Privacy Policy

The objective of this Privacy Policy is to make known how KAFFA handles Personal Data and guarantees the privacy, security and integrity of the same in the development and performance of its activities.

Personal Data" is information about you that can be used to identify you personally (either directly or indirectly).

1. Person responsible for handling Personal Data

The Data Controller is KAFFA, Lda. (KAFFA), NIPC 504100254, headquartered at Rua São Sebastião, lote 6, Cabra Figa, 2635-448 Rio de Mouro, which provides services and/or supplies products, determining for this purpose and without limitation:
- The Personal Data to be processed in the context of the provision of services and/or supply of products;
- The Purposes for which Personal Data are processed; e,
- The means to be applied for the processing of Personal Data.

2. Principles applicable to the processing of Personal Data

The Processing of Personal Data is carried out in accordance with the general principles set out in the General Data Protection Regulation and other legislation relating to data protection, namely:

- In the context of the relationship with the Data Subject, we ensure that Personal Data will be processed lawfully, fairly and transparently ("Principle of lawfulness, fairness and transparency");
- We collect Personal Data for specified, explicit and legitimate purposes and do not further process the same Data in a way incompatible with those purposes ("Purpose limitation principle");
- We ensure that only Personal Data that is adequate, relevant and limited to what is strictly necessary for the purposes for which it is processed is processed ("Data minimization principle");
- We take appropriate steps to ensure that Personal Data which are qualified as inaccurate, taking into account the purposes of the processing, are erased or rectified without delay ("Accuracy Principle");
- We retain Personal Data in a form which permits their identification only for as long as is necessary for the purposes for which they are processed ("Retention Principle");
- We ensure that Personal Data is processed in a manner that ensures its security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by taking appropriate technical or organizational measures ("Principle of integrity and confidentiality").

3. Data we collect

Depending on the purpose for which we process your data at any given time, as explained below, we have the need to process some data, which will generally be, depending on each case, as follows:
- Your identifying information (e.g. your name, picture, last name, language and country from which you interact with us, contact information, etc.);
- economic and transaction information (e.g. your payment or card details, information regarding your purchases, orders, returns, etc.);
- connection, geolocation and/or navigation data (e.g. location data, the device identification number or advertising ID, etc.);
- business information (for example, if you have subscribed to our newsletter);
- information about your tastes and preferences.

Please remember that when we ask you to fill in your personal data in order to give you access to any feature or service on the Platform, we will mark certain fields as mandatory, since this is the information we need in order to be able to provide you with the service or give you access to the feature in question. Please note that if you decide not to provide such data, you may not be able to complete your user registration or you may not be able to enjoy those services or features.

In specific cases, a third party may have provided us with information about you when you use a feature or service on the Platform, for example, by sending a gift card, promotional code, or by sending an order to your address. In these cases we only process your data when it is relevant to the functionality or service as mentioned in this Privacy Policy.

In other cases, we may collect information passively, as we may use tracking tools such as browser cookies and other similar technologies on our Platform and in communications we send you.

Depending on how you interact with our Platform, i.e. depending on the services, products or features you wish to enjoy, we will process your personal data for the following purposes:

Goal

+ info

1. To manage your registration as a user of the Platform

If you decide to become a registered user of our Platform, we need to process your data in order to identify you as a user of the Platform and to give you access to its various features, products and services that are available to you as a registered user. You can cancel your registered user account by contacting us via Customer Support.

We hereby inform you that the data we collect regarding your activity, which have been collected through the different channels of the Platform and which include your purchases, will remain linked to your account so that all the information can be accessed together.

2. For the development, fulfillment and execution of the purchase or service contract you entered into with Us on the Platform.

This purpose includes the processing of your data, in particular:

▪ To contact you regarding updates or informational communications related to contracted features, products or services, including quality surveys and to establish a degree of customer satisfaction with the service provided.

▪ To manage the payment of the products you purchased, regardless of the payment method used. For example:

- If, when purchasing any of our products through the website, you choose to activate the functionality of saving your payment and shipping address data for future purchases (whenever this option is available), we will have to process the data indicated for activation and development of this functionality. Consent to the activation of this feature allows the automatic completion of your payment details to appear on subsequent purchases so that you do not have to re-enter them in each new process, and these details will be considered valid and effective for subsequent purchases. You can modify or delete your payment information at any time through the payment information section of your registered user account on the Site.

