REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of 27 April 2016 on the protection of individuals with regard to the processing of
personal data and on the free movement of such data, and repealing Directive
95/46/EC (General Data Protection Regulation)
CHAPTER EU.
General provisions
Article 1
Subject matter and objectives
1. This Regulation lays down rules on the protection of individuals with regard to the
processing of personal data and on the free movement of such data.
2. This Regulation protects the fundamental rights and freedoms of natural persons, in
particular their right to the protection of personal data.
3. The free movement of personal data within the Union shall not be restricted or
prohibited on grounds relating to the protection of individuals with regard to the
processing of personal data.
Article 2
Scope of application of material
1. This Regulation shall apply to the processing of personal data wholly or partly by
automatic means and to the processing other than by automatic means of personal
data contained in or intended for archiving.
2. This Regulation shall not apply to the processing of personal data:
a) carried out in the course of activities which fall outside the scope of Union law;
b) carried out by Member States in the course of activities covered by Chapter 2 of Title
V of the TEU;
c) carried out by a natural person in the course of exclusively personal or household
activities;
d) carried out by competent authorities for the prevention, investigation, detection or
prosecution of criminal offences
and penalties, including the safeguarding against and prevention of threats to public
security.
3. Regulation (EC) No 45/2001 shall apply to the processing of personal data by the
institutions, bodies, offices and agencies of the Union. Regulation (EC) No 45/2001 and
other Union legal acts applicable to the processing shall be adapted to the principles
and rules of this Regulation in accordance with the procedure laid down in Article 98.
4. This Regulation shall be without prejudice to the application of Directive 2000/31/EC,
in particular the rules on the liability of providers of intermediary services set out in
Articles 12 to 15 thereof.
Article 3
Territorial scope
1. This Regulation shall apply to the processing of personal data carried out in the
context of the activities of an establishment of a controller or a processor located in the
territory of the Union, regardless of whether the processing takes place inside or
outside the Union.
2. This Regulation shall apply to the processing of personal data of data subjects
residing in the territory of the Union by a controller or processor not established in the
Union, where the processing activities concern:
a) the supply of goods or services to such data subjects in the Union, without requiring
payment from the data subjects;
b) the monitoring of their conduct, provided that such conduct takes place in the Union.
3. This Regulation shall apply to the processing of personal data by a controller not
established in the Union, but in a place where the law of a Member State applies under
public international law.
Article 4
Definition
For the purposes of this Regulation, the following definitions shall apply:
(1) “personal data” means information relating to an identified or identifiable natural
person (‘data subject’); an identifiable person is considered to be identifiable, directly
or indirectly, in particular by reference to an identifier such as a name, an identification
number, location data, an identifier by electronic means or to one or more specific
elements of the identifier, the physical, physiological, genetic, mental, economic,
cultural or social identity of that natural person;
What data we collect | How we collect it | Purpose of data collection
O. We collect two types of user information: data that users provide through voluntary
registration on our website, and tracking information derived primarily from page views
on our website. This information helps us to better tailor our content to customer needs
and to understand our audience demographically. While we monitor user traffic
patterns across our website, we do not correlate this information with data about
individual users. While we do track the search terms that users enter into our search
engine, this tracking is never associated with individual users.
B. We require this information to understand our customers’ needs and provide a better
service, and in particular for the following reasons:
- No- We may use the information to improve our services,
- No- We periodically send promotional emails about new products, special offers or
other information which we think you may find interesting.
We will not sell, distribute or rent We will not pass on your personal information to third
parties unless we have your permission or are required by law to do so. We may use
your personal information to send you promotional information about third parties
which we think you may find interesting if you tell us that you wish this to happen.
If you believe that any information we are holding on you is incorrect or incomplete,
please write to or email us as soon as possible. We will promptly correct any
information found to be inaccurate.
If you have previously agreed to us using your personal information for direct marketing
purposes, you may change your mind at any time by writing to or emailing us at:
dpo@Winehouseportugal.com
2. “processing” means an operation or set of operations which is performed on
personal data or on sets of personal data by automated or non-automated means, such
as collection, recording, organisation, structuring, storage, adaptation or alteration,
retrieval, consultation, use, disclosure by transmission, dissemination or any other
form of disclosure, alignment or combination, restriction, erasure or destruction;
How we process data | Where it is stored |
We collect personal data from customers, treating it anonymously and we do not
communicate personal data with any company outside of Wine House Portugal.
