Data Controller and contact information
The personal data that we obtain will be
processed by:
Corporate Name: Flow – Holmes
Place Coworking
Address: Praceta
Professor Alfredo de Sousa 8A Algés 1495-241 Lisboa
Email: marketing@flow.holmesplace.pt
For any questions regarding our use of your
personal data, you can also contact our Data Protection Officer at EPD@holmesplace.pt
Personal Data Collection
“Personal data” referes to
specific data about personal or factual characteristics relating to a subject who
can be identified from that data. This includes information such as name,
address, telephone number and date of birth.
Information that does not allow
you to be identified or that cannot be directly linked to your identity is not
considered personal data.
We collect your personal data
when you register in the customer area, when you book a tour to our premises, when
you subscribe to our newsletter and our marketing campaigns, when you
communicate with us through the different channels available on our website,
when you exercise any of your rights, when you provide us with your data in the
context of a contractual/pre-contractual relationship, when you physically access
our premises, as well as through browsing data (cookies).
Purposes and legal basis
|
Processing Purposes |
Personal Data processed |
Legal grounds |
|
Response and follow-up of requests made through the contact channels
provided |
Personal identification and contact details |
Legitimate interest in the development of our comercial activity (Article
6(1)(f) GDPR) |
|
Processing requests in the event of an exercise of rights by data
subjects |
Personal identification and contact details |
Compliance with a legal obligation (Article 6(1)(c) GDPR) |
|
Evaluation of your activity history, maintenance of security and
analysis of your browsing on the website, based on the information captured
through cookies |
Internet browsing data |
Consent (Article 6(1)(a) GDPR) |
|
Commercialisation and dissemination of information about events, services
and initiatives (marketing) |
Personal Identification and contact details |
Consent (Article 6(1)(a) GDPR) |
|
Video surveillance |
Image |
Legitimate interest in the protection of persons and property within
the premises (Article 6(1)(f) GDPR + Article 19 of the Lei 58/2019) |
|
Managing processes related to the subscription to our services/plans |
Personal identification and contact details, details of professional
life, billing and payment details |
Pre contratual due dilligence (Article 6(1)(b) GDPR) |
|
Managing the contractual relationship |
Personal identification and contact details, details of professional
life, billing details |
Execution of a contract to which the data subject is a party (Article
6(1)(b) GDPR) Legitimate interest in an effective business administration (Article
6(1)(f) GDPR) |
|
Registration in the customer area |
Personal identification and contact details |
Legitimate interest in ensuring a more efficient and secure customer
management process (Article 6(1)(f) GDPR) |
|
Tour bookings |
Personal identification and contact details |
Legitimate interest in the development of our comercial activity
(Article 6(1)(f) GDPR) |
|
Fulfilment of tax, financial and accounting obligations, under the
applicable legal terms. |
Personal Identification, contact and billing data |
Compliance with a legal obligation (Article 6(1)(c) GDPR) |
Recipients of your personal
data
We may share your personal data
with the following recipients:
·
Other Group companies, in order to guarantee
centralised and secure information management.
·
Companies responsible for providing the
following services: web and website devolopment, potencial clients management,
eletronic communication, database management, among others. Nevertheless, we
ensure that these service providers undertake to fulfil their obligations under
the GDPR and, specifically, to process personal data only for the agreed
purposes and in accordance with our instructions.
·
Public Authorities and Bodies, including courts,
if required.
·
Other third parties, if the data subjects give
their prior consent, or if the processing requires their intervention.
Transfers of personal data to
third countries or international organisations
Within the scope of data sharing
and if necessary, we’ll only transfer your personal data to third countries –
which do not belong to the European Economic Area – for which the European
Commission has not issued an adequacy decision regarding the level of
protection of personal data, if the necessary and appropriate measures are in
place under the applicable law to ensure the protection of the data subject to
such a transfer. This measures can include standard contractual clauses
approved by the European Commission or another mechanism.
Data storage
The personal data will be kept:
·
For no longer than is necessary for the purposes
for which they are processed;
·
Until the data subjects withdraw their consent
to the processing, unless there is another legal basis for the processing;
·
During the legally prescribed period, if there
is a legal obligation to fulfil in this regard.
Data subject rights
The data subjects may exercise
the following rights:
·
Access to their personal data;
·
Rectification and updating of their personal
data;
·
Erasure – The data subjects may request
the deletion of their personal data if it is no longer necessary for the
purposes for which they were collected;
·
Restriction of processing;
·
Objection – The data subjects shall have
the right to object, on grounds relating to their particular situation, at any
time to the processing of their personal data which is based on our legitimate
interests;
·
Data Portability;
·
Reject automated individual decisions;
·
Withdraw consent – Your consent can be withdrawn
at any time; however, this withdrawn does not affect the lawfulness of the
processing carried out prior to the withdrawal.
If you wish to submit a complaint
or exercise the right to complain about any aspect related to the processing of
your personal data, or about this Policy, you should contact EPD@holmesplace.pt.
Should you be dissatisfied with
our processing of your personal data, or with our response after exercising any
of the rights provided for in this Policy and in the General Data Protection
Regulation, you also have the right to file a complaint with the National Data
Protection Commission.
Information Security
We apply the appropriate
technical and organizational measures to ensure a level of security appropriate
to the risk. These measures are periodically reviewed and are designed to
guarantee the security and protection of your personal data in terms of its
availability, authenticity, integrity and confidentiality, as well as to
prevent its loss, misuse, alteration, unauthorized processing or access, or any
other form of illicit or abusive processing.