To activate the necessary mechanisms to prevent and detect unauthorized use of the Platform (for example, during the purchase and return processes and to prevent potential fraud against you and/or us. If we believe that the transaction may be fraudulent, or if we detect abnormal behavior that indicates an attempt to fraudulently use our features, products or services, this treatment may have consequences such as, for example, blocking the transaction, or deleting the user account.

▪ Manage possible exchanges or returns after you have made a purchase and manage requests for information on the availability of items, product reservations through the Platform, depending on the availability of these at any given time.

For billing purposes and to provide you with receipts and invoices for purchases you have made through the Platform.

▪ To ensure that you are able to use other available features or services, such as purchasing, receiving, managing and using the Gift Card, or Gift Voucher.

3.To fulfill requests or orders you make through the Customer Support channels.

We only process personal data that is strictly necessary to manage or resolve your request or inquiry.

4. For marketing purposes.

This purpose includes processing your data primarily for:

▪ To personalize the services we make available to you and to enable us to make recommendations based on your interactions with us on the Platform and an analysis of your user profile (for example, based on your search and purchase history).

▪ If and when you subscribe to our Newsletter, we will process your personal data to manage your subscription, including to send you personalized information about our products or services through various means (such as by email or SMS). We may also make this information available to you via push notifications. if you have enabled them on your device.

▪ In this regard, please note that this data processing presupposes the analysis of your user or customer profile to determine what your preferences are and therefore which products and services are most suitable in your style when we send you information. For example, based on your shopping and browsing history (i.e. the items you have uploaded), we will make suggestions about products that we think you might be interested in and, if you are a registered user, we will facilitate the "cart recovery" feature.

▪ Remember that you can unsubscribe from the Newsletter at any time without charge through the "Newsletter" section of the Platform, in addition to cancellation through the instructions we provide in each communication.

If you do not want to receive push notifications, you can disable this option on your device.

▪ Perform promotional actions (for example, for the organization of contests or to send the list of saved items to the e-mail address you have given us). By participating in any promotional action, you authorize us to process the data you have provided depending on the promotional action and to communicate them through various means such as social networks or on the Platform itself. In each promotional action you participate you will have available the terms and conditions through which we will give you more detailed information about the treatment of your personal data.

▪ Disseminate on the Platform, or through our social media channels, photographs or images that you have shared publicly, whenever you give us your express consent to do so.

5. Functionality and quality analysis to improve our services

If you access our Platform, we inform you that we will process your navigation data for analytical and statistical purposes, that is, to understand how users interact with our Platform and with the actions we implement in other web pages and apps, so that we can improve our services.

In addition, we will occasionally conduct surveys and quality actions aimed at finding out how satisfied our customers and users are and where we can improve.

4. Grounds of Lawfulness

By reference to the "Lawfulness Principle" enshrined in current data protection laws, in developing and carrying out its activities, KAFFA only processes Personal Data when there is a legal basis that legitimizes the processing.

These are grounds of Lawfulness:
- Consent: When the Data Subject has given his/her consent, through a free, specific, informed and explicit manifestation of will, by which he/she accepts, by means of a declaration (in writing or orally) or an unequivocal positive act (by filling in an option), that the Personal Data be subject to Processing.
- Pre-contractual inquiries or the performance of a contract: When the processing is necessary for the performance of a contract to which the Data Subject is a party or for pre-contractual inquiries at his or her request.
- Compliance with a legal obligation: Where the processing of Personal Data is necessary to ensure and warrant compliance with legal obligations to which the Controller is subject under the laws of a Member State and/or the European Union.
- Protection of the Data Subject's vital interests: Where processing is necessary in order to protect the vital interests of the Data Subject or of another natural person.
- Legitimate Interests: Where processing is necessary for the purposes of legitimate interests pursued by the Controller, other Controllers or Third Parties, provided that the interests or fundamental rights and freedoms of the data subject are not overriding such processing.