We work with SendingBlue for Email Marketing, only customer emails are stored on this
platform, all other data, names, addresses, contacts and, if applicable, bank details are
on our European server.
3. "restriction of processing" means the insertion of a mark on the stored personal data
to limit its processing in the future;
Data period saved
At any time, the customer can register, organize their data, adapt or change their data,
request the recovery of their data, consult their data, use and/or copy their data and
delete or destroy the data. their data.
Customer data is stored for 3 years from the last interaction with the website, but at any
time the customer can request that their account be deleted.
(4) “Profiling” means any form of automated processing of personal data consisting of
the use of such data in order to evaluate certain personal aspects relating to a natural
person, in particular to analyse or predict aspects concerning that natural person’s
performance at work, health, personal preferences, interests, reliability, behaviour,
location or travel;
(5) “Pseudonymisation” means the processing of personal data in such a way that the
personal data can no longer be attributed to a specific data subject without the use of
additional information, provided that such additional information is kept separately and
is subject to technical and organisational measures to ensure that the personal data
are not attributed to an identified or identifiable natural person;
(6) “file” means any structured set of personal data which is accessible by specific
criteria, whether centralised, decentralised or functionally or geographically
distributed;
(7) “controller” means a natural or legal person, public authority, agency or other body
which, alone or jointly with others, determines the purposes and means of the
processing of personal data; where the purposes and means of such processing are
determined by Union or Member State law, the controller or the specific criteria for its
nomination may be provided for by Union or Member State law;
DPO - Data Protection Officer
We are committed to ensuring that your information is secure. In order to prevent
unauthorised access or disclosure, we have put in place suitable physical, electronic
and managerial procedures to safeguard and secure the information we collect.
Our company has a Data Protection Officer, who ensures the security of personal data.
If you wish to contact this person for any questions about the security of personal data,
please contact him at dpo@winehouseportugal.com.
(8) “processor” means a natural or legal person, public authority, agency or other body
which processes personal data on behalf of the controller;
9. “recipient” means a natural or legal person, public authority, agency or other body
which receives personal data, whether a third party or not. However, public authorities
which may receive personal data in the context of particular inquiries under Union or
Member State law shall not be regarded as recipients; the processing of those data by
those public authorities shall be in compliance with the data protection rules
applicable to the purposes of the processing;
(10) ‘third party’ means a natural person or legal entity, public authority, agency or body
other than the data subject, controller, processor and persons directly under the direct
control of the processor, are authorised to process personal data;
(11) ‘consent’ of the data subject means the freely given, specific, informed and explicit
expression of the data subject’s wishes by which he or she agrees, by a statement or by
a clear affirmative action, that personal data concerning him or her may be processed;
(12) ‘breathing of personal data’ means a breach of security resulting from accidental
or unlawful destruction, unauthorised destruction, loss, alteration, disclosure of, or
access to, personal data transmitted, stored or other processing;
(13) ‘genetic data’ means personal data relating to the inherited or acquired genetic
characteristics of a natural person which give unique information about the physiology
or health of that natural person and which result in particular from an analysis of a
biological sample from the data subject;
(14) "biometric data" means personal data resulting from specific technical processing
relating to the physical, physiological or behavioural characteristics of a natural person
which allows or confirms the unique identification of that natural person, in particular
facial or dactyloscopic data;
(15) "health data" means personal data concerning the physical or mental health of a
natural person, including the provision of health services, which disclose information
about his or her health;
(16) '
a) in respect of a controller with establishments in more than one Member State, the
place of its central administration in the Union, unless decisions on the purposes and
means of the processing of personal data are taken in another establishment of the
controller in the Union and that establishment has the power to implement such
decisions, in which case the establishment which took those decisions is the main
