legal obligation by which idart is bound or for the purposes of declaring, exercising, or defending idart’ rights in legal proceedings.
In the case of deleting data, idart informs each recipient of the data of the respective deletion, unless this is impossible or entails unreasonable effort on the part of idart. If idart has made the User Information public and is obliged to delete it under the right to d eletion, idart promises to take reasonable steps, including of a technical nature, taking into account the technology available and the costs involved, to inform the persons responsible for processing the personal data that the User has requested the deletion of all links to this personal data, as well as any copies or reproductions.
The User is entitled to request that idart limit the processing of the User Information in one of the following situations (the limitation consists in marking the stored personal data with the aim of limiting its future processing): If the accuracy of the personal data is disputed, for a period of time that allows idart to verify its accuracy; If the processing is illegal and the User opposes the deletion of the data, requesting that its use be limited instead; If idart no longer needs the User Information for processing purposes but the data is required by the User for the purposes of declaring, exercising or defending their rights in legal proceedings; If the User opposes the processing until it becomes clear that the legitimate motives of idart take precedence over the wishes of the User.
If the User Information is subject to limitation, it may only, except for retention, be processed with the User’s consent or for the purposes of declaring, exercising, or defending the rights of another legal or natural person, or on public interest grounds provided for by law.
The User who has limited the processing of their data in the cases referred to above will be informed by idart before the limitation of the processing is cancelled.
In the case of limiting the processing of data, idart will inform each recipient of the data about the respective limitation, unless this is impossible or entails unreasonable effort on the part of idart.
The User is entitled to receive personal data relating to them and which has been provided to idart, in a structured format, for general use and automatic reading, and to transmit this data to another data processor, if: The processing is based on the User’s consent or an agreement to which they are a party; and the processing is carried out by automated means.
The right to portability does not include inferred or derived data, i.e., personal data that is generated by idart as a result of analysing the processed data, but rather only the personal data that the subject has legally provided.
The User is entitled to have their personal data transmitted directly between processors, provided this is technically possible.
The User is entitled to oppose, at any time, for reasons related to their particular situation, the processing of the personal data relating to them based on the legitimate interests pursued by idart or if the processing is carried out for purposes other than those for which the personal data was collected, including the definition of profiles or if the personal data is processed for statistical purposes.
idart will cease processing the User Information unless there are imperative and legitimate reasons for processing it that take precedence over the interests, rights, and freedoms of the User or for the purposes of declaring, exercising, or defending idart’ rights in legal proceedings.
If the User Information is processed for direct marketing purposes, the User has the right to oppose, at any time, the processing of the data relating to them for the aforementioned marketing purposes, which includes the definition of profiles insofar as this is related to direct marketing. If the User opposes the processing of their data for direct marketing purposes, idart will cease processing the data for that purpose.
The User also has the right not to be subject to any decision taken exclusively based on automated processing, including the definition of profiles, which produces legal effects concerning them or which significantly affects them in a similar way, unless the decision: Is necessary for concluding or implementing an agreement between the User and idart; Is permitted by legislation to which idart is subject; or is based on the explicit consent of the User.
The rights of access, correction, deletion, limitation, portability, and opposition may be exercised by the User by contacting idart by e-mail at privacy@idart.pt.
idart will respond in writing (including by electronic means) to the User’s request within a maximum of one month from receiving the request, except in particularly complex cases, when this time limit may be extended to two months.
If the requests made by the User are clearly unfounded or excessive, particularly if they are of a repetitive nature, x reserves the right to charge administration fees or refuse the request.
If data is breached and insofar as this violation is likely to pose an increased risk to the rights and freedoms of the User, idart promises to inform the User of the personal data breach in question within 72 hours of becoming aware of the incident.
By law, it is not required to inform the User in the following cases: If idart has taken adequate protection measures, both technical and organisational, and these measures have been applied to the personal data affected by the breach, especially measures that render the personal data incomprehensible to any unauthorised person who accesses it, such as encryption; If idart has taken subsequent measures that ensure the heightened risk to the User’s rights and freedoms is unlikely to materialise; or if notifying the User requires unreasonable efforts on the part of idart. In this case, idart will make a public announcement or take similar steps to inform the User.
idart reserves the right to change this Privacy Policy at any time. If the Privacy Policy is changed, the date of the last change, visible at the top of this page, will also be updated. If the change is substantial, a notification will appear on the Site.
The Privacy Policy and the collection, processing, and transmission of User Information are governed by (EU) Regulation 2016/679, of the European Parliament and of the Council, of 27 April 2016 and by the applicable laws and regulations in Portugal.
Any disputes arising from the validity, interpretation or implementation of the Privacy Policy or related to the collection, processing, or transmission of User Information, must be submitted exclusively to the jurisdiction of the courts of the Judicial District of Lisbon, without prejudice to the applicable mandatory legal regulations.