5. Sharing of Personal Data

KAFFA, as part of its activity, may share data with third parties, however, it will only do so under the terms contained in this section of the Data Protection and Privacy Policy.
- Subcontractors: Your Personal Data may be shared with companies providing services. Service providers are bound to KAFFA by a written contract and may only process Personal Data for the purposes specifically laid down and are not authorized to process Personal Data, directly or indirectly, for any other purpose, for their own benefit or that of a third party.
- Other Responsible Parties and/or Third Parties, Personal Data may be shared internally with other entities associated with KAFFA that will comply with the applicable data protection rules according to the purposes assigned to the processing performed.
- Upon request and/or with your consent, your Personal Data may be shared with other parties.
- In compliance with legal and/or contractual obligations, your Personal Data may also be transmitted to judicial, administrative, supervisory or regulatory authorities and also to entities that lawfully carry out data compilation, fraud prevention and combat actions, market or statistical studies.

6. Your Rights

Holder's Right

Description

1. Right to be informed

You have the right to obtain clear, transparent and easily understandable information about how we use your data and what your rights are. That is why we provide you with all this information in this Privacy Policy.

2. Right to Access

You have the right to obtain a copy of your data and certain information about how this data is handled.

This right lets you know and confirm that we use your data in compliance with data protection laws.

We may refuse to provide you with requested information where to do so would disclose another person's Personal Data or adversely impact another person's rights.

3. Right to rectification

If your data is incorrect or incomplete, you can ask us to rectify/correct it.

4. Right to erasure of data

It allows you to request the erasure or deletion of your data, provided there are no valid grounds for us to continue using it or its use is unlawful. This is not a blanket right to erasure, as exceptions are possible (for example, where such data is necessary for the defense of a right in legal proceedings).

5. Right to limitation of treatment

You have the right to "block" or prevent future use of your data when we evaluate a request for rectification or as an alternative to erasure. Where processing is limited, we may still store your data, but we may not use it further. We maintain lists of people who have requested to "block" future use of their data to ensure that this limitation is respected in the future.

6. Right to data portability

You have the right to obtain and reuse certain Personal Data for your own purposes at various organizations. This right applies only to data that you have provided to us and that we process with your consent, which is processed by automated means.

7. Right to object

You have the right to object to certain types of processing, for reasons relating to your particular situation, at any time when such processing is carried out for the purposes of the legitimate interest of KAFFA or a third party. We may continue to process such data if we can demonstrate "compelling legitimate grounds for the processing which override your interests, rights and freedoms" or if such data is necessary for the establishment, exercise or defence of legal claims.

You may at any time, in writing, exercise the rights enshrined in the Personal Data Protection Act and other applicable legislation by sending an e-mail to geral@kaffa.pt.

7. Term of conservation of Personal Data

We retain Personal Data only for as long as is necessary to fulfill the specific purposes for which it was collected. However, we may be required to store some Personal Data for a longer period, taking into account factors such as:
- legal obligations under applicable law to retain Personal Data for a certain period;
- prescription/statute of limitations, under the laws in force;
- litigation; and,
- guidelines issued by the competent data protection authorities.

During the period of Processing Personal Data, we ensure that it is processed in accordance with this Privacy Policy. As soon as the Data is no longer required, we will securely delete it.

8. Security

Personal Data will be processed only in the context of the purposes identified in this Policy, in accordance with KAFFA's internal policies and using technical and organizational measures designed in accordance with the risks associated with the specific processing of Personal Data. We use appropriate security measures to ensure the protection of your Personal Data and prevent access by unauthorized persons. We periodically review our security policies and procedures to ensure that our systems are safe and secure. However, since the transmission of information over the Internet is not completely secure, we cannot guarantee the security of your data transmitted to our Web site.

9. Confidentiality

We recognize that the information you provide may be of a confidential nature. In the scope of its activity, KAFFA does not sell, rent, distribute, or make available commercially or otherwise Personal Data to any third party, except in cases where it needs to share information with Service Providers for the purposes set out in this Policy or to Third Parties for the purpose of fulfilling their legal obligations. We will preserve the confidentiality of your data and protect it in accordance with our Privacy Policy and all applicable laws.

10. Cookies

Whenever you use our website, we will process your Personal Data collected through the use of cookies in accordance with our cookie policy.

11. Changes to this Privacy Policy

KAFFA will periodically update this Privacy Policy. Whenever it does, the new version will be published on the website and will go into effect immediately, so we advise you to consult it regularly.

date of last update: 2022/10/10