establishment;
(b) in the case of a processor with establishments in more than one Member State, the
place of its central administration in the Union or, if the processor does not have a
central administration in the Union, the establishment of the processor in the Union
where the main processing activities fall within the scope of the activities of the
processor's establishment to the extent that it is subject to specific obligations under
this Regulation;
(17) 'representative' means a natural or legal person established in the Union who, in
writing, by the controller or processor in accordance with Article 27, represents the
controller or processor in relation to their respective obligations under this Regulation;
(18) 'understand' means a natural or legal person which, regardless of its legal form,
carries out an economic activity, including undertakings or associations regularly
carrying out an economic activity;
André Carvalho
(19) 'group of undertakings' means a group consisting of the controlling undertaking and
the controlled undertakings;
My Infinity Pleasure
(20) ‘binding corporate rules’ means internal rules for the protection of personal data
applied by a controller or a processor established in the territory of a Member State for
transfers or sets of transfers of personal data to a controller or processor in one or more
third countries, a group of undertakings or a group of undertakings engaged in a
common economic activity;
(21) ‘tax authority’ means an independent public authority established by a Member
State in accordance with Article 51;
(22) ‘supervisory authority concerned’ means a supervisory authority affected by the
processing of personal data, on the grounds that:
a) the controller or processor is established in the territory of the Member State of that
supervisory authority;
b) data subjects residing in the Member State of that supervisory authority are
substantially affected or likely to be affected by the processing of the data; or
c) a complaint has been lodged with that supervisory authority;
(23) cross-border processing
(a) the processing of personal data which takes place in the context of the activities of
establishments in more than one Member State of a controller or a processor in the
Union, where the controller or processor is established in more than one Member State;
or
(b) the processing of personal data which takes place in the context of the activities of a
single establishment of a controller or a processor but which substantially affects, or is
likely to materially affect, data subjects in more than one Member State;
(24) ‘relevant and reasoned objection’ means an objection to a draft decision seeking to
establish whether there is a breach of this Regulation or whether the proposed action
concerning the controller or processor is in compliance with this Regulation, clearly
demonstrating the seriousness of the risks posed by the draft decision on the
fundamental rights and freedoms of data subjects and, where applicable, the free
movement of personal data within the Union;
(25) ‘information society service’ means a service as defined in Article 1(1)(b) of
Directive 2015/1535 of the European Parliament and of the Council (1);
(26) ‘international organisation’ means an organisation and bodies governed by public
international law which it administers, or another body set up by or on the basis of an
agreement concluded between two or more countries.
Use of Cookies
Cookies are small text files stored on your computer. Cookies do not store sensitive
information, such as your name, address or payment details.
The myinfinitypleasure.com website uses cookies to operate the shopping cart, to
provide features such as 'My Account' and to remember you when you return to our
website.
To make a purchase on the WinehousePortugal website, you must have cookies
enabled. If you do not wish to enable cookies, you can still browse the site for research
purposes.
Most browsers have cookies enabled by default, as without them the functionality of
many websites is compromised. If you would like to learn more about cookies in
general and how to manage them, please visit www.aboutcookies.org.
- Third party cookies
The myinfinitypleasure.com website does not use third party cookies for advertising
networks or partner companies, or for marketing to visitors and customers outside of
the website itself.
- Pixels
The myinfinitypleasure.com website does not use the pixel for advertising networks or
partner companies, or for marketing to visitors and customers outside of the website
itself.
- Google and the Google group of companies:
The myinfinitypleasure.com website uses Google Analytics to track general website
usage.
- Content sharing and social media:
If you take the opportunity to share content from myinfinitypleasure.com with friends
via social media - such as Facebook and Twitter - you may receive cookies from these
websites. We do not control the setting of these cookies, so please check the third
party websites for more information about their cookies and how to manage them.
CHAPTER II
Principles
Article 5
Principles relating to the processing of personal data
1. Personal data are:
a) processed fairly, justly and in a transparent manner by the data subject ('readability,
fairness and transparency');
b) collected for specific, explicit and legitimate purposes and may not be processed in
a manner incompatible with those purposes; further processing for archiving purposes
in the public interest, or for scientific or historical research purposes or statistical
purposes, is not considered incompatible with the original purposes in accordance with
Article 89(1) ('purpose limitation');
(c) adequate, relevant and limited to what is necessary in relation to the purposes for
which they are processed ('data minimisation');
(d) accurate and kept up to date where necessary; all appropriate measures must be
taken to ensure that the data, taking into account the purposes for which they are
processed, are erased or rectified without delay ('accuracy'); 4.5.2016 EN Official
Journal of the European Union L 119/35 (1) Directive 2015/1535 of the European
Parliament and of the Council of 9 September 2015 laying down a procedure for the
provision of information in the field of technical regulations and of rules on Information
Society services (OJ L 241, p. 1), 17.9.2015, p. 1).
(e) stored in a form which allows data subjects to be identified only for the period
necessary for the purposes for which they are processed; personal data may be
retained for longer periods provided that they are processed exclusively for archiving
purposes in the public interest or for scientific or historical research purposes or for
statistical purposes in accordance with Article 89(1), subject to the implementation of
appropriate technical and organisational measures required by this Regulation in order
to safeguard the rights and freedoms;
(f) processed in a manner that ensures their security, including protection against
unauthorised or unlawful processing and against accidental loss, destruction or
damage, by taking appropriate technical or organisational measures (‘integrity and
confidentiality’);
2. The controller shall be responsible for compliance with paragraph 1 and shall be able
to prove it (accountability).
Article 6
Lawfulness of processing
1. Processing shall only be permitted if at least one of the following situations applies:
a) the data subject has given his or her consent to the processing of the data; s your
personal data for one or more specific purposes;
b) processing is necessary for the performance of a contract to which the data subject
is a party or for pre-contractual arrangements at the request of the data subject;
c) processing is necessary for compliance with a legal obligation to which the controller
is subject;
d) processing is necessary for the protection of the vital interests of the data subject or
of another natural person;
e) processing is necessary for the performance of a task carried out in the public
interest or in the exercise of official authority vested in the controller;
f) processing is necessary for the purposes of the legitimate interests pursued by the
controller or by a third party, except where such interests are overridden by the
interests or fundamental rights and freedoms of the data subject which require
protection of personal data, in particular where the data subject is a child. Point (f) of
the first paragraph shall not apply to processing by public authorities in the exercise of
their powers by electronic means.
2. Member States may maintain or adopt more specific provisions to adapt the
application of the rules of this Regulation as regards the processing of data relating to
compliance with points (c) and (e) of paragraph 1, specific requirements for processing
and other measures to ensure the lawfulness and fairness of the processing, including
for other specific processing situations in accordance with Chapter IX.
3. The legal basis for the processing referred to in points (c) and (e) of paragraph 1 shall
be:
a) Union law; or
b) the law of the Member State to which the controller is subject.
The purpose of the processing shall be determined on that legal basis or, as regards the
processing referred to in paragraph 1 (e), it must be necessary for the performance of a
task carried out in the public interest or in the exercise of official authority vested in the
controller. That legal basis may lay down specific provisions for adapting the
application of the rules of this Regulation, in particular: the general conditions for the
lawfulness of the processing by the controller; the types of data processed; the data
subjects concerned; the entities to which the personal data may be disclosed and for
what purposes; the limits to which the purposes of the processing must comply; the
conditions for storage; and the processing operations and procedures, including
measures to ensure the lawfulness and fairness of the processing, such measures.
Union or Member State law must meet an objective of public interest and be
proportionate to the legitimate aim pursued.
4. Where processing for purposes other than those for which the personal data were
collected is not based on the data subject's consent or on provisions of Union or
Member State law that constitute a necessary and proportionate measure in order to
ensure that processing for other purposes is compatible with the purpose for which the
personal data were originally collected, it shall take into account in particular:
a) any link between the purpose for which the personal data were collected and the
purpose of the further processing;
b) the context in which the personal data were collected, in particular with regard to the
relationship between the data subject and the data controller;
(c) the nature of the personal data, in particular whether special categories of personal
data are processed in accordance with Article 9, or whether personal data relating to
criminal convictions and offences are processed in accordance with Article 10;
(d) the possible consequences of further processing for the data subjects;
(e) the existence of appropriate safeguards, such as encryption or pseudonymisation.